Skip site navigation (1) Skip section navigation (2)

Re: pgcrypto (v02)

From: Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM>
To: Marko Kreen <markokr(at)gmail(dot)com>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: pgcrypto (v02)
Date: 2007-08-07 11:36:30
Message-ID: 46B8593E.1000608@sun.com (view raw or flat)
Thread:
Lists: pgsql-patches
There is updated version of patch. See comments bellow:

Marko Kreen wrote:
> On 7/27/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
>> I attach pgcrypto patch which fix two problems on system without strong
>> crypto support (e.g. default Solaris 10 installation):
>>
>> 1) postgres crashes when AES cipher uses long key
>> 2) Blowfish silently cut longer keys. It could bring problem when
>> crypted data are transfered from one server to another with strong keys
>> support.
> 
> Couple of style nitpicks:
> * please use hex arrays, instead octal-quoted strings.  easier on the eye.

fixed

> * use memcmp() instead of for() loop.

fixed

> * 16 byte bufs for 8 bytes is confusing.

I think it must be 16 because block size is 16 bytes. I'm not sure if 8 
bytes could not cause buffer overflow.


>> This patch was discussed there:
>> http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php
>>
>> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
>> postgresql.
> 
> OpenSSL autoconfiguration was added in 8.1, so patching older
> versions is not that critical.

		Zdenek



Attachment: pgcrypto_02.diff
Description: text/x-patch (5.2 KB)

In response to

pgsql-patches by date

Next:From: Andrew DunstanDate: 2007-08-07 12:41:48
Subject: further WIP for COPYable logs
Previous:From: Hiroshi SaitoDate: 2007-08-07 08:10:24
Subject: Re: Warning is adjusted of pgbench.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group