Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[go1.20-support] Stop using deprecated RSA functions #144

Open
wants to merge 3 commits into
base: go1.20-support
Choose a base branch
from
Open

[go1.20-support] Stop using deprecated RSA functions #144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fce65f4
Stop using RSA_* functions for signatures
ueno Mar 31, 2023
8ab6578
Stop using RSA_generate_key_ex
ueno Apr 7, 2023
72e8168
Port RSA test from wip/combined-codebase-staging
ueno Apr 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 28 additions & 28 deletions openssl/goopenssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -543,15 +543,9 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
(ctx, sig, siglen))

typedef RSA GO_RSA;
int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
size_t msgLen, uint8_t *sig, size_t *slen,
GO_RSA *key);

int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
const uint8_t *sig, unsigned int slen,
GO_RSA *key);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
Expand All @@ -574,29 +568,18 @@ int _goboringcrypto_ECDSA_verify_raw(EVP_MD *md,

#include <openssl/rsa.h>

// Note: order of struct fields here is unchecked.
typedef BN_GENCB GO_BN_GENCB;
int _goboringcrypto_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
int _goboringcrypto_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);

int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);
int _goboringcrypto_RSA_sign_raw(EVP_MD *md, const uint8_t *msg, size_t msgLen,
uint8_t *sig, size_t *slen,
GO_RSA *key);
int _goboringcrypto_RSA_verify_raw(EVP_MD *md, const uint8_t *msg, size_t msgLen,
const uint8_t *sig, unsigned int slen,
GO_RSA *key);

DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
DEFINEFUNC(void, RSA_free, (GO_RSA * arg0), (arg0))
DEFINEFUNC(int, RSA_private_encrypt,
(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding),
(flen, from, to, rsa, padding))
DEFINEFUNC(int, RSA_public_decrypt,
(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding),
(flen, from, to, rsa, padding))
DEFINEFUNC(int, RSA_sign,
(int arg0, const uint8_t *arg1, unsigned int arg2, uint8_t *arg3, unsigned int *arg4, GO_RSA *arg5),
(arg0, arg1, arg2, arg3, arg4, arg5))
DEFINEFUNC(int, RSA_verify,
(int arg0, const uint8_t *arg1, unsigned int arg2, const uint8_t *arg3, unsigned int arg4, GO_RSA *arg5),
(arg0, arg1, arg2, arg3, arg4, arg5))
DEFINEFUNC(int, RSA_generate_key_ex,
(GO_RSA * arg0, int arg1, GO_BIGNUM *arg2, GO_BN_GENCB *arg3),
(arg0, arg1, arg2, arg3))

DEFINEFUNCINTERNAL(int, RSA_set0_factors,
(GO_RSA * rsa, GO_BIGNUM *p, GO_BIGNUM *q),
Expand Down Expand Up @@ -744,7 +727,8 @@ _goboringcrypto_RSA_get0_key(const GO_RSA *rsa, const GO_BIGNUM **n, const GO_BI
#endif
}

int _goboringcrypto_RSA_generate_key_fips(GO_RSA *, int, GO_BN_GENCB *);
GO_RSA *_goboringcrypto_RSA_generate_key_fips(int bits);

enum
{
GO_RSA_PKCS1_PADDING = 1,
Expand All @@ -763,7 +747,6 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *, unsigned int *out_len, uint8_t *
int _goboringcrypto_RSA_verify_pss_mgf1(GO_RSA *, const uint8_t *msg, unsigned int msg_len, GO_EVP_MD *md, const GO_EVP_MD *mgf1_md, int salt_len, const uint8_t *sig, unsigned int sig_len);

DEFINEFUNC(unsigned int, RSA_size, (const GO_RSA *arg0), (arg0))
DEFINEFUNC(int, RSA_check_key, (const GO_RSA *arg0), (arg0))

DEFINEFUNC(int, EVP_EncryptInit_ex,
(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv),
Expand Down Expand Up @@ -818,6 +801,7 @@ typedef EVP_PKEY GO_EVP_PKEY;

DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
DEFINEFUNC(GO_RSA *, EVP_PKEY_get1_RSA, (GO_EVP_PKEY * arg0), (arg0))
DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
DEFINEFUNC(GO_EC_KEY *, EVP_PKEY_get1_EC_KEY, (GO_EVP_PKEY * arg0), (arg0))
DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
Expand Down Expand Up @@ -884,6 +868,22 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP
EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md);
}

static inline int
_goboringcrypto_EVP_PKEY_CTX_set_rsa_keygen_bits(GO_EVP_PKEY_CTX *ctx, int mbits) {
return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1,
EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_BITS,
mbits, NULL);
}

static inline int
_goboringcrypto_EVP_PKEY_CTX_set_rsa_keygen_pubexp(GO_EVP_PKEY_CTX *ctx, GO_BIGNUM *pubexp) {
return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1,
EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP,
0, pubexp);
}

DEFINEFUNC(int, EVP_PKEY_decrypt,
(GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, size_t arg4),
(arg0, arg1, arg2, arg3, arg4))
Expand Down
2 changes: 1 addition & 1 deletion openssl/notboring.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, r, s BigInt) bool {
type PublicKeyECDH struct{ _ int }
type PrivateKeyECDH struct{ _ int }

func (pc *PublicKeyECDH) Bytes() []byte { panic("boringcrypto: not available") }
func (pc *PublicKeyECDH) Bytes() []byte { panic("boringcrypto: not available") }
func (pc *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { panic("boringcrypto: not available") }

func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) {
Expand Down
72 changes: 0 additions & 72 deletions openssl/openssl_evp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,41 +38,6 @@ int _goboringcrypto_EVP_sign(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
return ret;
}

int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
size_t msgLen, uint8_t *sig, size_t *slen,
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
if (!pk)
return 0;

if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
goto err;

if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;

if (1 != _goboringcrypto_EVP_PKEY_sign_init(ctx))
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_sign(ctx, sig, slen, msg, msgLen))
goto err;

/* Success */
ret = 1;

err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
if (pk)
_goboringcrypto_EVP_PKEY_free(pk);

return ret;
}

int _goboringcrypto_EVP_verify(EVP_MD *md, EVP_PKEY_CTX *ctx,
const uint8_t *msg, size_t msgLen,
const uint8_t *sig, unsigned int slen,
Expand Down Expand Up @@ -101,40 +66,3 @@ int _goboringcrypto_EVP_verify(EVP_MD *md, EVP_PKEY_CTX *ctx,

return ret;
}

int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
const uint8_t *sig, unsigned int slen,
GO_RSA *rsa_key) {

int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
if (!pk)
return 0;

if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
goto err;

if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;

if (1 != _goboringcrypto_EVP_PKEY_verify_init(ctx))
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_verify(ctx, sig, slen, msg, msgLen))
goto err;

/* Success */
ret = 1;

err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
if (pk)
_goboringcrypto_EVP_PKEY_free(pk);

return ret;
}
134 changes: 121 additions & 13 deletions openssl/openssl_port_rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,42 @@
#include "goopenssl.h"

// Only in BoringSSL.
int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size,
GO_BN_GENCB *cb) {
GO_RSA *_goboringcrypto_RSA_generate_key_fips(int bits) {
GO_EVP_PKEY_CTX *ctx = NULL;
GO_EVP_PKEY *pkey = NULL;
GO_BIGNUM *e = NULL;
GO_RSA *ret = NULL;

ctx = _goboringcrypto_EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
return NULL;

if (_goboringcrypto_EVP_PKEY_keygen_init(ctx) <= 0)
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0)
goto err;

// BoringSSL's RSA_generate_key_fips hard-codes e to 65537.
BIGNUM *e = _goboringcrypto_BN_new();
if (e == NULL)
return 0;
int ret = _goboringcrypto_BN_set_word(e, RSA_F4) &&
_goboringcrypto_RSA_generate_key_ex(rsa, size, e, cb);
e = _goboringcrypto_BN_new();
if (!e)
goto err;

if (_goboringcrypto_BN_set_word(e, RSA_F4) <= 0)
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, e) <= 0)
goto err;

if (_goboringcrypto_EVP_PKEY_keygen(ctx, &pkey) <= 0)
goto err;

ret = _goboringcrypto_EVP_PKEY_get1_RSA(pkey);

err:
_goboringcrypto_BN_free(e);
_goboringcrypto_EVP_PKEY_free(pkey);
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
return ret;
}

Expand Down Expand Up @@ -182,9 +209,9 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg,
return ret;
}

int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg,
unsigned int msgLen, uint8_t *sig,
size_t *slen, RSA *rsa) {
int _goboringcrypto_RSA_sign(EVP_MD *md, const uint8_t *msg,
unsigned int msgLen, uint8_t *sig,
size_t *slen, RSA *rsa) {
int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
if (!key) {
Expand All @@ -200,9 +227,9 @@ int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg,
return result;
}

int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg,
unsigned int msgLen, const uint8_t *sig,
unsigned int slen, GO_RSA *rsa) {
int _goboringcrypto_RSA_verify(EVP_MD *md, const uint8_t *msg,
unsigned int msgLen, const uint8_t *sig,
unsigned int slen, GO_RSA *rsa) {
int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
if (!key) {
Expand All @@ -217,3 +244,84 @@ int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg,
_goboringcrypto_EVP_PKEY_free(key);
return result;
}

int _goboringcrypto_RSA_sign_raw(EVP_MD *md, const uint8_t *msg,
size_t msgLen, uint8_t *sig, size_t *slen,
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY_CTX *ctx = NULL;
GO_EVP_PKEY *pk = NULL;

pk = _goboringcrypto_EVP_PKEY_new();
if (!pk)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key))
goto err;

ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL);
if (!ctx)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_sign_init(ctx))
goto err;

if (md && 1 != _goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md))
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_sign(ctx, sig, slen, msg, msgLen))
goto err;

/* Success */
ret = 1;

err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);

return ret;
}

int _goboringcrypto_RSA_verify_raw(EVP_MD *md,
const uint8_t *msg, size_t msgLen,
const uint8_t *sig, unsigned int slen,
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY_CTX *ctx = NULL;
GO_EVP_PKEY *pk = NULL;

pk = _goboringcrypto_EVP_PKEY_new();
if (!pk)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key))
goto err;

ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL);
if (!ctx)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_verify_init(ctx))
goto err;

if (md && 1 != _goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md))
goto err;

if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
goto err;

if (1 != _goboringcrypto_EVP_PKEY_verify(ctx, sig, slen, msg, msgLen))
goto err;

/* Success */
ret = 1;

err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);

return ret;
}
Loading