Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use the openssl EVP API for SHA256 and AES256 instead of the deprecated lo… #4840

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

use the openssl EVP API for SHA256 and AES256 instead of the deprecated lo… #4840

wants to merge 4 commits into from
+76 −23

Conversation

frumioj
Copy link

@frumioj frumioj commented Nov 15, 2024

To help us review your pull request, please consider providing an overview of the following:

  • What is the type of the change (bug fix, feature, documentation and etc.) ?

This is sort of a bug-fix, but also improves security

  • What are the current behavior and expected behavior, if this is a bugfix ?

Current behaviour is that you use a #pragma to remove warnings about using deprecated openssl features. This fix implements non-deprecated usage of the EVP APIs of openssl.

  • What are the steps required to reproduce the bug, if this is a bugfix ?

Try building and testing with the new code. Behaviour should be unchanged (still using AES and SHA-1 for encryption and key stretching) but the build should work correctly while not using the #pragma.

  • What is the current behavior and new behavior, if this is a feature change or enhancement ?
  • [Optional] Why is the new behavior better than the current behavior, if this is a feature change ?

This new behaviour is better as it is more future-proof use of openssl, and is a more secure way to use the openssl APIs.

@frumioj frumioj mentioned this pull request Nov 15, 2024
Open
@riverszhang89
Copy link
Contributor

/runtests

roborivers
roborivers suggested changes Nov 22, 2024
View reviewed changes
Copy link

@roborivers roborivers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coding style check: Success ✓.
Smoke testing: Success ✓.
Cbuild submission: Success ✓.
Regression testing: 3/588 tests failed ⚠.

The first 10 failing tests are:
sc_inserts_logicalsc_generated [setup failure]
snap_ha_retry_newsi_generated
auth

riverszhang89
riverszhang89 reviewed Nov 22, 2024
View reviewed changes
berkdb/crypto/aes_method.c
@@ -144,7 +159,16 @@ __aes_encrypt(dbenv, aes_data, iv, data, data_len)
if ((ret = __db_generate_iv(dbenv, (uint32_t*)orig)) != 0)
return (ret);
memcpy(copy, orig, DB_IV_BYTES);
AES_cbc_encrypt(data, data, data_len, &aes->encrypt_key, copy, AES_ENCRYPT);

if (!EVP_EncryptInit_ex(aes->encrypt_ctx, NULL, NULL, NULL, copy))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you not need a key here?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for taking so long to go back and look at this @riverszhang89 - the key is set into the EVP_CIPHER_CTX in the __aes_derivekeys method called during the init. So passing NULL along with the aes->encrypt_ctx in the __aes_encrypt is telling EVP_EncryptInit to use the already defined key in the context. This looks correct. I hope to do better testing of this once I setup another comdb2 test environment.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've now tested the code in creating an encrypted DB and it works. I ran it through valgrind as well to ensure no (new) memory leaks. @riverszhang89

@frumioj frumioj marked this pull request as draft November 25, 2024 13:27
@frumioj frumioj marked this pull request as ready for review January 3, 2025 20:55
@frumioj frumioj requested a review from roborivers January 3, 2025 20:56
@frumioj frumioj marked this pull request as draft January 3, 2025 21:01
frumioj
frumioj commented Jan 8, 2025
View reviewed changes
berkdb/crypto/aes_method.c Outdated Show resolved Hide resolved
@frumioj frumioj marked this pull request as ready for review January 10, 2025 19:36
@frumioj frumioj requested a review from riverszhang89 January 10, 2025 19:36
@frumioj frumioj changed the title use the openssl EVP API for SHA1 and AES instead of the deprecated lo… use the openssl EVP API for SHA256 and AES256 instead of the deprecated lo… Jan 10, 2025
@frumioj
Copy link
Author

frumioj commented Jan 10, 2025

Noting that using SHA256 and AES256 will produce larger encrypted files than SHA1 + AES128, but if you wish, it is easy to switch back to AES128.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roborivers roborivers Awaiting requested review from roborivers

@riverszhang89 riverszhang89 Awaiting requested review from riverszhang89

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frumioj @riverszhang89 @roborivers