[erlang-questions] OTP in FIPS mode ?
Dániel Szoboszlay
dszoboszlay@REDACTED
Sat May 2 18:13:43 CEST 2015
Hi,
I'm afraid it's not possible to get away by modifying the C code only, but
you can minimise the Erlang code changes easily.
This commit implements the basics of FIPS support and it's mostly about C
code:
https://github.com/esl/otp/commit/00b3a04d17a653b4abddeebd6dd8a2c38df532d0#diff-1315c36aca592e79ef0073fcf3019e5f
The crypto.erl modifications are mostly for two reason: properly reporting
the list of supported ciphers and tweaking a bit with error handling. The
first is not too important to have (as I said, other parts of OTP do not
respect this list), the second is mostly a cosmetic change: you can always
cause a badarg exception in your NIFs which may be not very informative,
but would crash the Erlang process calling the forbidden algorithm
nevertheless. The only algorithm I had to ban in the Erlang code was SRP,
as some parts of it were implemented in Erlang. But I think banning the C
parts would be enough.
You will need to modify the Erlang code at the following places however:
- Replacing the hash in the PKIX DB (see parts of
https://github.com/esl/otp/commit/675ee6860d2c273bcc6c6a0536634a107e2a3d9f#diff-98fe4d9262b05740af899ce038ac0c0d
dealing with ssl_internal.h, ssl_manager.erl and ssl_pkix_db.erl)
- Removing forbiden algorithms from the list of ciphers offered by SSL.
You can do it without tweaking with the ssl application too, by changing
the options passed to ssl from your client code when setting up a server
socket/client connection.
By the way, for quite some time now Erlang/OTP only uses libcrypto from
OpenSSL. The ssl protocol is implemented in Erlang using the crypto
primitives from libcrypto.
Hope it helps,
Daniel
2015-05-01 15:03 GMT+02:00 jonetsu <jonetsu@REDACTED>:
>
> -----Original Message-----
> From: "Dániel Szoboszlay" <dszoboszlay@REDACTED>
> Date: 05/01/15 04:01
>
> Hi,
>
> Thanks for your comments, much appreciated !
>
> > - Blocked non-compliant calls in FIPS mode before they would reach
> > OpenSSL (so you get an Erlang error instead of killing your
> > VM). This is a must have for any FIPS fork, but it was quite
> > trivial to implement.
>
> That would be the CHECK_NO_FIPS_MODE in crypto.c. Is there any at the
> Erlang level ?
>
> I'm asking beacause what I am considering at the moment is to only
> modify the crypto.c code. No modification to Erlang code. For two
> reasons. One is that I do not know Erlang, although by browsing the
> code lately I find it quite interesting :) But nowhere near being able
> to modify an application that is used in the field. Let alone
> establishing test harnesses in the first place. Second is, the OTP
> that is used is already modified by tail-f AG as part of the ConfD
> product. For instance, if I'm not mistaken, the SSL component is
> different, with crypto being the only part used from OpenSSL. I have
> the impression that the OTP base used in the product dates from some
> time. It is possible to compile locally crypto.c, but when it comes
> to altering the company's Erlang code then all support is lost.
>
> This approach also means to keep the C <-> Erlang interface intact.
>
> Do you think it is at all possible to have a working FIPS mode without
> any modification to Erlang code ?
>
> Regards.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150502/696af036/attachment.htm>
More information about the erlang-questions
mailing list