Crypto: Hide forbidden algorithms when FIPS enabled #10312
Conversation
CT Test Results 2 files 14 suites 5m 53s ⏱️ Results for commit d3196a0. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts
// Erlang/OTP Github Action Bot |
kvakvs
force-pushed
the
9520-fips-hide-algorithms
branch
3 times, most recently
from
4fd908c to
65f3f3d
Compare
kvakvs
force-pushed
the
9520-fips-hide-algorithms
branch
from
cd85ef1 to
0c6bd7f
Compare
fips_forbidden_* impl for digests fips_forbidden_* impl for public keys fips_forbidden_* impl for ciphers fips_forbidden_* impl for MACs fips_forbidden_* impl for KEM fips_forbidden_* impl for curves Use stdint/stdbool types already available FIPS doc page updated
kvakvs
force-pushed
the
9520-fips-hide-algorithms
branch
from
0c6bd7f to
aa72b5e
Compare
sverker
left a comment
sverker
left a comment
There was a problem hiding this comment.
I did some testing, and it seems like
EVP_MD_fetch(NULL, p->str_v3, "fips=yes") // if supported with FIPS enabled
EVP_MD_fetch(NULL, p->str_v3, "fips=no") // if supported with FIPS disabled
EVP_MD_fetch(NULL, p->str_v3, "") // if supported in current mode set by EVP_default_properties_enable_fips()
lib/crypto/c_src/algorithms.c
Outdated
| static bool IS_PUBKEY_FORBIDDEN_IN_FIPS(const struct pkey_availability_t* p) { | ||
| return p->flags == FIPS_FORBIDDEN_PKEY_ALL | ||
| || p->flags == FIPS_PKEY_NOT_AVAIL; | ||
| } |
There was a problem hiding this comment.
Is there a difference between FIPS_PKEY_NOT_AVAIL and FIPS_FORBIDDEN_PKEY_ALL?
| EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, str_v3, "fips=yes"); | ||
| /* failed: algorithm not available, do not add */ | ||
| if (ctx) { | ||
| if (EVP_PKEY_keygen_init(ctx) <= 0) { /* can't generate keys */ | ||
| unavailable |= FIPS_FORBIDDEN_PKEY_KEYGEN; | ||
| } | ||
| EVP_PKEY_CTX_free(ctx); | ||
|
|
||
| ctx = EVP_PKEY_CTX_new_from_name(NULL, str_v3, NULL); |
There was a problem hiding this comment.
Why "fips=yes" in one place but not the other.
lib/crypto/c_src/algorithms.c
Outdated
| static size_t curves_lazy_init(ErlNifEnv* env, const bool fips_enabled) { | ||
| size_t result = 0; | ||
| if (algo_curve.count >= 0) return algo_curve.count; | ||
|
|
||
| enif_mutex_lock(algo_curve.mtx_init_curve_types); | ||
| if (algo_curve.count < 0) { | ||
| init_curves(env, fips_enabled); /* also updates algo_curve.count[0] or [1] */ |
There was a problem hiding this comment.
Why pass fips_enabled to init_curves? We only have one array of curves initialized once here. And fips mode can be switched on/off in runtime with crypto:enable_fips_mode/1 (discouraged but used by our tests).
2 participants
Fixes #9520
Problem
crypto:supports/0is currently undocumented but i will add a doc string to it.Crypto returns some algorithms which are indirectly forbidden under FIPS (i.e. listed as available but not working).
The Expectation
Expected: All algorithms returned by
crypto:supports/0will be available at least in one way.Bonus points for returning forbidden algorithm names separately so that the users will not complain that something "has disappeared" and will see the reason.
Solution
The call to
crypto:supports/0under FIPS build with fips=enabled incryptoapp settings, will filter the algorithms by their availability in a much more strict way (by actually trying to initialize each algorithm and recording the failures as a sign of unavailability) and will return an additional section in the results containing disabled algorithms:Note this will only appear if FIPS is enabled. And this will only appear if SSL API is 3.0 or later.
The behaviour with FIPS disabled or older SSL will remain unchanged.
TO DO