Re: pgcrypto

On 7/27/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
> I attach pgcrypto patch which fix two problems on system without strong
> crypto support (e.g. default Solaris 10 installation):
>
> 1) postgres crashes when AES cipher uses long key
> 2) Blowfish silently cut longer keys. It could bring problem when
> crypted data are transfered from one server to another with strong keys
> support.

Couple of style nitpicks:
* please use hex arrays, instead octal-quoted strings. easier on the eye.
* use memcmp() instead of for() loop.
* 16 byte bufs for 8 bytes is confusing.

> This patch was discussed there:
> http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php
>
> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
> postgresql.

OpenSSL autoconfiguration was added in 8.1, so patching older
versions is not that critical.

--
marko

ps. I looked into use of EVP, and I'm not that optimistic anymore.
EVP has 3 differenct name for AES different keys, but only one
for CAST5, which also supports different key lengths. Plus
Blowfish is tagged as VARIABLE_LENGTH. So it seems per-algo
support code cannot be avoided, which makes whole EVP usage
rather pointless.

The situation could be simplified by dropping encrypt()/decrypt()
functions, which allow users to specify final keys. But that
would be a nasty event, 8.4 is too early for that...