Re: [HACKERS] 4 pgcrypto regressions failures - 1 unsolved

Tue, 12 Jul 2005 12:56:56 -0700 

Seems like down mail server ate first mail.

Here it is again.

On Tue, Jul 12, 2005 at 12:51:44PM +0300, Marko Kreen wrote:
> 
> Hopefully the last regression failure.
> 
> - openssl.c used EVP_MAX_KEY_LENGTH / EVP_MAX_IV_LENGTH
>   constants for buffers, which are small in case of
>   OpenSSL 0.9.6x and internal AES.  (I tested it with
>   0.9.7 only, so I didn't notice...)
> - Also I noticed that the wrapper macros for CBC mode
>   do not update IV buffer.
> - As the previous mistake was not picked up by current
>   regression tests, I added a 'longer than a block'
>   test to all ciphers.
> 
> -- 
> marko

Index: contrib/pgcrypto/openssl.c
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.24
diff -u -c -r1.24 openssl.c
*** contrib/pgcrypto/openssl.c  11 Jul 2005 15:07:59 -0000      1.24
--- contrib/pgcrypto/openssl.c  12 Jul 2005 09:27:59 -0000
***************
*** 40,45 ****
--- 40,50 ----
  #include <openssl/rand.h>
  #include <openssl/err.h>
  
+ /*
+  * Max lengths we might want to handle.
+  */
+ #define MAX_KEY               (512/8)
+ #define MAX_IV                (128/8)
  
  /*
   * Does OpenSSL support AES? 
***************
*** 78,87 ****
  #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
        do { \
                memcpy((dst), (src), (len)); \
!               if (enc) \
                        aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
!               else \
                        aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
        } while (0)
  
  #endif        /* old OPENSSL */
--- 83,95 ----
  #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
        do { \
                memcpy((dst), (src), (len)); \
!               if (enc) { \
                        aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
!                       memcpy((iv), (dst) + (len) - 16, 16); \
!               } else { \
                        aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+                       memcpy(iv, (src) + (len) - 16, 16); \
+               } \
        } while (0)
  
  #endif        /* old OPENSSL */
***************
*** 243,250 ****
                CAST_KEY        cast_key;
                AES_KEY         aes_key;
        }                       u;
!       uint8           key[EVP_MAX_KEY_LENGTH];
!       uint8           iv[EVP_MAX_IV_LENGTH];
        unsigned        klen;
        unsigned        init;
        const struct ossl_cipher *ciph;
--- 251,258 ----
                CAST_KEY        cast_key;
                AES_KEY         aes_key;
        }                       u;
!       uint8           key[MAX_KEY];
!       uint8           iv[MAX_IV];
        unsigned        klen;
        unsigned        init;
        const struct ossl_cipher *ciph;
Index: contrib/pgcrypto/expected/3des.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/3des.out,v
retrieving revision 1.2
diff -u -c -r1.2 3des.out
*** contrib/pgcrypto/expected/3des.out  5 Jul 2005 18:15:36 -0000       1.2
--- contrib/pgcrypto/expected/3des.out  12 Jul 2005 09:41:16 -0000
***************
*** 54,56 ****
--- 54,69 ----
   foo
  (1 row)
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789012345678901', 
'3des'), 'hex');
+                               encode                              
+ ------------------------------------------------------------------
+  b71e3422269d0ded19468f33d65cd663c28e0871984792a7b3ba0ddcecec8d2c
+ (1 row)
+ 
+ select decrypt(encrypt('Lets try a longer message.', 
'0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+           decrypt           
+ ----------------------------
+  Lets try a longer message.
+ (1 row)
+ 
Index: contrib/pgcrypto/expected/blowfish.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/blowfish.out,v
retrieving revision 1.4
diff -u -c -r1.4 blowfish.out
*** contrib/pgcrypto/expected/blowfish.out      21 Mar 2005 05:24:51 -0000      
1.4
--- contrib/pgcrypto/expected/blowfish.out      12 Jul 2005 09:32:13 -0000
***************
*** 158,160 ****
--- 158,173 ----
   foo
  (1 row)
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 
'hex');
+                               encode                              
+ ------------------------------------------------------------------
+  a76059f7a1b627b5b84080d9beb337714c7a7f8b70300023e5feb6dfa6813536
+ (1 row)
+ 
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), 
'0123456789', 'bf');
+           decrypt           
+ ----------------------------
+  Lets try a longer message.
+ (1 row)
+ 
Index: contrib/pgcrypto/expected/cast5.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/cast5.out,v
retrieving revision 1.1
diff -u -c -r1.1 cast5.out
*** contrib/pgcrypto/expected/cast5.out 21 Mar 2005 05:24:51 -0000      1.1
--- contrib/pgcrypto/expected/cast5.out 12 Jul 2005 09:41:22 -0000
***************
*** 71,73 ****
--- 71,86 ----
   foo
  (1 row)
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 
'hex');
+                               encode                              
+ ------------------------------------------------------------------
+  04fcffc91533e1505dadcb10766d9fed0937818e663e402384e049942ba60fff
+ (1 row)
+ 
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 
'0123456789', 'cast5');
+           decrypt           
+ ----------------------------
+  Lets try a longer message.
+ (1 row)
+ 
Index: contrib/pgcrypto/expected/des.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/des.out,v
retrieving revision 1.1
diff -u -c -r1.1 des.out
*** contrib/pgcrypto/expected/des.out   21 Mar 2005 05:24:51 -0000      1.1
--- contrib/pgcrypto/expected/des.out   12 Jul 2005 09:41:19 -0000
***************
*** 46,48 ****
--- 46,61 ----
   foo
  (1 row)
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 
'hex');
+                               encode                              
+ ------------------------------------------------------------------
+  5ad146043e5f30967e06a0fcbae602daf4ff2a5fd0ed12d6c5913cf85f1e36ca
+ (1 row)
+ 
+ select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), 
'01234567', 'des');
+           decrypt           
+ ----------------------------
+  Lets try a longer message.
+ (1 row)
+ 
Index: contrib/pgcrypto/expected/rijndael.out
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/expected/rijndael.out,v
retrieving revision 1.4
diff -u -c -r1.4 rijndael.out
*** contrib/pgcrypto/expected/rijndael.out      21 Mar 2005 05:24:51 -0000      
1.4
--- contrib/pgcrypto/expected/rijndael.out      12 Jul 2005 09:27:59 -0000
***************
*** 109,111 ****
--- 109,124 ----
   foo
  (1 row)
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 
'hex');
+                               encode                              
+ ------------------------------------------------------------------
+  d9beb785dd5403ed02f66b755bb191b93ed93ca54930153f2c3b9ec7785056ad
+ (1 row)
+ 
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), 
'0123456789', 'aes');
+           decrypt           
+ ----------------------------
+  Lets try a longer message.
+ (1 row)
+ 
Index: contrib/pgcrypto/sql/3des.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/3des.sql,v
retrieving revision 1.2
diff -u -c -r1.2 3des.sql
*** contrib/pgcrypto/sql/3des.sql       5 Jul 2005 18:15:36 -0000       1.2
--- contrib/pgcrypto/sql/3des.sql       12 Jul 2005 09:40:00 -0000
***************
*** 24,26 ****
--- 24,30 ----
  select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
  select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 
'3des');
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789012345678901', 
'3des'), 'hex');
+ select decrypt(encrypt('Lets try a longer message.', 
'0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+ 
Index: contrib/pgcrypto/sql/blowfish.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/blowfish.sql,v
retrieving revision 1.4
diff -u -c -r1.4 blowfish.sql
*** contrib/pgcrypto/sql/blowfish.sql   21 Mar 2005 05:24:52 -0000      1.4
--- contrib/pgcrypto/sql/blowfish.sql   12 Jul 2005 09:31:51 -0000
***************
*** 85,87 ****
--- 85,91 ----
  select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex');
  select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf');
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), 
'0123456789', 'bf');
+ 
Index: contrib/pgcrypto/sql/cast5.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/cast5.sql,v
retrieving revision 1.1
diff -u -c -r1.1 cast5.sql
*** contrib/pgcrypto/sql/cast5.sql      21 Mar 2005 05:24:52 -0000      1.1
--- contrib/pgcrypto/sql/cast5.sql      12 Jul 2005 09:40:55 -0000
***************
*** 40,42 ****
--- 40,46 ----
  select decrypt_iv(decode('384a970695ce016a', 'hex'),
                  '0123456', 'abcd', 'cast5');
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 
'0123456789', 'cast5');
+ 
Index: contrib/pgcrypto/sql/des.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/des.sql,v
retrieving revision 1.1
diff -u -c -r1.1 des.sql
*** contrib/pgcrypto/sql/des.sql        21 Mar 2005 05:24:52 -0000      1.1
--- contrib/pgcrypto/sql/des.sql        12 Jul 2005 09:38:27 -0000
***************
*** 22,24 ****
--- 22,28 ----
  select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex');
  select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 
'des');
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), 
'01234567', 'des');
+ 
Index: contrib/pgcrypto/sql/rijndael.sql
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/sql/rijndael.sql,v
retrieving revision 1.4
diff -u -c -r1.4 rijndael.sql
*** contrib/pgcrypto/sql/rijndael.sql   21 Mar 2005 05:24:52 -0000      1.4
--- contrib/pgcrypto/sql/rijndael.sql   12 Jul 2005 09:27:59 -0000
***************
*** 56,58 ****
--- 56,62 ----
  select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'),
                '0123456', 'abcd', 'aes'); 
  
+ -- long message
+ select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 
'hex');
+ select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), 
'0123456789', 'aes');
+ 

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to