Marko Kreen wrote:
solaris openssl refuses to handle keys longer than 128bits.
* aes will crash on longer keys
* blowfish will silently cut the key which can result
data corruption
to fix it:
- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes
Tom Lane wrote:
Marko Kreen [EMAIL PROTECTED] writes:
solaris openssl refuses to handle keys longer than 128bits.
...
So something like the current patch should be still applied
as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if
Zdenek Kotala [EMAIL PROTECTED] writes:
Tom Lane wrote:
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was meant to work further back.
Let me know if you're not happy.
PostgreSQL 8.1 is shipped with Solaris. We are interesting it to
Tom Lane wrote:
Zdenek Kotala [EMAIL PROTECTED] writes:
Tom Lane wrote:
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was meant to work further back.
Let me know if you're not happy.
PostgreSQL 8.1 is shipped with Solaris. We are
Marko Kreen [EMAIL PROTECTED] writes:
solaris openssl refuses to handle keys longer than 128bits.
...
So something like the current patch should be still applied
as a near-term fix.
Applied to HEAD and 8.2. I wasn't sure if there was interest in
patching further back, or if the patch was
There is updated version of patch. See comments bellow:
Marko Kreen wrote:
On 7/27/07, Zdenek Kotala [EMAIL PROTECTED] wrote:
I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):
1) postgres crashes when AES cipher uses
On 7/27/07, Zdenek Kotala [EMAIL PROTECTED] wrote:
I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):
1) postgres crashes when AES cipher uses long key
2) Blowfish silently cut longer keys. It could bring problem when
On Tue, 2006-07-18 at 16:06 +0300, Marko Kreen wrote:
- Few README fixes
- Keep imath Id string, put $PostgreSQL$ separately.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 6: explain analyze is your friend
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.
Ugh, seems I read the old code
Marko Kreen [EMAIL PROTECTED] writes:
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with
On 2/20/06, Tom Lane [EMAIL PROTECTED] wrote:
Marko Kreen [EMAIL PROTECTED] writes:
On 2/18/06, Marko Kreen [EMAIL PROTECTED] wrote:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest -reset will do two DigestInit calls
against a context. This
On Sat, 2006-02-18 at 02:23 +0200, Marko Kreen wrote:
Attached are one patch for 7.3, 7.4, 8.0 branches and another
for 8.1 and HEAD.
Thanks, patches applied to the appropriate branches.
-Neil
---(end of broadcast)---
TIP 6: explain analyze is
Marko Kreen [EMAIL PROTECTED] writes:
There is a signedness bug in Openwall gen_salt code that
pgcrypto uses. This makes the salt space for md5 and xdes
algorithms a lot smaller.
Salts for blowfish and standard des are unaffected.
Attached is upstream fix for it. This applies all the
way
Marko Kreen marko@l-t.ee writes:
Few small things:
[ snip ]
Applied, thanks.
I also fixed a few small grammatical problems in the text.
regards, tom lane
---(end of broadcast)---
TIP 1: if posting/reading through Usenet,
Kris Jurka [EMAIL PROTECTED] writes:
This patch removes a couple of warnings Sun's cc reports in
contrib/pgcrypto.
Applied, thanks.
regards, tom lane
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
Patch applied. Thanks.
---
Marko Kreen wrote:
As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x. The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_'
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Barring any objections, I'll apply this tomorrow.
-Neil
---(end of
On Thu, Jul 07, 2005 at 12:25:53PM +0300, Marko Kreen wrote:
Tested with OpenSSL 0.9.6c and 0.9.7e.
I just applied this patch to my system running HEAD and OpenSSL 0.9.8;
all regression tests passed.
BTW, OpenSSL 0.9.8 has been released:
Michael Fuhr wrote:
This patch updates the DDL for contrib/pgcrypto to create all
functions as STRICT, and all functions except gen_salt() as IMMUTABLE.
gen_salt() is VOLATILE.
Applied, thanks.
-Neil
---(end of broadcast)---
TIP 9: In versions
Marko Kreen wrote:
Ah, ofcourse.
The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
your contrib/ module, so I'll assume you're pretty confident this
doesn't cause any regressions...
I'll apply the patch to 7.3 and 7.2 stable branches tomorrow.
-Neil
On Sun, Mar 13, 2005 at 09:43:02PM +1100, Neil Conway wrote:
Marko Kreen wrote:
Ah, ofcourse.
The patch seems rather large to be applying to 7.3 and 7.2 -- but it's
your contrib/ module, so I'll assume you're pretty confident this
doesn't cause any regressions...
The patch itself is
On Sat, Mar 12, 2005 at 05:59:24PM +1100, Neil Conway wrote:
Marko Kreen wrote:
Please apply this also to stable branches (8.0 / 7.4).
Should it be backpatched to 7.3 and 7.2 as well?
It would be nice. I didn't know there are releases of those
planned as well.
Now looking into it, 7.3 and
Marko Kreen wrote:
Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch
Neil Conway [EMAIL PROTECTED] writes:
This patch makes the pgcrypto Makefile check that a recognized random
source has been defined. If no such source is defined, pgcrypto will
compile successfully but will be unusable.
Oh?
+$(error Unrecognized random source: $(random))
Doesn't look like a
Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
compile successfully but ... be unusable if an invalid random source
is defined. This is prone to error. That patch changes this behavior to
refuse to compile if an invalid random source has been defined.
On Mon, 2004-11-22 at 10:46
Neil Conway [EMAIL PROTECTED] writes:
Perhaps I wasn't clear: the *present* behavior of pgcrypto is to
compile successfully but ... be unusable if an invalid random source
is defined. This is prone to error. That patch changes this behavior to
refuse to compile if an invalid random source has
On Mon, 2004-11-22 at 19:10 -0500, Tom Lane wrote:
Please do; I dislike makefiles that won't make clean ...
Attached is a revised patch. Will apply in a few hours barring any
objections.
-Neil
#
# patch contrib/pgcrypto/random.c
# from [2815b119334369b864e6b39fe21832b299fd235c]
#to
On Mon, 2004-10-04 at 15:23, Neil Conway wrote:
This one-line patches merges a micro-opt from upstream (OpenBSD)
sources: we can make a read-only local array static and reduce the
size of the generated object file slightly.
Patch applied.
-Neil
---(end of
28 matches
Mail list logo
