Tom Lane wrote:
Zdenek Kotala <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was meant to work further back.
Let me know if you're not happy.
PostgreSQL 8.1 is shipped with Solaris. We are int
Zdenek Kotala <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Applied to HEAD and 8.2. I wasn't sure if there was interest in
>> patching further back, or if the patch was meant to work further back.
>> Let me know if you're not happy.
> PostgreSQL 8.1 is shipped with Solaris. We are interesting
Tom Lane wrote:
"Marko Kreen" <[EMAIL PROTECTED]> writes:
solaris openssl refuses to handle keys longer than 128bits.
...
So something like the current patch should be still applied
as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or i
Marko Kreen wrote:
solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
data corruption
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes compa
"Marko Kreen" <[EMAIL PROTECTED]> writes:
> solaris openssl refuses to handle keys longer than 128bits.
> ...
> So something like the current patch should be still applied
> as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch
There is updated version of patch. See comments bellow:
Marko Kreen wrote:
On 7/27/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote:
I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):
1) postgres crashes when AES cipher use
On 7/27/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote:
> I attach pgcrypto patch which fix two problems on system without strong
> crypto support (e.g. default Solaris 10 installation):
>
> 1) postgres crashes when AES cipher uses long key
> 2) Blowfish silently cut longer keys. It could bring proble
On Tue, 2006-07-18 at 16:06 +0300, Marko Kreen wrote:
> - Few README fixes
> - Keep imath Id string, put $PostgreSQL$ separately.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 6: explain analyze is your friend
On 2/20/06, Tom Lane <[EMAIL PROTECTED]> wrote:
> "Marko Kreen" <[EMAIL PROTECTED]> writes:
> > On 2/18/06, Marko Kreen <[EMAIL PROTECTED]> wrote:
> >> pgcrypto crypt()/md5 and hmac() leak memory when compiled against
> >> OpenSSL as openssl.c digest ->reset will do two DigestInit calls
> >> agains
"Marko Kreen" <[EMAIL PROTECTED]> writes:
> On 2/18/06, Marko Kreen <[EMAIL PROTECTED]> wrote:
>> pgcrypto crypt()/md5 and hmac() leak memory when compiled against
>> OpenSSL as openssl.c digest ->reset will do two DigestInit calls
>> against a context. This happened to work with OpenSSL 0.9.6
>>
On 2/18/06, Marko Kreen <[EMAIL PROTECTED]> wrote:
> pgcrypto crypt()/md5 and hmac() leak memory when compiled against
> OpenSSL as openssl.c digest ->reset will do two DigestInit calls
> against a context. This happened to work with OpenSSL 0.9.6
> but not with 0.9.7+.
Ugh, seems I read the old
On Sat, 2006-02-18 at 02:23 +0200, Marko Kreen wrote:
> Attached are one patch for 7.3, 7.4, 8.0 branches and another
> for 8.1 and HEAD.
Thanks, patches applied to the appropriate branches.
-Neil
---(end of broadcast)---
TIP 6: explain analyze i
Marko Kreen <[EMAIL PROTECTED]> writes:
> There is a signedness bug in Openwall gen_salt code that
> pgcrypto uses. This makes the salt space for md5 and xdes
> algorithms a lot smaller.
> Salts for blowfish and standard des are unaffected.
> Attached is upstream fix for it. This applies all th
Marko Kreen writes:
> Few small things:
> [ snip ]
Applied, thanks.
I also fixed a few small grammatical problems in the text.
regards, tom lane
---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please sen
Kris Jurka <[EMAIL PROTECTED]> writes:
> This patch removes a couple of warnings Sun's cc reports in
> contrib/pgcrypto.
Applied, thanks.
regards, tom lane
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
Patch applied. Thanks.
---
Marko Kreen wrote:
> As Kris Jurka found out, pgcrypto does not work with
> OpenSSL 0.9.6x. The DES functions use the older 'des_'
> API, but the newer 3DES functions use the 0.9.7x-only
> 'DES_
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 9: In versions b
On Thu, Jul 07, 2005 at 12:25:53PM +0300, Marko Kreen wrote:
>
> Tested with OpenSSL 0.9.6c and 0.9.7e.
I just applied this patch to my system running HEAD and OpenSSL 0.9.8;
all regression tests passed.
BTW, OpenSSL 0.9.8 has been released:
http://www.mail-archive.com/openssl-announce@openssl.
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Barring any objections, I'll apply this tomorrow.
-Neil
---(end of broadcast)---
Marko Kreen wrote:
The patch itself is simply "cvs diff -r1.10 -r1.11 openssl.c",
so there should not be any recent typos in it. Now I also tested
it with both REL7_3_STABLE and REL7_2_STABLE and found no problems.
So I think its fine.
I've applied both this patch and the original patch (fix-opens
On Sun, Mar 13, 2005 at 09:43:02PM +1100, Neil Conway wrote:
> Marko Kreen wrote:
> >Ah, ofcourse.
>
> The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
> your contrib/ module, so I'll assume you're pretty confident this
> doesn't cause any regressions...
The patch itself i
Marko Kreen wrote:
Ah, ofcourse.
The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
your contrib/ module, so I'll assume you're pretty confident this
doesn't cause any regressions...
I'll apply the patch to 7.3 and 7.2 stable branches tomorrow.
-Neil
-
On Sun, Mar 13, 2005 at 11:12:42AM +1100, Neil Conway wrote:
> Marko Kreen wrote:
> >Would you apply this one aswell? I see that the original
> >patch (openssl.c r1.11) applies to both branches without problems.
> >It is a bit larger than this one tho'.
>
> Should there have been a patch attached
Marko Kreen wrote:
Would you apply this one aswell? I see that the original
patch (openssl.c r1.11) applies to both branches without problems.
It is a bit larger than this one tho'.
Should there have been a patch attached to this mail?
-Neil
---(end of broadcast)---
On Sat, Mar 12, 2005 at 05:59:24PM +1100, Neil Conway wrote:
> Marko Kreen wrote:
> >Please apply this also to stable branches (8.0 / 7.4).
>
> Should it be backpatched to 7.3 and 7.2 as well?
It would be nice. I didn't know there are releases of those
planned as well.
Now looking into it, 7.3
Marko Kreen wrote:
Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch fixe
On Tue, 2004-11-23 at 11:24 +1100, Neil Conway wrote:
> Attached is a revised patch. Will apply in a few hours barring any
> objections.
Applied.
-Neil
---(end of broadcast)---
TIP 8: explain analyze is your friend
On Mon, 2004-11-22 at 19:10 -0500, Tom Lane wrote:
> Please do; I dislike makefiles that won't "make clean" ...
Attached is a revised patch. Will apply in a few hours barring any
objections.
-Neil
#
# patch "contrib/pgcrypto/random.c"
# from [2815b119334369b864e6b39fe21832b299fd235c]
#to [
Neil Conway <[EMAIL PROTECTED]> writes:
> Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
> "compile successfully but ... be unusable" if an invalid random source
> is defined. This is prone to error. That patch changes this behavior to
> refuse to compile if an invalid random sour
Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
"compile successfully but ... be unusable" if an invalid random source
is defined. This is prone to error. That patch changes this behavior to
refuse to compile if an invalid random source has been defined.
On Mon, 2004-11-22 at 10:4
Neil Conway <[EMAIL PROTECTED]> writes:
> This patch makes the pgcrypto Makefile check that a recognized random
> source has been defined. If no such source is defined, pgcrypto will
> compile successfully but will be unusable.
Oh?
> +$(error "Unrecognized random source: $(random)")
Doesn't look
On Mon, 2004-10-04 at 15:23, Neil Conway wrote:
> This one-line patches merges a micro-opt from upstream (OpenBSD)
> sources: we can make a read-only local array "static" and reduce the
> size of the generated object file slightly.
Patch applied.
-Neil
---(end of broa
32 matches
Mail list logo
