Re: Proposed patch for key managment
| От | Neil Chen |
|---|---|
| Тема | Re: Proposed patch for key managment |
| Дата | |
| Msg-id | CAA3qoJkvH7Dae529cmJ8Ws4bPon+FF7=V5M-Txht_4u3=ALkOQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Proposed patch for key managment (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: Proposed patch for key managment
|
| Список | pgsql-hackers |
Hi, everyone
I have read the patch and did some simple tests. I'm not entirely sure about some code segments; e.g.:
In the BootStrapKmgr() we generate a data encryption key by:
key = generate_crypto_key(file_encryption_keylen);
However, I found that the file_encryption_keylen is always 0 in bootstrap mode because there exitst another variable bootstrap_file_encryption_keylen in xlog.c and bootstrap.c.
We get the REL/WAL key by KmgrGetKey() call and it works like:
return (const CryptoKey *) &(KmgrShmem->intlKeys[id]);
But in bootstrap mode, the KmgrShmem are not assigned. So, if we want to use it to encrypt something in bootstrap mode, I suggest we make the following changes:
if ( in bootstrap mode)
return intlKeys[id]; // a static variable which contains key
else
reutrn (const CryptoKey *) &(KmgrShmem->intlKeys[id]);
There is no royal road to learning.
Highgo Software Co.
В списке pgsql-hackers по дате отправления: