pgcrypto - Mailing list pgsql-patches
| From | Zdenek Kotala |
|---|---|
| Subject | pgcrypto |
| Date | |
| Msg-id | 46A9EC6D.20500@sun.com Whole thread Raw |
| Responses |
Re: pgcrypto
("Marko Kreen" <markokr@gmail.com>)
|
| List | pgsql-patches |
I attach pgcrypto patch which fix two problems on system without strong crypto support (e.g. default Solaris 10 installation): 1) postgres crashes when AES cipher uses long key 2) Blowfish silently cut longer keys. It could bring problem when crypted data are transfered from one server to another with strong keys support. This patch was discussed there: http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php This patch is applicable also on 8.2, 8.1 (and maybe older) version of postgresql. Zdenek Index: contrib/pgcrypto/openssl.c =================================================================== RCS file: /zfs_data/cvs_pgsql/cvsroot/pgsql/contrib/pgcrypto/openssl.c,v retrieving revision 1.30 diff -c -r1.30 openssl.c *** contrib/pgcrypto/openssl.c 2006/10/04 00:29:46 1.30 --- contrib/pgcrypto/openssl.c 2007/07/27 12:26:15 *************** *** 375,385 **** --- 375,422 ---- /* Blowfish */ + /* Check if strong crypto is supported. Some openssl installation could support only short keys + and unfortunatelly BF_sef_key does not return any error value. This function tests if is possible + use strong key. + */ + static int + bf_check_supported_key_len() + { + static unsigned char key[] = "\360\341\322\303\264\245\226\207xiZK<-\036\017\000\021\"3DUfw\004h\221\004\302\375;/X@#d\032\272av\037\037\037\037\016\016\016\016\377\377\377\377\377\377\377\377"; + static unsigned char data[16] = "\376\334\272\230vT2\020"; + static unsigned char res[] = "\300E\004\001.N\037S"; + static unsigned char out[16]; + BF_KEY bf_key; + int n; + + /* encrypt and th 448bits key and verify output */ + BF_set_key(&bf_key,56, key); + BF_ecb_encrypt( data, out, &bf_key, BF_ENCRYPT); + + for( n=0 ; n<8; n++) + { + if( out[n] != res[n] ) + return 0; /* Output does not match -> strong cipher is not supported */ + } + return 1; + } + static int bf_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv) { ossldata *od = c->ptr; + static int bf_is_strong = -1; + + /* Test if key len is supported. BF_set_key silently cut large keys and it could be + be a problem when user transfer crypted data from one server to another. */ + + if( bf_is_strong == -1) + bf_is_strong = bf_check_supported_key_len(); + + if( !bf_is_strong && klen>16 ) + return PXE_KEY_TOO_BIG; + /* Key len is supported. We can use it. */ BF_set_key(&od->u.bf.key, klen, key); if (iv) memcpy(od->iv, iv, BF_BLOCK); *************** *** 692,705 **** return 0; } ! static void ossl_aes_key_init(ossldata * od, int type) { if (type == AES_ENCRYPT) ! AES_set_encrypt_key(od->key, od->klen * 8, &od->u.aes_key); else ! AES_set_decrypt_key(od->key, od->klen * 8, &od->u.aes_key); ! od->init = 1; } static int --- 729,753 ---- return 0; } ! static int ossl_aes_key_init(ossldata * od, int type) { + int err; + /* Strong key support could miss on some openssl installation, we must + check return value, from set key function. + */ if (type == AES_ENCRYPT) ! err = AES_set_encrypt_key(od->key, od->klen * 8, &od->u.aes_key); else ! err = AES_set_decrypt_key(od->key, od->klen * 8, &od->u.aes_key); ! ! if (err == 0) ! { ! od->init = 1; ! return 0; ! } ! od->init = 0; ! return PXE_KEY_TOO_BIG; } static int *************** *** 709,717 **** unsigned bs = gen_ossl_block_size(c); ossldata *od = c->ptr; const uint8 *end = data + dlen - bs; if (!od->init) ! ossl_aes_key_init(od, AES_ENCRYPT); for (; data <= end; data += bs, res += bs) AES_ecb_encrypt(data, res, &od->u.aes_key, AES_ENCRYPT); --- 757,767 ---- unsigned bs = gen_ossl_block_size(c); ossldata *od = c->ptr; const uint8 *end = data + dlen - bs; + int err; if (!od->init) ! if( 0 != (err = ossl_aes_key_init(od, AES_ENCRYPT)) ) ! return err; for (; data <= end; data += bs, res += bs) AES_ecb_encrypt(data, res, &od->u.aes_key, AES_ENCRYPT); *************** *** 725,733 **** unsigned bs = gen_ossl_block_size(c); ossldata *od = c->ptr; const uint8 *end = data + dlen - bs; if (!od->init) ! ossl_aes_key_init(od, AES_DECRYPT); for (; data <= end; data += bs, res += bs) AES_ecb_encrypt(data, res, &od->u.aes_key, AES_DECRYPT); --- 775,785 ---- unsigned bs = gen_ossl_block_size(c); ossldata *od = c->ptr; const uint8 *end = data + dlen - bs; + int err; if (!od->init) ! if( 0 != (err = ossl_aes_key_init(od, AES_DECRYPT)) ) ! return err; for (; data <= end; data += bs, res += bs) AES_ecb_encrypt(data, res, &od->u.aes_key, AES_DECRYPT); *************** *** 739,748 **** uint8 *res) { ossldata *od = c->ptr; if (!od->init) ! ossl_aes_key_init(od, AES_ENCRYPT); ! AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_ENCRYPT); return 0; } --- 791,802 ---- uint8 *res) { ossldata *od = c->ptr; + int err; if (!od->init) ! if( 0 != (err = ossl_aes_key_init(od, AES_ENCRYPT)) ) ! return err; ! AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_ENCRYPT); return 0; } *************** *** 752,760 **** uint8 *res) { ossldata *od = c->ptr; if (!od->init) ! ossl_aes_key_init(od, AES_DECRYPT); AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT); return 0; --- 806,816 ---- uint8 *res) { ossldata *od = c->ptr; + int err; if (!od->init) ! if( 0 != (err = ossl_aes_key_init(od, AES_DECRYPT)) ) ! return err; AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT); return 0;
pgsql-patches by date: