Refactor MD5 implementations and switch to EVP for OpenSSL
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-06T07:34:34Z
Lists: pgsql-hackers
Attachments
- 0001-Add-APIs-to-control-EVP-contexts-for-resource-owners.patch (text/x-diff) patch 0001
- 0002-Refactor-MD5-implementations-in-the-tree.patch (text/x-diff) patch 0002
- 0003-Add-new-implementation.patch (text/x-diff) patch 0003
Hi all, Please find attached a patch set to sanitize the use of MD5 we have in the core tree. As of now, there are two duplicated implementations of MD5, one in contrib/pgcrypto/ used as a fallback when not compiling with OpenSSL, and one in src/common/ used by the backend when compiling with *or* without OpenSSL. This is bad on several aspects: - There is no need to have the same implementation twice, obviously. - When compiling with OpenSSL, we use an incorrect implementation, causing Postgres to cheat if FIPS is enabled because MD5 should not be authorized. Making use of what OpenSSL provides with EVP allows us to rely on OpenSSL to control such restrictions. So we authorize MD5 authentications while these should be blocked, making Postgres not completely compliant with STIG and its kind. The attached patch set does a bit of rework to make the Postgres code more consistent with OpenSSL, similarly to the work I did for all the SHA2 implementations with EVP in [1]: - 0001 is something stolen from the SHA2 set, adding to resowner.c control of EVP contexts, so as it is possible to clean up anything allocated by OpenSSL. - 0002 is the central piece, that moves the duplicated implementation. src/common/ and pgcrypto/ use the same code, but I have reused pgcrypto as it was already doing the init/update/final split similarly to PostgreSQL. New APIs are designed to control MD5 contexts, similarly to the work done for SHA2. Upon using this patch, note that pgcrypto+OpenSSL uses our in-core implementation instead of OpenSSL's one, but that's fixed in 0003. We have a set of three convenience routines used to generate MD5-hashed passwords, that I have moved to a new file in src/common/md5_common.c, aimed at being shared between all the implementations. - 0003 adds the MD5 implementation based on OpenSSL's EVP, ending the work. This set of patches is independent on the SHA2 refactoring, even if it shares a part with the SHA2 refactoring in its design. Note that 0001 and 0002 don't depend on each other, but 0003 depends on both. Thanks, [1]: https://www.postgresql.org/message-id/20200924025314.GE7405@paquier.xyz -- Michael
Commits
-
Refactor MD5 implementations according to new cryptohash infrastructure
- b67b57a966af 14.0 landed
-
Remove md5.c check, add CVS log stamp. Update comments.
- 2ca65f716aee 7.2.1 cited
-
Add new files.
- 957613be18e6 7.2.1 cited