Tagged 1.0.0rc5, warning about OpenSSL compatibility


#1

Hey all!

I’ve tagged 1.0.0rc5, to get the release branch up to date with nightly, which has a bunch of bugfixes and no outstanding branch-specific bug reports I’m aware of. Updated packages for the release and nightly Debian packages should get built by our robots tonight (I’ll double-check tomorrow to be sure).

OpenSSL and hung old Mailpiles

The weirdest bugfix here since RC4, has to do with very old (pre-2016) Mailpile data.

In 2016 we changed how we encrypt data at rest; we used to shell out to openssl enc, but since 2016 we have used the Python cryptography library.

The issue here is that at some point, the OpenSSL project changed the default behaviour for openssl enc, in particular they stopped using the MD5 algorithm for converting the password into a key and switched to SHA-256 by default. Since Mailpile wasn’t specifying a message digest (neither during encryption nor decryption), this means Mailpine on a modern Linux distro became unable to decrypt old data - the modern OpenSSL would pass the password through SHA-256, instead of MD5, and the decryption would fail as a result. :confounded:

To add insult to injury, Mailpile’s old streaming decryption code would then freeze instead of returning an error, effectively blocking Mailpile threads and bringing everything to a grinding halt.

This release adds the -md md5 argument to the openssl enc command line, which makes it possible to read that old data using a modern OpenSSL.

There’s one caveat here… if people somehow upgraded to a modern OpenSSL, while using legacy (pre-2016) Mailpile code, they could end up with data encrypted using both methods. Mailpile cannot currently handle this gracefully, but since I have no evidence that there is actually anyone out there in this situation (hopefully nobody is so unlucky), I haven’t written the code to deal with it… yet.

But it’s possible. :pensive: So if your Mailpile has old data and has been locking up, this release might fix that. If your Mailpile has slightly less old data, and suddenly starts locking up, this might be why.

If you upgrade to 1.0.0rc5 and think you’re having this problem, chime in on the thread and let me know. I’ll help you sort it out.


#2

Cool stuff.

Not sure if a “tag” warrants this, or if it constitutes an actual release - but if so, consider a global pin from the tools menu. A global pin is time-limited, so it’s not too obnoxious, and can be used to make this post visible to people across the forum. It’s also tracked per-user, so once people have seen and read the post, it stops being pinned for them. A good design, and good for promoting this kind of thing :slight_smile: