Re: OpenSSL 3.0.0 compatibility

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Michael Paquier <michael@paquier.xyz>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-03-11T10:03:21Z
Lists: pgsql-hackers
On 10.03.21 09:23, Daniel Gustafsson wrote:
>> On 3 Mar 2021, at 14:55, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>>
>> This thread is still in the commit fest, but I don't see any actual proposed patch still pending.  Most of the activity has moved into other threads.
> 
> The doc changes in the patch proposed on 29/9 still stands, although I see that
> it had an off by one in mentioning MD5 when it should be MD4 et.al; so
> something more like the below.
> 
> diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
> index b6bb23de0f..d45464c7ea 100644
> --- a/doc/src/sgml/pgcrypto.sgml
> +++ b/doc/src/sgml/pgcrypto.sgml
> @@ -1234,6 +1234,12 @@ gen_random_uuid() returns uuid
>       </tgroup>
>      </table>
> 
> +   <para>
> +    When compiled against <productname>OpenSSL</productname> 3.0.0, the legacy
> +    provider must be activated in the system <filename>openssl.cnf</filename>
> +    configuration file in order to use older ciphers like DES and Blowfish.
> +   </para>
> +
>      <para>

I tested the current master with openssl-3.0.0-alpha12.

Everything builds cleanly.

The ssl tests fail with a small error message difference that must have 
been introduced recently, because I think this was never reported before:

--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -449,7 +449,7 @@
  test_connect_fails(
     $common_connstr,
     "user=ssltestuser sslcert=ssl/client.crt 
sslkey=ssl/client-encrypted-pem_tmp.key sslpassword='wrong'",
-   qr!\Qprivate key file "ssl/client-encrypted-pem_tmp.key": bad 
decrypt\E!,
+   qr!\Qprivate key file "ssl/client-encrypted-pem_tmp.key":\E (bad 
decrypt|PEM lib)!,
     "certificate authorization fails with correct client cert and wrong 
password in encrypted PEM format"
  );

The pgcrypto tests fail all over the place.  Some of these failures are 
quite likely because of the disabled legacy provider, but some appear to 
be due to bad error handling.

Then I tried enabling the legacy provider in openssl.cnf.  This caused 
pg_strong_random() to fail, which causes initdb to fail, like this:

PANIC:  could not generate secret authorization token

I tried patching around in pg_strong_random.c to use the /dev/urandom 
variant as a workaround, but apparently that doesn't work.  You get all 
kinds of scary make check failures from md5 and sha256 calls.

So, we knew pgcrypto was in trouble with openssl 3.0.0, but can someone 
else get its tests to pass with some kind of openssl.cnf configuration?



Commits

  1. Define OPENSSL_API_COMPAT

  2. Add alternative output for OpenSSL 3 without legacy loaded

  3. Disable OpenSSL EVP digest padding in pgcrypto

  4. pgcrypto: Check for error return of px_cipher_decrypt()

  5. OpenSSL 3.0.0 compatibility in tests

  6. Make ssl certificate for ssl_passphrase_callback test via Makefile

  7. Provide a TLS init hook