Permit MD5 regardless of FIPS configuration for Linux #94934
Conversation
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones Issue DetailsThis changes the native shim to always permit the use of MD5, regardless of whether or not the system is configured to block the use MD5 for FIPS purposes. We currently do not have any CI that exercises Linux in this configuration. This was manually verified in RHEL 8 and RHEL 9 for OpenSSL 1.1.1 and OpenSSL 3, respectively. OpenSSL 1.1.1: 
OpenSSL 3.0: 
/cc @bartonjs @GrabYourPitchforks
|
ghost
assigned
|
/backport to release/8.0-staging |
|
Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/6922284371 |
|
@tmds I saw you referenced this PR in a way that acknowledges this change in behavior. I am inferring that acknowledgement as a signoff from you on this PR--please let me know if that inference was incorrect. |
|
It was not an acknowledgement to sign-off from me. I learned that this PR should fix the issue I had reported in #94786, but I have not yet been able to verify that. |
|
OK; thanks, @tmds! Do you have any concerns with this change? Permitting MD5 regardless of FIPS configuration yields consistent behavior for .NET and without this change, the behavior is in effect a regression. From what I could tell, this change should resolve #94786, which was a symptom of that regression. Nonetheless, I wanted to make sure you had the opportunity to review this change, as we're sending it for .NET 8 servicing. |
|
I kicked of a build to verify this change fixes #94786. This build uses the source-build config ( |
|
Happy to confirm this fixes #94786. |
|
/backport to release/7.0-staging |
|
/backport to release/6.0-staging |
|
Started backporting to release/7.0-staging: https://github.com/dotnet/runtime/actions/runs/6949976170 |
|
Started backporting to release/6.0-staging: https://github.com/dotnet/runtime/actions/runs/6949976878 |
|
@vcsjones backporting to release/6.0-staging failed, the patch most likely resulted in conflicts: $ git am --3way --ignore-whitespace --keep-non-patch changes.patch
Applying: Re-enable MD5 for FIPS with OpenSSL 3
Using index info to reconstruct a base tree...
A src/native/libs/System.Security.Cryptography.Native/opensslshim.h
A src/native/libs/System.Security.Cryptography.Native/pal_evp.c
Falling back to patching base and 3-way merge...
CONFLICT (modify/delete): src/native/libs/System.Security.Cryptography.Native/pal_evp.c deleted in HEAD and modified in Re-enable MD5 for FIPS with OpenSSL 3. Version Re-enable MD5 for FIPS with OpenSSL 3 of src/native/libs/System.Security.Cryptography.Native/pal_evp.c left in tree.
Auto-merging src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Re-enable MD5 for FIPS with OpenSSL 3
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
|
@vcsjones an error occurred while backporting to release/6.0-staging, please check the run log for details! Error: git am failed, most likely due to a merge conflict. |
vcsjones
added
the
cryptographic-docs-impact
bartonjs
added
the
tracking
This changes the native shim to always permit the use of MD5, regardless of whether or not the system is configured to block the use MD5 for FIPS purposes. This is only for the MD5 primitive. HMAC-MD5 remains blocked.
We currently do not have any CI that exercises Linux in this configuration. This was manually verified in RHEL 8 and RHEL 9 for OpenSSL 1.1.1 and OpenSSL 3, respectively.
OpenSSL 1.1.1:
OpenSSL 3.0:
/cc @bartonjs @GrabYourPitchforks