Refactor MD5 implementations and switch to EVP for OpenSSL

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Refactor MD5 implementations and switch to EVP for OpenSSL
Date: 2020-11-06 07:34:34
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Hi all,

Please find attached a patch set to sanitize the use of MD5 we have in
the core tree.

As of now, there are two duplicated implementations of MD5, one in
contrib/pgcrypto/ used as a fallback when not compiling with OpenSSL,
and one in src/common/ used by the backend when compiling with *or*
without OpenSSL. This is bad on several aspects:
- There is no need to have the same implementation twice, obviously.
- When compiling with OpenSSL, we use an incorrect implementation,
causing Postgres to cheat if FIPS is enabled because MD5 should not be
authorized. Making use of what OpenSSL provides with EVP allows us to
rely on OpenSSL to control such restrictions. So we authorize MD5
authentications while these should be blocked, making Postgres not
completely compliant with STIG and its kind.

The attached patch set does a bit of rework to make the Postgres code
more consistent with OpenSSL, similarly to the work I did for all the
SHA2 implementations with EVP in [1]:
- 0001 is something stolen from the SHA2 set, adding to resowner.c
control of EVP contexts, so as it is possible to clean up anything
allocated by OpenSSL.
- 0002 is the central piece, that moves the duplicated
implementation. src/common/ and pgcrypto/ use the same code, but I
have reused pgcrypto as it was already doing the init/update/final
split similarly to PostgreSQL. New APIs are designed to control MD5
contexts, similarly to the work done for SHA2. Upon using this patch,
note that pgcrypto+OpenSSL uses our in-core implementation instead of
OpenSSL's one, but that's fixed in 0003. We have a set of three
convenience routines used to generate MD5-hashed passwords, that I
have moved to a new file in src/common/md5_common.c, aimed at being
shared between all the implementations.
- 0003 adds the MD5 implementation based on OpenSSL's EVP, ending the

This set of patches is independent on the SHA2 refactoring, even if it
shares a part with the SHA2 refactoring in its design. Note that 0001
and 0002 don't depend on each other, but 0003 depends on both.



Attachment Content-Type Size
0001-Add-APIs-to-control-EVP-contexts-for-resource-owners.patch text/x-diff 4.8 KB
0002-Refactor-MD5-implementations-in-the-tree.patch text/x-diff 43.4 KB
0003-Add-new-implementation.patch text/x-diff 5.0 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message 2020-11-06 08:06:14 RE: extension patch of CREATE OR REPLACE TRIGGER
Previous Message Andrey Borodin 2020-11-06 06:58:48 Re: libpq compression