Home > mailing lists

pgsql: Disable OpenSSL EVP digest padding in pgcrypto - Mailing list pgsql-committers

From	Daniel Gustafsson
Subject	pgsql: Disable OpenSSL EVP digest padding in pgcrypto
Date	September 25, 2021 12:47:32
Msg-id	E1mU4HM-0003AF-Jb@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Disable OpenSSL EVP digest padding in pgcrypto

The PX layer in pgcrypto is handling digest padding on its own uniformly
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
doesn't flush the last block in case padding is enabled so explicitly
disable it as we don't use it.

This will be backpatched to all supported version once there is sufficient
testing in the buildfarm of OpenSSL 3.

Reviewed-by: Peter Eisentraut, Michael Paquier
Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se
Backpatch-through: 9.6

Branch
------
REL_13_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/135d8687adf12a0d4cd7c94d1095ed5a7a08f7ed

Modified Files
--------------
contrib/pgcrypto/openssl.c | 4 ++++
1 file changed, 4 insertions(+)

pgsql-committers by date:

From: Daniel Gustafsson
Date: 25 September 2021, 12:46:00
Subject: pgsql: Add alternative output for OpenSSL 3 without legacy loaded

From: Daniel Gustafsson
Date: 25 September 2021, 12:48:30
Subject: pgsql: pgcrypto: Check for error return of px_cipher_decrypt()

pgsql: Disable OpenSSL EVP digest padding in pgcrypto - Mailing list pgsql-committers

Previous

Next