Hi folks,
I’d like to start a discussion regarding CPython’s compatibility with OpenSSL’s FIPS mode.
FIPS-140 is a set of security standards for cryptographic modules, mainly used in US Federal agencies, contractors and vendors.
FIPS sets various restrictions in regards to the permissible digests, key sizes etc, with one of the prominent one is disabling the md5 algorithm, and it’s implemented system-wide. Some more information is provided here.
Any developer, developing or deploying applications on a FIPS enforced environment needs to be using FIPS compliant software. While I’m not advocating for fully supporting an upstream FIPS compliant codebase, I’d like to work on a best-effort initiative, as the required changes, I believe, are not that intrusive and do not require significant maintenance.
Motivation is coming from maintaing a patch downstream mainly for Red Hat Enterprise Linux to provide said compatibility. We’d like to share that patch with others.
Currently FIPS mode can be determined through _hashlib.get_fips_mode() which was added in Python 3.9, along with various fixes around that.
Now I’d like to move more of the bits of our downstream patch upstream with the main point being making CPython more compilable and usable for system utilizing OpenSSL’s FIPS mode.
On a high level, the patch:
- exposes blake2b and blake2s from OpenSSL (although they are limited in their interface, and using them for security is not FIPS compliant),
- disables Python’s blake2 interfaces in case we are in FIPS mode
- disables the hash-based .pyc validation in FIPS mode, due to the non-fips-compliant sip24 digest
- adds various test fixes.
The patch is assuming that Python has been compiled with --with-builtin-hashlib-hashes=blake2 only and it needs to be generalized for all the other cases, main one being disabling falling back to the internal implementations in case they are built if we are under FIPS.
I’m also already providing, for some time now, two buildbots compiling Python under FIPS enabled systems: