On 7/27/07, Zdenek Kotala <[EMAIL PROTECTED]> wrote: > I attach pgcrypto patch which fix two problems on system without strong > crypto support (e.g. default Solaris 10 installation): > > 1) postgres crashes when AES cipher uses long key > 2) Blowfish silently cut longer keys. It could bring problem when > crypted data are transfered from one server to another with strong keys > support.
Couple of style nitpicks: * please use hex arrays, instead octal-quoted strings. easier on the eye. * use memcmp() instead of for() loop. * 16 byte bufs for 8 bytes is confusing. > This patch was discussed there: > http://archives.postgresql.org/pgsql-hackers/2007-07/msg00762.php > > This patch is applicable also on 8.2, 8.1 (and maybe older) version of > postgresql. OpenSSL autoconfiguration was added in 8.1, so patching older versions is not that critical. -- marko ps. I looked into use of EVP, and I'm not that optimistic anymore. EVP has 3 differenct name for AES different keys, but only one for CAST5, which also supports different key lengths. Plus Blowfish is tagged as VARIABLE_LENGTH. So it seems per-algo support code cannot be avoided, which makes whole EVP usage rather pointless. The situation could be simplified by dropping encrypt()/decrypt() functions, which allow users to specify final keys. But that would be a nasty event, 8.4 is too early for that... ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
