UnrealIRCd in FIPS mode

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Post Reply
jamie.powers
Posts: 3
Joined: Thu Feb 28, 2019 9:07 pm

UnrealIRCd in FIPS mode

Post by jamie.powers » Thu Feb 28, 2019 9:25 pm

Hello all,

I am trying to run unrealircd on RHEL 7.6 which is being run in FIPS-140-2 mode. When running ./unrealircd start I get the following error.

md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

I understand the underlying problem but the questions is how to run unrealircd with a FIPS compliant cipher?

Thanks for any help.

Syzop
UnrealIRCd head coder
Posts: 1864
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: UnrealIRCd in FIPS mode

Post by Syzop » Fri Mar 01, 2019 10:32 am

You could decide not to load the "cloak" module. This will disable cloaking which uses MD5 internally.

You do this by adding the following to your unrealircd.conf:

Code: Select all

blacklist-module "cloak";

jamie.powers
Posts: 3
Joined: Thu Feb 28, 2019 9:07 pm

Re: UnrealIRCd in FIPS mode

Post by jamie.powers » Fri Mar 01, 2019 8:16 pm

Thanks for the response but it is still failing.

I tried the following with no success:

-- added 'blacklist-module "cloak" after include "modules.default.conf" in unrealircd.conf
-- commented out 'loadmodule "cloak" from modules.default.conf

Thoughts?

Syzop
UnrealIRCd head coder
Posts: 1864
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: UnrealIRCd in FIPS mode

Post by Syzop » Sat Mar 02, 2019 8:23 am

I just realized that we use MD5 also for seeding the random generator. So, yeah, that simple trick of not loading the cloaking module won't be sufficient.

It would require code changes in UnrealIRCd to support FIPS-140-2. You could open up a feature request at https://bugs.unrealircd.org/ if you want.

jamie.powers
Posts: 3
Joined: Thu Feb 28, 2019 9:07 pm

Re: UnrealIRCd in FIPS mode

Post by jamie.powers » Mon Mar 11, 2019 9:14 pm

I do not believe I have permission to create a new bug report or cannot find the option in the UI. Would somebody be kind enough to support a change request such that unrealircd will be able to run on RHEL 7.x with FIPS mode enabled/enforced.

Post Reply