Skip to content

Stop using RSA_* functions for signatures #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 25, 2023
Merged

Stop using RSA_* functions for signatures #57

merged 3 commits into from
Apr 25, 2023

Conversation

ueno
Copy link
Collaborator

@ueno ueno commented Mar 31, 2023
edited
Loading

For creating and verifying PKCS#1 v1.5 signatures in a pre-hashed manner, we used the legacy RSA_sign and RSA_verify functions, which bypass the system-wide disablement of SHA-1 and shorter RSA key length usage inconsistently with the OpenSSL 3.0 default on RHEL.

This switches to using our _goboringcrypto_EVP_{sign,verify}_raw, which internally use EVP_PKEY_ functions.

@ueno ueno marked this pull request as ready for review April 4, 2023 13:08
@ueno ueno requested review from derekparker and simo5 April 4, 2023 13:09
@ueno ueno changed the title Stop using RSA_* functions Stop using RSA_* functions for signatures Apr 6, 2023
@ueno ueno force-pushed the wip/rsa-evp branch 2 times, most recently from 40bcb96 to 8d955ba Compare April 7, 2023 08:37
simo5
simo5 approved these changes Apr 7, 2023
View reviewed changes
Copy link
Collaborator

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good in general but I wonder why the change in behavior for msgIsHashed cases, I think we wanted to enforce hashing in the FIPS boundary in the past?

@ueno
Copy link
Collaborator Author

ueno commented Apr 7, 2023

Afaik we later had to revert that enforcement as the crypto/rsa.SignPKCS1v15 takes hashed bytes and there are still some use of PKCS#1 v1.5 signatures in applications.

@ueno
Stop using RSA_* functions for signatures
c70be52 
For creating and verifying PKCS#1 v1.5 signatures in a pre-hashed
manner, we used the legacy RSA_sign and RSA_verify functions, which
bypass the system-wide disablement of SHA-1 and shorter RSA key length
usage inconsistently with the OpenSSL 3.0 default on RHEL.

This switches to using our _goboringcrypto_EVP_{sign,verify}_raw,
which internally use EVP_PKEY_ functions.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno
Stop using RSA_generate_key_ex
bb31ec6 
This switches _goboringcrypto_RSA_generate_key_fips to using
EVP_PKEY_keygen function instead of RSA_generate_key_ex.

The accessors functions around the RSA * type, such as
RSA_get0_crt_params, are still used, though they are not a
cryptographic operation so this patch leaves it as they are for now.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno ueno mentioned this pull request Apr 10, 2023
Merged
@ueno ueno requested a review from dbenoit17 April 12, 2023 07:38
derekparker
derekparker approved these changes Apr 24, 2023
View reviewed changes
Copy link
Contributor

@derekparker derekparker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ueno ueno merged commit ac2a11f into golang-fips:master Apr 25, 2023
@ueno ueno mentioned this pull request May 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekparker derekparker derekparker approved these changes

@simo5 simo5 simo5 approved these changes

@dbenoit17 dbenoit17 Awaiting requested review from dbenoit17

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ueno @derekparker @simo5