| From: | Marko Kreen <marko(at)l-t(dot)ee> |
|---|---|
| To: | pgsql-patches(at)postgresql(dot)org |
| Subject: | pgcrypto: openssl digest fix |
| Date: | 2005-03-11 15:48:30 |
| Message-ID: | 20050311154830.GA28577@l-t.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch fixes it by carring the digest info around
EVP_DigestFinal and re-initializing cipher.
Please apply this also to stable branches (8.0 / 7.4).
Note that this can be blamed on OpenSSL 0.9.7x backwards-
compatibility functions: 0.9.6x and new 0.9.7x API
(EVP_DigestFinal_ex) do clear the "secret data" but keep the
general algorithm info.
But still, the fact is that pgcrypto was relying on
undocumented beheviour.
--
marko
| Attachment | Content-Type | Size |
|---|---|---|
| fix-openssl.diff | text/plain | 713 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-03-11 16:18:07 | Re: [pgsql-hackers-win32] snprintf causes regression tests |
| Previous Message | Simon Riggs | 2005-03-11 09:55:35 | Re: [PATCHES] WAL: O_DIRECT and multipage-writer (+ |