Marko Kreen wrote:
solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
data corruption
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes
Tom Lane wrote:
Marko Kreen [EMAIL PROTECTED] writes:
solaris openssl refuses to handle keys longer than 128bits.
...
So something like the current patch should be still applied
as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if
Zdenek Kotala [EMAIL PROTECTED] writes:
Tom Lane wrote:
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was meant to work further back.
Let me know if you're not happy.
PostgreSQL 8.1 is shipped with Solaris. We are interesting it to
Tom Lane wrote:
Zdenek Kotala [EMAIL PROTECTED] writes:
Tom Lane wrote:
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was meant to work further back.
Let me know if you're not happy.
PostgreSQL 8.1 is shipped with Solaris. We are
solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
data corruption
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes compat macros to static
Marko Kreen [EMAIL PROTECTED] writes:
solaris openssl refuses to handle keys longer than 128bits.
...
So something like the current patch should be still applied
as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was
There is updated version of patch. See comments bellow:
Marko Kreen wrote:
On 7/27/07, Zdenek Kotala [EMAIL PROTECTED] wrote:
I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):
1) postgres crashes when AES cipher uses
On 7/27/07, Zdenek Kotala [EMAIL PROTECTED] wrote:
I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):
1) postgres crashes when AES cipher uses long key
2) Blowfish silently cut longer keys. It could bring problem when
On Tue, 2006-07-18 at 16:06 +0300, Marko Kreen wrote:
- Few README fixes
- Keep imath Id string, put $PostgreSQL$ separately.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 6: explain analyze is your friend
- Few README fixes
- Keep imath Id string, put $PostgreSQL$ separately.
--
marko
Index: contrib/pgcrypto/README.pgcrypto
===
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/README.pgcrypto,v
retrieving revision 1.15
diff -u -c -r1.15
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.
Ugh, seems I read the old code
Marko Kreen [EMAIL PROTECTED] writes:
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with
On 2/20/06, Tom Lane [EMAIL PROTECTED] wrote:
Marko Kreen [EMAIL PROTECTED] writes:
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This
On Sat, 2006-02-18 at 02:23 +0200, Marko Kreen wrote:
Attached are one patch for 7.3, 7.4, 8.0 branches and another
for 8.1 and HEAD.
Thanks, patches applied to the appropriate branches.
-Neil
---(end of broadcast)---
TIP 6: explain analyze is
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.
Reason for the messy code was that I tried to avoid creating
wrapper structure to
Marko Kreen [EMAIL PROTECTED] writes:
There is a signedness bug in Openwall gen_salt code that
pgcrypto uses. This makes the salt space for md5 and xdes
algorithms a lot smaller.
Salts for blowfish and standard des are unaffected.
Attached is upstream fix for it. This applies all the
way
There is a signedness bug in Openwall gen_salt code that
pgcrypto uses. This makes the salt space for md5 and xdes
algorithms a lot smaller.
Salts for blowfish and standard des are unaffected.
Attached is upstream fix for it. This applies all the
way from 7.2 to 8.1 and HEAD. Please apply
Marko Kreen marko@l-t.ee writes:
Few small things:
[ snip ]
Applied, thanks.
I also fixed a few small grammatical problems in the text.
regards, tom lane
---(end of broadcast)---
TIP 1: if posting/reading through Usenet,
Few small things:
- Mention pgcrypto.sql
- Mention asciidoc. To hint that occasional weird formatting
is not random.
- Clarify few senctences.
- Remove anything related to MySQL password(). It was
interesting to look at, but it should not be mentioned in
serious conversation. Also, they
Recently was uncovered that pgcrypto does not include
right header file to get BYTE_ORDER define on Cygwin
and MINGW, and the missing define does not result in
build failures, but random combinations of little and
big-endian code sections.
This patch adds missing sys/param.h include for md5.c,
This patch removes a couple of warnings Sun's cc reports in
contrib/pgcrypto.
cc -Xa -v -g -KPIC -I. -I../../src/include -I/usr/local/include -c -o sha2.o
sha2.c
sha2.c, line 173: warning: storage class after type is obsolescent
sha2.c, line 193: warning: storage class after type is
Kris Jurka [EMAIL PROTECTED] writes:
This patch removes a couple of warnings Sun's cc reports in
contrib/pgcrypto.
Applied, thanks.
regards, tom lane
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
Patch applied. Thanks.
---
Marko Kreen wrote:
As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x. The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_'
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Barring any objections, I'll apply this tomorrow.
-Neil
---(end of
As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x. The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_' API.
I think I just used /usr/include/openssl/des.h for reference
when implementing them, and had upgraded OpenSSL in the
On Thu, Jul 07, 2005 at 12:25:53PM +0300, Marko Kreen wrote:
Tested with OpenSSL 0.9.6c and 0.9.7e.
I just applied this patch to my system running HEAD and OpenSSL 0.9.8;
all regression tests passed.
BTW, OpenSSL 0.9.8 has been released:
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 9: In versions
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Although the functions are now STRICT, I left their PG_ARGISNULL()
checks in place as a protective measure for users who install the
new
Marko Kreen wrote:
Ah, ofcourse.
The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
your contrib/ module, so I'll assume you're pretty confident this
doesn't cause any regressions...
I'll apply the patch to 7.3 and 7.2 stable branches tomorrow.
-Neil
On Sun, Mar 13, 2005 at 09:43:02PM +1100, Neil Conway wrote:
Marko Kreen wrote:
Ah, ofcourse.
The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
your contrib/ module, so I'll assume you're pretty confident this
doesn't cause any regressions...
The patch itself is
On Sat, Mar 12, 2005 at 05:59:24PM +1100, Neil Conway wrote:
Marko Kreen wrote:
Please apply this also to stable branches (8.0 / 7.4).
Should it be backpatched to 7.3 and 7.2 as well?
It would be nice. I didn't know there are releases of those
planned as well.
Now looking into it, 7.3 and
Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch fixes it by carring
Marko Kreen wrote:
Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch
Neil Conway [EMAIL PROTECTED] writes:
This patch makes the pgcrypto Makefile check that a recognized random
source has been defined. If no such source is defined, pgcrypto will
compile successfully but will be unusable.
Oh?
+$(error Unrecognized random source: $(random))
Doesn't look like a
Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
compile successfully but ... be unusable if an invalid random source
is defined. This is prone to error. That patch changes this behavior to
refuse to compile if an invalid random source has been defined.
On Mon, 2004-11-22 at 10:46
Neil Conway [EMAIL PROTECTED] writes:
Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
compile successfully but ... be unusable if an invalid random source
is defined. This is prone to error. That patch changes this behavior to
refuse to compile if an invalid random source has
On Mon, 2004-11-22 at 19:10 -0500, Tom Lane wrote:
Please do; I dislike makefiles that won't make clean ...
Attached is a revised patch. Will apply in a few hours barring any
objections.
-Neil
#
# patch contrib/pgcrypto/random.c
# from [2815b119334369b864e6b39fe21832b299fd235c]
#to
This patch makes the pgcrypto Makefile check that a recognized random
source has been defined. If no such source is defined, pgcrypto will
compile successfully but will be unusable.
(An alternative place to do the check would be in random.c; comments on
which location is preferrable are welcome.)
On Mon, 2004-10-04 at 15:23, Neil Conway wrote:
This one-line patches merges a micro-opt from upstream (OpenBSD)
sources: we can make a read-only local array static and reduce the
size of the generated object file slightly.
Patch applied.
-Neil
---(end of
This one-line patches merges a micro-opt from upstream (OpenBSD)
sources: we can make a read-only local array static and reduce the
size of the generated object file slightly.
Barring any objections, I intend to apply this patch today or tomorrow.
-Neil
Index: contrib/pgcrypto/blf.c
40 matches
Mail list logo