control: tags -1 patch
control: reassign -1 yapet 2.6-1
On 2024-04-08 08:32:58 [+0200], Kurt Roeckx wrote:
> There might be a related change that doesn't allow restarting the
> operation with the same context without setting things up again.
Yapet is broken and the openssl update revealed the problem. I
reassigned it to yapet 2.6 but probably affects earlier versions.
But then the 1.1.1 series is no longer maintained so…
Patches attached and they hold the details of why and such.
This needs to be applied to unstable and Bookworm.
The testsuite passes and I can open Sean's test file.
Further testing is welcome by actual users ;)
I can NMU if needed just yell.
Sebastian
From a54b5e81a61aa7e77e45a970ce88b9b4269fde7d Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Mon, 8 Apr 2024 18:03:30 +0200
Subject: [PATCH 1/2] crypt/blowfish: Remove EVP_CIPHER_CTX_set_key_length().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
yapet did for blowfish:
| EVP_CipherInit_ex(ctx, cipher, NULL, KEY, iv, mode);
| EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
| EVP_CipherUpdate(ctx, …);
this worked in earlier OpenSSL versions and stopped working in
openssl-3.0.13. The problem here is that the
EVP_CIPHER_CTX_set_key_length() is ignored and the later OpenSSL version
returns rightfully an error "Provider routines::no key set" here.
Blowfish does support variable key lenghts but the key length has to be
set first followed by the actual key. Otherwise the blocksize (16) will
be used.
The correct way to deal with this would be:
| EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, mode);
| EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
| EVP_CipherInit_ex(ctx, NULL, NULL, KEY, IV, mode);
| EVP_CipherUpdate(ctx, …);
Using now the proper way will break earlier databases because in the
blowfish case, always the default blocksize / 16 has been used.
In order to keep compatibility with earlier versions of the database and
openssl remove the EVP_CIPHER_CTX_set_key_length() invocation.
Fixes #26
Fixes #24
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
src/libs/crypt/crypto.cc | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/src/libs/crypt/crypto.cc b/src/libs/crypt/crypto.cc
index ade991edf961a..139e0823e753a 100644
--- a/src/libs/crypt/crypto.cc
+++ b/src/libs/crypt/crypto.cc
@@ -98,16 +98,6 @@ EVP_CIPHER_CTX* Crypto::initializeOrThrow(MODE mode) {
throw CipherError{_("Error initializing cipher")};
}
- success = EVP_CIPHER_CTX_set_key_length(context, _key->keySize());
- if (success != SSL_SUCCESS) {
- destroyContext(context);
- char msg[YAPET::Consts::EXCEPTION_MESSAGE_BUFFER_SIZE];
- std::snprintf(msg, YAPET::Consts::EXCEPTION_MESSAGE_BUFFER_SIZE,
- _("Cannot set key length on context to %d"),
- _key->keySize());
- throw CipherError{msg};
- }
-
return context;
}
--
2.43.0
>From aaa573b14bafcc9a6b46495bd4ffc15b90d35902 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Mon, 8 Apr 2024 18:19:12 +0200
Subject: [PATCH 2/2] crypt/aes: Remove EVP_CIPHER_CTX_set_key_length().
The EVP_CIPHER_CTX_set_key_length() in the AES-256-CBC case is pointless
because the key here is fixed EVP_CIPHER_CTX_set_key_length() and the
function does not change the size.
Remove the EVP_CIPHER_CTX_set_key_length() invocation.
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
src/libs/crypt/aes256.cc | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/src/libs/crypt/aes256.cc b/src/libs/crypt/aes256.cc
index 1041b9c57347c..e105b1a5beddd 100644
--- a/src/libs/crypt/aes256.cc
+++ b/src/libs/crypt/aes256.cc
@@ -113,17 +113,6 @@ EVP_CIPHER_CTX* Aes256::initializeOrThrow(const SecureArray& ivec, MODE mode) {
throw CipherError{_("Error initializing cipher")};
}
- success = EVP_CIPHER_CTX_set_key_length(context, getKey()->keySize());
- if (success != SSL_SUCCESS) {
- LOG_MESSAGE(std::string{__func__} + ": Error setting key length");
- destroyContext(context);
- char msg[YAPET::Consts::EXCEPTION_MESSAGE_BUFFER_SIZE];
- std::snprintf(msg, YAPET::Consts::EXCEPTION_MESSAGE_BUFFER_SIZE,
- _("Cannot set key length on context to %d"),
- getKey()->keySize());
- throw CipherError{msg};
- }
-
return context;
}
--
2.43.0
