Re: pgcrypto & strong ciphers limitation

On 7/24/07, Zdenek Kotala <Zdenek.Kotala@sun.com> wrote:
> Stefan reported me that prcrypto regression test fails on solaris 10
> with openssl support. I investigated this problem and the result is that
> Solaris 10 delivers only support for short keys up to 128. Strong crypto
> (SUNWcry and SUNWcryr packages) is available on web download pages. (It
> is result of US crypto export policy.)

Ugh, deliberately broken OpenSSL...

> However, on default installation  (which is commonly used) it is a
> problem. Regression test cannot be fixed because it tests strong
> ciphers, but there two very strange issue:
>
> 1) First issue is blowfish cipher. Because pgcrypto uses old interface
> instead new "evp" it calls bf_set_key function which does not return any
> output and cut key if it is too long. See
> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/common/openssl/crypto/bf/bf_skey.c
> line 84.
>
> If user installs strong crypto he will not be able decrypt data which
> has been encrypted before.
>
> The fix of this issue is ugly, because there is not way how to verify
> supported key length with old openssl API and only new API return err if
> length is not supported.

NAK.  The fix is broken because it uses EVP interface.  EVP is not
a general-purpose interface because not all valid keys for cipher
pass thru it.  Only key-lengths used in SSL will work...

Could you rework the fix that it uses the BF_* interface,
does a test-encoding with full-length key and compares it to
expected result.  And does it just once, not on each call.

That should be put into separate function probably.

> 2) AES ciphere crashes when key is longer. It happens because return
> value from AES_set_encrypt_key is ignored and AES_encrypt is called with
> uninitialized structure.

ACK, error checking is good.  But please return PXE_KEY_TOO_BIG
directly from ossl_aes_key_init.

I must admit the internal API for ciphers is clumsy and could
need rework to something saner.  This shows here.

> I attach patch which fix both issues, but main problem is there that old
> openssl API is used and supported key lengths are hardcoded. I think we
> can add to TODO list rewrite pgcrypto to use evp openssl interface.

pgcrypto _was_ written using EVP, but I needed to rewrite it
when I found out EVP supports only key lengths used in SSL.

-- 
marko