ci: add default provider to openssl-3.0-fips #5114
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lrstewart
force-pushed
the
openssl3fips_cli
branch
from
fc11c18 to
a411ae2
Compare
lrstewart
commented
Feb 13, 2025
Comment on lines
30
to
+31
| "kTLS us-west-2 no-batch" | ||
| "Openssl3fipsWIP us-west-2 no-batch" |
There was a problem hiding this comment.
I also noticed that I'd forgotten to turn the Openssl3fipsWIP job on 😅 It's on now so I have to add it to this list.
dougch
approved these changes
Feb 13, 2025
jouho
approved these changes
Feb 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Summary:
Resolved issues:
Related to getting #5112 to pass the CI
Description of changes:
I thought I could work around the limitations of the fips provider, but I was wrong. Unless we want to rewrite like every test and a bunch of the pre-protocol-selection logic.
Instead, just also require a provider that supports non-fips algorithms. Here we add the default provider to our openssl-3.0-fips build.
Call-outs:
The specific problem I couldn't otherwise work around was that EVP_PKEY_CTX_set_signature_md is required for RSA with PKCS1 padding. Otherwise, the padding on the signature calculated by EVP_PKEY_sign will be wrong. See https://docs.openssl.org/3.1/man3/EVP_PKEY_CTX_ctrl/#rsa-parameters:
I couldn't figure out any way to work around that problem, and I'm skeptical a way exists. PKCS1 padding needs to know the hash algorithm, and openssl-3.0-fips will refuse to accept some hash algorithms. As far as I can tell, the problem algorithms are MD5 (of course) and SHA1, but SHA1 is only rejected when signing? Verifying is fine?
We could someday try to remove the requirement for MD5 and SHA1, since they're not allowed by FIPS, but when I attempted that like ALL the tests failed. A lot of our code just assumes SHA1 is available.
Testing:
Locally, I could get the s2n_evp_signing_test to pass with this update + some additional code changes to use SHA1 from a provider other than FIPS.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.