Ensure builtin hashlib implementations honor usedforsecurity=True when _hashlib is in FIPS mode #127298
Labels
extension-modules
C modules in the Modules dir
topic-SSL
type-feature
A feature request or enhancement
type-security
A security issue
Comments
|
Didn't we have a similar feature request for that? cc @encukou (I can't find it on mobile but I remember you participated in a similar discussion) |
I previously opened #118224 but this issue is related; but is a different approach / design / end-goal. I don't know if you meant that one or something else. |
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
xnox
added a commit
to xnox/cpython
that referenced
this issue
Nov 26, 2024
…edforsecurity=False When _hashlib/OpenSSL is available, and OpenSSL is in FIPS mode, ensure that builtin (fallback) hash implementations are wrapped with a check for usedforsecurity=False. It is likely that buitin implementations are FIPS unapproved (either algorithm disallowed; or the implementation not certified by NIST). This enables strict approved-only compliance when usedforsecurity=True on FIPS systems only. And yet it also enables fallback access with usedforsecurity=False for any missing (historical, disallowed or missing certified implementation) algorithms (i.e. blake2, md5, shake/sha3) depending on the runtime configuration of OpenSSL.
picnixz
added
type-security
|
Yes, I think that's the issue I had in mind. Good to know it's not a duplicate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature or enhancement
Proposal:
When OpenSSL is not available, or is not in FIPS mode:
When OpenSSL is available and is in FIPS mode:
This addresses all needs of FIPS users that expect approved only cryptography from hashlib by default.
It satisfies Python guarantees of always available algorithms, as built-in fallbacks remain accessible with an explicit consent from the user that unapproved (an FIPS/ISO term) implementation is acceptable to the user.
In FIPS mode it means that all users can gain access to blake2/shake/md5, even when these algorithms are either blocked or unavailable from the runtime OpenSSL in FIPS mode. As long as usedforsecurity=False is used.
This also removes need to recompile or configure python somehow different for a non-fips & fips build, specifically one can safely compile python with all with-builtin-hashlib-hashes enabled.
Diagrams and full details of the current state of hashlib; and FIPS user desires are documented in this issue is opened as a reference for potential implementations to resolve all needs and desires listed there.
This issue will be used as a reference for potential implementations.
Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
Discuss:
(note there are some off-topic messages there)
Linked PRs
The text was updated successfully, but these errors were encountered: