Skip site navigation (1) Skip section navigation (2)

Re: pgcrypto decrypt_iv() issue

From: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
To: Postgres-Bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: pgcrypto decrypt_iv() issue
Date: 2012-01-24 21:34:32
Message-ID: 4F1F23E8.80100@kaltenbrunner.cc (view raw or flat)
Thread:
Lists: pgsql-bugs
On 01/23/2012 08:40 PM, Stefan Kaltenbrunner wrote:
> We are using the raw decryption features of contrib/pgcrypto here to
> decode certain AES128 encrypted data. However depending on the data to
> decode and what statements have been executed in the same session before
> we are seeing different (and sometimes completely wrong) answers
> 
> this is 9.1.2 on Debian/amd64 compiled with -enable-debug (note that the
> the first and the third query do not result in the same answer):
> 
> 

[examples snipped]

> 
> which seems even more of a "wtf"?!

from some looking at the code in pgcrypto.c it seems to me that the
coding pattern in most functions there only checks for errors from the
corresponding initialization function, in the case of say decrypt_iv()
that means only the IV and the key are actually "validated" because that
is what the init function sees(it never sees that data!), if the actual
decrypt call fails (because the data is maybe a bit weird^broken) it
will happily ignore that and return random data.


Stefan

In response to

Responses

pgsql-bugs by date

Next:From: Vik ReykjaDate: 2012-01-24 23:28:14
Subject: Re: Different error messages executing CREATE TABLE or ALTER TABLE to create a column "xmin"
Previous:From: Tom LaneDate: 2012-01-24 21:03:04
Subject: Re: Segfault in backend CTE code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group