|
 |
c7e45b |
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad
|
|
|
c7e45b |
author Daniel Gustafsson <dgustafsson@postgresql.org>
|
|
|
c7e45b |
|
|
|
c7e45b |
The PX layer in pgcrypto is handling digest padding on its own uniformly
|
|
|
c7e45b |
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
|
|
|
c7e45b |
doesn't flush the last block in case padding is enabled so explicitly
|
|
|
c7e45b |
disable it as we don't use it.
|
|
|
c7e45b |
|
|
|
c7e45b |
This will be backpatched to all supported version once there is sufficient
|
|
|
c7e45b |
testing in the buildfarm of OpenSSL 3.
|
|
|
c7e45b |
|
|
|
c7e45b |
diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c
|
|
|
c7e45b |
--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400
|
|
|
c7e45b |
+++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400
|
|
|
c7e45b |
@@ -379,6 +379,8 @@
|
|
|
c7e45b |
{
|
|
|
c7e45b |
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
|
|
c7e45b |
return PXE_CIPHER_INIT;
|
|
|
c7e45b |
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
|
|
c7e45b |
+ return PXE_CIPHER_INIT;
|
|
|
c7e45b |
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
|
|
c7e45b |
return PXE_CIPHER_INIT;
|
|
|
c7e45b |
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
|
|
c7e45b |
@@ -403,6 +405,8 @@
|
|
|
c7e45b |
{
|
|
|
c7e45b |
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
|
|
c7e45b |
return PXE_CIPHER_INIT;
|
|
|
c7e45b |
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
|
|
|
c7e45b |
+ return PXE_CIPHER_INIT;
|
|
|
c7e45b |
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
|
|
|
c7e45b |
return PXE_CIPHER_INIT;
|
|
|
c7e45b |
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
|
|
|
c7e45b |
|