solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes compat macros to static function so they
can return values
(Original patch by Zdenek Kotala)
I really dislike the patch, as it too specific for the
crippled openssl in solaris. But still something should
be done because of the possible silent corruption.
More general appriaches that also fix the problems are:
- test all ciphers on first use and test fails then disable
completely. This is nice as it could detect much braded range
Problem with this approach is that its too big overhead for small
gain, as it cannot still 100% guarantee that everything is working
- Use EVP functions for encryption as they have better error
handling. So crippled openssl can report via regular means
that something is not supported.
Problem with this is that it can be done only from 0.9.7 onwards.
Which pushes the solution to 8.4.
So something like the current patch should be still applied
as a near-term fix. But I'm starting to think that the blowfish
check should be #ifdef __solaris__ only. Has anyone good reasons
why it should apply to everyone?
pgsql-patches by date
|Next:||From: Andrew Dunstan||Date: 2007-09-28 14:58:59|
|Subject: Re: OpenSSL Applink|
|Previous:||From: Tom Lane||Date: 2007-09-28 14:46:26|
|Subject: Re: OpenSSL Applink |