git.postgresql.org Git - 2ndquadrant

author	Noah Misch <noah@leadboat.com>
	Mon, 18 May 2015 14:02:31 +0000 (10:02 -0400)
committer	Noah Misch <noah@leadboat.com>
	Mon, 18 May 2015 14:02:35 +0000 (10:02 -0400)
commit	fba1fb4efba51587cd0a9817af1f3e629caf157a
tree	e1a178f22cde7382f6b40fe35a9c4303f98a4174	tree
parent	ca325941d54b537e7921dbe6615bae083651dffd	commit \| diff

pgcrypto: Report errant decryption as "Wrong key or corrupt data".

This has been the predominant outcome.  When the output of decrypting
with a wrong key coincidentally resembled an OpenPGP packet header,
pgcrypto could instead report "Corrupt data", "Not text data" or
"Unsupported compression algorithm".  The distinct "Corrupt data"
message added no value.  The latter two error messages misled when the
decrypted payload also exhibited fundamental integrity problems.  Worse,
error message variance in other systems has enabled cryptologic attacks;
see RFC 4880 section "14. Security Considerations".  Whether these
pgcrypto behaviors are likewise exploitable is unknown.

In passing, document that pgcrypto does not resist side-channel attacks.
Back-patch to 9.0 (all supported versions).

Security: CVE-2015-3167

contrib/pgcrypto/expected/pgp-decrypt.out		diff \| blob \| blame \| history
contrib/pgcrypto/expected/pgp-pubkey-decrypt.out		diff \| blob \| blame \| history
contrib/pgcrypto/mbuf.c		diff \| blob \| blame \| history
contrib/pgcrypto/pgp-decrypt.c		diff \| blob \| blame \| history
contrib/pgcrypto/pgp.h		diff \| blob \| blame \| history
contrib/pgcrypto/px.c		diff \| blob \| blame \| history
contrib/pgcrypto/px.h		diff \| blob \| blame \| history
contrib/pgcrypto/sql/pgp-decrypt.sql		diff \| blob \| blame \| history
doc/src/sgml/pgcrypto.sgml		diff \| blob \| blame \| history