Skip to content

Commit

Permalink
Offload TLS PRF to OpenSSL backend
Browse files Browse the repository at this point in the history
For FIPS compliance, this offloads the PRF computation in TLS to
OpenSSL, based on the work by Quim Muntal in:
microsoft/go#1036

Note that, on RHEL-9, this may cause interoperability issue against
the peers which do not use extended master secret, yielding a
connection close with internal_error alert. The way to mitigate that
behavior is described at:
https://www.redhat.com/en/blog/tls-extended-master-secret-and-fips-rhel
  • Loading branch information
ueno committed Feb 15, 2024
1 parent 56ac3db commit 1ec36d8
Show file tree
Hide file tree
Showing 2 changed files with 279 additions and 68 deletions.
124 changes: 56 additions & 68 deletions patches/000-initial-setup.patch
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,27 @@ index f933f2800a..223ce04340 100644
testenv.MustHaveExternalNetwork(t)

// Create a temp dir and modcache subdir.
diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go
new file mode 100644
index 0000000000..5652398605
--- /dev/null
+++ b/src/crypto/internal/backend/bbig/big.go
@@ -0,0 +1,15 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This is a mirror of
+// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go.
+
+package bbig
+
+import (
+ "github.com/golang-fips/openssl/v2/bbig"
+)
+
+var Enc = bbig.Enc
+var Dec = bbig.Dec
diff --git a/src/crypto/internal/backend/boringtest/config.go b/src/crypto/internal/backend/boringtest/config.go
new file mode 100644
index 0000000000..6c8c00d11e
Expand Down Expand Up @@ -192,10 +213,10 @@ new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
new file mode 100644
index 0000000000..15c1ee8cbe
index 0000000000..528ded04d7
--- /dev/null
+++ b/src/crypto/internal/backend/nobackend.go
@@ -0,0 +1,163 @@
@@ -0,0 +1,170 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
Expand Down Expand Up @@ -359,12 +380,19 @@ index 0000000000..15c1ee8cbe
+func HashSignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (*big.Int, *big.Int, error) {
+ panic("boringcrypto: not available")
+}
+
+func SupportsTLS1PRF() bool {
+ panic("boringcrypto: not available")
+}
+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error {
+ panic("boringcrypto: not available")
+}
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
new file mode 100644
index 0000000000..2087c555a4
index 0000000000..6ec71c625d
--- /dev/null
+++ b/src/crypto/internal/backend/openssl.go
@@ -0,0 +1,122 @@
@@ -0,0 +1,125 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
Expand Down Expand Up @@ -487,27 +515,9 @@ index 0000000000..2087c555a4
+var ExtractHKDF = openssl.ExtractHKDF
+var ExpandHKDF = openssl.ExpandHKDF
+var SupportsHKDF = openssl.SupportsHKDF
diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go
new file mode 100644
index 0000000000..7fac1ec7e1
--- /dev/null
+++ b/src/crypto/internal/backend/bbig/big.go
@@ -0,0 +1,15 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This is a mirror of
+// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go.
+
+package bbig
+
+import (
+ "github.com/golang-fips/openssl/v2/bbig"
+)
+
+var Enc = bbig.Enc
+var Dec = bbig.Dec
+var SupportsTLS1PRF = openssl.SupportsTLS1PRF
+var TLS1PRF = openssl.TLS1PRF
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
index dfa1eddc88..39a4fc184a 100644
--- a/src/crypto/rsa/pkcs1v15_test.go
Expand Down Expand Up @@ -734,28 +744,6 @@ index cf03e3cb7e..1226149321 100644
t.Fatalf("SignPSS unexpected error: got %v, want %v", err, InvalidSaltLenErr)
}

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index 63bc8dad1a..ab56ccd1ed 100644
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -509,7 +509,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l
if err != nil {
return nil, err
}
- return boring.EncryptRSAOAEP(hash, hash, bkey, msg, label)
+ return boring.EncryptRSAOAEP(hash, hash, bkey, msg, label)
}
boring.UnreachableExceptTests()

@@ -680,7 +680,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci
if err != nil {
return nil, err
}
- out, err := boring.DecryptRSAOAEP(hash, mgfHash, bkey, ciphertext, label)
+ out, err := boring.DecryptRSAOAEP(hash, mgfHash, bkey, ciphertext, label)
if err != nil {
return nil, ErrDecryption
}
diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
index 3278a7ff30..b994daec19 100644
--- a/src/crypto/rsa/rsa_test.go
Expand Down Expand Up @@ -1128,7 +1116,7 @@ index ba68f355eb..7bfe3f9417 100644

// A self-signed test certificate with an RSA key of size 2048, for testing
diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go
index 04e6dfe018..b6ed936cd1 100644
index 589e8b6faf..669208bb86 100644
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@@ -354,6 +354,11 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
Expand All @@ -1144,7 +1132,7 @@ index 04e6dfe018..b6ed936cd1 100644
hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 5394d64ac6..db4e2dbf60 100644
index e0885a0da9..5edbd19995 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -12,6 +12,7 @@ import (
Expand All @@ -1155,7 +1143,7 @@ index 5394d64ac6..db4e2dbf60 100644
"crypto/rand"
"crypto/rsa"
"crypto/sha512"
@@ -994,6 +995,9 @@ const roleServer = false
@@ -1031,6 +1032,9 @@ const roleServer = false
func (c *Config) supportedVersions(isClient bool) []uint16 {
versions := make([]uint16, 0, len(supportedVersions))
for _, v := range supportedVersions {
Expand All @@ -1166,10 +1154,10 @@ index 5394d64ac6..db4e2dbf60 100644
continue
}
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 63d86b9f3a..a8ee915041 100644
index 4649f36dea..5e1976caf3 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -127,7 +127,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
@@ -139,7 +139,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
if len(hello.supportedVersions) == 1 {
hello.cipherSuites = nil
}
Expand All @@ -1181,10 +1169,10 @@ index 63d86b9f3a..a8ee915041 100644
} else {
hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
index 22be38faff..d460eeb880 100644
index a2052ceb70..1666b58ef3 100644
--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -2156,6 +2156,7 @@ func testBuffering(t *testing.T, version uint16) {
@@ -2198,6 +2198,7 @@ func testBuffering(t *testing.T, version uint16) {
}

func TestAlertFlushing(t *testing.T) {
Expand All @@ -1193,7 +1181,7 @@ index 22be38faff..d460eeb880 100644
done := make(chan bool)

diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index 4a8661085e..87fe11de5c 100644
index 2f59f6888c..a84cede1b0 100644
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -41,10 +41,6 @@ type clientHandshakeStateTLS13 struct {
Expand All @@ -1208,10 +1196,10 @@ index 4a8661085e..87fe11de5c 100644
// sections 4.1.2 and 4.1.3.
if c.handshakes > 0 {
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index b7b568cd84..af75e7dbe0 100644
index 07b1a3851e..938a329668 100644
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -44,10 +44,6 @@ type serverHandshakeStateTLS13 struct {
@@ -45,10 +45,6 @@ type serverHandshakeStateTLS13 struct {
func (hs *serverHandshakeStateTLS13) handshake() error {
c := hs.c

Expand All @@ -1223,7 +1211,7 @@ index b7b568cd84..af75e7dbe0 100644
if err := hs.processClientHello(); err != nil {
return err
diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
index ae8f80a7cf..30a8450f40 100644
index d7f082c9ee..e7a360fdd4 100644
--- a/src/crypto/tls/key_schedule.go
+++ b/src/crypto/tls/key_schedule.go
@@ -7,6 +7,7 @@ package tls
Expand All @@ -1234,7 +1222,7 @@ index ae8f80a7cf..30a8450f40 100644
"errors"
"fmt"
"hash"
@@ -58,9 +59,20 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by
@@ -59,9 +60,20 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by
panic(fmt.Errorf("failed to construct HKDF label: %s", err))
}
out := make([]byte, length)
Expand All @@ -1258,7 +1246,7 @@ index ae8f80a7cf..30a8450f40 100644
}
return out
}
@@ -78,7 +90,15 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
@@ -79,7 +91,15 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
if newSecret == nil {
newSecret = make([]byte, c.hash.Size())
}
Expand Down Expand Up @@ -1305,7 +1293,7 @@ index 33fd0ed52b..102acda578 100644
I_R1 := testBoringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK)
testBoringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK)
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 8846b00312..8734dd03c1 100644
index 19deeab54d..0c2cbf3182 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -12,6 +12,8 @@ import (
Expand Down Expand Up @@ -1424,7 +1412,7 @@ index 8846b00312..8734dd03c1 100644
commonName := "test.example.com"
template := Certificate{
SerialNumber: big.NewInt(1),
@@ -3607,11 +3638,19 @@ func TestParseRevocationList(t *testing.T) {
@@ -3682,11 +3713,19 @@ func TestParseRevocationList(t *testing.T) {
}

func TestRevocationListCheckSignatureFrom(t *testing.T) {
Expand All @@ -1447,10 +1435,10 @@ index 8846b00312..8734dd03c1 100644
t.Fatalf("failed to generate test key: %s", err)
}
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 08452c7b1d..0732db0662 100644
index 592f2fd72a..1c1caa6897 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -396,9 +396,11 @@ var depsRules = `
@@ -423,9 +423,11 @@ var depsRules = `
< crypto/internal/alias
< crypto/cipher;

Expand All @@ -1463,7 +1451,7 @@ index 08452c7b1d..0732db0662 100644
< crypto/boring;

crypto/internal/alias
@@ -427,11 +429,13 @@ var depsRules = `
@@ -454,11 +456,13 @@ var depsRules = `
crypto/sha512
< CRYPTO;

Expand All @@ -1478,15 +1466,15 @@ index 08452c7b1d..0732db0662 100644
< crypto/rand
< crypto/ed25519
< encoding/asn1
@@ -629,6 +633,7 @@ func listStdPkgs(goroot string) ([]string, error) {
@@ -663,6 +667,7 @@ func listStdPkgs(goroot string) ([]string, error) {
}

func TestDependencies(t *testing.T) {
+ t.Skip("openssl based toolchain has different dependencies than upstream")
if !testenv.HasSrc() {
// Tests run in a limited file system and we do not
// provide access to every source file.
@@ -671,7 +676,7 @@ var buildIgnore = []byte("\n//go:build ignore")
@@ -705,7 +710,7 @@ var buildIgnore = []byte("\n//go:build ignore")

func findImports(pkg string) ([]string, error) {
vpkg := pkg
Expand All @@ -1495,7 +1483,7 @@ index 08452c7b1d..0732db0662 100644
vpkg = "vendor/" + pkg
}
dir := filepath.Join(Default.GOROOT, "src", vpkg)
@@ -681,7 +686,7 @@ func findImports(pkg string) ([]string, error) {
@@ -715,7 +720,7 @@ func findImports(pkg string) ([]string, error) {
}
var imports []string
var haveImport = map[string]bool{}
Expand All @@ -1505,7 +1493,7 @@ index 08452c7b1d..0732db0662 100644
}
fset := token.NewFileSet()
diff --git a/src/runtime/pprof/proto_test.go b/src/runtime/pprof/proto_test.go
index 780b481de8..63db9e9ed7 100644
index 8ec9c9109a..d7f287261f 100644
--- a/src/runtime/pprof/proto_test.go
+++ b/src/runtime/pprof/proto_test.go
@@ -15,6 +15,7 @@ import (
Expand Down
Loading

0 comments on commit 1ec36d8

Please sign in to comment.