Postgres Pro
Downloads
Home   >   mailing lists

Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older - Mailing list pgsql-hackers

From Heikki Linnakangas
Subject Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older
Date
Msg-id 561274F1.1030000@iki.fi
Whole thread Raw
Responses Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older  (Joe Conway <mail@joeconway.com>)
Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older  (Alvaro Herrera <alvherre@2ndquadrant.com>)
List pgsql-hackers
Tree view 
pgcrypto uses the old, deprecated, "low-level" functions for symmetric
encryption, with algorithm-specific functions like AES_ecb_encrypt(),
DES_ecb3_encrypt() and so forth. The recommended new API is the
so-called EVP API, which has functions for initializing a "context"
using a specific algorithm, and then that context is passed around to
EVP_Encrypt*/Decrypt* functions. The EVP API has been around for ages,
at least since OpenSSL 0.9.6.

We should switch to the new API. Aside from being nicer, the low-level
functions don't (necessarily) use hardware acceleration, while the EVP
functions do. I could see a significant boost to pgcrypto AES encryption
on my laptop, which has an Intel CPU that supports the special AES-NI
instructions. That said, AES encryption is pretty fast anyway, so you
need very large inputs to see any difference and it's actually pretty
difficult to come up with a test case where the gains are not lost in
the noise of e.g. toasting/detoasting the data. Nevertheless, it's a
nice bonus. Test case is attached (aes-speedtest.sql). It runs in about
1.7s with the old API, and 1.3s with the new API.

The real reason I started digging this, though, is that Pivotal was
trying to use the FIPS-validated version of OpenSSL with PostgreSQL, and
it turns out that the low-level APIs are disabled in "FIPS mode", and
trip an assertion inside OpenSSL (that changed some time between 0.9.8
and 1.0.2, not sure when exactly). Switching to the EVP functions will
avoid that problem. There is obviously a lot more you'd need to do
before you could actually FIPS-certify PostgreSQL and pgcrypto, but this
is one unnecessary hurdle.

There was prior discussion on the EVP API in this old thread from 2007:
http://www.postgresql.org/message-id/flat/46A5E284.7030402@sun.com#46A5E284.7030402@sun.com

In short, pgcrypto actually used to use the EVP functions, but was
changed to *not* use them, because in older versions of OpenSSL, some
key lengths and/or padding options that pgcrypto supports were not
supported by the EVP API. That was fixed in OpenSSL 0.9.7, however. The
consensus in 2007 was that we could drop support for OpenSSL 0.9.6 and
below, so that should definitely be OK by now, if we haven't already
done that elsewhere in the code.

Any objections to the attached two patches?

- Heikki
Attachment

pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: Parallel Seq Scan
Next
From: Tom Lane
Date:
Subject: Re: [COMMITTERS] pgsql: Lower *_freeze_max_age minimum values.