Remove SHA1 for certs in prep for Go 1.18 (#16455)

Remove SHA1 for certs in prep for Go 1.18

* Remove certs with SHA1 from tests
* Use default SHA-256 with PKCS7 in AWS
* Update SHA1 deprecation note

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

builtin/credential/aws/pkcs7/encrypt_test.go

@@ -15,7 +15,6 @@ func TestEncrypt(t *testing.T) {
 		EncryptionAlgorithmAES256GCM,
 	}
 	sigalgs := []x509.SignatureAlgorithm{
-		x509.SHA1WithRSA,
 		x509.SHA256WithRSA,
 		x509.SHA512WithRSA,
 	}

builtin/credential/aws/pkcs7/pkcs7_test.go

@@ -125,16 +125,6 @@ func createTestCertificateByIssuer(name string, issuer *certKeyPair, sigAlg x509
 		issuerKey = *issuer.PrivateKey
 	}
 	switch sigAlg {
-	case x509.SHA1WithRSA:
-		priv = test1024Key
-		switch issuerKey.(type) {
-		case *rsa.PrivateKey:
-			template.SignatureAlgorithm = x509.SHA1WithRSA
-		case *ecdsa.PrivateKey:
-			template.SignatureAlgorithm = x509.ECDSAWithSHA1
-		case *dsa.PrivateKey:
-			template.SignatureAlgorithm = x509.DSAWithSHA1
-		}
 	case x509.SHA256WithRSA:
 		priv = test2048Key
 		switch issuerKey.(type) {
@@ -165,19 +155,6 @@ func createTestCertificateByIssuer(name string, issuer *certKeyPair, sigAlg x509
 		case *dsa.PrivateKey:
 			template.SignatureAlgorithm = x509.DSAWithSHA256
 		}
-	case x509.ECDSAWithSHA1:
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		switch issuerKey.(type) {
-		case *rsa.PrivateKey:
-			template.SignatureAlgorithm = x509.SHA1WithRSA
-		case *ecdsa.PrivateKey:
-			template.SignatureAlgorithm = x509.ECDSAWithSHA1
-		case *dsa.PrivateKey:
-			template.SignatureAlgorithm = x509.DSAWithSHA1
-		}
 	case x509.ECDSAWithSHA256:
 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
@@ -217,26 +194,6 @@ func createTestCertificateByIssuer(name string, issuer *certKeyPair, sigAlg x509
 		case *dsa.PrivateKey:
 			template.SignatureAlgorithm = x509.DSAWithSHA256
 		}
-	case x509.DSAWithSHA1:
-		var dsaPriv dsa.PrivateKey
-		params := &dsaPriv.Parameters
-		err = dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160)
-		if err != nil {
-			return nil, err
-		}
-		err = dsa.GenerateKey(&dsaPriv, rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		switch issuerKey.(type) {
-		case *rsa.PrivateKey:
-			template.SignatureAlgorithm = x509.SHA1WithRSA
-		case *ecdsa.PrivateKey:
-			template.SignatureAlgorithm = x509.ECDSAWithSHA1
-		case *dsa.PrivateKey:
-			template.SignatureAlgorithm = x509.DSAWithSHA1
-		}
-		priv = &dsaPriv
 	}
 	if isCA {
 		template.IsCA = true

builtin/credential/aws/pkcs7/sign.go

@@ -24,7 +24,7 @@ type SignedData struct {
 }
 
 // NewSignedData takes data and initializes a PKCS7 SignedData struct that is
-// ready to be signed via AddSigner. The digest algorithm is set to SHA1 by default
+// ready to be signed via AddSigner. The digest algorithm is set to SHA-256 by default
 // and can be changed by calling SetDigestAlgorithm.
 func NewSignedData(data []byte) (*SignedData, error) {
 	content, err := asn1.Marshal(data)
@@ -39,7 +39,7 @@ func NewSignedData(data []byte) (*SignedData, error) {
 		ContentInfo: ci,
 		Version:     1,
 	}
-	return &SignedData{sd: sd, data: data, digestOid: OIDDigestAlgorithmSHA1}, nil
+	return &SignedData{sd: sd, data: data, digestOid: OIDDigestAlgorithmSHA256}, nil
 }
 
 // SignerInfoConfig are optional values to include when adding a signer

builtin/credential/aws/pkcs7/sign_test.go

@@ -18,10 +18,8 @@ import (
 func TestSign(t *testing.T) {
 	content := []byte("Hello World")
 	sigalgs := []x509.SignatureAlgorithm{
-		x509.SHA1WithRSA,
 		x509.SHA256WithRSA,
 		x509.SHA512WithRSA,
-		x509.ECDSAWithSHA1,
 		x509.ECDSAWithSHA256,
 		x509.ECDSAWithSHA384,
 		x509.ECDSAWithSHA512,
@@ -99,7 +97,7 @@ func TestDSASignAndVerifyWithOpenSSL(t *testing.T) {
 	}
 	ioutil.WriteFile(tmpContentFile.Name(), content, 0o755)
 
-	block, _ := pem.Decode([]byte(dsaPublicCert))
+	block, _ := pem.Decode(dsaPublicCert)
 	if block == nil {
 		t.Fatal("failed to parse certificate PEM")
 	}
@@ -129,6 +127,8 @@ func TestDSASignAndVerifyWithOpenSSL(t *testing.T) {
 	if err != nil {
 		t.Fatalf("test case: cannot initialize signed data: %s", err)
 	}
+	// openssl DSA only supports SHA1 for our 1024-bit DSA key, since that is all the standard officially supports
+	toBeSigned.digestOid = OIDDigestAlgorithmSHA1
 	if err := toBeSigned.SignWithoutAttr(signerCert, &priv, SignerInfoConfig{}); err != nil {
 		t.Fatalf("Cannot add signer: %s", err)
 	}
@@ -151,6 +151,7 @@ func TestDSASignAndVerifyWithOpenSSL(t *testing.T) {
 		"-content", tmpContentFile.Name())
 	out, err := opensslCMD.CombinedOutput()
 	if err != nil {
+		t.Errorf("Command: %s", opensslCMD.Args)
 		t.Fatalf("test case: openssl command failed with %s: %s", err, out)
 	}
 	os.Remove(tmpSignatureFile.Name())  // clean up
@@ -224,7 +225,7 @@ func TestUnmarshalSignedAttribute(t *testing.T) {
 }
 
 func TestDegenerateCertificate(t *testing.T) {
-	cert, err := createTestCertificate(x509.SHA1WithRSA)
+	cert, err := createTestCertificate(x509.SHA256WithRSA)
 	if err != nil {
 		t.Fatal(err)
 	}

changelog/16455.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+auth/aws: PKCS7 signatures will now use SHA256 by default in prep for Go 1.18
+```

website/content/partials/x509-sha1-deprecation.mdx

@@ -1,5 +1,5 @@
 ~> **Note**: This engine can use external X.509 certificates as part of TLS or signature validation.
-   Verifying signatures against X.509 certificates that use SHA-1 is deprecated and will no longer be
+   Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer
    usable without a workaround starting in Vault 1.12. See the
    [deprecation FAQ](/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
    for more information.