Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: Warning if FIPS supported but application 'crypto' not loaded #8590

Merged
merged 1 commit into from
Jul 3, 2024
Merged

crypto: Warning if FIPS supported but application 'crypto' not loaded #8590

merged 1 commit into from
Jul 3, 2024

Conversation

sverker
Copy link
Contributor

@sverker sverker commented Jun 17, 2024
edited
Loading

Fix #8582.

To enable FIPS mode, crypto application config parameter fips_mode must be true.
However, the application must first be loaded for the config to be accessible when module crypto is invoked.

If application crypto is not loaded, module crypto will use default fips_mode as false which may come as a surprise if erl was started with command line -crypto fips_mode true.

Issue this warning if the underlying OpenSSL lib supports FIPS but the crypto application has not been loaded:

=WARNING REPORT==== 17-Jun-2024::17:34:17.238651 ===
Module 'crypto' loaded without application 'crypto' being loaded.
Without application config 'fips_mode' loaded, FIPS mode is disabled by default.

@sverker sverker added team:VM Assigned to OTP team VM enhancement labels Jun 17, 2024
@sverker sverker self-assigned this Jun 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 17, 2024
edited
Loading

CT Test Results

  2 files   14 suites   6m 8s ⏱️
186 tests 172 ✅  14 💤 0 ❌
459 runs  329 ✅ 130 💤 0 ❌

Results for commit 04ce711.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@sverker sverker added the testing currently being tested, tag is used by OTP internal CI label Jun 18, 2024
@sverker sverker mentioned this pull request Jun 18, 2024
Merged
@sverker sverker force-pushed the sverker/crypto/fips-warning-app-not-loaded branch from 0497685 to dd35807 Compare June 24, 2024 12:03
@sverker
crypto: Warn if FIPS supported but application not loaded
04ce711 
in which case FIPS is disabled by default.
@sverker sverker force-pushed the sverker/crypto/fips-warning-app-not-loaded branch from dd35807 to 04ce711 Compare June 24, 2024 12:09
@sverker sverker merged commit fefa7b5 into erlang:master Jul 3, 2024
16 checks passed
@ssm6498 ssm6498 mentioned this pull request Jul 4, 2024
Closed
@IngelaAndin IngelaAndin mentioned this pull request Jul 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sverker sverker

Labels
enhancement team:VM Assigned to OTP team VM testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FIPS mode not working with opensslv3 erlang 26.2.4
1 participant
@sverker