| From: | Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: pgcrypto (v02) |
| Date: | 2007-08-07 11:36:30 |
| Message-ID: | 46B8593E.1000608@sun.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
There is updated version of patch. See comments bellow:
Marko Kreen wrote:
> On 7/27/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
>> I attach pgcrypto patch which fix two problems on system without strong
>> crypto support (e.g. default Solaris 10 installation):
>>
>> 1) postgres crashes when AES cipher uses long key
>> 2) Blowfish silently cut longer keys. It could bring problem when
>> crypted data are transfered from one server to another with strong keys
>> support.
>
> Couple of style nitpicks:
> * please use hex arrays, instead octal-quoted strings. easier on the eye.
fixed
> * use memcmp() instead of for() loop.
fixed
> * 16 byte bufs for 8 bytes is confusing.
I think it must be 16 because block size is 16 bytes. I'm not sure if 8
bytes could not cause buffer overflow.
>> This patch was discussed there:
>> http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php
>>
>> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
>> postgresql.
>
> OpenSSL autoconfiguration was added in 8.1, so patching older
> versions is not that critical.
Zdenek
| Attachment | Content-Type | Size |
|---|---|---|
| pgcrypto_02.diff | text/x-patch | 5.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2007-08-07 12:41:48 | further WIP for COPYable logs |
| Previous Message | Hiroshi Saito | 2007-08-07 08:10:24 | Re: Warning is adjusted of pgbench. |