tozny/python-fips:2 image fips mode not enabled
Closed this issue · 2 comments
When we try to run the container out of image tozny/python-fips:2 and run the following python script it shows fips mode is not enabled.
#!/usr/bin/env python3
import sys
import ssl
import ctypes
libcrypto = ctypes.CDLL("libcrypto.so.1.0.0")
fips_mode = libcrypto.FIPS_mode
fips_mode.argtypes = []
fips_mode.restype = ctypes.c_int
fips_selftest_failed = libcrypto.FIPS_selftest_failed
fips_selftest_failed.argtypes = []
fips_selftest_failed.restype = ctypes.c_int
fips_mode_set = libcrypto.FIPS_mode_set
fips_mode_set.argtypes = [ctypes.c_int]
fips_mode_set.restype = ctypes.c_int
text = b""
if name == "main":
print("Python {:s} on {:s}\n".format(sys.version, sys.platform))
print("OPENSSL_VERSION: {:s}".format(ssl.OPENSSL_VERSION))
enable_fips = len(sys.argv) > 1
print("FIPS_mode(): {:d}".format(fips_mode()))
if enable_fips:
print("FIPS_mode_set(1): {:d}".format(fips_mode_set(1)))
print("FIPS_mode(): {:d}".format(fips_mode()))
print("FIPS_selftest_failed(): {:d}".format(fips_selftest_failed()))
import hashlib
print("SHA1: {:s}".format(hashlib.sha1(text).hexdigest()))
print("MD5: {:s}".format(hashlib.md5(text).hexdigest()))
Output is
/ # python2 test.py 1
Python 2.7.15 (default, Jan 11 2019, 23:23:34)
[GCC 6.4.0] on linux2
OPENSSL_VERSION: OpenSSL 1.0.2o-fips 27 Mar 2018
FIPS_mode(): 0
FIPS_mode_set(1): 0
FIPS_mode(): 0
FIPS_selftest_failed(): 1
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5: d41d8cd98f00b204e9800998ecf8427e
But this script works perfectly fine on tozny/python-fips:3 image. Is fips really enabled on python2?
Hi! Sorry to hear about the issue. The python2 Dockerfile is not actively maintained at the moment, but we welcome pull request fixes.
Closed due to inactivity