| From: | "Marko Kreen" <markokr(at)gmail(dot)com> |
|---|---|
| To: | "Zdenek Kotala" <Zdenek(dot)Kotala(at)sun(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "Stefan Kaltenbrunner" <stefan(at)kaltenbrunner(dot)cc> |
| Subject: | Re: pgcrypto & strong ciphers limitation |
| Date: | 2007-07-24 12:40:57 |
| Message-ID: | e51f66da0707240540p2638d6d2q4c35736c0a133061@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 7/24/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
> Stefan reported me that prcrypto regression test fails on solaris 10
> with openssl support. I investigated this problem and the result is that
> Solaris 10 delivers only support for short keys up to 128. Strong crypto
> (SUNWcry and SUNWcryr packages) is available on web download pages. (It
> is result of US crypto export policy.)
Ugh, deliberately broken OpenSSL...
> However, on default installation (which is commonly used) it is a
> problem. Regression test cannot be fixed because it tests strong
> ciphers, but there two very strange issue:
>
> 1) First issue is blowfish cipher. Because pgcrypto uses old interface
> instead new "evp" it calls bf_set_key function which does not return any
> output and cut key if it is too long. See
> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/common/openssl/crypto/bf/bf_skey.c
> line 84.
>
> If user installs strong crypto he will not be able decrypt data which
> has been encrypted before.
>
> The fix of this issue is ugly, because there is not way how to verify
> supported key length with old openssl API and only new API return err if
> length is not supported.
NAK. The fix is broken because it uses EVP interface. EVP is not
a general-purpose interface because not all valid keys for cipher
pass thru it. Only key-lengths used in SSL will work...
Could you rework the fix that it uses the BF_* interface,
does a test-encoding with full-length key and compares it to
expected result. And does it just once, not on each call.
That should be put into separate function probably.
> 2) AES ciphere crashes when key is longer. It happens because return
> value from AES_set_encrypt_key is ignored and AES_encrypt is called with
> uninitialized structure.
ACK, error checking is good. But please return PXE_KEY_TOO_BIG
directly from ossl_aes_key_init.
I must admit the internal API for ciphers is clumsy and could
need rework to something saner. This shows here.
> I attach patch which fix both issues, but main problem is there that old
> openssl API is used and supported key lengths are hardcoded. I think we
> can add to TODO list rewrite pgcrypto to use evp openssl interface.
pgcrypto _was_ written using EVP, but I needed to rewrite it
when I found out EVP supports only key lengths used in SSL.
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2007-07-24 14:10:11 | Re: Reviewing new index types (was Re: [PATCHES] Updated bitmap indexpatch) |
| Previous Message | Zdenek Kotala | 2007-07-24 11:29:08 | pgcrypto & strong ciphers limitation |