Map certs with ITUT X509 to our RSA implementation (#1754) #1893
+81
−37
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There exists a rarer OID of RSA public keys which comes from the ITU-T version of X.509 (links below). Links: https://www.itu.int/ITU-T/formal-language/itu-t/x/x509/2008/AlgorithmObjectIdentifiers.html * https://www.ivi.co/jsse/2009/06/13/0220.html OpenSSL accepts the `sign_nid` and `pkey_nid` for this draft. * `NID_md5WithRSA` * `NID_sha1WithRSA` * `NID_rsa` We can parse both `sign_nid`s correctly. But we lack the logic to interpret `NID_rsa` in a certificate or map the parsed `sign_nid`s to any RSA implementation. OpenSSL maps the corresponding nids from the same draft, which means `NID_md5WithRSA` and `NID_sha1WithRSA` [are mapped](https://github.com/openssl/openssl/blob/8e0d479b98357bb20ab1bd073cf75f7d42531553/crypto/objects/obj_xref.h#L30-L32) to `NID_rsa` and an additional `EVP_PKEY_RSA2` is used to represent `NID_rsa`. The additional `EVP_PKEY` type introduces additional complexities however and the underlying functionality in `EVP_PKEY_RSA2` is [identical](https://github.com/openssl/openssl/blob/8e0d479b98357bb20ab1bd073cf75f7d42531553/crypto/rsa/rsa_ameth.c#L965-L1012) to it's more common `EVP_PKEY_RSA` counterpart. We've been burned by multiple OpenSSL cert parsing differences in the past, so we should have logic to understand certs that have `NID_rsa`. We don't want to duplicate all the function pointers for `EVP_PKEY_RSA2` however. Since the underlying RSA functions pointers are the same, I think it should be OK for us to 1. Map `NID_md5WithRSA` and `NID_sha1WithRSA` to our RSA implementation (`NID_rsa_encryption`). 2. Map `NID_rsa` to `EVP_PKEY_RSA` when parsing certificates. Unfortunately, there's some stricter parsing in `rsa_pub_decode` that I've had to remove since it doesn't apply to both RFCs for RSA public keys. This is aligning with OpenSSL, which happens to ignore both of the early parameters specified in either. * Documented in aws@f6094e0 * OpenSSL code (which ignores the parameter): https://github.com/openssl/openssl/blob/8e0d479b98357bb20ab1bd073cf75f7d42531553/crypto/rsa/rsa_ameth.c#L76-L90 Although we have `EVP_PKEY_RSA2` and we could map the logic for that to `EVP_PKEY_RSA` in `EVP_PKEY_type`, I've intentionally left that out for now. We still want to discourage people from using this form, we just need to understand how to parse certificates that have it. Relevant historic commits: * Removed support for `NID_rsa`: aws@f6094e0 * Sigalgs mapping removed: aws@720ff53 * RSA stricter parsing introduced: aws@68772b3 (cherry picked from commit 4916fe8)
andrewhop
previously approved these changes
Oct 4, 2024
samuel40791765
previously approved these changes
Oct 4, 2024
andrewhop
approved these changes
Oct 7, 2024
samuel40791765
approved these changes
Oct 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Addresses #P157022381
Description of changes:
This is a cherry pick of 4916fe8 to the fips-2022-11-02 branch. The changes are outside the fipsmodule and were modified from the original commit to match the return values of
parse_key_type()inevp_asn1.cwithout changing the fipsmodule files.There exists a rarer OID of RSA public keys which comes from the ITU-T version of X.509 (links below).
Links:
https://www.itu.int/ITU-T/formal-language/itu-t/x/x509/2008/AlgorithmObjectIdentifiers.html
OpenSSL accepts the
sign_nidandpkey_nidfor this draft.NID_md5WithRSANID_sha1WithRSANID_rsaWe can parse both
sign_nids correctly. But we lack the logic to interpretNID_rsain a certificate or map the parsedsign_nids to any RSA implementation.OpenSSL maps the corresponding nids from the same draft, which means
NID_md5WithRSAandNID_sha1WithRSAaremapped to
NID_rsaand an additionalEVP_PKEY_RSA2is used to representNID_rsa. The additionalEVP_PKEYtype introduces additional complexities however and the underlying functionality inEVP_PKEY_RSA2isidentical to it's more common
EVP_PKEY_RSAcounterpart.We've been burned by multiple OpenSSL cert parsing differences in the past, so we should have logic to understand certs that have
NID_rsa. We don't want to duplicate all the function pointers forEVP_PKEY_RSA2however. Since the underlying RSA functions pointers are the same, I think it should be OK for us toNID_md5WithRSAandNID_sha1WithRSAto our RSA implementation (NID_rsa_encryption).NID_rsatoEVP_PKEY_RSAwhen parsing certificates.Unfortunately, there's some stricter parsing in
rsa_pub_decodethat I've had to remove since it doesn't apply to both RFCs for RSA public keys. This is aligning with OpenSSL, which happens to ignore both of the early parameters specified in either.Although we have
EVP_PKEY_RSA2and we could map the logic for that toEVP_PKEY_RSAinEVP_PKEY_type, I've intentionally left that out for now. We still want to discourage people from using this form, we just need to understand how to parse certificates that have it.Relevant historic commits:
NID_rsa: f6094e0(cherry picked from commit 4916fe8)
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.