Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MyProxy: change private key cipher to EVP_aes_256_cbc() #230

Merged
merged 1 commit into from
Jul 22, 2024
Merged

MyProxy: change private key cipher to EVP_aes_256_cbc() #230

merged 1 commit into from
Jul 22, 2024

Conversation

fscheiner
Copy link
Member

As per #229 MyProxy still used an old cipher for encrypting private keys. Changes courtesy of Mischa Salle (@msalle).

Fixes #229.

@fscheiner
Copy link
Member Author

@msalle :
Let's see if the CI is also happy. :-)

@msalle
Copy link
Member

msalle commented Jul 21, 2024

Hi @fscheiner Thanks!
Since we have the code twice, maybe we should put both in a function or macro?
Something like
#define MYPROXY_PRIVKEY_CIPHER() EVP_aes_256_cbc()
?

@fscheiner
Copy link
Member Author

Hi @fscheiner Thanks! Since we have the code twice, maybe we should put both in a function or macro? Something like #define MYPROXY_PRIVKEY_CIPHER() EVP_aes_256_cbc() ?

Good idea! I also shortly thought about something like that, e.g. when in ten years or so AES256 is considered old and deprecated. ;-)

Would you place it in the header or directly into myproxy/source/ssl_utils.c? Maybe the latter is better, because one does not have to check which include includes it if need be.

@msalle
Copy link
Member

msalle commented Jul 21, 2024

Hi @fscheiner Thanks! Since we have the code twice, maybe we should put both in a function or macro? Something like #define MYPROXY_PRIVKEY_CIPHER() EVP_aes_256_cbc() ?

Good idea! I also shortly thought about something like that, e.g. when in ten years or so AES256 is considered old and deprecated. ;-)

currently still not yet broken and they claim it's quantum crypto safe... (famous last words?)

Would you place it in the header or directly into myproxy/source/ssl_utils.c? Maybe the latter is better, because one does not have to check which include includes it if need be.

one of the reasons I hadn't made the patch was that I hadn't come up with a decision for that. I'm thinking it might be nice in the header, since it's then part of the public API, but easier in ssl_utils.c. Probably better for now in the ssl_utils.c for reason you're giving. And we can always make it public later when needed.

@fscheiner
Copy link
Member Author

Good idea! I also shortly thought about something like that, e.g. when in ten years or so AES256 is considered old and deprecated. ;-)

currently still not yet broken and they claim it's quantum crypto safe... (famous last words?)

:-))

Would you place it in the header or directly into myproxy/source/ssl_utils.c? Maybe the latter is better, because one does not have to check which include includes it if need be.

one of the reasons I hadn't made the patch was that I hadn't come up with a decision for that. I'm thinking it might be nice in the header, since it's then part of the public API, but easier in ssl_utils.c. Probably better for now in the ssl_utils.c for reason you're giving. And we can always make it public later when needed.

I can make the changes. I think we don't need another build test as it worked for the current version already, but just a positive review for merging it.

Apart from that we can still have a discussion about that change of course. CCing @ellert @maarten-litmaath. Not sure, is Jim still interested in or working on MyProxy? If yes, then we should maybe CC him, too.

@fscheiner fscheiner force-pushed the myproxy-new-private-key-cipher branch from 2d2f501 to bd8a6e0 Compare July 21, 2024 19:15
@maarten-litmaath
Copy link

Hi guys,
what happens when an existing installation is upgraded to the new version?
Will the existing key continue being used without any problem?

I suspect Jim would not really want to spend time on MyProxy any more...

@fscheiner
Copy link
Member Author

Hi Maarten,

Hi guys, what happens when an existing installation is upgraded to the new version? Will the existing key continue being used without any problem?

According to #229:

It reads using PEM_read_PrivateKey() in ssl_private_key_load_from_file(), ssl_utils.c lines 743-744 and PEM_read_bio_PrivateKey() in ssl_proxy_from_pem(), ssl_utils.c lines 927-928 which are generic enough to read other formats too.

...I'd say yes.

@fscheiner fscheiner requested review from msalle and ellert July 21, 2024 20:09
@maarten-litmaath
Copy link

So the improvement will by default only benefit new installations?
That would be fine with me.

@fscheiner
Copy link
Member Author

So the improvement will by default only benefit new installations? That would be fine with me.

Most likely, but I don't know if MyProxy only stores a private key locally during initial setup. But even if not, the functions for reading it won't care if a new key is AES256 encrypted.

@msalle
Copy link
Member

msalle commented Jul 22, 2024

So the improvement will by default only benefit new installations? That would be fine with me.

Most likely, but I don't know if MyProxy only stores a private key locally during initial setup. ,
But even if not, the functions for reading it won't care if a new key is AES256 encrypted.

Just to clarify: for each proxy that gets delegated to myproxy it creates and stores a new private key. But changing the format even for an existing server looks fine because it can read the different ciphers. So having a mixed set in its data store in /var/lib/myproxy/ seems totally fine. As such an update would be totally transparent for any client.

@fscheiner
Copy link
Member Author

Just to clarify: for each proxy that gets delegated to myproxy it creates and stores a new private key. But changing the format even for an existing server looks fine because it can read the different ciphers. So having a mixed set in its data store in /var/lib/myproxy/ seems totally fine. As such an update would be totally transparent for any client.

Thanks for the clarification. Looking good, so I'd say let's do it.

fscheiner
fscheiner commented Jul 22, 2024
View reviewed changes
myproxy/source/ssl_utils.c Outdated Show resolved Hide resolved
msalle
msalle requested changes Jul 22, 2024
View reviewed changes
Copy link
Member

@msalle msalle left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the extra () in the #ifndef (see cmment there) I think it looks be fine. Also probably good to see whether the tests succeed.

@fscheiner
MyProxy: change private key cipher to EVP_aes_256_cbc()
456e057 
As per gridcf#229 MyProxy still used an old cipher for encrypting private keys.
Changes courtesy of Mischa Salle (@msalle).

Fixes gridcf#229.
@fscheiner fscheiner force-pushed the myproxy-new-private-key-cipher branch from bd8a6e0 to 456e057 Compare July 22, 2024 14:08
@fscheiner fscheiner requested a review from msalle July 22, 2024 14:09
msalle
msalle approved these changes Jul 22, 2024
View reviewed changes
Copy link
Member

@msalle msalle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming the builds and tests go well, I'd say looks good to me.

@fscheiner
Copy link
Member Author

Checks look good. Merging this now.

@fscheiner fscheiner merged commit f37c5ce into gridcf:master Jul 22, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msalle msalle msalle approved these changes

@ellert ellert Awaiting requested review from ellert

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

myproxy-server uses old cipher for storing private key
3 participants
@fscheiner @msalle @maarten-litmaath