Removes usages of SHA1 for non-cryptographic reasons
Radisovik opened this issue · comments
I'm not sure if this can be solved with the current approach. What about cases where protocols demand the usage of SHA-1 for non-cryptographic reasons, for example WebSockets:
https://www.rfc-editor.org/rfc/rfc6455#section-10.8
The WebSocket handshake described in this document doesn't depend on
any security properties of SHA-1, such as collision resistance or
resistance to the second pre-image attack (as described in
[[RFC4270](https://www.rfc-editor.org/rfc/rfc4270)]).
Does that then mean we have to roll a custom SHA-1 code that won't get caught by this patch?
SHA-1 should work for non-cryptographic reasons, we should be hard-blocking SHA-1 only in signature generation/verification.
hmm.. this call: (https://github.com/gorilla/websocket/blob/af47554f343b4675b30172ac301638d350db34a5/util.go#L20)
h := sha1.New()
Seems to take the boringssl branch and panic..
sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!
SIGABRT: abort
PC=0x7fb19ab34ce1 m=14 sigcode=18446744073709551610
signal...
This is when using golang-fips and FIPS mode is enabled in openssl.
@Radisovik This probably means you're using a (non-RHEL) OpenSSL that forbids use of the low-level APIs in FIPS mode. This should be resolved whenever golang-fips/openssl#27 gets merged into mainline, as that PR switches to using the (high-level) EVP APIs for hashing.