问题描述
根据Python密码库的文档[1],可以使用静态链接的OpenSSL构建自定义密码轮.我尝试通过使用FIPS对象模块构建的OpenSSL安装来执行此操作,并且能够成功构建转盘,但发现它不具有FIPS功能(无法设置FIPS_mode_set = 1).
我创建了一个可以重现相同结果的Dockerfile.末尾的Python代码应该显示为"1"和"OpenSSL 1.0.2t-fips 2019年9月10日",而应显示为"0"和"OpenSSL 1.0.2t 10 Sep 2019"(无 -fips
名称).
让我感到困惑的是,当我调用构建的 openssl版本
CLI时,它会正确显示带有 -fips
后缀的版本.因为,因此,我猜我在构建密码学时某个地方出了错.
在这里感谢任何帮助!
FROM centos#安装构建依赖项运行yum groupinstall -y开发工具"&&\百胜安装-y python-devel libffi-devel#安装Python依赖项运行curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py&&\python get-pip.py&&\pip install virtualenv setuptools轮pip#构建Fips对象模块运行curl -O https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz&&\tar xvf openssl-fips-2.0.16.tar.gz&&\cd openssl-fips-2.0.16&&\./config&&\制作&&\进行安装#构建OpenSSL运行curl -O https://www.openssl.org/source/openssl-1.0.2t.tar.gz&&\tar xvf openssl-1.0.2t.tar.gz&&\cd/openssl-1.0.2t&&\./config fips不共享-fPIC --prefix =/openssl-1.0.2t/openssl&&\使依赖\制作&&\使install_sw#建立加密RUN CFLAGS =-I/openssl-1.0.2t/openssl/include" LDFLAGS =-L/openssl-1.0.2t/openssl/lib" pip wheel --no-cache --no-binary:all:加密和加密;&\点安装加密* .whl#测试是否启用了fips运行python -c"\从cryptography.hazmat.backends.openssl.backend导入后端; \打印后端._lib.FIPS_mode_set(1); \打印''.join([backend._lib.OPENSSL_VERSION_TEXT [i] for i in range(30)])
[1]
我记得前一段时间也有类似情况:除了2个标准模块之外,还使用了 M2Crypto .在这种情况下(我们完全交付了 Python ),这2种特定的(支持 FIPS ) OpenSSL (动态) lib ,所有与它们链接的 Python 模块.它适用于各种(桌面)环境(其中有许多奇异"环境):
- CPU 架构( LE / BE ): x86 , AMD64 , IA64 , SPARC , PPC , zSeries
- OS es(具有多个版本): Win , Lnx ( RH , CentOS , OEL , SuSE , Xen , Ubuntu ), Solaris , AIX , HP-UX (并且作为个人锻炼,我添加了 OSX )
[OpenSSL]:UserGuide-2.0.pdf-OpenSSL用户指南FIPS对象模块v2.0 (引用自 [OpenSSL]:FIPS-140 以防 URL 发生更改)包含所有所需的详细信息.
在进一步介绍之前,我将在整个帖子中使用以下术语:
- FOM - FIPS 对象模块( fipscanister.o )
- FOME - FOM的可执行文件( ELF ( Win 上的 PE ))em>已链接.请记住,它既可以是可执行文件本身,也可以是 .so ( .dll ).另外,如果它包含在静态库( .a )中,则不会链接(只是存档).附带说明一下,当共享构建 OpenSSL 时, FOME 是 libcrypto.so.* ,而静态构建时(如本例),它是与 libcrypto.a 链接的可执行文件(例如 openssl 可执行文件)
FOM 位于 OpenSSL 之上(可能还有其他类似的密码提供程序,例如 LibreSSL , WolfSSL ,),并通过限制某些本来可以使用的功能来增强安全性(根据 NIST 标准).这样的功能示例之一是 md5 哈希的用法,该哈希被认为是弱函数(我很确定 sha1 也会遵循该规则)下一个版本即将发布.
这是(运行时)发生的事情(非常简化)版本:
- FIPS 模式:
- 检查是否满足其他约束:
- 是:继续(使用默认功能)
- 否:错误返回
- 检查是否满足其他约束:
- FIPS 模式关闭:
- 恢复到默认功能
#1.1. 的一部分是自检.其中包括:
- 计算 FOME 签名
- 将其与一个值进行比较(该值也存储在 FOME 中)
这是为了确保(或大幅度减少机会)没有人篡改(手动修改,拆卸等) FOME .为了更好地了解签名机制,让我们深入了解 FOME 构建过程:
- 所有 FOME 源+ FOM 被编译(到目标文件中)
- 它们链接在一起(成为 FOME ).这是正常构建结束的时间
- 正在计算 FOME 签名
- 来自#1的项目. + fips_premain.o 被链接到一个(实际的,不是 .dll )可执行文件(FPD ) 针对 FOME (#1.)调用
- FPD .它读取 FOME 的 .rodata 部分,并计算其 sha1 哈希.请注意,它会忽略位于特定地址的 41 个字节区域(打孔)
重复 - #3.1.,但是这次重新编译了 fips_premain.o ,其中还包括了上一步中的哈希值.现在可以清楚地看到上一步中的打孔了,这是签名所在的位置:( sha 哈希的长度( 40 )+ nul ).这是最终的 FOME
注意:在 Win 上,事情发生的地方略有不同.
我设法重现了这个问题.我将从测试脚本开始.
code00.py :
#!/usr/bin/env python3导入系统从cryptography.hazmat.backends.openssl.backend导入后端导入cffidef main():ffi = cffi.FFI()lib =后端._libfmt ="OpenSSL版本:{0:s} \ nFIPS_mode():{1:d} \ nFIPS_mode_set(1):{2:d} \ nFIPS_mode():{3:d}"打印(fmt.format(ffi.string(lib.OPENSSL_VERSION_TEXT).decode(),lib.FIPS_mode(),lib.FIPS_mode_set(1),lib.FIPS_mode()))错误= lib.ERR_get_error()如果错误:err_fmt =错误:[{{0:d}]:[{1:s}]:[{2:s}]:[{3:s}]"打印(err_fmt.format(呃,ffi.string(lib.ERR_lib_error_string(err)).decode(),ffi.string(lib.ERR_func_error_string(err)).decode(),ffi.string(lib.ERR_reason_error_string(err)).decode()))别的:打印(成功!!!")如果__name__ =="__main__":print("Python {0:s} {1:d}在{2:s} \ n上的位" .format(" .join(item.strip()表示sys.version.split("; \ n)),如果sys.maxsize> 0x100000000,则为64,否则为sys.platform)32)主要的()打印("\ nDone".)
2.设置
我已经构建了 FOM 和一个支持 OpenSSL 的 FIPS (类似于您的,但是我自定义了它们的路径).在构建 FOM 和 OpenSSL 时都使用了 $ {FIPSDIR} 变量.
3.密码学模块
如图所示,我几乎在哪里.
4.更深的潜水
经过长时间(有些人可能会觉得很痛苦)的调试,试验……,我得出了一个结论.考虑到:
- 篡改 FOM 中的任何内容( $ {FIPSDIR} 的内容),将没有任何人可以通过 FIPS 验证强>.坦率地说,这也不是,因为有特定的说明,在构建 FOM 时,只有 sys管理员才应将工件复制到安全的位置....,bla,bla,bla.对我来说这似乎有些偏执,但这是事实.值得一提的是,早在2013年,当我们1 与 FIPS 接触时(可能是为了防止任何可能的攻击(例如 MITM )), FOM 来源 CD 从 USA 运送到 ROU :)))
- 默认的 Python 版本是静态构建的(再次:)),这意味着 $ {PYTHONCORE} ( Python 解释器)位于 python 可执行文件,而不是可链接到的 .so ( libpython * .so * ),并且 python可执行文件(如果是共享版本)
- 密码学的 _openssl 扩展模块( _openssl.abi * .so )需要来自 $ {PYTHONCORE}的符号(例如 PyLong_FromLong ),但这是 OK ,因为此刻它将被加载到( Python )进程中(从上述方法启动)可执行文件),它将找到它们(这是 Nix 的常见做法)
- 构建步骤#3.2. :可执行文件( FPD -必须运行)找不到符号,因此失败
这是一个僵局(任何一个约束离开的房间,被其他约束关闭的房间),因此不能简单地完成!!! (至少在目前是这样).句点! X(
5.替代
我建议将此作为一种优雅的替代方法(包括 OpenSSL .so s(与任何( .so )客户端一起使用)在 .whl 中将 rpath 设置为"there"),在链接到它们的 _openssl.abi3.so 旁边),但是显然是唯一的方法(至少我已经找到了).
第一个步骤是构建共享的 OpenSSL 版本( FOME 将为 libcrypto.so.* ).
在进行了另一次深度潜水(许多尝试失败)之后,我得以使其工作.但是,采取了很多措施:
- 手动干预
- 乱七八糟
- (相同)解决方法( gainarii )
恐怕如果我将所有内容都放到这里,它将大大超出 30K char 的限制().
但是,我在 .whl .rel ="nofollow noreferrer"> [GitHub]:CristiFati/Prebuilt-Binaries-(主)Prebuilt-Binaries/Cryptography/v2.7 .到目前为止,它仅适用于 Python 3.5 ( 64bit ),因为它是 Ubuntu 16 上的默认版本.如果您使用另一个(较新的)版本,请让我知道,我会得到它(也许是我自己构建),然后也为该版本构建 .whl (我将这样做)无论如何).
将原始的 .whl 替换为我自己构建的文件后:
相关(或多或少)帖子:
According to Python Cryptography library's documentation [1], it is possible to build a custom cryptography wheel with OpenSSL statically linked. I tried doing this with an OpenSSL installation built with FIPS object module and was able to successfully build the wheel but found out that it did not have FIPS functionality (unable to set FIPS_mode_set=1).
I have created a Dockerfile that can reproduce the same result. The Python code at the end are supposed to show "1" and "OpenSSL 1.0.2t-fips 10 Sep 2019" and but instead show "0" and "OpenSSL 1.0.2t 10 Sep 2019" (no -fips
designation).
The thing that boggles my mind is that when I invoke openssl version
CLI that I built, it correctly shows the version with the -fips
suffix. Because, of this I'm guessing that I went wrong somewhere in building cryptography.
Appreciate any help here!
FROM centos
# Install build dependencies
RUN yum groupinstall -y "Development Tools" && \
yum install -y python-devel libffi-devel
# Install Python dependencies
RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
python get-pip.py && \
pip install virtualenv setuptools wheel pip
# Build Fips object module
RUN curl -O https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz && \
tar xvf openssl-fips-2.0.16.tar.gz && \
cd openssl-fips-2.0.16 && \
./config && \
make && \
make install
# Build OpenSSL
RUN curl -O https://www.openssl.org/source/openssl-1.0.2t.tar.gz && \
tar xvf openssl-1.0.2t.tar.gz && \
cd /openssl-1.0.2t && \
./config fips no-shared -fPIC --prefix=/openssl-1.0.2t/openssl && \
make depend && \
make && \
make install_sw
# Build cryptography
RUN CFLAGS="-I/openssl-1.0.2t/openssl/include" LDFLAGS="-L/openssl-1.0.2t/openssl/lib" pip wheel --no-cache --no-binary :all: cryptography && \
pip install cryptography*.whl
# Test if fips is enabled
RUN python -c "\
from cryptography.hazmat.backends.openssl.backend import backend;\
print backend._lib.FIPS_mode_set(1);\
print ''.join([backend._lib.OPENSSL_VERSION_TEXT[i] for i in range(30)])"
[1] https://cryptography.io/en/latest/installation/#static-wheels
EDIT: By adding -DOPENSSL_FIPS
to the cryptography build, I was able to make output of OPENSSL_VERSION_TEXT
become OpenSSL 1.0.2t-fips 10 Sep 20
but the output of FIPS_mode_set(1) is still 0.
EDIT 2: Using ERR_get_error()
shows the following:
>>> print backend._lib.FIPS_mode_set(1)
0
>>> print backend._lib.ERR_get_error()
755413103
When I pop this into openssl errstr
I get:
openssl errstr 755413103
error:755413103:lib(85):func(1043):reason(259)
According to some Google searches, this indicates that fingerprint doesn't match (FIPS_R_FINGERPRINT_DOES_NOT_MATCH
). Not sure where to go from here though.
1. General
First of all, I want to mention that although I understand the reasons, I don't fully agree with Cryptography's vision ([Cryptography]: Installation - Static Wheels). Shared libraries exist for decades and have proven their superiority. Not to mention that Python ships 2 (standard) modules (_ssl and _hashlib) that dynamically link to OpenSSL (whatever it's on the system). As a side note, on Win, the 2 Python modules also used to link statically to OpenSSL, but starting with v3.7, they no longer do. Back to Nix: 2 OpenSSL versions are loaded into the same (Python) process. It doesn't seem to harm, but it looks funny. And as things are today (191009), there are a bunch of .whls for v2.7 and v3.4, but none for a fairly decent (Python) environment:
I remember a similar situation a while ago: besides the 2 standard modules, M2Crypto was also used. In that situation (we shipped Python entirely), the 2 specific (FIPS capable) OpenSSL (dynamic) libs were shipped too, and all the Python modules linked to them. It worked on a variety of (desktop) environments (out of which many "exotic" ones):
- CPU architectures (LE / BE): x86, AMD64, IA64, SPARC, PPC, zSeries
- OSes (with multiple versions): Win, Lnx (RH, CentOS, OEL, SuSE, Xen, Ubuntu), Solaris, AIX, HP-UX (and as personal exercise, I added OSX)
[OpenSSL]: UserGuide-2.0.pdf - User Guide for the OpenSSL FIPS Object Module v2.0 (referenced from [OpenSSL]: FIPS-140 in case the URL changes) contains all the details needed.
Before going further, here are some terms that I'm going to use throughout the post:
- FOM - FIPS object module (fipscanister.o)
- FOME - The executable (ELF (PE on Win)) that FOM was linked in. Bear in mind, that it can be either an executable per se, either an .so (.dll). Also, if it's included in a static lib (.a), it's not linked (just archived). As a side note, when OpenSSL is built shared, FOME is libcrypto.so.*, while when built statically (like in this case), it's the executable that links with libcrypto.a (e.g. openssl executable)
FOM comes on top of OpenSSL (and probably other such cryptography providers, like LibreSSL, WolfSSL, ), and it's meant to strengthen security, (according to NIST standards), by restricting some features that otherwise would be available. One such feature example is the usage of md5 hash, which is considered weak (I'm pretty sure that sha1 will follow too, in the next version about to be released).
Here's a (very simplified) version of what happens (at runtime):
- FIPS mode on:
- Check whether the additional constraints are met:
- Yes: Proceed (with default functionality)
- No: Return with error
- Check whether the additional constraints are met:
- FIPS mode off:
- Fall back to default functionality
Part of #1.1. is the selftest. That consists of:
- Computing the FOME signature
- Comparing it to a value (that was also stored in FOME)
This happens to make sure (or drastically reduce the chances) that no one tampered (manually modifying, disassembling, ...) with FOME. To have a better understanding of the signature mechanism, let's dive into FOME build process:
- All the FOME sources + FOM are compiled (into object files)
- They are linked together (into FOME). This is when a normal build ends
- The FOME signature is being computed
- Items from #1. + fips_premain.o are being linked into a (real, not .dll) executable (FPD)
- FPD is invoked against FOME (#1.). It reads FOME's .rodata section and computes its sha1 hash. Note that it ignores a 41 bytes zone (punches a hole) located at a specific address
- #3.1. is repeated, but this time fips_premain.o was recompiled to also include the hash from previous step. Now it becomes clear the punched hole from previous step, it's the place where the signature goes: (length of sha hash (40) + nul). This is the final FOME
Note: On Win, things happen just a bit differently.
I've managed to reproduce the problem. I'm going to start with the test script.
code00.py:
#!/usr/bin/env python3
import sys
from cryptography.hazmat.backends.openssl.backend import backend
import cffi
def main():
ffi = cffi.FFI()
lib = backend._lib
fmt = "OpenSSL version: {0:s}\nFIPS_mode(): {1:d}\nFIPS_mode_set(1): {2:d}\nFIPS_mode(): {3:d}"
print(fmt.format(ffi.string(lib.OPENSSL_VERSION_TEXT).decode(),
lib.FIPS_mode(), lib.FIPS_mode_set(1), lib.FIPS_mode()))
err = lib.ERR_get_error()
if err:
err_fmt = "error:[{0:d}]:[{1:s}]:[{2:s}]:[{3:s}]"
print(err_fmt.format(
err,
ffi.string(lib.ERR_lib_error_string(err)).decode(),
ffi.string(lib.ERR_func_error_string(err)).decode(),
ffi.string(lib.ERR_reason_error_string(err)).decode()
))
else:
print("Success !!!")
if __name__ == "__main__":
print("Python {0:s} {1:d}bit on {2:s}\n".format(" ".join(item.strip() for item in sys.version.split("\n")), 64 if sys.maxsize > 0x100000000 else 32, sys.platform))
main()
print("\nDone.")
2. Setup
I've already built FOM and a FIPS capable OpenSSL (similar to yours, but I customized their paths). The ${FIPSDIR} variable was used when building both FOM and OpenSSL.
3. Cryptography module
As seen, I'm pretty much where you are.
4. Deeper dive
After long (and some might consider painful) hours of debugging, trials, ..., I reached to a conclusion. Considering that:
- Tampering with anything from FOM (contents of ${FIPSDIR}), will no loner qualify as FIPS validated. To be frank, neither does this, as there are specific instructions that when building FOM, only a sys admin should copy the artifacts in a secure location ...., bla, bla, bla. This seems paranoid to me, but these are the facts. As a remark, back in 2013, when we 1 came in contact with FIPS (probably to prevent any possible attack (e.g. MITM)), the FOM sources CD was shipped from USA to ROU :)))
- Default Python version is statically (again :) ) built, meaning that ${PYTHONCORE} (the Python interpreter) resides in the python executable, rather than in a .so (libpython*.so*) that can be linked to (and that the python executable does in case of shared builds)
- Cryptography's _openssl extension module (_openssl.abi*.so) needs symbols from ${PYTHONCORE} (e.g. PyLong_FromLong), but that's OK since at the moment it will be loaded into the (Python) process (launched from the aforementioned executable), it will find them (this is a common practice on Nix)
- Build step #3.2.: the executable (FPD - which must run) doesn't find the symbols, so it fails
This is a deadlock (whatever room one constraint leaves, is closed by others), so IT SIMPLY CAN'T BE DONE !!! (at least, at this time). Period!!! X(
5. Alternative
I was going to suggest this as an elegant alternative (including the OpenSSL .sos (with any (.so) client having rpath set to "there") in the .whl, next to _openssl.abi3.so which links to them), but apparently this is the only way (that I've found, at least).
The 1 step, is to build a shared OpenSSL version (FOME will be libcrypto.so.*).
After another session of deep diving (lots of failed attempts), I was able to get it working. However, took a lot of actions:
- Manual interventions
- Hacks
- (Lame) workarounds (gainarii)
I'm afraid that if I'd put everything here it would well exceed the 30K chars limit ([SE.Meta]: Knowing Your Limits: What is the maximum length of a question title, post, image and links used?).
However, I published the .whl at [GitHub]: CristiFati/Prebuilt-Binaries - (master) Prebuilt-Binaries/Cryptography/v2.7. So far it's for Python 3.5 (64bit) only, as it's the default version that comes on Ubuntu 16. If you use another (newer) version, just let me know, and I'll get it (maybe build it myself), and build the .whl for that version too (I am going to do it anyway).
After replacing the original .whl with the one built by me:
Related (more or less) posts:
- [SO]: Unable to build a working FIPS capable OpenSSL on HP-UX
- [SO]: How to enable FIPS mode for libcrypto and libssl packaged with Python? (@CristiFati's answer)
- [SO]: How to implement FIPS_mode() and FIPS_mode_set() in Python 3.6's ssl module? (@CristiFati's answer)
这篇关于OpenSSL FIPS_mode_set在Python加密库中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!