tls: update BoringSSL-FIPS to 20190808. (envoyproxy#12170) (envoyprox…

…y#247)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Co-authored-by: Piotr Sikora <piotrsikora@google.com>

api/envoy/api/v2/auth/common.proto

@@ -45,8 +45,8 @@ message TlsParameters {
   // servers.
   TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}];
 
-  // Maximum TLS protocol version. By default, it's ``TLSv1_3`` for servers in non-FIPS builds, and
-  // ``TLSv1_2`` for clients and for servers using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`.
+  // Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
+  // servers.
   TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}];
 
   // If specified, the TLS listener will only support the specified `cipher list

api/envoy/extensions/transport_sockets/tls/v3/common.proto

@@ -45,8 +45,8 @@ message TlsParameters {
   // servers.
   TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}];
 
-  // Maximum TLS protocol version. By default, it's ``TLSv1_3`` for servers in non-FIPS builds, and
-  // ``TLSv1_2`` for clients and for servers using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`.
+  // Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
+  // servers.
   TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}];
 
   // If specified, the TLS listener will only support the specified `cipher list

bazel/external/boringssl_fips.genrule_cmd

@@ -2,8 +2,8 @@
 
 set -e
 
-# BoringSSL build as described in the Security Policy for BoringCrypto module (2018-10-25):
-# https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3318.pdf
+# BoringSSL build as described in the Security Policy for BoringCrypto module (2020-07-02):
+# https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf
 
 # This works only on Linux-x86_64.
 if [[ `uname` != "Linux" || `uname -m` != "x86_64" ]]; then
@@ -16,16 +16,16 @@ ROOT=$$(dirname $(rootpath boringssl/BUILDING.md))/..
 pushd $$ROOT
 
 # Build tools requirements:
-# - Clang compiler version 6.0.1 (https://releases.llvm.org/download.html)
-# - Go programming language version 1.10.3 (https://golang.org/dl/)
-# - Ninja build system version 1.8.2 (https://github.com/ninja-build/ninja/releases)
+# - Clang compiler version 7.0.1 (https://releases.llvm.org/download.html)
+# - Go programming language version 1.12.7 (https://golang.org/dl/)
+# - Ninja build system version 1.9.0 (https://github.com/ninja-build/ninja/releases)
 
 # Override $$PATH for build tools, to avoid picking up anything else.
 export PATH="$$(dirname `which cmake`):/usr/bin:/bin"
 
-# Clang 6.0.1
-VERSION=6.0.1
-SHA256=7ea204ecd78c39154d72dfc0d4a79f7cce1b2264da2551bb2eef10e266d54d91
+# Clang 7.0.1
+VERSION=7.0.1
+SHA256=02ad925add5b2b934d64c3dd5cbd1b2002258059f7d962993ba7f16524c3089c
 PLATFORM="x86_64-linux-gnu-ubuntu-16.04"
 
 curl -sLO https://releases.llvm.org/"$$VERSION"/clang+llvm-"$$VERSION"-"$$PLATFORM".tar.xz \
@@ -41,26 +41,27 @@ if [[ `clang --version | head -1 | awk '{print $$3}'` != "$$VERSION" ]]; then
   exit 1
 fi
 
-# Go 1.10.3
-VERSION=1.10.3
-SHA256=fa1b0e45d3b647c252f51f5e1204aba049cde4af177ef9f2181f43004f901035
+# Go 1.12.7
+VERSION=1.12.7
+SHA256=66d83bfb5a9ede000e33c6579a91a29e6b101829ad41fffb5c5bb6c900e109d9
 PLATFORM="linux-amd64"
 
 curl -sLO https://dl.google.com/go/go"$$VERSION"."$$PLATFORM".tar.gz \
   && echo "$$SHA256" go"$$VERSION"."$$PLATFORM".tar.gz | sha256sum --check
 tar xf go"$$VERSION"."$$PLATFORM".tar.gz
 
+export GOPATH="$$PWD/gopath"
 export GOROOT="$$PWD/go"
-export PATH="$$GOROOT/bin:$$PATH"
+export PATH="$$GOPATH/bin:$$GOROOT/bin:$$PATH"
 
 if [[ `go version | awk '{print $$3}'` != "go$$VERSION" ]]; then
   echo "ERROR: Go version doesn't match."
   exit 1
 fi
 
-# Ninja 1.8.2
-VERSION=1.8.2
-SHA256=d2fea9ff33b3ef353161ed906f260d565ca55b8ca0568fa07b1d2cab90a84a07
+# Ninja 1.9.0
+VERSION=1.9.0
+SHA256=1b1235f2b0b4df55ac6d80bbe681ea3639c9d2c505c7ff2159a3daf63d196305
 PLATFORM="linux"
 
 curl -sLO https://github.com/ninja-build/ninja/releases/download/v"$$VERSION"/ninja-"$$PLATFORM".zip \

bazel/external/boringssl_fips.patch

@@ -0,0 +1,18 @@
+# Fix FIPS build (from BoringSSL commit 4ca15d5dcbe6e8051a4654df7c971ea8307abfe0).
+#
+# The modulewrapper is not a part of the FIPS module, so it can be patched without
+# concern about breaking the FIPS validation.
+--- boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
++++ boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+@@ -12,9 +12,11 @@
+  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
++#include <string>
+ #include <vector>
+
+ #include <assert.h>
++#include <errno.h>
+ #include <string.h>
+ #include <sys/uio.h>
+ #include <unistd.h>

bazel/repositories.bzl

@@ -242,6 +242,7 @@ def _boringssl_fips():
         sha256 = location["sha256"],
         genrule_cmd_file = "@envoy//bazel/external:boringssl_fips.genrule_cmd",
         build_file = "@envoy//bazel/external:boringssl_fips.BUILD",
+        patches = ["@envoy//bazel/external:boringssl_fips.patch"],
     )
 
 def _com_github_circonus_labs_libcircllhist():

bazel/repository_locations.bzl

@@ -88,9 +88,9 @@ DEPENDENCY_REPOSITORIES = dict(
         cpe = "N/A",
     ),
     boringssl_fips = dict(
-        sha256 = "b12ad676ee533824f698741bd127f6fbc82c46344398a6d78d25e62c6c418c73",
-        # fips-20180730
-        urls = ["https://commondatastorage.googleapis.com/chromium-boringssl-docs/fips/boringssl-66005f41fbc3529ffe8d007708756720529da20d.tar.xz"],
+        sha256 = "3b5fdf23274d4179c2077b5e8fa625d9debd7a390aac1d165b7e47234f648bb8",
+        # fips-20190808
+        urls = ["https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-ae223d6138807a13006342edfeef32e813246b39.tar.xz"],
         use_category = ["dataplane"],
         cpe = "N/A",
     ),

docs/root/intro/arch_overview/security/ssl.rst

@@ -42,7 +42,7 @@ FIPS 140-2
 BoringSSL can be built in a
 `FIPS-compliant mode <https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md>`_,
 following the build instructions from the `Security Policy for BoringCrypto module
-<https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3318.pdf>`_,
+<https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf>`_,
 using ``--define boringssl=fips`` Bazel option. Currently, this option is only available on Linux-x86_64.
 
 The correctness of the FIPS build can be verified by checking the presence of ``BoringSSL-FIPS``
@@ -53,11 +53,11 @@ it's not sufficient by itself, and depending on the context, additional steps mi
 The extra requirements may include using only approved algorithms and/or using only private keys
 generated by a module operating in FIPS-approved mode. For more information, please refer to the
 `Security Policy for BoringCrypto module
-<https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3318.pdf>`_
+<https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf>`_
 and/or an `accredited CMVP laboratory <https://csrc.nist.gov/projects/testing-laboratories>`_.
 
 Please note that the FIPS-compliant build is based on an older version of BoringSSL than
-the non-FIPS build, and it predates the final version of TLS 1.3.
+the non-FIPS build, and it doesn't support the most recent QUIC APIs.
 
 .. _arch_overview_ssl_enabling_verification:
 

source/extensions/transport_sockets/tls/context_config_impl.cc

@@ -353,12 +353,7 @@ ClientContextConfigImpl::ClientContextConfigImpl(
 }
 
 const unsigned ServerContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_VERSION;
-const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION =
-#ifndef BORINGSSL_FIPS
-    TLS1_3_VERSION;
-#else // BoringSSL FIPS
-    TLS1_2_VERSION;
-#endif
+const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_3_VERSION;
 
 const std::string ServerContextConfigImpl::DEFAULT_CIPHER_SUITES =
 #ifndef BORINGSSL_FIPS

test/extensions/transport_sockets/tls/ssl_socket_test.cc

@@ -3640,7 +3640,7 @@ TEST_P(SslSocketTest, ProtocolVersions) {
   client_params->clear_tls_minimum_protocol_version();
   client_params->clear_tls_maximum_protocol_version();
 
-  // Connection using TLSv1.3 (client) and defaults (server) succeeds (non-FIPS) or fails (FIPS).
+  // Connection using TLSv1.3 (client) and defaults (server) succeeds.
   client_params->set_tls_minimum_protocol_version(
       envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_3);
   client_params->set_tls_maximum_protocol_version(
@@ -3650,11 +3650,7 @@ TEST_P(SslSocketTest, ProtocolVersions) {
   TestUtilOptionsV2 error_test_options(listener, client, false, GetParam());
   error_test_options.setExpectedServerStats("ssl.connection_error")
       .setExpectedTransportFailureReasonContains("TLSV1_ALERT_PROTOCOL_VERSION");
-#ifndef BORINGSSL_FIPS
   testUtilV2(tls_v1_3_test_options);
-#else // BoringSSL FIPS
-  testUtilV2(error_test_options);
-#endif
   client_params->clear_tls_minimum_protocol_version();
   client_params->clear_tls_maximum_protocol_version();
 
@@ -3663,11 +3659,7 @@ TEST_P(SslSocketTest, ProtocolVersions) {
       envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_0);
   client_params->set_tls_maximum_protocol_version(
       envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_3);
-#ifndef BORINGSSL_FIPS
   testUtilV2(tls_v1_3_test_options);
-#else // BoringSSL FIPS
-  testUtilV2(tls_v1_2_test_options);
-#endif
   client_params->clear_tls_minimum_protocol_version();
   client_params->clear_tls_maximum_protocol_version();