Description
Bug report
Bug description:
When
- OpenSSL is configured in FIPS mode
- recommended config is used to only load "base + fips" providers
- without the default provider
- CPython is compiled with
--with-builtin-hashlib-hashes=blake2to exclude fallback implementation of MD5
upon importing hashlib fails to create MD5 construct.
# python3.10 -c 'import hashlib'
ERROR:root:code for hash md5 was not found.
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 137, in __get_openssl_constructor
f(usedforsecurity=False)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 261, in <module>
globals()[__func_name] = __get_hash(__func_name)
File "/usr/lib/python3.10/hashlib.py", line 141, in __get_openssl_constructor
return __get_builtin_constructor(name)
File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md5Reference implementation is upstream openssl 3.3.0, with enable-fips, fipsinstall completed and openssl.cnf set to
# cat /etc/ssl/openssl.cnf
config_diagnostics = 1
openssl_conf = openssl_init
.include /etc/ssl/fipsmodule.cnf
[openssl_init]
providers = provider_sect
alg_section = algorithm_sect
[provider_sect]
fips = fips_sect
base = base_sect
[base_sect]
activate = 1
[algorithm_sect]
default_properties = fips=yes
In essence, things work well only when "default + fips" providers are loaded, as then MD5 functions in OpenSSL are detected as available and are used at runtime and correctly get blocked.
When only "base + fips" providers are loaded, ValueError is raised by OpenSSL constructor, and instead fallback implementation used from _md5 module if it was compiled in.
It seems like the above configuration was not tested, however it can be made to work. CPython should try to load the "default" OpenSSL provider, to guarantee access to non-fips hashes.
Security concerns
This is FedRAMP/FIPS compliance by-pass. This issue may allow using md5 without specifying "usedforsecurity=False" on systems otherwise configured to be in FIPS-mode only. And is the primary reason why documentation mentions that certain distributors of python remove md5 module altogether.
CPython versions tested on:
3.10, 3.11, 3.12
Operating systems tested on:
Linux
Linked PRs
- gh-118224: Load default OpenSSL provider for nonsecurity algorithms #118236
- [3.12] gh-118224: Load default OpenSSL provider for nonsecurity algorithms (GH-118236) #118238
- [3.11] gh-118224: Load default OpenSSL provider for nonsecurity algorithms (GH-118236) #118239
- [3.10] gh-118224: Load default OpenSSL provider for nonsecurity algorithms (GH-118236) #118240
- [3.9] gh-118224: Load default OpenSSL provider for nonsecurity algorithms (GH-118236) #118264
- gh-118224: When in FIPS mode ensure builtin hashes check for usedforsecurity=False #127300