Re: OpenSSL 3.0.0 compatibility
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Cc: Michael Paquier <michael@paquier.xyz>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-03-11T10:41:22Z
Lists: pgsql-hackers
> On 11 Mar 2021, at 11:03, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:
> The ssl tests fail with a small error message difference that must have been introduced recently, because I think this was never reported before:
This was mentioned by Michael on 26/11, it was earlier in the 3.0.0 cycle
reported as "nested asn.1 error". Waiting for 3.0.0 to go beta or GA before
changing saves us from having to change again should they update, but tests
will fail for anyone testing out new OpenSSL versions.
> The pgcrypto tests fail all over the place. Some of these failures are quite likely because of the disabled legacy provider, but some appear to be due to bad error handling.
The below ones are likely due to the provider not being loaded, but as you say
they are probably cases of poor error handling as they fail in various places
while probably being due to the same root cause:
+ERROR: encrypt error: Key was too big
+ERROR: encrypt error: Cipher cannot be initialized ?
+ERROR: Wrong key or corrupt data
Then there are a few where we get padding back where we really should have
ended up with the "Cipher cannot be initialized" error since DES is in the
legacy provider:
select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des');
- decrypt_iv
-------------
- foo
+ decrypt_iv
+----------------------------------
+ \177\177\177\177\177\177\177\177
(1 row)
> Then I tried enabling the legacy provider in openssl.cnf. This caused pg_strong_random() to fail, which causes initdb to fail, like this:
Huh? Enabling the legacy provider shouldn't affect the CRNG. I see no such
failure, and haven't in any alpha version tested. How did you change the
openssl config? If one can break pg_strong_random with a config change then we
need defensive coding to cope with that.
> So, we knew pgcrypto was in trouble with openssl 3.0.0, but can someone else get its tests to pass with some kind of openssl.cnf configuration?
If I enable the legacy provider in openssl.cnf like this:
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
.. and apply the padding changes as proposed in a patch upthread like this (these
work for all OpenSSL versions I've tested, and I'm rather more puzzled as to
why we got away with not having them in the past):
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index ed8e74a2b9..e236b0d79c 100644
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -379,6 +379,8 @@ gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
{
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
@@ -403,6 +405,8 @@ gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
{
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
.. then all the pgcrypto tests pass for me as well as "make check", with a single
SSL test failing on the above mentioned PEM lib error message.
Did you build OpenSSL with anything non-standard?
--
Daniel Gustafsson https://vmware.com/
Commits
-
Define OPENSSL_API_COMPAT
- 96f96398d398 11.21 landed
- 265c9138da58 12.16 landed
- 8aa9a26236aa 13.12 landed
- 4d3db13621be 14.0 landed
-
Add alternative output for OpenSSL 3 without legacy loaded
- eb643536b9f1 10.19 landed
- 8e7199453bf9 13.5 landed
- 7b6ce36fbab5 12.9 landed
- 6d0001aabf2a 14.0 landed
- 19e91a40bf26 11.14 landed
- 72bbff4cd6ea 15.0 landed
-
Disable OpenSSL EVP digest padding in pgcrypto
- e802b594e794 10.19 landed
- 4fa2b15e1c9c 14.0 landed
- 135d8687adf1 13.5 landed
- 11901cd9628b 11.14 landed
- 00c72da4a22d 12.9 landed
- 318df8023559 15.0 landed
-
pgcrypto: Check for error return of px_cipher_decrypt()
- a69e1506f618 13.5 landed
- 90cfd269f226 12.9 landed
- 841075a65cdc 10.19 landed
- 0f28d267c7e0 11.14 landed
- 22e1943f13b6 14.0 landed
-
OpenSSL 3.0.0 compatibility in tests
- f0d2c65f17ca 13.0 landed
-
Make ssl certificate for ssl_passphrase_callback test via Makefile
- b846091fd0a7 13.0 landed
-
Provide a TLS init hook
- 896fcdb230e7 13.0 cited