Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only omit RSA primes if precomputed values are missing in OpenSSL 3.0 and 3.1 #163

Merged
merged 6 commits into from
Sep 10, 2024
Merged

Only omit RSA primes if precomputed values are missing in OpenSSL 3.0 and 3.1 #163

merged 6 commits into from
Sep 10, 2024

Conversation

qmuntal
Copy link
Collaborator

@qmuntal qmuntal commented Sep 4, 2024
edited
Loading

Since OpenSSL 3.2, RSA primes can coexist with empty precomputed values, see openssl/openssl#22334.
Some providers, such as SymCrypt, compute the RSA private key using the prime numbers P and Q instead of loading it from the private exponent D. So they always need P and Q, even if the precomputed values are omitted. This means that these providers are not fully compatible with OpenSSL 3.0 and 3.1, but they do work with OpenSSL 3.2 and higher.

This PR relaxes the restriction added in #136 to only take effect with OpenSSL 3.0 and 3.1.

@qmuntal qmuntal mentioned this pull request Sep 4, 2024
Closed
@qmuntal qmuntal changed the title Only allow omission of precomputed RSA values in OpenSSL 3.0 and 3.1 Only omit RSA primes if precomputed values are missing in OpenSSL 3.0 and 3.1 Sep 4, 2024
karianna
karianna reviewed Sep 4, 2024
View reviewed changes
Copy link
Collaborator

@karianna karianna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can / Should we add a test for this?

dagood
dagood reviewed Sep 5, 2024
View reviewed changes
rsa.go Outdated Show resolved Hide resolved
@qmuntal qmuntal requested a review from dagood September 5, 2024 07:44
@qmuntal
Copy link
Collaborator Author

qmuntal commented Sep 5, 2024

Can / Should we add a test for this?

Good point. I've added some tests and, while here, improved a bit all the RSA tests.

@qmuntal qmuntal requested a review from karianna September 5, 2024 08:12
dagood
dagood approved these changes Sep 6, 2024
View reviewed changes
rsa_test.go Outdated Show resolved Hide resolved
@karianna
Copy link
Collaborator

karianna commented Sep 7, 2024

@qmuntal will need a rebase now

@qmuntal
Copy link
Collaborator Author

qmuntal commented Sep 10, 2024

@ueno can you take a look at this? Thanks.

ueno
ueno approved these changes Sep 10, 2024
View reviewed changes
Copy link
Collaborator

@ueno ueno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@qmuntal qmuntal merged commit 6c842d7 into v2 Sep 10, 2024
26 checks passed
@qmuntal qmuntal deleted the rsamiss branch September 10, 2024 07:12
mertakman pushed a commit to mertakman/openssl that referenced this pull request Sep 10, 2024
@qmuntal @dagood @mertakman
Only omit RSA primes if precomputed values are missing in OpenSSL 3.0…
703c1c5 
… and 3.1 (golang-fips#163)

* only allow omission of precomputed RSA values in OpenSSL 3.0 and 3.1

* check if rsa primes and precomputed values exists

* make logic more clear

* Update rsa.go

Co-authored-by: Davis Goodin <dagood@users.noreply.github.com>

* add tests

* exhaustively tests messing precomputed values

---------

Co-authored-by: Davis Goodin <dagood@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagood dagood dagood approved these changes

@karianna karianna karianna approved these changes

@ueno ueno ueno approved these changes

@derekparker derekparker Awaiting requested review from derekparker

@gdams gdams Awaiting requested review from gdams

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@qmuntal @karianna @ueno @dagood