]> git.kaiwu.me - haproxy.git/commitdiff
MEDIUM: ssl: set FIPS-approved sigalgs defaults for AWS-LC FIPS builds
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 30 Jun 2026 13:37:27 +0000 (13:37 +0000)
committerWilliam Lallemand <wlallemand@haproxy.com>
Tue, 30 Jun 2026 14:02:50 +0000 (14:02 +0000)
When AWS-LC is built in FIPS mode, unconditionally override the
compile-time signature algorithm defaults with the FIPS-approved set
before config parsing. Explicit ssl-default-{bind,server}-sigalgs
keywords in the global section still take precedence over these
defaults.

The approved set is defined as macros in include/haproxy/defaults.h
alongside the existing CONNECT/LISTEN_DEFAULT_FIPS_CIPHERS family:
  CONNECT/LISTEN_DEFAULT_FIPS_SIGALGS        - ECDSA (P-256/384/521),
                                               RSA-PSS and RSA-PKCS1
                                               with SHA-256/384/512
  CONNECT/LISTEN_DEFAULT_FIPS_CLIENT_SIGALGS - same set for client
                                               certificate sigalgs

SHA-1 based algorithms and non-FIPS primitives (ed25519, ed448) are
excluded from the defaults.

include/haproxy/defaults.h
src/ssl_sock.c

index 95262c79f4d219e8466dd663f13761ecc95caafe..8a9062ea431eb54a0052fea7e8e806a78d20d827 100644 (file)
 #define LISTEN_DEFAULT_FIPS_CURVES "P-256:P-384:P-521"
 #endif
 
+/* FIPS-approved signature algorithms for AWS-LC FIPS builds */
+#ifndef CONNECT_DEFAULT_FIPS_SIGALGS
+#define CONNECT_DEFAULT_FIPS_SIGALGS \
+       "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:" \
+       "rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:" \
+       "rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512"
+#endif
+
+#ifndef LISTEN_DEFAULT_FIPS_SIGALGS
+#define LISTEN_DEFAULT_FIPS_SIGALGS \
+       "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:" \
+       "rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:" \
+       "rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512"
+#endif
+
+#ifndef CONNECT_DEFAULT_FIPS_CLIENT_SIGALGS
+#define CONNECT_DEFAULT_FIPS_CLIENT_SIGALGS \
+       "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:" \
+       "rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:" \
+       "rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512"
+#endif
+
+#ifndef LISTEN_DEFAULT_FIPS_CLIENT_SIGALGS
+#define LISTEN_DEFAULT_FIPS_CLIENT_SIGALGS \
+       "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:" \
+       "rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:" \
+       "rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512"
+#endif
+
 /* named curve used as defaults for ECDHE ciphers */
 #ifndef ECDHE_DEFAULT_CURVE
 #define ECDHE_DEFAULT_CURVE "prime256v1"
index 1fe6c3274a564ff8525487636d0d126646a39170..6c09aa51369a884e6c46072166a1798999018a56 100644 (file)
@@ -8544,6 +8544,16 @@ static void __ssl_sock_init(void)
                global_ssl.listen_default_curves = strdup(LISTEN_DEFAULT_FIPS_CURVES);
                free(global_ssl.connect_default_curves);
                global_ssl.connect_default_curves = strdup(CONNECT_DEFAULT_FIPS_CURVES);
+#if defined(SSL_CTX_set1_sigalgs_list)
+               free(global_ssl.listen_default_sigalgs);
+               global_ssl.listen_default_sigalgs = strdup(LISTEN_DEFAULT_FIPS_SIGALGS);
+               free(global_ssl.connect_default_sigalgs);
+               global_ssl.connect_default_sigalgs = strdup(CONNECT_DEFAULT_FIPS_SIGALGS);
+               free(global_ssl.listen_default_client_sigalgs);
+               global_ssl.listen_default_client_sigalgs = strdup(LISTEN_DEFAULT_FIPS_CLIENT_SIGALGS);
+               free(global_ssl.connect_default_client_sigalgs);
+               global_ssl.connect_default_client_sigalgs = strdup(CONNECT_DEFAULT_FIPS_CLIENT_SIGALGS);
+#endif
        }
 #endif /* OPENSSL_IS_AWSLC */