pgcrypto: fix for broken solaris openssl, v03 - Mailing list pgsql-patches

From Marko Kreen
Subject pgcrypto: fix for broken solaris openssl, v03
Date
Msg-id e51f66da0709280748o4a42f7dfy9cf52203ecdf3080@mail.gmail.com
Whole thread Raw
Responses Re: pgcrypto: fix for broken solaris openssl, v03
Re: pgcrypto: fix for broken solaris openssl, v03
List pgsql-patches
solaris openssl refuses to handle keys longer than 128bits.

* aes will crash on longer keys
* blowfish will silently cut the key which can result
  data corruption

to fix it:

- test errors from AES functions
- bf errors cannot be tested, do test encryption
- change aes compat macros to static function so they
  can return values

(Original patch by Zdenek Kotala)


I really dislike the patch, as it too specific for the
crippled openssl in solaris.  But still something should
be done because of the possible silent corruption.


More general appriaches that also fix the problems are:

- test all ciphers on first use and test fails then disable
completely.  This is nice as it could detect much braded range
of errors.

Problem with this approach is that its too big overhead for small
gain, as it cannot still 100% guarantee that everything is working
correctly.

- Use EVP functions for encryption as they have better error
handling.  So crippled openssl can report via regular means
that something is not supported.

Problem with this is that it can be done only from 0.9.7 onwards.
Which pushes the solution to 8.4.


So something like the current patch should be still applied
as a near-term fix.  But I'm starting to think that the blowfish
check should be #ifdef __solaris__ only.   Has anyone good reasons
why it should apply to everyone?

--
marko

Attachment

pgsql-patches by date:

Previous
From: Tom Lane
Date:
Subject: Re: OpenSSL Applink
Next
From: Andrew Dunstan
Date:
Subject: Re: OpenSSL Applink