Page 1 of 1

UnrealIRCd in FIPS mode

Posted: Thu Feb 28, 2019 9:25 pm
by jamie.powers
Hello all,

I am trying to run unrealircd on RHEL 7.6 which is being run in FIPS-140-2 mode. When running ./unrealircd start I get the following error.

md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

I understand the underlying problem but the questions is how to run unrealircd with a FIPS compliant cipher?

Thanks for any help.

Re: UnrealIRCd in FIPS mode

Posted: Fri Mar 01, 2019 10:32 am
by Syzop
You could decide not to load the "cloak" module. This will disable cloaking which uses MD5 internally.

You do this by adding the following to your unrealircd.conf:

Code: Select all

blacklist-module "cloak";

Re: UnrealIRCd in FIPS mode

Posted: Fri Mar 01, 2019 8:16 pm
by jamie.powers
Thanks for the response but it is still failing.

I tried the following with no success:

-- added 'blacklist-module "cloak" after include "modules.default.conf" in unrealircd.conf
-- commented out 'loadmodule "cloak" from modules.default.conf

Thoughts?

Re: UnrealIRCd in FIPS mode

Posted: Sat Mar 02, 2019 8:23 am
by Syzop
I just realized that we use MD5 also for seeding the random generator. So, yeah, that simple trick of not loading the cloaking module won't be sufficient.

It would require code changes in UnrealIRCd to support FIPS-140-2. You could open up a feature request at https://bugs.unrealircd.org/ if you want.

Re: UnrealIRCd in FIPS mode

Posted: Mon Mar 11, 2019 9:14 pm
by jamie.powers
I do not believe I have permission to create a new bug report or cannot find the option in the UI. Would somebody be kind enough to support a change request such that unrealircd will be able to run on RHEL 7.x with FIPS mode enabled/enforced.