Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[go1.20-support] Stop using deprecated RSA functions #144

Open
wants to merge 3 commits into
base: go1.20-support
Choose a base branch
from

Conversation

ueno
Copy link
Collaborator

@ueno ueno commented May 9, 2024

This backports #57 to the go1.20-support branch, similar to #143.

ueno added 3 commits May 9, 2024 22:55
For creating and verifying PKCS#1 v1.5 signatures in a pre-hashed
manner, we used the legacy RSA_sign and RSA_verify functions, which
bypass the system-wide disablement of SHA-1 and shorter RSA key length
usage inconsistently with the OpenSSL 3.0 default on RHEL.

This switches to using our _goboringcrypto_EVP_{sign,verify}_raw,
which internally use EVP_PKEY_ functions.

Signed-off-by: Daiki Ueno <[email protected]>
This switches _goboringcrypto_RSA_generate_key_fips to using
EVP_PKEY_keygen function instead of RSA_generate_key_ex.

The accessors functions around the RSA * type, such as
RSA_get0_crt_params, are still used, though they are not a
cryptographic operation so this patch leaves it as they are for now.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno ueno requested a review from dbenoit17 May 9, 2024 13:57
@karianna
Copy link
Collaborator

@ueno Is this PR still valid? If so I'll ask some of the MSFT folks to review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants