crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [freeze exception] #64717
Assignees
Labels
FixPending
Issues that have a fix which has not yet been reviewed or submitted.
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
Milestone
Comments
FiloSottile
added
NeedsFix
|
@gopherbot please open backport issues. All supported Go versions need to be able to comply with NIST SP 800-52 Rev. 2 in /cc @golang/release @golang/security @rsc |
This was referenced Dec 14, 2023
|
Backport issue(s) opened: #64718 (for 1.20), #64719 (for 1.21). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
FiloSottile
changed the title
|
Change https://go.dev/cl/549695 mentions this issue: |
|
Change https://go.dev/cl/549975 mentions this issue: |
dmitshur
added
the
FixPending
|
Thanks for letting us know. The freeze exception bit here is approved. |
gopherbot
pushed a commit
that referenced
this issue
Dec 18, 2023
Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates #64717 Updates #62372 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
|
Change https://go.dev/cl/553856 mentions this issue: |
|
Change https://go.dev/cl/553855 mentions this issue: |
|
Change https://go.dev/cl/553875 mentions this issue: |
|
Change https://go.dev/cl/553876 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
…s-20220613 Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates #64717 Updates #62372 Updates #64718 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:go1.20-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553875 Auto-Submit: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
…SL policy This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Updates #64717 Updates #62372 Fixes #64718 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553876 Run-TryBot: Matthew Dempsky <[email protected]> Auto-Submit: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
…s-20220613 Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates #64717 Updates #62372 Updates #64719 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:go1.21-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553855 Auto-Submit: Matthew Dempsky <[email protected]> TryBot-Result: Gopher Robot <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Run-TryBot: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]>
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
…SL policy This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Updates #64717 Updates #62372 Fixes #64719 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553856 Auto-Submit: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]>
cfryanr
added a commit
to vmware-tanzu/pinniped
that referenced
this issue
Jan 17, 2024
The release of Go 1.21.6 includes the new boring crypto when compiling with FIPS enabled. See https://go.dev/doc/devel/release#go1.21.0 and golang/go#64717. This new version of boring crypto allows the use of TLS v1.3 for the first time, so we changed the Pinniped code to use TLS v1.3 where appropriate when compiled with the FIPS compiler. It also changed the allowed TLS v1.2 ciphers, so we updated those as well. After this commit, the project must be compiled by at least Go v1.21.6 when compiling in fips mode. The hack/Dockerfile_fips was already updated to use that version of Go in a previous commit. Co-authored-by: Benjamin A. Petersen <[email protected]>
cfryanr
added a commit
to vmware-tanzu/pinniped
that referenced
this issue
Jan 17, 2024
The release of Go 1.21.6 includes the new boring crypto when compiling with FIPS enabled. See https://go.dev/doc/devel/release#go1.21.0 and golang/go#64717. This new version of boring crypto allows the use of TLS v1.3 for the first time, so we changed the Pinniped code to use TLS v1.3 where appropriate when compiled with the FIPS compiler. It also changed the allowed TLS v1.2 ciphers, so we updated those as well. After this commit, the project must be compiled by at least Go v1.21.6 when compiling in fips mode. The hack/Dockerfile_fips was already updated to use that version of Go in a previous commit. Co-authored-by: Benjamin A. Petersen <[email protected]>
cfryanr
added a commit
to vmware-tanzu/pinniped
that referenced
this issue
Jan 18, 2024
The release of Go 1.21.6 includes the new boring crypto when compiling with FIPS enabled. See https://go.dev/doc/devel/release#go1.21.0 and golang/go#64717. This new version of boring crypto allows the use of TLS v1.3 for the first time, so we changed the Pinniped code to use TLS v1.3 where appropriate when compiled with the FIPS compiler. It also changed the allowed TLS v1.2 ciphers, so we updated those as well. After this commit, the project must be compiled by at least Go v1.21.6 when compiling in fips mode. The hack/Dockerfile_fips was already updated to use that version of Go in a previous commit. Co-authored-by: Benjamin A. Petersen <[email protected]>
This was referenced Jan 26, 2024
|
Change https://go.dev/cl/558796 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jan 26, 2024
This reverts commit 7383b2a ("crypto/internal/boring: upgrade module to fips-20220613") and commit 4106de9 ("crypto/tls: align FIPS-only mode with BoringSSL policy"). Fixes #65321 Updates #64717 Updates #62372 Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508 Reviewed-on: https://go-review.googlesource.com/c/go/+/558796 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
|
Change https://go.dev/cl/558797 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jan 29, 2024
…e to fips-20220613" +1 This reverts commit 7383b2a ("crypto/internal/boring: upgrade module to fips-20220613") and commit 4106de9 ("crypto/tls: align FIPS-only mode with BoringSSL policy"). Fixes #65324 Updates #65321 Updates #64717 Updates #62372 Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508 Reviewed-on: https://go-review.googlesource.com/c/go/+/558796 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 09b5de4) Reviewed-on: https://go-review.googlesource.com/c/go/+/558797 Reviewed-by: Dmitri Shuralyov <[email protected]>
|
Change https://go.dev/cl/560275 mentions this issue: |
|
Change https://go.dev/cl/560276 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Feb 1, 2024
…e to fips-20220613" +1
This reverts CL 553855 ("crypto/internal/boring: upgrade module to
fips-20220613") and CL 553856 ("crypto/tls: align FIPS-only mode with
BoringSSL policy").
Fixes #65323
Updates #65321
Updates #64717
Updates #62372
Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508
Reviewed-on: https://go-review.googlesource.com/c/go/+/558796
Reviewed-by: Michael Knyszek <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
(cherry picked from commit 09b5de4)
Reviewed-on: https://go-review.googlesource.com/c/go/+/560275
gopherbot
pushed a commit
that referenced
this issue
Feb 1, 2024
…e to fips-20220613" +1
This reverts CL 553875 ("crypto/internal/boring: upgrade module to
fips-20220613") and CL 553876 ("crypto/tls: align FIPS-only mode with
BoringSSL policy").
Fixes #65322
Updates #65321
Updates #64717
Updates #62372
Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508
Reviewed-on: https://go-review.googlesource.com/c/go/+/558796
Reviewed-by: Michael Knyszek <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
(cherry picked from commit 09b5de4)
Reviewed-on: https://go-review.googlesource.com/c/go/+/560276
ezz-no
pushed a commit
to ezz-no/go-ezzno
that referenced
this issue
Feb 18, 2024
Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates golang#64717 Updates golang#62372 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
ezz-no
pushed a commit
to ezz-no/go-ezzno
that referenced
this issue
Feb 18, 2024
This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Fixes golang#64717 Updates golang#62372 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Than McIntosh <[email protected]>
ezz-no
pushed a commit
to ezz-no/go-ezzno
that referenced
this issue
Feb 18, 2024
This reverts commit 7383b2a ("crypto/internal/boring: upgrade module to fips-20220613") and commit 4106de9 ("crypto/tls: align FIPS-only mode with BoringSSL policy"). Fixes golang#65321 Updates golang#64717 Updates golang#62372 Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508 Reviewed-on: https://go-review.googlesource.com/c/go/+/558796 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
|
Change https://go.dev/cl/603375 mentions this issue: |
|
Change https://go.dev/cl/603376 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 10, 2024
… 4735 Reapplies CL 549695 now that the certificate was issued. Updates #64717 Updates #62372 Change-Id: Ie37abed5c5aceac435d92397ed626dfeefabe5ab Reviewed-on: https://go-review.googlesource.com/c/go/+/603375 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: David Chase <[email protected]>
gopherbot
pushed a commit
that referenced
this issue
Aug 10, 2024
This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Reapplies CL 549975. Updates #64717 Updates #62372 Change-Id: I6c608704638d59a063a657fbd4eb1126027112dd Reviewed-on: https://go-review.googlesource.com/c/go/+/603376 Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]>
|
@FiloSottile and @agl when I checked the CMVP #4735, 2022061300 and the corresponding CAVP A2811, 2022061300, I couldn't find TLS 1.3 KDF listed (comparing with CAVP A4687, 2023042800 or CAVP A5370, 20240407 I am unsure whether the current CMVP #4735 covers the TLS 1.3 usage as I saw it was enabled in d363534 with 2022061300. (or maybe one of the newer versions is getting a cert soon, guessing from the module-in-progress) (It's exciting to see #69536 coming) |
Looks like still lacks support here (https://go.googlesource.com/go/+/dev.boringcrypto/src/crypto/tls/handshake_server_tls13.go#47) any news?:
|
|
@stevesmoot the dev.boringcrypto branch is deprecated and no longer used. You should be looking at master, where this check isn't present. |
|
awesome, thank you, clearly we werent tracking this closely enough. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Per the discussion at #62372 (comment), we decided to upgrade to BoringCrypto
fips-20220613and enable TLS 1.3.Since the NIST SP 800-52 Rev. 2 deadline is January 1st, we need this in Go 1.22.
This only affects
GOEXPERIMENT=boringcrypto.The text was updated successfully, but these errors were encountered: