FIPS usedforsecurity flag is no longer functional with OpenSSL 3.0.0

[florinspatar]

BPO	46149
Nosy	@tiran, @florinspatar
Superseder	bpo-40479: Port _hashlib to OpenSSL 3.0.0

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = None
created_at = <Date 2021-12-22.10:32:07.991>
labels = ['expert-SSL', 'type-bug', '3.10']
title = 'FIPS usedforsecurity flag is no longer functional with OpenSSL 3.0.0'
updated_at = <Date 2021-12-22.12:51:41.513>
user = 'https://github.com/florinspatar'

bugs.python.org fields:

activity = <Date 2021-12-22.12:51:41.513>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = False
closed_date = None
closer = None
components = ['SSL']
creation = <Date 2021-12-22.10:32:07.991>
creator = 'florinspatar'
dependencies = []
files = []
hgrepos = []
issue_num = 46149
keywords = []
message_count = 4.0
messages = ['409017', '409019', '409027', '409029']
nosy_count = 2.0
nosy_names = ['christian.heimes', 'florinspatar']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = '40479'
type = 'behavior'
url = 'https://bugs.python.org/issue46149'
versions = ['Python 3.10']

[florinspatar]

I added christian.heimes to the nosy list; I hope that's OK

usedforsecurity flag is based on setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag. However this flag has no effect in OpenSSL 3.0.0.

    [root@lambada ~]# /opt/opsware/bin/python3
    Python 3.10.0 (default, Dec  8 2021, 17:05:23) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux-x86_64
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import _hashlib                                        
    >>> _hashlib.get_fips_mode()                               
    1
    >>> import hashlib
    >>> hashlib.md5(b'ceva', usedforsecurity=False).hexdigest()
    '970c7956028654ac329b12c10b112058'
    >>> hashlib.md5(b'ceva', usedforsecurity=True).hexdigest()
    '970c7956028654ac329b12c10b112058'

The last call, when usedforsecurity is True, should fail because MD5 is not allowed in FIPS mode.

I will add a GitHub pull request for this issue.

[tiran]

This is a known issue, see bpo-40479. OpenSSL 3.0.0 new provider system requires a major redesign of hashlib module's internals. It's not a trivial change. My first attempt #64077 has some flaws and introduces a performance regression.

[florinspatar]

I was able to get past this issue with minimal changes: florinspatar@3b16c65
I see the issue you linked, handles multiple OpenSSL 3.0.0 problems.

AFAIK, python 3 no longer supports OpenSSL 1.0.2. Minimum OpenSSL version is 1.1.1, which has no FIPS module, so usedforsecurity flag can only be used with OpenSSL 3. I'm wondering if the issue you linked is still an enhancement or should be treated as an actual bug.

[tiran]

Your patch gets the work done, but it's even slower than my WIP patch set. Hashing is a performance critical path. The new fetch() API in OpenSSL 3.0.0 is substantially slower than the old OpenSSL 1.1.1 APIs.

Python 3.9 and earlier still support OpenSSL 1.0.2. I removed support for OpenSSL < 1.1.1 for Python 3.10. There are approvied FIPS providers for OpenSSL 1.1.1, e.g. RHEL 8 has a certified FIPS module for OpenSSL 1.1.1.

[AA-Turner]

#30455 might have resolved this.

A

[arhadthedev]

#30455 might have resolved this.

According to its news entry, it did.

Anyway, we can close this issue in favor of the superseder (gh-84659).