Marko Kreen wrote:
> solaris openssl refuses to handle keys longer than 128bits.
> * aes will crash on longer keys
> * blowfish will silently cut the key which can result
> data corruption
> to fix it:
> - test errors from AES functions
> - bf errors cannot be tested, do test encryption
> - change aes compat macros to static function so they
> can return values
Tested on Solaris Nevada and works fine.
> More general appriaches that also fix the problems are:
> - test all ciphers on first use and test fails then disable
> completely. This is nice as it could detect much braded range
> of errors.
> Problem with this approach is that its too big overhead for small
> gain, as it cannot still 100% guarantee that everything is working
> - Use EVP functions for encryption as they have better error
> handling. So crippled openssl can report via regular means
> that something is not supported.
+1 for EVP solution.
Thank you very much
In response to
pgsql-patches by date
|Next:||From: Zdenek Kotala||Date: 2007-09-29 15:36:12|
|Subject: Re: pgcrypto: fix for broken solaris openssl, v03|
|Previous:||From: Tom Lane||Date: 2007-09-29 14:50:34|
|Subject: Re: [COMMITTERS] pgsql: Temporarily modify tsearch regression tests to suppress notice |