Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace in-tree MD5 with OpenSSL #9585

Merged
merged 2 commits into from
Dec 23, 2024
Merged

Conversation

bgermann
Copy link
Contributor

This is a follow-up for #8272 with a different OpenSSL interface used.
The original PR was rejected because it used a deprecated interface.
The performance properties should be the same but I have not measured them.
My main motivation for this is getting rid of the RSA-MD code.

Copy link
Contributor

@vtnerd vtnerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be calls to free the ctx? Ideally using a std::unique_ptr with custom deleter.

@hyc
Copy link
Collaborator

hyc commented Nov 21, 2024

The original problem with #8272 remains - MD5 is deprecated since OpenSSL 3.0 and there are no guarantees that it will be present at any particular site. If you're going to go ahead and remove the embedded MD5 code, you should modify all its callers to use a modern/supported hash algorithm instead.

@bgermann
Copy link
Contributor Author

bgermann commented Nov 21, 2024

I have addressed that concern in my commit message by writing "non-dreprecated EVP facility". In fact, only the md5.h interface is deprecated in OpenSSL 3+. The documentation reads: "All of the functions described on this page are deprecated. Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3)." And I am using these (actually not the _ex version but I can change this easily).

MD5 being deprecated by RFC 6151 for some applications is a different issue but replacing it with something else is a design decision that was asked for in other issues but not solved for now.

@bgermann
Copy link
Contributor Author

EVP_MD-MD5 is still in the default OpenSSL algorithm provider.

@iamamyth
Copy link

You can allocate all of these digest instances on the stack (they don't require much space), that's what the prior implementation did and that's what the OpenSSL examples do. In theory, it's a good idea to reset the stack-allocated context when you're done with it (via EVP_MD_CTX_reset), but EVP_DigestFinal already does this.

@vtnerd
Copy link
Contributor

vtnerd commented Nov 21, 2024

The original problem with #8272 remains - MD5 is deprecated since OpenSSL 3.0 and there are no guarantees that it will be present at any particular site. If you're going to go ahead and remove the embedded MD5 code, you should modify all its callers to use a modern/supported hash algorithm instead.

I think the primary blocker is no real support for other hash algorithms. We're probably better off nudging people towards SSL cert checking.

@bgermann
Copy link
Contributor Author

You cannot allocate the EVP types on the stack since OpenSSL 1.1.

@sorenstoutner
Copy link

To expand a bit on what @bgermann said in his initial comment as to the motivation for this change, as described in feather-wallet/feather#218, the code that @bgermann is proposing to replace is licensed under the RSA-MD, which is incompatible with the GPL. Feather Wallet includes other code licensed under the GPL, meaning that currently it is not legal to distribute the feather binary. Switching to a different implementation of this feature based on code that isn't licensed RSA-MD resolves the problem.

@vtnerd
Copy link
Contributor

vtnerd commented Nov 22, 2024

You cannot allocate the EVP types on the stack since OpenSSL 1.1
.

Still need to free the memory.

@iamamyth
Copy link

You cannot allocate the EVP types on the stack since OpenSSL 1.1.

You definitely can, and they work fine, otherwise EVP_MD_CTX_init wouldn't exist. What the docs actually say is that stack allocations might break the code when linking to a new major version of OpenSSL (https://docs.openssl.org/1.0.2/man3/EVP_DigestInit/#notes):

Stack allocation of EVP_MD_CTX structures is common, for example:

EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);

This will cause binary compatibility issues if the size of EVP_MD_CTX structure changes (this will only happen with a major release of OpenSSL). Applications wishing to avoid this should use EVP_MD_CTX_create() instead

I don't have a strong view on cross-major-revision compatibility, though I suppose it doesn't hurt; but then, if you want it, the allocations need to be paired with free.

@bgermann
Copy link
Contributor Author

bgermann commented Nov 22, 2024

It is not helpful to point to a function that was removed in 1.1 to counter a point that was made about 1.1 or later. Yes, I know that OpenSSL supported it in the old days.

I am going to free the mem when I have time for it.

This uses OpenSSL's non-deprecated EVP digest facility to calculate MD5
in HTTP digest authentication.
The RSA-MD licensed implementation that originated from RFC 1321 and got
into epee via Cyrus SASL and libEtPan! is not a good fit for epee, which
also links to the GPL licensed readline. RSA-MD has an advertisement
clause that is known to be incompatible with GPL.
@bgermann
Copy link
Contributor Author

Freeing the mem with a unique_ptr is done. I think, I have addressed every comment.

@bgermann bgermann requested a review from vtnerd November 22, 2024 14:02
Copy link
Collaborator

@0xFFFC0000 0xFFFC0000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I am usually in support of using well audited third party libraries instead of our own. I was afraid of MD5 deprecation issue in OpenSSL.

Copy link

@iamamyth iamamyth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed that support was removed for stack allocation in OpenSSL 3.0 (https://docs.openssl.org/master/man7/ossl-guide-migration/#upgrading-from-openssl-111), which is the relevant minimum version (not 1.1).

@sorenstoutner
Copy link

Are there any other blockers to getting this merged?

@luigi1111 luigi1111 merged commit b95aae5 into monero-project:master Dec 23, 2024
18 checks passed
@bgermann bgermann deleted the openssl_md5 branch December 23, 2024 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants