Re: OpenBSD 6.0-stable smtpd queue encryption

[Gilles Chehade]

On Sun, Sep 04, 2016 at 09:33:26AM -0400, H Benfield wrote:
> Hello all,
> 
> I recently upgraded from 5.9-stable to 6.0, then rebuilt from source to 
> 6.0-stable.  The platform is amd64.
> 
> In my smtpd.conf file, when queue encryption is enabled, messages temporarily 
> fail with this /var/log/maillog message:
> 
> Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=connected 
> address= host=
> Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=starttls 
> ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128"
> Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=authentication 
> user= result=ok
> Sep  4 09:16:04 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=message 
> msgid=1f6136ab from=<> to=<> size=461 ndest=1 proto=ESMTP
> Sep  4 09:16:04 host smtpd[35452]:  mda event=delivery 
> evpid=1f6136ab3d1fbaa5 from=<> to=<> user= 
> method=maildir delay=1s result=TempFail stat=Cannot get message fd
> Sep  4 09:16:13 host smtpd[35452]:  mda event=delivery 
> evpid=1f6136ab3d1fbaa5 from=<> to=<> user= 
> method=maildir delay=10s result=TempFail stat=Cannot get message fd
> 
> The issue occured under 6.0 release and stable.  By disabling queue 
> encryption, the messages are successfully delivered.  I have also regenerated 
> the queue encryption key but this does not change the behavior.
> 
> The error is generated from mda.c but I'm not sure what causes fd == -1. Has 
> anyone else experienced this issue?
> 

Yes, someone reported this a couple days ago, I have committed a fix.
You can apply the following diff while I figure out what we're going to do.

Index: crypto.c
===
RCS file: /cvs/src/usr.sbin/smtpd/crypto.c,v
retrieving revision 1.5
diff -u -p -r1.5 crypto.c
--- crypto.c28 Dec 2015 22:08:30 -  1.5
+++ crypto.c3 Sep 2016 13:56:07 -
@@ -42,7 +42,6 @@ size_tcrypto_encrypt_buffer(const char 
 size_t crypto_decrypt_buffer(const char *, size_t, char *, size_t);
 
 static struct crypto_ctx {
-   const EVP_CIPHER   *cipher;
unsigned char   key[KEY_SIZE];
 } cp;
 
@@ -53,7 +52,6 @@ crypto_setup(const char *key, size_t len
return 0;
 
memset(, 0, sizeof cp);
-   cp.cipher = EVP_aes_256_gcm();
 
/* openssl rand -hex 16 */
memcpy(cp.key, key, sizeof cp.key);
@@ -92,7 +90,7 @@ crypto_encrypt_file(FILE * in, FILE * ou
return 0;
 
EVP_CIPHER_CTX_init();
-   EVP_EncryptInit(, cp.cipher, cp.key, iv);
+   EVP_EncryptInit_ex(, EVP_aes_256_gcm(), NULL, cp.key, iv);
 
/* encrypt until end of file */
while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) {
@@ -105,7 +103,7 @@ crypto_encrypt_file(FILE * in, FILE * ou
goto end;
 
/* finalize and write last chunk if any */
-   if (!EVP_EncryptFinal(, obuf, ))
+   if (!EVP_EncryptFinal_ex(, obuf, ))
goto end;
if (len && (w = fwrite(obuf, len, 1, out)) != 1)
goto end;
@@ -172,7 +170,7 @@ crypto_decrypt_file(FILE * in, FILE * ou
 
 
EVP_CIPHER_CTX_init();
-   EVP_DecryptInit(, cp.cipher, cp.key, iv);
+   EVP_DecryptInit_ex(, EVP_aes_256_gcm(), NULL, cp.key, iv);
 
/* set expected tag */
EVP_CIPHER_CTX_ctrl(, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
@@ -195,7 +193,7 @@ crypto_decrypt_file(FILE * in, FILE * ou
goto end;
 
/* finalize, write last chunk if any and perform authentication check */
-   if (!EVP_DecryptFinal(, obuf, ))
+   if (!EVP_DecryptFinal_ex(, obuf, ))
goto end;
if (len && (w = fwrite(obuf, len, 1, out)) != 1)
goto end;
@@ -240,7 +238,7 @@ crypto_encrypt_buffer(const char *in, si
len += sizeof iv;
 
EVP_CIPHER_CTX_init();
-   EVP_EncryptInit(, cp.cipher, cp.key, iv);
+   EVP_EncryptInit_ex(, EVP_aes_256_gcm(), NULL, cp.key, iv);
 
/* encrypt buffer */
if (!EVP_EncryptUpdate(, out + len, , in, inlen))
@@ -248,7 +246,7 @@ crypto_encrypt_buffer(const char *in, si
len += olen;
 
/* finalize and write last chunk if any */
-   if (!EVP_EncryptFinal(, out + len, ))
+   if (!EVP_EncryptFinal_ex(, out + len, ))
goto end;
len += olen;
 
@@ -293,7 +291,7 @@ crypto_decrypt_buffer(const char *in, si
in += sizeof iv;
 
EVP_CIPHER_CTX_init();
-   EVP_DecryptInit(, cp.cipher, cp.key, iv);
+   EVP_DecryptInit_ex(, EVP_aes_256_gcm(), NULL, cp.key, iv);
 
/* set expected tag */
EVP_CIPHER_CTX_ctrl(, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
@@ -304,7 +302,7 @@ crypto_decrypt_buffer(const char *in, si
len += olen;
 
/* finalize, write last chunk if any and perform authentication check */
-   if (!EVP_DecryptFinal(, out + len, ))
+   if (!EVP_DecryptFinal_ex(, out + len, 

OpenBSD 6.0-stable smtpd queue encryption

[H Benfield]

Hello all,

I recently upgraded from 5.9-stable to 6.0, then rebuilt from source to 
6.0-stable.  The platform is amd64.

In my smtpd.conf file, when queue encryption is enabled, messages temporarily 
fail with this /var/log/maillog message:

Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=connected 
address= host=
Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=starttls 
ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128"
Sep  4 09:16:03 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=authentication 
user= result=ok
Sep  4 09:16:04 host smtpd[35452]: cf54bd77d0d1a6c4 smtp event=message 
msgid=1f6136ab from=<> to=<> size=461 ndest=1 proto=ESMTP
Sep  4 09:16:04 host smtpd[35452]:  mda event=delivery 
evpid=1f6136ab3d1fbaa5 from=<> to=<> user= 
method=maildir delay=1s result=TempFail stat=Cannot get message fd
Sep  4 09:16:13 host smtpd[35452]:  mda event=delivery 
evpid=1f6136ab3d1fbaa5 from=<> to=<> user= 
method=maildir delay=10s result=TempFail stat=Cannot get message fd

The issue occured under 6.0 release and stable.  By disabling queue encryption, 
the messages are successfully delivered.  I have also regenerated the queue 
encryption key but this does not change the behavior.

The error is generated from mda.c but I'm not sure what causes fd == -1. Has 
anyone else experienced this issue?

Regards,

Harold Benfield