DEVHIDE
Login Or Sign up

Modify go standard library crypto/tls via vendoring

436 Views Asked by At

For my crypto research I want to create a scriptable go TLS client using a modified version of the go TLS standard library (crypto/tls and crypto/rsa). The crypto/rsa library needs to be modified in a way to allow Bleichenbacher's attack on RSA. Since this modified TLS client will be used on several machines (and for the obvious drawbacks of modifying a vital core library globally) I want these changes to be bundled alongside my project.

I have started by downloading the crypto folder from GitHub and putting it in the vendor folder of my go project. The structure looks like this:

tls-client/
--vendor/
----crypto/
------aes
------cipher
------des
------...
------x509
--scriptable-client.go

Inside of scriptable-client.go, I try to use the modified TLS implementation like this:

package main

import (
    "crypto/tls"
    "log"
)

func main() {
    config := tls.Config{InsecureSkipVerify: true, CipherSuites: []uint16{tls.TLS_RSA_WITH_AES_256_CBC_SHA}}
    conn, err := tls.Dial("tcp", "127.0.0.1:443", &config)
    if err != nil {
        log.Fatalf("Connecting failed: %s", err)
    }
    defer conn.Close()
    log.Println("Connected to: ", conn.RemoteAddr())
}

However, even though I have made changes to the RSA implementation, the script still appears to load the global version of the crypto package.

When trying to use RSA encryption directly, I get error messages indicating the global version (installed via ubuntu snap) is used:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x50e1e5]

goroutine 1 [running]:
crypto/rsa.checkPub(...)
    /snap/go/5830/src/crypto/rsa/rsa.go:75
crypto/rsa.EncryptPKCS1v15(0x0, 0x0, 0x0, 0xc0000b5c8f, 0x1, 0x1, 0x0, 0xc000010040, 0x1, 0x1, ...)
    /snap/go/5830/src/crypto/rsa/pkcs1v15.go:42 +0x55
main.main()
    /home/username/Workspace/tls-client/scriptable-client.go:23 +0x486
exit status 2

What am I doing wrong? Is vendoring even the right approach for overwriting a core system library like this?

go tls1.2 govendor
Original Q&A
1

There are 1 best solutions below

0
Bhupinder Singh Narang On

You can:

  1. Fork that repo and modify the way it works for you. This way, you can import it and use.

  2. Use a private modified package. For private repo, you need to edit your go.mod file and point to your repo

Related Questions in GO

Related Questions in TLS1.2

Related Questions in GOVENDOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.