Backport #87 (Fix TestEncryptOAEP and TLS failures in FIPS mode) (#88)

dbenoit17 · web-flow · commit 2c319912424a · 2023-05-23T09:28:24.000-04:00
diff --git a/patches/000-initial-setup.patch b/patches/000-initial-setup.patch
@@ -820,7 +820,7 @@ index 51f9760187..eceb31aa71 100644
  		t.Fatal(err)
  	}
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index 766d9a954f..7d24a08882 100644
+index 766d9a954f..ef84e75b04 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
 @@ -16,6 +16,7 @@ import (
@@ -875,8 +875,8 @@ index 766d9a954f..7d24a08882 100644
  	n := new(big.Int)
  	for i, test := range testEncryptOAEPData {
  		n.SetString(test.modulus, 16)
-+		if boring.Enabled && !boringtest.Supports(t, "RSA1024") && n.BitLen() < 2048 {
-+			t.Logf("skipping encryption tests with BoringCrypto: too short key: %d", n.BitLen())
++		if boring.Enabled {
++			t.Log("skipping test in FIPS mode due to short keys and unpadded RSA operations not allowed with FIPS")
 +			continue
 +		}
  		public := PublicKey{N: n, E: test.e}
@@ -947,7 +947,7 @@ index 1827f76458..140b1a3dd8 100644
  
  // default defaultFIPSCurvePreferences is the FIPS-allowed curves,
 diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
-index ba68f355eb..8ddd2526c7 100644
+index ba68f355eb..7bfe3f9417 100644
 --- a/src/crypto/tls/boring_test.go
 +++ b/src/crypto/tls/boring_test.go
 @@ -9,6 +9,8 @@ package tls
@@ -999,7 +999,23 @@ index ba68f355eb..8ddd2526c7 100644
  		return true
  	}
  	return false
-@@ -315,15 +325,31 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -226,7 +236,14 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
+ 			// 1.3, and the ECDSA ones bind to the curve used.
+ 			serverConfig.MaxVersion = VersionTLS12
+ 
+-			clientErr, serverErr := boringHandshake(t, testConfig, serverConfig)
++			clientConfig := testConfig.Clone()
++
++			if boring.Enabled {
++				serverConfig.Rand = boring.RandReader
++				clientConfig.Rand = boring.RandReader
++			}
++
++			clientErr, serverErr := boringHandshake(t, clientConfig, serverConfig)
+ 			if clientErr != nil {
+ 				t.Fatalf("expected handshake with %#x to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
+ 			}
+@@ -315,15 +332,31 @@ func TestBoringCertAlgs(t *testing.T) {
  	R2 := boringCert(t, "R2", boringRSAKey(t, 512), nil, boringCertCA)
  
  	M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK)
@@ -1034,19 +1050,36 @@ index ba68f355eb..8ddd2526c7 100644
  
  	// client verifying server cert
  	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
-@@ -362,6 +388,11 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -336,6 +369,11 @@ func TestBoringCertAlgs(t *testing.T) {
+ 		serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
+ 		serverConfig.BuildNameToCertificate()
+ 
++		if boring.Enabled {
++			serverConfig.Rand = boring.RandReader
++			clientConfig.Rand = boring.RandReader
++		}
++
+ 		clientErr, _ := boringHandshake(t, clientConfig, serverConfig)
+ 
+ 		if (clientErr == nil) == ok {
+@@ -362,6 +400,16 @@ func TestBoringCertAlgs(t *testing.T) {
  		serverConfig := testConfig.Clone()
  		serverConfig.ClientCAs = pool
  		serverConfig.ClientAuth = RequireAndVerifyClientCert
 +		if boring.Enabled {
 +			serverConfig.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
 +			serverConfig.Certificates[0].PrivateKey = testRSA2048PrivateKey
 +			serverConfig.BuildNameToCertificate()
++		}
++
++		if boring.Enabled {
++			serverConfig.Rand = boring.RandReader
++			clientConfig.Rand = boring.RandReader
 +		}
  
  		_, serverErr := boringHandshake(t, clientConfig, serverConfig)
  
-@@ -384,8 +415,8 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -384,8 +432,8 @@ func TestBoringCertAlgs(t *testing.T) {
  	// exhaustive test with computed answers.
  	r1pool := x509.NewCertPool()
  	r1pool.AddCert(R1.cert)
@@ -1057,7 +1090,7 @@ index ba68f355eb..8ddd2526c7 100644
  	fipstls.Force()
  	testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
  	testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
-@@ -406,7 +437,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -406,7 +454,7 @@ func TestBoringCertAlgs(t *testing.T) {
  			leaf = L2_I
  		}
  		for i := 0; i < 64; i++ {
@@ -1066,7 +1099,7 @@ index ba68f355eb..8ddd2526c7 100644
  			reachableFIPS := map[string]bool{leaf.parentOrg: leaf.fipsOK}
  			list := [][]byte{leaf.der}
  			listName := leaf.name
-@@ -414,7 +445,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -414,7 +462,7 @@ func TestBoringCertAlgs(t *testing.T) {
  				if cond != 0 {
  					list = append(list, c.der)
  					listName += "," + c.name
@@ -1075,7 +1108,7 @@ index ba68f355eb..8ddd2526c7 100644
  						reachable[c.parentOrg] = true
  					}
  					if reachableFIPS[c.org] && c.fipsOK {
-@@ -438,7 +469,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -438,7 +486,7 @@ func TestBoringCertAlgs(t *testing.T) {
  					if cond != 0 {
  						rootName += "," + c.name
  						pool.AddCert(c.cert)
@@ -1084,23 +1117,23 @@ index ba68f355eb..8ddd2526c7 100644
  							shouldVerify = true
  						}
  						if reachableFIPS[c.org] && c.fipsOK {
-@@ -464,6 +495,7 @@ const (
+@@ -464,6 +512,7 @@ const (
  	boringCertCA = iota
  	boringCertLeaf
  	boringCertFIPSOK = 0x80
 +	boringCertNotBoring = 0x100
  )
  
  func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey {
-@@ -490,6 +522,7 @@ type boringCertificate struct {
+@@ -490,6 +539,7 @@ type boringCertificate struct {
  	cert      *x509.Certificate
  	key       interface{}
  	fipsOK    bool
 +	notBoring bool
  }
  
  func boringCert(t *testing.T, name string, key interface{}, parent *boringCertificate, mode int) *boringCertificate {
-@@ -511,7 +544,7 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif
+@@ -511,7 +561,7 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif
  		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
  		BasicConstraintsValid: true,
  	}
@@ -1109,7 +1142,7 @@ index ba68f355eb..8ddd2526c7 100644
  		tmpl.DNSNames = []string{"example.com"}
  	} else {
  		tmpl.IsCA = true
-@@ -548,7 +581,8 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif
+@@ -548,7 +598,8 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif
  	}
  
  	fipsOK := mode&boringCertFIPSOK != 0
@@ -1173,10 +1206,10 @@ index 898d2e9af6..553dc02446 100644
  		} else {
  			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)
 diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
-index 749c9fc954..2e37a1867c 100644
+index 22be38faff..d460eeb880 100644
 --- a/src/crypto/tls/handshake_client_test.go
 +++ b/src/crypto/tls/handshake_client_test.go
-@@ -2135,6 +2135,7 @@ func testBuffering(t *testing.T, version uint16) {
+@@ -2156,6 +2156,7 @@ func testBuffering(t *testing.T, version uint16) {
  }
  
  func TestAlertFlushing(t *testing.T) {
@@ -1185,7 +1218,7 @@ index 749c9fc954..2e37a1867c 100644
  	done := make(chan bool)
  
 diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
-index 0f2dee42de..b7a087eea9 100644
+index f32d71c191..8dd1e30192 100644
 --- a/src/crypto/tls/handshake_client_tls13.go
 +++ b/src/crypto/tls/handshake_client_tls13.go
 @@ -41,10 +41,6 @@ type clientHandshakeStateTLS13 struct {
diff --git a/patches/001-initial-openssl-for-fips.patch b/patches/001-initial-openssl-for-fips.patch
@@ -1401,7 +1401,7 @@ index c941124fb2..7ea291c6f4 100644
  		if err != nil {
  			return nil, err
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index 7d24a08882..fa3f094330 100644
+index ef84e75b04..49e08d5698 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
 @@ -15,7 +15,7 @@ import (
@@ -1453,9 +1453,9 @@ index 7d24a08882..fa3f094330 100644
  	n := new(big.Int)
  	for i, test := range testEncryptOAEPData {
  		n.SetString(test.modulus, 16)
--		if boring.Enabled && !boringtest.Supports(t, "RSA1024") && n.BitLen() < 2048 {
-+		if boring.Enabled() && !boringtest.Supports(t, "RSA1024") && n.BitLen() < 2048 {
- 			t.Logf("skipping encryption tests with BoringCrypto: too short key: %d", n.BitLen())
+-		if boring.Enabled {
++		if boring.Enabled() {
+ 			t.Log("skipping test in FIPS mode due to short keys and unpadded RSA operations not allowed with FIPS")
  			continue
  		}
 @@ -292,7 +292,7 @@ func TestDecryptOAEP(t *testing.T) {
@@ -1735,7 +1735,7 @@ index 140b1a3dd8..fe6fa96d28 100644
         }
  }
 diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
-index 8ddd2526c7..5b041ef1d3 100644
+index 7bfe3f9417..49702f59ba 100644
 --- a/src/crypto/tls/boring_test.go
 +++ b/src/crypto/tls/boring_test.go
 @@ -2,14 +2,14 @@
@@ -1764,7 +1764,25 @@ index 8ddd2526c7..5b041ef1d3 100644
  		test("VersionTLS13", VersionTLS13, "client offered only unsupported versions")
  	} else {
  		test("VersionTLS13", VersionTLS13, "")
-@@ -388,7 +388,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -238,7 +238,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
+ 
+ 			clientConfig := testConfig.Clone()
+ 
+-			if boring.Enabled {
++			if boring.Enabled() {
+ 				serverConfig.Rand = boring.RandReader
+ 				clientConfig.Rand = boring.RandReader
+ 			}
+@@ -369,7 +369,7 @@ func TestBoringCertAlgs(t *testing.T) {
+ 		serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
+ 		serverConfig.BuildNameToCertificate()
+ 
+-		if boring.Enabled {
++		if boring.Enabled() {
+ 			serverConfig.Rand = boring.RandReader
+ 			clientConfig.Rand = boring.RandReader
+ 		}
+@@ -400,13 +400,13 @@ func TestBoringCertAlgs(t *testing.T) {
  		serverConfig := testConfig.Clone()
  		serverConfig.ClientCAs = pool
  		serverConfig.ClientAuth = RequireAndVerifyClientCert
@@ -1773,7 +1791,14 @@ index 8ddd2526c7..5b041ef1d3 100644
  			serverConfig.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
  			serverConfig.Certificates[0].PrivateKey = testRSA2048PrivateKey
  			serverConfig.BuildNameToCertificate()
-@@ -415,8 +415,8 @@ func TestBoringCertAlgs(t *testing.T) {
+ 		}
+ 
+-		if boring.Enabled {
++		if boring.Enabled() {
+ 			serverConfig.Rand = boring.RandReader
+ 			clientConfig.Rand = boring.RandReader
+ 		}
+@@ -432,8 +432,8 @@ func TestBoringCertAlgs(t *testing.T) {
  	// exhaustive test with computed answers.
  	r1pool := x509.NewCertPool()
  	r1pool.AddCert(R1.cert)
@@ -1784,7 +1809,7 @@ index 8ddd2526c7..5b041ef1d3 100644
  	fipstls.Force()
  	testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
  	testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
-@@ -437,7 +437,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -454,7 +454,7 @@ func TestBoringCertAlgs(t *testing.T) {
  			leaf = L2_I
  		}
  		for i := 0; i < 64; i++ {
@@ -1793,7 +1818,7 @@ index 8ddd2526c7..5b041ef1d3 100644
  			reachableFIPS := map[string]bool{leaf.parentOrg: leaf.fipsOK}
  			list := [][]byte{leaf.der}
  			listName := leaf.name
-@@ -445,7 +445,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -462,7 +462,7 @@ func TestBoringCertAlgs(t *testing.T) {
  				if cond != 0 {
  					list = append(list, c.der)
  					listName += "," + c.name
@@ -1802,7 +1827,7 @@ index 8ddd2526c7..5b041ef1d3 100644
  						reachable[c.parentOrg] = true
  					}
  					if reachableFIPS[c.org] && c.fipsOK {
-@@ -469,7 +469,7 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -486,7 +486,7 @@ func TestBoringCertAlgs(t *testing.T) {
  					if cond != 0 {
  						rootName += "," + c.name
  						pool.AddCert(c.cert)
