Re: pgcrypto & strong ciphers limitation - Mailing list pgsql-hackers
From | Marko Kreen |
---|---|
Subject | Re: pgcrypto & strong ciphers limitation |
Date | |
Msg-id | e51f66da0707241205n734daeceo251471f87bb3c223@mail.gmail.com Whole thread Raw |
In response to | Re: pgcrypto & strong ciphers limitation (Zdenek Kotala <Zdenek.Kotala@Sun.COM>) |
Responses |
Re: pgcrypto & strong ciphers limitation
(Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>)
|
List | pgsql-hackers |
On 7/24/07, Zdenek Kotala <Zdenek.Kotala@sun.com> wrote: > Marko Kreen wrote: > > NAK. The fix is broken because it uses EVP interface. EVP is not > > a general-purpose interface because not all valid keys for cipher > > pass thru it. Only key-lengths used in SSL will work... > > I'm not openssl expert, but if you look how to EVP call for setkey is > implemented you can see that finally is call BF_set_key. Only there is > one extra layer see > http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/common/openssl/crypto/evp/e_bf.c I glanced into evp.h for 0.9.7 and 0.9.6j and remembered that there were 2 things EVP forced - key length and padding. When I replied to you I remembered things bit wrong, there are indeed way for changing key size even in 0.9.6, but not for padding. EVP_CIPHER_CTX_set_padding() appers in only in 0.9.7. I suspect as I could not work around forced padding I did not research key size issue very deeply. So we can revisit the issue when we are ready to drop support for 0.9.6x. > > Could you rework the fix that it uses the BF_* interface, > > does a test-encoding with full-length key and compares it to > > expected result. And does it just once, not on each call. > > OK. I can do, but it is not general solution. Because it will work only > in our case, because we know 128 is a restricted limit. It _is_ a general solution if you test with a 448 bit key. Using BF_ API but testing via EVP_ API is unobvious first, in addition leaving the user depending whether the molesters got all the details right. When everything uses EVP then indeed, we can test via EVP. > > I must admit the internal API for ciphers is clumsy and could > > need rework to something saner. This shows here. > > > >> I attach patch which fix both issues, but main problem is there that old > >> openssl API is used and supported key lengths are hardcoded. I think we > >> can add to TODO list rewrite pgcrypto to use evp openssl interface. > > > > pgcrypto _was_ written using EVP, but I needed to rewrite it > > when I found out EVP supports only key lengths used in SSL. > > Is it still correct? It seems that blowfish accepts all key range, but Yes, seems since 0.9.7 we could work with EVP. > How I mention I'm not openssl guru and documentation is very bad :(. It's somewhat lacking, yes. User is forced to read their source which isn't very nice either... -- marko
pgsql-hackers by date: