On 7/27/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote:
> I attach pgcrypto patch which fix two problems on system without strong
> crypto support (e.g. default Solaris 10 installation):
> 1) postgres crashes when AES cipher uses long key
> 2) Blowfish silently cut longer keys. It could bring problem when
> crypted data are transfered from one server to another with strong keys
Couple of style nitpicks:
* please use hex arrays, instead octal-quoted strings. easier on the eye.
* use memcmp() instead of for() loop.
* 16 byte bufs for 8 bytes is confusing.
> This patch was discussed there:
> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
OpenSSL autoconfiguration was added in 8.1, so patching older
versions is not that critical.
ps. I looked into use of EVP, and I'm not that optimistic anymore.
EVP has 3 differenct name for AES different keys, but only one
for CAST5, which also supports different key lengths. Plus
Blowfish is tagged as VARIABLE_LENGTH. So it seems per-algo
support code cannot be avoided, which makes whole EVP usage
The situation could be simplified by dropping encrypt()/decrypt()
functions, which allow users to specify final keys. But that
would be a nasty event, 8.4 is too early for that...
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?