Issue #8120 has been updated by Daniel Pittman. Category set to security Assignee set to Nigel Kersten
>From an implementation PoV, we will want to be able to support MD5 for older >clients, even when we move the core checksum to something modern and >supportable. Thankfully, with access to the client version in the catalog >compiler we can determine if this is actually a requirement for compatibility. Overall, this is a good change to be making in the longer term. (Also, wouldn't it be nice if the FIPS version of OpenSSL wouldn't just terminate the application? Oh, well. It is more secure.) ---------------------------------------- Feature #8120: Let user change hashing algorithm, to avoid crashing on FIPS-compliant hosts https://projects.puppetlabs.com/issues/8120 Author: jared jennings Status: Unreviewed Priority: Normal Assignee: Nigel Kersten Category: security Target version: Affected Puppet version: Keywords: Branch: I'm using Puppet in part to ensure [Federal Information Processing Standard 140-2](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) (FIPS 140-2) compliance on my network. Part of this compliance for the system underlying Puppet is to make sure that only [FIPS Approved](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf) algorithms are used. OpenSSL does this by ensuring that any attempts to run an unapproved algorithm result in either a SIGSEGV or a SIGABRT. MD5 has been broken enough that it is no longer a FIPS Approved algorithm. The consequence for Puppet is that, if it tries to use MD5 on a FIPS-compliant system, it will crash. Here is where I have seen Puppet crash for this reason: 1. the puppet/util/checksums.rb, used by File resources; 2. the puppet/parser/functions/md5.rb, implementation of the md5 DSL function; 3. certificate signature in puppet/ssl/certificate_request.rb; 4. certificate fingerprinting in puppet/ssl/base.rb; 5. outside Puppet, in the session ID code in openssl/ssl-internal.rb, class OpenSSL::SSLServer, due to using WEBrick. It was easy enough to replace MD5 with SHA256 in all those places - and, in case 4, it appears I may not have needed to change the code; but the DSL function is still called md5, and MD5 is still named in some of the messages. My changes lack the refinement necessary to be useful to others. What I think I need is to be able to say, in one place like puppet.conf, "use SHA256, not MD5," and algorithms and messages alike will change. I think the `md5` DSL function would need to be replaced with a `digest` function which uses the configured algorithm, and there should also be a way in the DSL to find out which digest is being used, like a `digestname` function. Then, in some years when SHA2 is decertified, I can tell Puppet, "use SHA3, not SHA2," instead of filing an issue like this one and doing code changes. (I don't know what migration issues this scenario may pose.) [How can I make Red Hat Enterprise Linux 5 FIPS 140-2 compliant?](https://access.redhat.com/kb/docs/DOC-39230) (Red Hat login required) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
