[Bug 2107773] Re: Enabling FIPS causes SALT to be 8 bytes, but OpenSSL 3.0.2 checks if SALT is < 16 bytes, breaking Dovecot and possibly other packages.

Eric Cole 2107773 at bugs.launchpad.net
Mon May 19 13:48:46 UTC 2025 

For further information, this bug is a breaking change between 20.04 and
22.04.  Version 20.04 FIPS has been working well for the past few years.

It is good that we tried deploying a new Azure VM on 22.04 FIPS before
running do-release-upgrade on one of our existing VMs as that would have
resulted in an unexpectedly broken system.

I do understand that this is a very niche bug that slipped through the
cracks.

Thank you for the quick attention to the issue and the PRs pending
review and approval.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2107773

Title:
  Enabling FIPS causes SALT to be 8 bytes, but OpenSSL 3.0.2 checks if
  SALT is < 16 bytes, breaking Dovecot and possibly other packages.

Status in openssl package in Ubuntu:
  New

Bug description:
  [ Impact ]
  * When one enables FIPS mode on a Jammy system and then attempts to use Dovecot to create an encrypted mailbox, the module returns a invalid salt length error.

  * FIPS mode requires a 16 byte salt for PBEKDF2 and Dovecot is only
  requesting 8 bytes of salt. The solution is to modify Dovecot to
  request 16 bytes of salt.

  [ Test Plan ]

  * Install Dovecot on the system
    - sudo apt install dovecot-auth-lua dovecot-core  dovecot-gssapi dovecot-imapd dovecot-ldap dovecot-lmtpd  dovecot-managesieved dovecot-mysql dovecot-pgsql dovecot-pop3d dovecot-sieve dovecot-solr dovecot-sqlite dovecot-submissiond
  * Enable mailbox encryption.
    - Add /etc/dovecot/conf.d//mail-crypt.conf to enable mailbox encryption:
  mail_location = mbox:~/mail:INBOX=/var/mail/%u
  listen = *
  mbox_write_locks = fcntl
  namespace inbox {
    inbox = yes
    location =
    mailbox Drafts {
      special_use = \Drafts
    }

    mailbox Junk {
      special_use = \Junk
    }
    mailbox Sent {
      special_use = \Sent
    }
    mailbox "Sent Messages" {
      special_use = \Sent
    }
    mailbox Trash {
      special_use = \Trash
    }
    prefix =
  }
  passdb {
    driver = pam
  }
  userdb {
    driver = passwd
  }

  mail_plugins = $mail_plugins mail_crypt

  plugin {
    mail_crypt_curve = secp521r1
    mail_crypt_save_version=2
  }

  mail_attribute_dict = file:%h/Maildir/dovecot-attributes
  imap_metadata = yes

  * Issue the following command to create an encrypted mailbox:
    - sudo doveadm -o plugin/mail_crypt_private_password=e32f1f174d7576716d5df899e7d5cb6b64cdb33584c71882e9f7e1f79f2e695e mailbox cryptokey generate -u <username>

  * Verify that no error occurs.

  * Enable FIPS on a Jammy system.
    - sudo pro attach <token>
    - sudo pro enable fips-updates
    - sudo reboot
  (To test FIPS on a Noble system)
    - sudo add-apt-repository ppa:fips-cc-stig/fips-under-certification
    - sudo apt install -y ubuntu-fips openssh-server=1:9.6p1-3ubuntu13+Fips1~rc0 \
          openssh-client=1:9.6p1-3ubuntu13+Fips1~rc0 \
          openssh-sftp-server=1:9.6p1-3ubuntu13+Fips1~rc0 \
          --allow-downgrades --yes

  * Reboot

  * Delete the mailbox
    - rm -rf ~/mail

  * Issue the following command to create an encrypted mailbox:
    - sudo doveadm -o plugin/mail_crypt_private_password=e32f1f174d7576716d5df899e7d5cb6b64cdb33584c71882e9f7e1f79f2e695e mailbox cryptokey generate -u <username>

  * Verify that an error occurs.

  * Update Dovecot to the fixed version.

  * Repeat the commands to delete the mailbox and to create an encrypted
  mailbox.

  * After installing the fix, verify that no error occurs.

  [ Where problems could occur ]

  * The increased salt size of 16 bytes could potentially cause issues
  in allocated data structures, but I've attempted to mitigate this by
  increasing the size of potentially problematic data structures.

  [ Other Info ]

  This is really only needed on systems where FIPS is supported, i.e.
  Jammy and Noble and 26.04.

  --------------
  We deployed Ubuntu Server 22.04 FIPS on Azure as it is now a FIPS Certified release.  See https://ubuntu.com/blog/fips-140-3-for-ubuntu-22-04lts

  ~# lsb_release -rd
  Description:    Ubuntu 22.04.5 LTS
  Release:        22.04

  After installing Ubuntu Server 22.04 FIPS, we then deployed Dovecot modules as shown here:
  --------------
  # apt search dovecot | grep "install"

  WARNING: apt does not have a stable CLI interface. Use with caution in
  scripts.

  dovecot-core/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-imapd/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-lmtpd/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-managesieved/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-mysql/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-pop3d/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]
  dovecot-sieve/jammy-updates,jammy-security,now 1:2.3.16+dfsg1-3ubuntu2.4 amd64 [installed]

  ~# apt-cache policy dovecot-core
  dovecot-core:
    Installed: 1:2.3.16+dfsg1-3ubuntu2.4
    Candidate: 1:2.3.16+dfsg1-3ubuntu2.4
    Version table:
   *** 1:2.3.16+dfsg1-3ubuntu2.4 500
          500 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
          500 http://azure.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages
          100 /var/lib/dpkg/status
       1:2.3.16+dfsg1-3ubuntu2 500
          500 http://azure.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

  -------------

  We attempted to add a mailbox with encryption:
  -------------
  sudo -u vmail doveadm -o plugin/mail_crypt_private_password=e32f1f174d7576716d5df899e7d5cb6b64cdb33584c71882e9f7e1f79f2e695e mailbox cryptokey generate -u user at domain.com
  doveadm(user at domain.com): Error: mail_crypt_user_generate_keypair(user at domain.com) failed: error:1C800070:Provider routines::invalid salt length
  doveadm(user at domain.com): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask?
     Folder Public ID
  x         ERROR: error:1C800070:Provider routines::invalid salt length
  Segmentation fault

  -------------

  After researching the error, I found a single note in the OpenSSL bug tracker referencing the error.
  https://github.com/openssl/openssl/issues/24962

  The suggested options are not available as they defeat the purpose of
  being FIPS compliant and certified.

  As a result, Dovecot is completely broken on 22.04 FIPS if using
  encrypted mailboxes.  (At least in our testing)

  Expected behavior:

  The SALT length should match what the required check is, which is 16
  bytes.  Dovecot should utilize an appropriate version to produce
  encryption keys using the required SALT length.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2107773/+subscriptions

More information about the foundations-bugs mailing list