pgcrypto

I attach pgcrypto patch which fix two problems on system without strong
crypto support (e.g. default Solaris 10 installation):

1) postgres crashes when AES cipher uses long key
2) Blowfish silently cut longer keys. It could bring problem when
crypted data are transfered from one server to another with strong keys
support.

This patch was discussed there:
http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php

This patch is applicable also on 8.2, 8.1 (and maybe older) version of
postgresql.

Zdenek

On 7/27/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
> I attach pgcrypto patch which fix two problems on system without strong
> crypto support (e.g. default Solaris 10 installation):
>
> 1) postgres crashes when AES cipher uses long key
> 2) Blowfish silently cut longer keys. It could bring problem when
> crypted data are transfered from one server to another with strong keys
> support.

Couple of style nitpicks:
* please use hex arrays, instead octal-quoted strings. easier on the eye.
* use memcmp() instead of for() loop.
* 16 byte bufs for 8 bytes is confusing.

> This patch was discussed there:
> http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php
>
> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
> postgresql.

OpenSSL autoconfiguration was added in 8.1, so patching older
versions is not that critical.

--
marko

ps. I looked into use of EVP, and I'm not that optimistic anymore.
EVP has 3 differenct name for AES different keys, but only one
for CAST5, which also supports different key lengths. Plus
Blowfish is tagged as VARIABLE_LENGTH. So it seems per-algo
support code cannot be avoided, which makes whole EVP usage
rather pointless.

The situation could be simplified by dropping encrypt()/decrypt()
functions, which allow users to specify final keys. But that
would be a nasty event, 8.4 is too early for that...

There is updated version of patch. See comments bellow:

Marko Kreen wrote:
> On 7/27/07, Zdenek Kotala <Zdenek(dot)Kotala(at)sun(dot)com> wrote:
>> I attach pgcrypto patch which fix two problems on system without strong
>> crypto support (e.g. default Solaris 10 installation):
>>
>> 1) postgres crashes when AES cipher uses long key
>> 2) Blowfish silently cut longer keys. It could bring problem when
>> crypted data are transfered from one server to another with strong keys
>> support.
>
> Couple of style nitpicks:
> * please use hex arrays, instead octal-quoted strings. easier on the eye.

fixed

> * use memcmp() instead of for() loop.

fixed

> * 16 byte bufs for 8 bytes is confusing.

I think it must be 16 because block size is 16 bytes. I'm not sure if 8
bytes could not cause buffer overflow.

>> This patch was discussed there:
>> http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php
>>
>> This patch is applicable also on 8.2, 8.1 (and maybe older) version of
>> postgresql.
>
> OpenSSL autoconfiguration was added in 8.1, so patching older
> versions is not that critical.

Zdenek