search

golang-fips / go

Repository for FIPS enabled Go using OpenSSL
BSD 3-Clause "New" or "Revised" License
63 stars 21 forks source link

TLSv1.3 and TLS_CHACHA20_POLY1305_SHA256 #208

Open btaubmann opened 3 days ago

btaubmann commented 3 days ago

A server that is compiled with golang-fips (master) and go1.22 still offers TLS_CHACHA20_POLY1305_SHA256 which is not FIPS compliant. Is this a bug or is it a requirement to turn off TLSv1.3 completely?

Steps to repro on debian:

./scripts/setup-initial-patch.sh release-branch.go1.22
cd go/src/
bash all.bash
export PATH=...

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
go build
env OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
...
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256
dbenoit17 commented 3 days ago

Hi, could you try running scripts/full-initialize-repo.sh and let us know if you still see this behavior? setup-initial-patch.sh only generates the initial patch, whereas full-initialize-repo.sh will generate the patch and apply all of patches/* to the tree.

dbenoit17 commented 3 days ago

I've just updated the README.md in #209 accordingly.

btaubmann commented 3 days ago

@dbenoit17 Thanks for the help. I tried it again with scripts/full-initialize-repo.sh and it's still not working for me.

ueno commented 3 days ago

I suggest making sure that the system is properly switched to FIPS mode. Afaik OPENSSL_FORCE_FIPS_MODE is a downstream feature (on Fedora, etc.) and not supported in Debian. Aside from that GOLANG_FIPS=1 might also need to be set the Go runtime to be FIPS mode.

btaubmann commented 2 days ago

I reproduced the same issue in a fedora container (docker run -it fedora /bin/bash)

Here again the full list of commands:

yum install dnsutils make vim git wget procps
git config --global user.email "you@example.com"
git config --global user.name "Your Name"

wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
go build
env OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
btaubmann commented 2 days ago

Doing env GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server & also does not help

ueno commented 1 day ago

@dbenoit17 pointed that building in the fedora container results in CGO disabled, as gcc is not installed by default. Maybe you could try installing gcc first with the yum command line.

btaubmann commented 1 day ago

That does not change anything.

btaubmann commented 1 day ago

I tried now with RHEL 

docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc
git config --global user.email "you@example.com"
git config --global user.name "Your Name"

cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1  OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443

In this case, testssl did not show TLS_CHACHA20_POLY1305_SHA256 cipher, but I see that the http daemon is crashing while testing

2024/07/04 09:27:13 http: panic serving 127.0.0.1:39012: runtime error: invalid memory address or nil pointer dereference
goroutine 277 [running]:
net/http.(*conn).serve.func1()
    /root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6abde0?, 0xb13d50?})
    /root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6aaa00?)
    /root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001e4c30)
    /root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001e4c30)
    /root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001e9508, {0x776f30, 0xc000326820})
    /root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001e9508, {0x776ef8, 0xc000342180})
    /root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
    /root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0003cb3b0, {0x776ef8, 0xc00009f440})
    /root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
    /root/go-fips/go/src/net/http/server.go:3285 +0x4b4

Also I tried go-toolset directly

docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc go-toolset
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1  OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443

But this also shows
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 256 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256

ueno commented 1 day ago

I tried (on fedora container, gcc installed), and it works for me:

# fake kernel FIPS mode
mkdir /tmp/crypto
echo 1 > /tmp/crypto/fips_enabled
podman run -ti -v /tmp/crypto:/proc/sys/crypto:Z fedora bash

yum install -y dnsutils make vim git wget procps gcc
git config --global user.email "you@example.com"
git config --global user.name "Your Name"

cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
TLSv1.3 (server order)
 x1301   TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128      TLS_AES_128_GCM_SHA256                             
 x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256      TLS_AES_256_GCM_SHA384

I also observe some panics though.

btaubmann commented 1 day ago

Thanks @ueno that sheds some light on the problem. I tried this on ubi and on fedora container:

docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
[root@f98b6b3cf070 /]# openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021
[root@f98b6b3cf070 /]# mount -t tmpfs none /proc/sys/crypto/
[root@f98b6b3cf070 /]# echo 1 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:AES256-GCM-SHA384:AES256-CCM:PSK-AES256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:AES128-GCM-SHA256:AES128-CCM:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@f98b6b3cf070 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AECDH-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-PSK-RC4-SHA:RSA-PSK-RC4-SHA:DHE-PSK-RC4-SHA:RC4-SHA:PSK-RC4-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA

And again on fedora

docker run --cap-add SYS_ADMIN -it fedora bash
yum install util-linux-ng openssl
[root@8a7e342bdca0 /]# openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
[root@8a7e342bdca0 /]# mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:PSK-AES256-GCM-SHA384:PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:DHE-PSK-NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@8a7e342bdca0 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@8a7e342bdca0 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:AES256-CCM8:AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA

Fedora and ubi use different openssl versions. And the openssl version of fedora does not list TLS_CHACHA20_POLY1305_SHA256 in when fips_enabled = 1.

btaubmann commented 1 day ago

And I tried the same on ubi 9

docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
<compilation steps from above>
mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
...
 x1301   TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128      TLS_AES_128_GCM_SHA256
 x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256      TLS_AES_256_GCM_SHA384

But I still see several crashes of the fips-echo-server 

2024/07/04 13:49:32 http: panic serving 127.0.0.1:41260: runtime error: invalid memory address or nil pointer dereference
goroutine 30 [running]:
net/http.(*conn).serve.func1()
    /root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6a5880?, 0x90ed50?})
    /root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6a44a0?)
    /root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001f8000)
    /root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001f8000)
    /root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001f0388, {0x7709d0, 0xc0000df860})
    /root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001f0388, {0x770998, 0xc0001ee660})
    /root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
    /root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0001ba510, {0x770998, 0xc00009b110})
    /root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
    /root/go-fips/go/src/net/http/server.go:3285 +0x4b4
ueno commented 1 day ago

Note that Go TLS stack doesn't use libssl.so from OpenSSL, so the output of openssl ciphers is not relevant. As for the panic, it seems to be known in upstream and will be fixed when rebasing to 1.22.5.

btaubmann commented 10 hours ago

@ueno Thanks that helps. So my fault was that I didn't set /proc/sys/crypto/fips_enabled to 1. It might be good to add that to the documentation as well, in case people want to to play around with it.