search

jeroen / openssl

OpenSSL bindings for R
Other
63 stars 19 forks source link

Allow passing a hash function to `as.list()` and `print()` for keys #95

Closed atheriel closed 2 years ago

atheriel commented 2 years ago

This aims to replace #93 with an approach that does not require any breaking changes.

Currently public keys cannot be generated or even printed on FIPS-compliant systems because these systems do not permit use of the MD5 algorithm:

> k <- openssl::rsa_keygen(2048)
> pub <- k$pubkey
Error: OpenSSL error in EVP_DigestInit_ex: disabled for fips
# Using another approach:
> pub <- as.list(k)$pubkey
Error: OpenSSL error in EVP_DigestInit_ex: disabled for fips
# Not even printing will work, since it calls fingerprint(), too:
> print(k)
Error: OpenSSL error in EVP_DigestInit_ex: disabled for fips

This PR allows passing a new hashfun argument to the as.list() and print() methods for keys and public keys, which are in turn passed through to the underlying call to fingerprint(). This enables the following workarounds on FIPS systems:

> pub <- as.list(k, hashfun = openssl::sha256)$pubkey
> print(k, hashfun = openssl::sha256)
[2048-bit rsa private key]
sha256 20:c4:fc:84:44:5f:97:f4:2d:ef:15:db:b9:62:e6:e1:73:52:f9:c4:03:be:dd:f3:5c:5d:7f:8c:41:f9:ee:13

In order to preserve backwards compatibility, the hash function still defaults to MD5, but this could probably be changed in the future. Recent versions of OpenSSL's command-line tools, for example, have switched to SHA-256.

Some new unit tests have been added to test these features.

Side note: again, this originally surfaced in https://github.com/rstudio/rsconnect/issues/452.

jeroen commented 2 years ago

Adding API to test if FIPS is enabled: https://github.com/jeroen/openssl/commit/bcdf9dd2a70e1baf42cc1414e074426abb44b8c6

jeroen commented 2 years ago

This is how chrome shows fingerprints. SHA1 + SHA256...

Screen Shot 2022-03-01 at 8 57 43 PM

jeroen commented 2 years ago

Thank you for your patience. I changed my mind and merged your initial pull request. It seems impossible to make it work on a FIPS system without breaking compatibility.

As you noted, all other software has also stopped using md5 signatures. I just hope it won't break too many R packages that were identifying a key using it's md5 fingerprint.

atheriel commented 2 years ago

Great, thanks for your careful consideration!