Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent gocrypto fallback for historical algorithms in FIPS mode #1348

Closed
wants to merge 1 commit into from

Conversation

xnox
Copy link

@xnox xnox commented Oct 2, 2024

Add a new boring.FIPS() API to query if the boring backend is or is not in FIPS mode. Add bindings for openssl and CNG, but not boringcrypto.

Note that currently some openssl FIPS modules return true for SupportedHash queries, for algorithms that will be blocked at runtime. Other modules choose to instead report such algorithms as not available at all, as they have become historical.

Update boring backend logic for MD5, RC4, DES, 3DES to attempt to use boring backend when supported; but also when boring backend is in FIPS mode. This way FIPS module gets to decide how it is configured, and whether or not it will allow the operation.

This ensures that binaries that use these algorithms, correctly fail at runtime against FIPS OpenSSL v3+ modules, like they already fail at runtime against FIPS OpenSSL 1.1.1 and earlier modules.

No build/runtime behaviour changes for boringcrypto, nobackend, openssl/cng backends in non-FIPS modes.

If this change is undesired for CNG backend, let me know, and this can be rearranged to check for the OpenSSL experiment only.

Fixes: #1347

Todo:

  • fix boringcrypto codepath

Add a new boring.FIPS() API to query if the boring backend is or is
not in FIPS mode.

Note that currently some openssl FIPS modules return true for
SupportedHash queries, for algorithms that will be blocked at
runtime. Other modules choose to instead report such algorithms as not
available at all, as they have become historical.

Update boring backend logic for MD5, RC4, DES, 3DES to attempt to use
boring backend when supported; but also when boring backend is in FIPS
mode. This way FIPS module gets to decide how it is configured, and
whether or not it will allow the operation.

This ensures that binaries that use these algorithms, correctly fail
at runtime against FIPS OpenSSL v3+ modules, like they already fail at
runtime against FIPS OpenSSL 1.1.1 and earlier modules.

No build/runtime behaviour changes for boringcrypto, nobackend,
openssl/cng backends in non-FIPS modes.
@xnox xnox force-pushed the ssl-fips-no-historical branch from 8155726 to 0e1c92c Compare October 2, 2024 02:17
@aravindhkudiyarasan
Copy link

aravindhkudiyarasan commented Dec 11, 2024

@xnox Can we make it Ready for Review ?

@xnox
Copy link
Author

xnox commented Dec 11, 2024

I needs a rebase due to other changes, and also likely a new Godebug variables, or build tags.

It seems there are two desires to preserve ability to access unapproved (historical or future relative the vintage of a given fips module); or to block those.

@dagood
Copy link
Member

dagood commented Dec 11, 2024

Yeah, Microsoft Go needs to be compatible. (That doesn't mean we couldn't add an "incompatible mode", but that isn't what the PR is currently, and we can't necessarily accept another mode right now because it would increase our maintenance load.) More discussion will be at #1347.

@xnox xnox closed this Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Binaries built with opensslcrypto experiment can sometimes fallback to gocrypto, for historical algorithms
3 participants