Marko Kreen wrote:
solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
data corruption
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes compat macros to static function so they
can return values
Tested on Solaris Nevada and works fine.
More general appriaches that also fix the problems are:
- test all ciphers on first use and test fails then disable
completely. This is nice as it could detect much braded range
of errors.
Problem with this approach is that its too big overhead for small
gain, as it cannot still 100% guarantee that everything is working
correctly.
- Use EVP functions for encryption as they have better error
handling. So crippled openssl can report via regular means
that something is not supported.
+1 for EVP solution.
Thank you very much
Zdenek
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
