Hopefully the last regression failure.
- openssl.c used EVP_MAX_KEY_LENGTH / EVP_MAX_IV_LENGTH
constants for buffers, which are small in case of
OpenSSL 0.9.6x and internal AES. (I tested it with
0.9.7 only, so I didn't notice...)
- Also I noticed that the wrapper macros for CBC mode
do not update IV buffer.
- As the previous mistake was not picked up by current
regression tests, I added a 'longer than a block'
test to all ciphers.
--
marko
Index: contrib/pgcrypto/openssl.c
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.24
diff -u -c -r1.24 openssl.c
*** contrib/pgcrypto/openssl.c 11 Jul 2005 15:07:59 -0000 1.24
--- contrib/pgcrypto/openssl.c 12 Jul 2005 09:27:59 -0000
***************
*** 40,45 ****
--- 40,50 ----
#include <openssl/rand.h>
#include <openssl/err.h>
+ /*
+ * Max lengths we might want to handle.
+ */
+ #define MAX_KEY (512/8)
+ #define MAX_IV (128/8)
/*
* Does OpenSSL support AES?
***************
*** 78,87 ****
#define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
do { \
memcpy((dst), (src), (len)); \
! if (enc) \
aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
! else \
aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
} while (0)
#endif /* old OPENSSL */
--- 83,95 ----
#define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
do { \
memcpy((dst), (src), (len)); \
! if (enc) { \
aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
! memcpy((iv), (dst) + (len) - 16, 16); \
! } else { \
aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+ memcpy(iv, (src) + (len) - 16, 16); \
+ } \
} while (0)
#endif /* old OPENSSL */
***************
*** 243,250 ****
CAST_KEY cast_key;
AES_KEY aes_key;
} u;
! uint8 key[EVP_MAX_KEY_LENGTH];
! uint8 iv[EVP_MAX_IV_LENGTH];
unsigned klen;
unsigned init;
const struct ossl_cipher *ciph;
--- 251,258 ----
CAST_KEY cast_key;
AES_KEY aes_key;
} u;
! uint8 key[MAX_KEY];
! uint8 iv[MAX_IV];
unsigned klen;
unsigned init;
const struct ossl_cipher *ciph;
Index: contrib/pgcrypto/expected/3des.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/3des.out,v
retrieving revision 1.2
diff -u -c -r1.2 3des.out
*** contrib/pgcrypto/expected/3des.out 5 Jul 2005 18:15:36 -0000 1.2
--- contrib/pgcrypto/expected/3des.out 12 Jul 2005 09:41:16 -0000
***************
*** 54,56 ****
--- 54,69 ----
foo
(1 row)
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789012345678901',
'3des'), 'hex');
+ encode
+ ------------------------------------------------------------------
+ b71e3422269d0ded19468f33d65cd663c28e0871984792a7b3ba0ddcecec8d2c
+ (1 row)
+
+ select decrypt(encrypt('Lets try a longer message.',
'0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+ decrypt
+ ----------------------------
+ Lets try a longer message.
+ (1 row)
+
Index: contrib/pgcrypto/expected/blowfish.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/blowfish.out,v
retrieving revision 1.4
diff -u -c -r1.4 blowfish.out
*** contrib/pgcrypto/expected/blowfish.out 21 Mar 2005 05:24:51 -0000
1.4
--- contrib/pgcrypto/expected/blowfish.out 12 Jul 2005 09:32:13 -0000
***************
*** 158,160 ****
--- 158,173 ----
foo
(1 row)
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'),
'hex');
+ encode
+ ------------------------------------------------------------------
+ a76059f7a1b627b5b84080d9beb337714c7a7f8b70300023e5feb6dfa6813536
+ (1 row)
+
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'),
'0123456789', 'bf');
+ decrypt
+ ----------------------------
+ Lets try a longer message.
+ (1 row)
+
Index: contrib/pgcrypto/expected/cast5.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/cast5.out,v
retrieving revision 1.1
diff -u -c -r1.1 cast5.out
*** contrib/pgcrypto/expected/cast5.out 21 Mar 2005 05:24:51 -0000 1.1
--- contrib/pgcrypto/expected/cast5.out 12 Jul 2005 09:41:22 -0000
***************
*** 71,73 ****
--- 71,86 ----
foo
(1 row)
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'),
'hex');
+ encode
+ ------------------------------------------------------------------
+ 04fcffc91533e1505dadcb10766d9fed0937818e663e402384e049942ba60fff
+ (1 row)
+
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'),
'0123456789', 'cast5');
+ decrypt
+ ----------------------------
+ Lets try a longer message.
+ (1 row)
+
Index: contrib/pgcrypto/expected/des.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/des.out,v
retrieving revision 1.1
diff -u -c -r1.1 des.out
*** contrib/pgcrypto/expected/des.out 21 Mar 2005 05:24:51 -0000 1.1
--- contrib/pgcrypto/expected/des.out 12 Jul 2005 09:41:19 -0000
***************
*** 46,48 ****
--- 46,61 ----
foo
(1 row)
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '01234567', 'des'),
'hex');
+ encode
+ ------------------------------------------------------------------
+ 5ad146043e5f30967e06a0fcbae602daf4ff2a5fd0ed12d6c5913cf85f1e36ca
+ (1 row)
+
+ select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'),
'01234567', 'des');
+ decrypt
+ ----------------------------
+ Lets try a longer message.
+ (1 row)
+
Index: contrib/pgcrypto/expected/rijndael.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/rijndael.out,v
retrieving revision 1.4
diff -u -c -r1.4 rijndael.out
*** contrib/pgcrypto/expected/rijndael.out 21 Mar 2005 05:24:51 -0000
1.4
--- contrib/pgcrypto/expected/rijndael.out 12 Jul 2005 09:27:59 -0000
***************
*** 109,111 ****
--- 109,124 ----
foo
(1 row)
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'),
'hex');
+ encode
+ ------------------------------------------------------------------
+ d9beb785dd5403ed02f66b755bb191b93ed93ca54930153f2c3b9ec7785056ad
+ (1 row)
+
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'),
'0123456789', 'aes');
+ decrypt
+ ----------------------------
+ Lets try a longer message.
+ (1 row)
+
Index: contrib/pgcrypto/sql/3des.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/3des.sql,v
retrieving revision 1.2
diff -u -c -r1.2 3des.sql
*** contrib/pgcrypto/sql/3des.sql 5 Jul 2005 18:15:36 -0000 1.2
--- contrib/pgcrypto/sql/3des.sql 12 Jul 2005 09:40:00 -0000
***************
*** 24,26 ****
--- 24,30 ----
select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd',
'3des');
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789012345678901',
'3des'), 'hex');
+ select decrypt(encrypt('Lets try a longer message.',
'0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+
Index: contrib/pgcrypto/sql/blowfish.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/blowfish.sql,v
retrieving revision 1.4
diff -u -c -r1.4 blowfish.sql
*** contrib/pgcrypto/sql/blowfish.sql 21 Mar 2005 05:24:52 -0000 1.4
--- contrib/pgcrypto/sql/blowfish.sql 12 Jul 2005 09:31:51 -0000
***************
*** 85,87 ****
--- 85,91 ----
select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex');
select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf');
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'),
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'),
'0123456789', 'bf');
+
Index: contrib/pgcrypto/sql/cast5.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/cast5.sql,v
retrieving revision 1.1
diff -u -c -r1.1 cast5.sql
*** contrib/pgcrypto/sql/cast5.sql 21 Mar 2005 05:24:52 -0000 1.1
--- contrib/pgcrypto/sql/cast5.sql 12 Jul 2005 09:40:55 -0000
***************
*** 40,42 ****
--- 40,46 ----
select decrypt_iv(decode('384a970695ce016a', 'hex'),
'0123456', 'abcd', 'cast5');
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'),
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'),
'0123456789', 'cast5');
+
Index: contrib/pgcrypto/sql/des.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/des.sql,v
retrieving revision 1.1
diff -u -c -r1.1 des.sql
*** contrib/pgcrypto/sql/des.sql 21 Mar 2005 05:24:52 -0000 1.1
--- contrib/pgcrypto/sql/des.sql 12 Jul 2005 09:38:27 -0000
***************
*** 22,24 ****
--- 22,28 ----
select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex');
select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd',
'des');
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '01234567', 'des'),
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'),
'01234567', 'des');
+
Index: contrib/pgcrypto/sql/rijndael.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/rijndael.sql,v
retrieving revision 1.4
diff -u -c -r1.4 rijndael.sql
*** contrib/pgcrypto/sql/rijndael.sql 21 Mar 2005 05:24:52 -0000 1.4
--- contrib/pgcrypto/sql/rijndael.sql 12 Jul 2005 09:27:59 -0000
***************
*** 56,58 ****
--- 56,62 ----
select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'),
'0123456', 'abcd', 'aes');
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'),
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'),
'0123456789', 'aes');
+
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
