0f9b097640
Fix cipher initialization in aes Resolves: #1964848 Fix changelog order Related: #1964848
34 lines
1.5 KiB
Diff
34 lines
1.5 KiB
Diff
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad
|
|
author Daniel Gustafsson <dgustafsson@postgresql.org>
|
|
|
|
The PX layer in pgcrypto is handling digest padding on its own uniformly
|
|
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
|
|
doesn't flush the last block in case padding is enabled so explicitly
|
|
disable it as we don't use it.
|
|
|
|
This will be backpatched to all supported version once there is sufficient
|
|
testing in the buildfarm of OpenSSL 3.
|
|
|
|
diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c
|
|
--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400
|
|
+++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400
|
|
@@ -379,6 +379,8 @@
|
|
{
|
|
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
|
return PXE_CIPHER_INIT;
|
|
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
|
+ return PXE_CIPHER_INIT;
|
|
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
|
return PXE_CIPHER_INIT;
|
|
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
|
@@ -403,6 +405,8 @@
|
|
{
|
|
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
|
return PXE_CIPHER_INIT;
|
|
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
|
+ return PXE_CIPHER_INIT;
|
|
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
|
return PXE_CIPHER_INIT;
|
|
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
|
|