Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 95992e5

Browse filesBrowse files
michaelpqmichaelpq
committed
pgcrypto: Detect errors with EVP calls from OpenSSL
The following routines are called within pgcrypto when handling digests but there were no checks for failures: - EVP_MD_CTX_size (can fail with -1 as of 3.0.0) - EVP_MD_CTX_block_size (can fail with -1 as of 3.0.0) - EVP_DigestInit_ex - EVP_DigestUpdate - EVP_DigestFinal_ex A set of elog(ERROR) is added by this commit to detect such failures, that should never happen except in the event of a processing failure internal to OpenSSL. Note that it would be possible to use ERR_reason_error_string() to get more context about such errors, but these refer mainly to the internals of OpenSSL, so it is not really obvious how useful that would be. This is left out for simplicity. Per report from Coverity. Thanks to Tom Lane for the discussion. Backpatch-through: 9.5
1 parent 3ea8e66 commit 95992e5
Copy full SHA for 95992e5

File tree

Expand file treeCollapse file tree

1 file changed

+16
-5
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+16
-5
lines changed

‎contrib/pgcrypto/openssl.c

Copy file name to clipboardExpand all lines: contrib/pgcrypto/openssl.c
+16-5Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -267,40 +267,51 @@ static unsigned
267267
digest_result_size(PX_MD *h)
268268
{
269269
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
270+
int result = EVP_MD_CTX_size(digest->ctx);
270271

271-
return EVP_MD_CTX_size(digest->ctx);
272+
if (result < 0)
273+
elog(ERROR, "EVP_MD_CTX_size() failed");
274+
275+
return result;
272276
}
273277

274278
static unsigned
275279
digest_block_size(PX_MD *h)
276280
{
277281
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
282+
int result = EVP_MD_CTX_block_size(digest->ctx);
283+
284+
if (result < 0)
285+
elog(ERROR, "EVP_MD_CTX_block_size() failed");
278286

279-
return EVP_MD_CTX_block_size(digest->ctx);
287+
return result;
280288
}
281289

282290
static void
283291
digest_reset(PX_MD *h)
284292
{
285293
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
286294

287-
EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
295+
if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
296+
elog(ERROR, "EVP_DigestInit_ex() failed");
288297
}
289298

290299
static void
291300
digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
292301
{
293302
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
294303

295-
EVP_DigestUpdate(digest->ctx, data, dlen);
304+
if (!EVP_DigestUpdate(digest->ctx, data, dlen))
305+
elog(ERROR, "EVP_DigestUpdate() failed");
296306
}
297307

298308
static void
299309
digest_finish(PX_MD *h, uint8 *dst)
300310
{
301311
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
302312

303-
EVP_DigestFinal_ex(digest->ctx, dst, NULL);
313+
if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
314+
elog(ERROR, "EVP_DigestFinal_ex() failed");
304315
}
305316

306317
static void

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.