FIPS 140-2 support with password-protected docs

classic Classic list List threaded Threaded
1 message Options
Sean-3 Sean-3
Reply | Threaded
Open this post in threaded view
|

FIPS 140-2 support with password-protected docs

Hi, I just joined the list.  I'm a Linux system admin with (among
other things) about 20 CentOS 7.6 desktops under my wing.  Yesterday I
posted a question to the ASK site [1], because one of my users had
issues with password-protected docs after getting his new laptop.  I
now have confirmed that this issue is related to our desktops being
FIPS enabled ( kernel/grub2 with fips=1 ).

I joined the list to further this discussion and determine if I should
file a bug report or what.  The gist of the problem is that when FIPS
is enabled, a user can encrypt a document, but not decrypt the
document, and LO reports that the password provided was incorrect.  I
am not very technical with how LO does password protection, but this
seems like an bug.  FIPS causes the system to disable non-compliant
ciphers and algorithms, but I'm guessing that there is some piece of
code that's calling a non-compliant function only on decrypt, and not
on encrypt...or (less likely) the encrypt side isn't throwing an error
when it should.

Would this be the right place to hold such a discussion?

[1] https://ask.libreoffice.org/en/question/178069/problems-decrypting-documents-version-5361-19el7/

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy