On Tue, Jul 05, 2005 at 08:40:08AM -0600, Michael Fuhr wrote:
> On my Solaris 9/sparc box with OpenSSL 0.9.8-beta6, the pgcrypto
> regression tests fail the 3des test. I haven't checked against
> older versions of OpenSSL; I'll do so when I get a chance.
>
> I haven't dug into the pgcrypto code yet -- is it doing anything
> that might be platform-specific? Or is this more likely a problem
> with OpenSSL?
It is a bug in pgcrypto. I can only excuse it with my strong antipathy
towards 3des.
Could you test it with newer OpenSSL?
--
marko
Index: contrib/pgcrypto/openssl.c
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.19
diff -u -c -r1.19 openssl.c
*** contrib/pgcrypto/openssl.c 4 Jul 2005 02:02:01 -0000 1.19
--- contrib/pgcrypto/openssl.c 5 Jul 2005 16:01:37 -0000
***************
*** 393,399 ****
memset(&xkey1, 0, sizeof(xkey1));
memset(&xkey2, 0, sizeof(xkey2));
! memset(&xkey2, 0, sizeof(xkey2));
memcpy(&xkey1, key, klen > 8 ? 8 : klen);
if (klen > 8)
memcpy(&xkey2, key + 8, (klen - 8) > 8 ? 8 : (klen - 8));
--- 393,399 ----
memset(&xkey1, 0, sizeof(xkey1));
memset(&xkey2, 0, sizeof(xkey2));
! memset(&xkey3, 0, sizeof(xkey3));
memcpy(&xkey1, key, klen > 8 ? 8 : klen);
if (klen > 8)
memcpy(&xkey2, key + 8, (klen - 8) > 8 ? 8 : (klen - 8));
Index: contrib/pgcrypto/sql/3des.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/3des.sql,v
retrieving revision 1.1
diff -u -c -r1.1 3des.sql
*** contrib/pgcrypto/sql/3des.sql 21 Mar 2005 05:24:52 -0000 1.1
--- contrib/pgcrypto/sql/3des.sql 5 Jul 2005 16:02:26 -0000
***************
*** 22,26 ****
-- iv
select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
! select decrypt_iv(decode('df27c264fb24ed7a', 'hex'), '0123456', 'abcd',
'3des');
--- 22,26 ----
-- iv
select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
! select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd',
'3des');
Index: contrib/pgcrypto/expected/3des.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/3des.out,v
retrieving revision 1.1
diff -u -c -r1.1 3des.out
*** contrib/pgcrypto/expected/3des.out 21 Mar 2005 05:24:51 -0000 1.1
--- contrib/pgcrypto/expected/3des.out 5 Jul 2005 16:03:23 -0000
***************
*** 17,30 ****
select encode( encrypt('', 'foo', '3des'), 'hex');
encode
------------------
! 9b641a6936249eb4
(1 row)
-- 10 bytes key
select encode( encrypt('foo', '0123456789', '3des'), 'hex');
encode
------------------
! 6f02b7076a366504
(1 row)
-- 22 bytes key
--- 17,30 ----
select encode( encrypt('', 'foo', '3des'), 'hex');
encode
------------------
! 752111e37a2d7ac3
(1 row)
-- 10 bytes key
select encode( encrypt('foo', '0123456789', '3des'), 'hex');
encode
------------------
! d2fb8baa1717cb02
(1 row)
-- 22 bytes key
***************
*** 45,54 ****
select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
encode
------------------
! df27c264fb24ed7a
(1 row)
! select decrypt_iv(decode('df27c264fb24ed7a', 'hex'), '0123456', 'abcd',
'3des');
decrypt_iv
------------
foo
--- 45,54 ----
select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
encode
------------------
! 50735067b073bb93
(1 row)
! select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd',
'3des');
decrypt_iv
------------
foo
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
