Andrew Geissler | 595f630 | 2022-01-24 19:11:47 +0000 | [diff] [blame] | 1 | From 1b238e343506b43825092941d4cd294d9b866bef Mon Sep 17 00:00:00 2001 |
| 2 | From: Vladislav Vaintroub <wlad@mariadb.com> |
| 3 | Date: Mon, 8 Nov 2021 18:48:19 +0100 |
| 4 | Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 |
| 5 | |
| 6 | Summary of changes |
| 7 | |
| 8 | - MD_CTX_SIZE is increased |
| 9 | |
| 10 | - EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points |
| 11 | to nobody knows where. The assumption made previously was that |
| 12 | (since the function does not seem to be documented) |
| 13 | was that it points to the last partial source block. |
| 14 | Add own partial block buffer for NOPAD encryption instead |
| 15 | |
| 16 | - SECLEVEL in CipherString in openssl.cnf |
| 17 | had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible |
| 18 | (according to https://github.com/openssl/openssl/blob/openssl-3.0.0/NEWS.md |
| 19 | even though the manual for SSL_CTX_get_security_level claims that it |
| 20 | should not be necessary) |
| 21 | |
| 22 | - Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, |
| 23 | in addition to what was set in --ssl-cipher |
| 24 | |
| 25 | - ctx_buf buffer now must be aligned to 16 bytes with openssl( |
| 26 | previously with WolfSSL only), ot crashes will happen |
| 27 | |
| 28 | - updated aes-t , to be better debuggable |
| 29 | using function, rather than a huge multiline macro |
| 30 | added test that does "nopad" encryption piece-wise, to test |
| 31 | replacement of EVP_CIPHER_CTX_buf_noconst |
| 32 | |
| 33 | Upstream-Status: Backport [https://github.com/MariaDB/server/commit/1b238e343506b43825092941d4cd294d9b866bef] |
| 34 | |
| 35 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> |
| 36 | --- |
| 37 | cmake/ssl.cmake | 8 ++ |
| 38 | include/ssl_compat.h | 3 +- |
| 39 | mysql-test/lib/openssl.cnf | 2 +- |
| 40 | mysql-test/main/ssl_cipher.result | 6 +- |
| 41 | mysql-test/main/ssl_cipher.test | 2 +- |
| 42 | mysys_ssl/my_crypt.cc | 46 +++++++----- |
| 43 | unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- |
| 44 | 7 files changed, 133 insertions(+), 55 deletions(-) |
| 45 | |
| 46 | diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake |
| 47 | index 7c2488be8bd..1bd46bc0f39 100644 |
| 48 | --- a/cmake/ssl.cmake |
| 49 | +++ b/cmake/ssl.cmake |
| 50 | @@ -139,6 +139,13 @@ MACRO (MYSQL_CHECK_SSL) |
| 51 | SET(SSL_INTERNAL_INCLUDE_DIRS "") |
| 52 | SET(SSL_DEFINES "-DHAVE_OPENSSL") |
| 53 | |
| 54 | + # Silence "deprecated in OpenSSL 3.0" |
| 55 | + IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake |
| 56 | + OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) |
| 57 | + SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") |
| 58 | + SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) |
| 59 | + ENDIF() |
| 60 | + |
| 61 | SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) |
| 62 | SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) |
| 63 | SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) |
| 64 | @@ -152,6 +159,7 @@ MACRO (MYSQL_CHECK_SSL) |
| 65 | HAVE_X509_check_host) |
| 66 | SET(CMAKE_REQUIRED_INCLUDES) |
| 67 | SET(CMAKE_REQUIRED_LIBRARIES) |
| 68 | + SET(CMAKE_REQUIRED_DEFINITIONS) |
| 69 | ELSE() |
| 70 | IF(WITH_SSL STREQUAL "system") |
| 71 | MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") |
| 72 | diff --git a/include/ssl_compat.h b/include/ssl_compat.h |
| 73 | index 9f4b6be8d95..affa9f2a448 100644 |
| 74 | --- a/include/ssl_compat.h |
| 75 | +++ b/include/ssl_compat.h |
| 76 | @@ -24,7 +24,7 @@ |
| 77 | #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) |
| 78 | #define ERR_remove_state(X) ERR_clear_error() |
| 79 | #define EVP_CIPHER_CTX_SIZE 176 |
| 80 | -#define EVP_MD_CTX_SIZE 48 |
| 81 | +#define EVP_MD_CTX_SIZE 72 |
| 82 | #undef EVP_MD_CTX_init |
| 83 | #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) |
| 84 | #undef EVP_CIPHER_CTX_init |
| 85 | @@ -74,7 +74,6 @@ |
| 86 | #endif |
| 87 | |
| 88 | #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) |
| 89 | -#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) |
| 90 | #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) |
| 91 | #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) |
| 92 | |
| 93 | diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf |
| 94 | index b9ab37ac3a1..7cd6f748af2 100644 |
| 95 | --- a/mysql-test/lib/openssl.cnf |
| 96 | +++ b/mysql-test/lib/openssl.cnf |
| 97 | @@ -9,4 +9,4 @@ ssl_conf = ssl_section |
| 98 | system_default = system_default_section |
| 99 | |
| 100 | [system_default_section] |
| 101 | -CipherString = ALL:@SECLEVEL=1 |
| 102 | +CipherString = ALL:@SECLEVEL=0 |
| 103 | diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result |
| 104 | index 930d384eda9..66d817b7b41 100644 |
| 105 | --- a/mysql-test/main/ssl_cipher.result |
| 106 | +++ b/mysql-test/main/ssl_cipher.result |
| 107 | @@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; |
| 108 | SHOW STATUS LIKE 'Ssl_cipher'; |
| 109 | Variable_name Value |
| 110 | Ssl_cipher AES128-SHA |
| 111 | -SHOW STATUS LIKE 'Ssl_cipher_list'; |
| 112 | -Variable_name Value |
| 113 | -Ssl_cipher_list AES128-SHA |
| 114 | +SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; |
| 115 | +VARIABLE_VALUE like '%AES128-SHA%' |
| 116 | +1 |
| 117 | disconnect ssl_con; |
| 118 | connection default; |
| 119 | diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test |
| 120 | index 36549d76d02..d4cdcffb276 100644 |
| 121 | --- a/mysql-test/main/ssl_cipher.test |
| 122 | +++ b/mysql-test/main/ssl_cipher.test |
| 123 | @@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA; |
| 124 | source include/restart_mysqld.inc; |
| 125 | connect (ssl_con,localhost,root,,,,,SSL); |
| 126 | SHOW STATUS LIKE 'Ssl_cipher'; |
| 127 | -SHOW STATUS LIKE 'Ssl_cipher_list'; |
| 128 | +SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; |
| 129 | disconnect ssl_con; |
| 130 | connection default; |
| 131 | diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc |
| 132 | index e512eee9066..4d7ebc7bd27 100644 |
| 133 | --- a/mysys_ssl/my_crypt.cc |
| 134 | +++ b/mysys_ssl/my_crypt.cc |
| 135 | @@ -29,11 +29,7 @@ |
| 136 | #include <ssl_compat.h> |
| 137 | #include <cstdint> |
| 138 | |
| 139 | -#ifdef HAVE_WOLFSSL |
| 140 | #define CTX_ALIGN 16 |
| 141 | -#else |
| 142 | -#define CTX_ALIGN 0 |
| 143 | -#endif |
| 144 | |
| 145 | class MyCTX |
| 146 | { |
| 147 | @@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX |
| 148 | { |
| 149 | public: |
| 150 | const uchar *key; |
| 151 | - uint klen, buf_len; |
| 152 | + uint klen, source_tail_len; |
| 153 | uchar oiv[MY_AES_BLOCK_SIZE]; |
| 154 | + uchar source_tail[MY_AES_BLOCK_SIZE]; |
| 155 | |
| 156 | MyCTX_nopad() : MyCTX() { } |
| 157 | ~MyCTX_nopad() { } |
| 158 | @@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX |
| 159 | compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); |
| 160 | this->key= key; |
| 161 | this->klen= klen; |
| 162 | - this->buf_len= 0; |
| 163 | + this->source_tail_len= 0; |
| 164 | if (ivlen) |
| 165 | memcpy(oiv, iv, ivlen); |
| 166 | DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); |
| 167 | @@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX |
| 168 | return res; |
| 169 | } |
| 170 | |
| 171 | + /** Update last partial source block, stored in source_tail array. */ |
| 172 | + void update_source_tail(const uchar* src, uint slen) |
| 173 | + { |
| 174 | + if (!slen) |
| 175 | + return; |
| 176 | + uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; |
| 177 | + if (new_tail_len) |
| 178 | + { |
| 179 | + if (slen + source_tail_len < MY_AES_BLOCK_SIZE) |
| 180 | + { |
| 181 | + memcpy(source_tail + source_tail_len, src, slen); |
| 182 | + } |
| 183 | + else |
| 184 | + { |
| 185 | + DBUG_ASSERT(slen > new_tail_len); |
| 186 | + memcpy(source_tail, src + slen - new_tail_len, new_tail_len); |
| 187 | + } |
| 188 | + } |
| 189 | + source_tail_len= new_tail_len; |
| 190 | + } |
| 191 | + |
| 192 | int update(const uchar *src, uint slen, uchar *dst, uint *dlen) |
| 193 | { |
| 194 | - buf_len+= slen; |
| 195 | + update_source_tail(src, slen); |
| 196 | return MyCTX::update(src, slen, dst, dlen); |
| 197 | } |
| 198 | |
| 199 | int finish(uchar *dst, uint *dlen) |
| 200 | { |
| 201 | - buf_len %= MY_AES_BLOCK_SIZE; |
| 202 | - if (buf_len) |
| 203 | + if (source_tail_len) |
| 204 | { |
| 205 | - uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); |
| 206 | /* |
| 207 | Not much we can do, block ciphers cannot encrypt data that aren't |
| 208 | a multiple of the block length. At least not without padding. |
| 209 | Let's do something CTR-like for the last partial block. |
| 210 | - |
| 211 | - NOTE this assumes that there are only buf_len bytes in the buf. |
| 212 | - If OpenSSL will change that, we'll need to change the implementation |
| 213 | - of this class too. |
| 214 | */ |
| 215 | uchar mask[MY_AES_BLOCK_SIZE]; |
| 216 | uint mlen; |
| 217 | @@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX |
| 218 | return rc; |
| 219 | DBUG_ASSERT(mlen == sizeof(mask)); |
| 220 | |
| 221 | - for (uint i=0; i < buf_len; i++) |
| 222 | - dst[i]= buf[i] ^ mask[i]; |
| 223 | + for (uint i=0; i < source_tail_len; i++) |
| 224 | + dst[i]= source_tail[i] ^ mask[i]; |
| 225 | } |
| 226 | - *dlen= buf_len; |
| 227 | + *dlen= source_tail_len; |
| 228 | return MY_AES_OK; |
| 229 | } |
| 230 | }; |
| 231 | diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c |
| 232 | index 34704e06749..cbec2760941 100644 |
| 233 | --- a/unittest/mysys/aes-t.c |
| 234 | +++ b/unittest/mysys/aes-t.c |
| 235 | @@ -21,27 +21,96 @@ |
| 236 | #include <string.h> |
| 237 | #include <ctype.h> |
| 238 | |
| 239 | -#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ |
| 240 | - SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ |
| 241 | - { \ |
| 242 | - memset(src, fill, src_len= slen); \ |
| 243 | - ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ |
| 244 | - src, src_len, dst, &dst_len, \ |
| 245 | - key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ |
| 246 | - "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ |
| 247 | - if (!nopad) \ |
| 248 | - ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ |
| 249 | - my_md5(md5, (char*)dst, dst_len); \ |
| 250 | - ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ |
| 251 | - ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ |
| 252 | - dst, dst_len, ddst, &ddst_len, \ |
| 253 | - key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ |
| 254 | - "decrypt " #mode " %u", dst_len); \ |
| 255 | - ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ |
| 256 | + |
| 257 | +/** Test streaming encryption, bytewise update.*/ |
| 258 | +static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, |
| 259 | + unsigned int slen, unsigned char *dst, unsigned int *dlen, |
| 260 | + const unsigned char *key, unsigned int klen, |
| 261 | + const unsigned char *iv, unsigned int ivlen) |
| 262 | +{ |
| 263 | + /* Allocate context on odd address on stack, in order to |
| 264 | + catch misalignment errors.*/ |
| 265 | + void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; |
| 266 | + |
| 267 | + int res1, res2; |
| 268 | + uint d1= 0, d2; |
| 269 | + uint i; |
| 270 | + |
| 271 | + if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) |
| 272 | + return res1; |
| 273 | + for (i= 0; i < slen; i++) |
| 274 | + { |
| 275 | + uint tmp_d1=0; |
| 276 | + res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); |
| 277 | + if (res1) |
| 278 | + return res1; |
| 279 | + d1+= tmp_d1; |
| 280 | + dst+= tmp_d1; |
| 281 | + } |
| 282 | + res2= my_aes_crypt_finish(ctx, dst, &d2); |
| 283 | + *dlen= d1 + d2; |
| 284 | + return res1 ? res1 : res2; |
| 285 | +} |
| 286 | + |
| 287 | + |
| 288 | +#ifndef HAVE_EncryptAes128Ctr |
| 289 | +const uint MY_AES_CTR=0xDEADBEAF; |
| 290 | +#endif |
| 291 | +#ifndef HAVE_EncryptAes128Gcm |
| 292 | +const uint MY_AES_GCM=0xDEADBEAF; |
| 293 | +#endif |
| 294 | + |
| 295 | +#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) |
| 296 | + |
| 297 | +static void do_test(uint mode, const char *mode_str, int nopad, uint slen, |
| 298 | + char fill, size_t dlen, const char *hash) |
| 299 | +{ |
| 300 | + uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; |
| 301 | + uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; |
| 302 | + uchar src[1000], dst[1100], dst2[1100], ddst[1000]; |
| 303 | + uchar md5[MY_MD5_HASH_SIZE]; |
| 304 | + uint src_len, dst_len, dst_len2, ddst_len; |
| 305 | + int result; |
| 306 | + |
| 307 | + if (MY_AES_UNSUPPORTED(mode)) |
| 308 | + { |
| 309 | + skip(nopad?7:6, "%s not supported", mode_str); |
| 310 | + return; |
| 311 | + } |
| 312 | + memset(src, fill, src_len= slen); |
| 313 | + result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, |
| 314 | + dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); |
| 315 | + ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, |
| 316 | + nopad ? "nopad" : "pad"); |
| 317 | + |
| 318 | + if (nopad) |
| 319 | + { |
| 320 | + result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, |
| 321 | + src_len, dst2, &dst_len2, key, sizeof(key), |
| 322 | + iv, sizeof(iv)); |
| 323 | + ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); |
| 324 | + /* Compare with non-bytewise encryption result*/ |
| 325 | + ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, |
| 326 | + "memcmp bytewise %s %u", mode_str, src_len); |
| 327 | + } |
| 328 | + else |
| 329 | + { |
| 330 | + int dst_len_real= my_aes_get_size(mode, src_len); |
| 331 | + ok(dst_len_real= dst_len, "my_aes_get_size"); |
| 332 | } |
| 333 | + my_md5(md5, (char *) dst, dst_len); |
| 334 | + ok(dst_len == dlen, "md5 len"); |
| 335 | + ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); |
| 336 | + result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, |
| 337 | + dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, |
| 338 | + sizeof(iv)); |
| 339 | + |
| 340 | + ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); |
| 341 | + ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); |
| 342 | +} |
| 343 | |
| 344 | -#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) |
| 345 | -#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) |
| 346 | +#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) |
| 347 | +#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) |
| 348 | |
| 349 | /* useful macro for debugging */ |
| 350 | #define PRINT_MD5() \ |
| 351 | @@ -53,25 +122,15 @@ |
| 352 | printf("\"\n"); \ |
| 353 | } while(0); |
| 354 | |
| 355 | -#ifndef HAVE_EncryptAes128Ctr |
| 356 | -const uint MY_AES_CTR=0xDEADBEAF; |
| 357 | -#endif |
| 358 | -#ifndef HAVE_EncryptAes128Gcm |
| 359 | -const uint MY_AES_GCM=0xDEADBEAF; |
| 360 | -#endif |
| 361 | |
| 362 | int |
| 363 | main(int argc __attribute__((unused)),char *argv[]) |
| 364 | { |
| 365 | - uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; |
| 366 | - uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; |
| 367 | - uchar src[1000], dst[1100], ddst[1000]; |
| 368 | - uchar md5[MY_MD5_HASH_SIZE]; |
| 369 | - uint src_len, dst_len, ddst_len; |
| 370 | |
| 371 | MY_INIT(argv[0]); |
| 372 | |
| 373 | - plan(87); |
| 374 | + plan(122); |
| 375 | + |
| 376 | DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); |
| 377 | DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); |
| 378 | DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); |
| 379 | -- |
| 380 | 2.17.1 |
| 381 | |