From: | Jacob Champion <pchampion(at)vmware(dot)com> |
---|---|
To: | "peter(dot)eisentraut(at)enterprisedb(dot)com" <peter(dot)eisentraut(at)enterprisedb(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pgcrypto: Remove internal padding implementation |
Date: | 2022-02-14 23:07:38 |
Message-ID: | adc64e21677b8b896203d06f231762ff5d8e4652.camel@vmware.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, 2022-02-14 at 10:42 +0100, Peter Eisentraut wrote:
> This is a rebase of the patch from [0]. It removes the internal padding
> implementation in pgcrypto and lets OpenSSL do it. The internal
> implementation was once applicable to the non-OpenSSL code paths, but
> those have since been removed.
These removed parts looked interesting to me:
> - else if (bpos % bs)
> - {
> - /* ERROR? */
> - pad = bs - (bpos % bs);
> - for (i = 0; i < pad; i++)
> - bbuf[bpos++] = 0;
> - }
> - /* unpad */
> - if (bs > 1 && cx->padding)
> - {
> - pad = res[*rlen - 1];
> - pad_ok = 0;
> - if (pad > 0 && pad <= bs && pad <= *rlen)
> - {
> - pad_ok = 1;
> - for (i = *rlen - pad; i < *rlen; i++)
> - if (res[i] != pad)
> - {
> - pad_ok = 0;
> - break;
> - }
> - }
> -
> - if (pad_ok)
> - *rlen -= pad;
> - }
After this patch, bad padding is no longer ignored during decryption,
and encryption without padding now requires the input size to be a
multiple of the block size. To see the difference you can try the
following queries with and without the patch:
select encrypt_iv('foo', '0123456', 'abcd', 'aes/pad:none');
select encode(decrypt_iv('\xa21a9c15231465964e3396d32095e67eb52bab05f556a581621dee1b85385789', '0123456', 'abcd', 'aes'), 'escape');
Both changes seem correct to me. I can imagine some system out there
being somehow dependent on the prior decryption behavior to avoid a
padding oracle -- but if that's a concern, hopefully you're not using
unauthenticated encryption in the first place? It might be worth a note
in the documentation.
--Jacob
From | Date | Subject | |
---|---|---|---|
Next Message | Swaha Miller | 2022-02-14 23:23:07 | Re: support for CREATE MODULE |
Previous Message | Andres Freund | 2022-02-14 23:06:51 | Re: fixing bookindex.html bloat |