Fwd: [libreoffice-users] FIPS 140-2 support with password-protected docs

Fri Jan 4 08:36:34 UTC 2019

On 04/01/2019 08:39, Heiko Tietze wrote:
> Forwarding to the devloper list

[lets continue the discussion on the libreoffice at lists.freedesktop.org 
developer list]
> -------- Weitergeleitete Nachricht --------
> Betreff: 	[libreoffice-users] FIPS 140-2 support with password-protected 
> docs
> Datum: 	Thu, 3 Jan 2019 12:08:55 -0500
> Von: 	Sean <smalder73 at gmail.com>
> An: 	users at global.libreoffice.org
> 
> 
> 
> Hi, I just joined the list.  I'm a Linux system admin with (among
> other things) about 20 CentOS 7.6 desktops under my wing.  Yesterday I
> posted a question to the ASK site [1], because one of my users had
> issues with password-protected docs after getting his new laptop.  I
> now have confirmed that this issue is related to our desktops being
> FIPS enabled ( kernel/grub2 with fips=1 ).
> 
> I joined the list to further this discussion and determine if I should
> file a bug report or what.  The gist of the problem is that when FIPS
> is enabled, a user can encrypt a document, but not decrypt the
> document, and LO reports that the password provided was incorrect.  I
> am not very technical with how LO does password protection, but this
> seems like an bug.  FIPS causes the system to disable non-compliant
> ciphers and algorithms, but I'm guessing that there is some piece of
> code that's calling a non-compliant function only on decrypt, and not
> on encrypt...or (less likely) the encrypt side isn't throwing an error
> when it should.

I assume you are talking about encrypted ODF 1.0/1.1 documents (and not, 
say, PDF or some Microsoft-format documents).  ODF 1.0/1.1 used Blowfish 
for encryption, which is not sanctioned by FIPS mode, so trying to open 
such a document will indeed fail (with a somewhat unhelpful UI, claiming 
that any entered password is wrong).  That LO allows saving such an 
encrypted document would appear to be a bug with that version of LO.

Note that LO recently gained support to forward some of its 
cipher-related operations to OpenSSL, see 
<https://gerrit.libreoffice.org/plugins/gitiles/core/+/4bc16aeb73c1201f187742e0fefe35521fae77ac%5E%21> 
"rhbz#1618703: Allow to use OpenSSL as backend for rtl/cipher.h".  In a 
recent LO built with --enable-cipher-openssl-backend, trying to save an 
encrypted ODF 1.0/1.1 document should indeed fail (see 
<https://gerrit.libreoffice.org/plugins/gitiles/core/+/3cc6d3611ac8cbbfb9803f3a084d02edde470ad3%5E!/> 
"Related rhbz#1618703: Properly handle failure encoding zip file").

There is also some vague plans to allow decryption of existing documents 
even in FIPS mode, and to improve the UI in cases of failure caused by 
FIPS mode, but nothing implemented as of now.  I don't think there's 
tracker bugs for that already at <https://bugs.documentfoundation.org/>; 
you could file such if you like (and please report back the ID(s) here).