Bug 2152131
| Summary: | In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Clemens Lang <cllang> | |
| Component: | kernel | Assignee: | Vladis Dronov <vdronov> | |
| kernel sub component: | Crypto | QA Contact: | Ondrej Moriš <omoris> | |
| Status: | CLOSED ERRATA | Docs Contact: | ||
| Severity: | high | |||
| Priority: | high | CC: | herbert.xu, omoris, rparrazo, vdronov | |
| Version: | 9.2 | Keywords: | Triaged, ZStream | |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
|
| Target Release: | 9.2 | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | kernel-5.14.0-253.el9 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2152133 2165130 2165131 (view as bug list) | Environment: | ||
| Last Closed: | 2023-05-09 08:09:33 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2152133, 2165130, 2165131 | |||
|
Description
Clemens Lang
2022-12-09 12:02:02 UTC
Hi, Clemens,
Can you please clarify what is with SHA1 based DRBG? We do have one (if I understand code correctly).
AFAIU what is happening in Crypto, SHA1 usage should be disallowed too. WDYT?
#ifdef CONFIG_CRYPTO_DRBG_HASH
{
.flags = DRBG_HASH | DRBG_STRENGTH128,
.statelen = 55, /* 440 bits */
.blocklen_bytes = 20,
.cra_name = "sha1",
.backend_cra_name = "sha1",
}, {
According to current FIPS rules, SHA-1 is still acceptable for DRBGs, so for now this is OK. However, NIST will be moving to deprecate SHA-1 everywhere with a targeted phase out date of Dec 31, 2030: https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm I expect that one of the next iterations of FIPS validations will require us to disable SHA-1. We could preempt this and disable it now if it is not being used and won't cause issues for customers. (In reply to Clemens Lang from comment #4) > We could preempt this and disable it now if it is not > being used and won't cause issues for customers. thanks, Clemens. yeah, that's the point - we do not know. so i would like to leave sha1 as it is for now. a suggested test: " dmesg | grep 'alg: self-tests for drbg_' " should not include "sha384". WITHOUT DRBG FIPS FIX: [root@rhel9 ~]# uname -r 5.14.0-70.22.1.el9_0.x86_64 [root@rhel9 ~]# dmesg | grep drbg [ 0.919221] alg: self-tests for drbg_nopr_hmac_sha512 (stdrng) passed [ 0.934330] alg: self-tests for drbg_nopr_hmac_sha256 (stdrng) passed [ 0.935164] alg: self-tests for drbg_nopr_hmac_sha384 (stdrng) passed [ 0.936493] alg: self-tests for drbg_nopr_hmac_sha1 (stdrng) passed [ 0.937217] alg: self-tests for drbg_nopr_sha256 (stdrng) passed [ 0.937793] alg: self-tests for drbg_nopr_sha512 (stdrng) passed [ 0.938382] alg: self-tests for drbg_nopr_sha384 (stdrng) passed [ 0.939099] alg: self-tests for drbg_nopr_sha1 (stdrng) passed [ 0.940017] alg: self-tests for drbg_nopr_ctr_aes256 (stdrng) passed [ 0.941136] alg: self-tests for drbg_nopr_ctr_aes192 (stdrng) passed [ 0.942128] alg: self-tests for drbg_nopr_ctr_aes128 (stdrng) passed [ 0.945859] alg: self-tests for drbg_pr_hmac_sha512 (stdrng) passed [ 0.946738] alg: self-tests for drbg_pr_hmac_sha256 (stdrng) passed [ 0.947459] alg: self-tests for drbg_pr_hmac_sha384 (stdrng) passed [ 0.948179] alg: self-tests for drbg_pr_hmac_sha1 (stdrng) passed [ 0.949762] alg: self-tests for drbg_pr_sha256 (stdrng) passed [ 0.951576] alg: self-tests for drbg_pr_sha512 (stdrng) passed [ 0.952225] alg: self-tests for drbg_pr_sha384 (stdrng) passed [ 0.952886] alg: self-tests for drbg_pr_sha1 (stdrng) passed [ 0.953554] alg: self-tests for drbg_pr_ctr_aes256 (stdrng) passed [ 0.954220] alg: self-tests for drbg_pr_ctr_aes192 (stdrng) passed [ 0.954935] alg: self-tests for drbg_pr_ctr_aes128 (stdrng) passed WITH DRBG FIPS FIX: # uname -r 5.14.0-236.1897_749749842.el9.x86_64 # dmesg | grep drbg [ 0.870752] alg: self-tests for drbg_nopr_hmac_sha512 (stdrng) passed [ 0.874924] alg: self-tests for drbg_nopr_hmac_sha256 (stdrng) passed [ 0.875914] alg: self-tests for drbg_nopr_hmac_sha1 (stdrng) passed [ 0.876815] alg: self-tests for drbg_nopr_sha256 (stdrng) passed [ 0.877593] alg: self-tests for drbg_nopr_sha512 (stdrng) passed [ 0.878285] alg: self-tests for drbg_nopr_sha1 (stdrng) passed [ 0.878949] alg: self-tests for drbg_nopr_ctr_aes256 (stdrng) passed [ 0.879844] alg: self-tests for drbg_nopr_ctr_aes192 (stdrng) passed [ 0.880784] alg: self-tests for drbg_nopr_ctr_aes128 (stdrng) passed [ 0.881592] alg: self-tests for drbg_pr_hmac_sha512 (stdrng) passed [ 0.882325] alg: self-tests for drbg_pr_hmac_sha256 (stdrng) passed [ 0.883101] alg: self-tests for drbg_pr_hmac_sha1 (stdrng) passed [ 0.883827] alg: self-tests for drbg_pr_sha256 (stdrng) passed [ 0.884734] alg: self-tests for drbg_pr_sha512 (stdrng) passed [ 0.885718] alg: self-tests for drbg_pr_sha1 (stdrng) passed [ 0.886314] alg: self-tests for drbg_pr_ctr_aes256 (stdrng) passed [ 0.886997] alg: self-tests for drbg_pr_ctr_aes192 (stdrng) passed [ 0.887689] alg: self-tests for drbg_pr_ctr_aes128 (stdrng) passed Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: kernel security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2458 |