RSA verification fails for some of the test cases when boring crypto is enabled instead of native go crytpo

[Nagarjuna-jantali]

Go version

Go 1.21.6 + BoringSSL version fips-20220613

Output of go env in your module/workspace:

refix-map=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native= "
export CGO_CPPFLAGS=""
export CGO_CXXFLAGS=" -O2 -pipe -g -feliminate-unused-debug-types                      -fdebug-prefix-map=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot=                      -fdebug-prefix-map=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native=  -fvisibility-inlines-hidden"
export CGO_ENABLED="1"
export CGO_LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -no-pie"
export CPP="x86_64-ion-linux-gcc -E --sysroot=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot  -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2"
export CPPFLAGS=""
export CXX="x86_64-ion-linux-g++  -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2 --sysroot=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot"
export CXXFLAGS=" -O2 -pipe -g -feliminate-unused-debug-types                      -fdebug-prefix-map=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot=                      -fdebug-prefix-map=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native=  -fvisibility-inlines-hidden"
export CXX_FOR_TARGET="g++"
unset DISTRO
export FC="x86_64-ion-linux-gfortran  -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2 --sysroot=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot"
export GO386=""
export GOARCH="amd64"
export GOARM=""
export GOBUILDFLAGS="-gcflags=-trimpath=\$GOPATH -asmflags=-trimpath=\$GOPATH -trimpath"
export GOCACHE="/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/go/.cache"
export GODEBUG="gocachehash=1"
export GOEXPERIMENT="boringcrypto"
export GOHOSTARCH="amd64"
export GOHOSTOS="linux"
export GOMIPS=""
export GOOS="linux"
export GOROOT_BOOTSTRAP="/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native/usr/lib/go"
export GOROOT_FINAL="/usr/lib/go"
export GOROOT_OVERRIDE="1"
export GOTMPDIR="/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/build-tmp"
export GO_LDFLAGS=""
export GO_LDSO="/lib/ld-linux-x86-64.so.2"
export HOME="/home/pokyuser"
export LC_ALL="en_US.UTF-8"
export LD="x86_64-ion-linux-ld --sysroot=/WS/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot  "
export LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed"
export LOGNAME="pokyuser"
unset MACHINE
export MAKE="make"
export NM="x86_64-ion-linux-nm"
export OBJCOPY="x86_64-ion-linux-objcopy"
export OBJDUMP="x86_64-ion-linux-objdump"

What did you do?

While running RSA verification tests for FIPS 140-3 with below input values. "sigType": "pkcs1v1.5", "modulo": 2048, "hashAlg": "SHA2-224", "n": "C8F1D25515E42A51D5B8FE6617F6B80A937517F399C9B281140C7C47F9F8D8AF2306196023487F9BACE8B066ECB608B6FFDC5978345979DEBFE498C8C5102C89E35449CDFBAF1926E737241C539B126C35917035E718CC6AF8B79628C63BE0170EB9BB614E14D5343EFC38A5A9806698D6B0C5D5DE947B913A9D2A9EB23DD5470195F3B3E06AB90F098458EA49541579181119D6D4FF6C1AD3CF37CE2E9A1E5D387EFE238B0362E6CED726D9F28B369235458F31D2E87D792704D6EE54F4EAFA469EB85DE185C8EB32167CD4C058F81951E9AC96F0802C63BC447D789BA911C5B31B4FDF138C80EAD4AAE5A0EE3E755ABA888E4C93DE8C94261D4943BB26B58F", "e": "027ED3295D", "testType": "GDT", "message": "66EBD10FD2B48F84684D498E13FAB3201ACFE10D4D230BBDBD28D3B7263F2C4F1E4C297A69FDD0DD7750BCA3FDB1C840478502F6F365E290663B0CA29106D524F04740DC3BFAA51DC6D47230B371F9CACA65BEFC631D965F2964750F1A96B1E9807014F67C93A50582661389C50CF4DB4B273843F05694053DBD6FE1FF2783DA", "signature": "92A802D35DF74567319E29BAF2A4F73D5794E10FBB8486AEF472AB3E19706572ED812B8E2C931B23E61EDBA9B8522D0C794D68391BF46A3D375A88C0E0116F91143481D624A9C6B5F353DCC0F7AEA7DC12ABCEB95470623BC06E03260ED4F4882F6DDC1EB221802B76880B82DE734711DDC4D19A997B25FFFA320C98258F73DDB5DDC04D28DEECA7C50D8B99DBD85A6BCB3BFAA7B710B2E78FCFD6D3939888F13C8A2F7F2E153C9F93F2B52003EBE78DE06903683FF054076F717920412B5415FDA19386B12DA7A63DDC8383E37188A74524F03910E0141C12E69485A777DFDC0DD73F624A360FD36BDD79D86B7F2C8822CB6B9BC8E30C5A1E1222418A1810A2" },

What did you see happen?

This verification is failing

What did you expect to see?

The verification should pass

[gabyhelp]

Related Issues and Documentation

• boringcrypto: require `CGO_ENABLED=1` when `GOEXPERIMENT=boringcrypto` #68588
• boringcrypto: Not using FIPS compliant calls for SHA functions (also should we add md5? for easy proof of FIPS mode on) #66513 (closed)
• x/crypto/wycheproof: TestHkdf cgo errors with boringcrypto #54557 (closed)
• x/crypto/openpgp/clearsign: TestMultiSign go test fails on armhf system #39831
• x/crypto/internal/wycheproof: TestRsaPss failing on linux-amd64-boringcrypto builder #52670 (closed)
• crypto/x509 does not read RSA-PSS private key files #50532 (closed)
• crypto/ecdsa: ecdsa.Sign() has become indeterministic in go 1.21.6 #66129 (closed)
• crypto/x509: Incorrect RSA key size limitations in BoringCrypto/FIPS 140-2 mode #53755 (closed)
• x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888 (closed)
• crypto/rsa: mismatched keys no longer error #61077

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[seankhliao]

please include a runnable reproducer

[seankhliao]

I believe this is an invalid key size (256).

Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.

For questions please refer to https://github.com/golang/go/wiki/Questions