diff options
| author | Michael Paquier <michael@paquier.xyz> | 2021-01-08 10:37:03 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2021-01-08 10:37:03 +0900 |
| commit | 15b824da97afb45f47e51b6b5b7e5eca09e5d03d (patch) | |
| tree | fee8545abec7fa6075af0bb6c54382d74ccf8f43 | |
| parent | 9ffe2278372d7549547176c23564a5b3404d072e (diff) | |
| download | postgresql-15b824da97afb45f47e51b6b5b7e5eca09e5d03d.tar.gz postgresql-15b824da97afb45f47e51b6b5b7e5eca09e5d03d.zip | |
Fix and simplify some code related to cryptohashes
This commit addresses two issues:
- In pgcrypto, MD5 computation called pg_cryptohash_{init,update,final}
without checking for the result status.
- Simplify pg_checksum_raw_context to use only one variable for all the
SHA2 options available in checksum manifests.
Reported-by: Heikki Linnakangas
Discussion: https://postgr.es/m/f62f26bb-47a5-8411-46e5-4350823e06a5@iki.fi
| -rw-r--r-- | contrib/pgcrypto/internal.c | 9 | ||||
| -rw-r--r-- | src/common/checksum_helper.c | 59 | ||||
| -rw-r--r-- | src/include/common/checksum_helper.h | 5 |
3 files changed, 32 insertions, 41 deletions
diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c index ea377bdf83a..79ce5135992 100644 --- a/contrib/pgcrypto/internal.c +++ b/contrib/pgcrypto/internal.c @@ -96,7 +96,8 @@ int_md5_update(PX_MD *h, const uint8 *data, unsigned dlen) { pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; - pg_cryptohash_update(ctx, data, dlen); + if (pg_cryptohash_update(ctx, data, dlen) < 0) + elog(ERROR, "could not update %s context", "MD5"); } static void @@ -104,7 +105,8 @@ int_md5_reset(PX_MD *h) { pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; - pg_cryptohash_init(ctx); + if (pg_cryptohash_init(ctx) < 0) + elog(ERROR, "could not initialize %s context", "MD5"); } static void @@ -112,7 +114,8 @@ int_md5_finish(PX_MD *h, uint8 *dst) { pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; - pg_cryptohash_final(ctx, dst); + if (pg_cryptohash_final(ctx, dst) < 0) + elog(ERROR, "could not finalize %s context", "MD5"); } static void diff --git a/src/common/checksum_helper.c b/src/common/checksum_helper.c index f6b49de405e..2881b2c178d 100644 --- a/src/common/checksum_helper.c +++ b/src/common/checksum_helper.c @@ -93,42 +93,42 @@ pg_checksum_init(pg_checksum_context *context, pg_checksum_type type) INIT_CRC32C(context->raw_context.c_crc32c); break; case CHECKSUM_TYPE_SHA224: - context->raw_context.c_sha224 = pg_cryptohash_create(PG_SHA224); - if (context->raw_context.c_sha224 == NULL) + context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA224); + if (context->raw_context.c_sha2 == NULL) return -1; - if (pg_cryptohash_init(context->raw_context.c_sha224) < 0) + if (pg_cryptohash_init(context->raw_context.c_sha2) < 0) { - pg_cryptohash_free(context->raw_context.c_sha224); + pg_cryptohash_free(context->raw_context.c_sha2); return -1; } break; case CHECKSUM_TYPE_SHA256: - context->raw_context.c_sha256 = pg_cryptohash_create(PG_SHA256); - if (context->raw_context.c_sha256 == NULL) + context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA256); + if (context->raw_context.c_sha2 == NULL) return -1; - if (pg_cryptohash_init(context->raw_context.c_sha256) < 0) + if (pg_cryptohash_init(context->raw_context.c_sha2) < 0) { - pg_cryptohash_free(context->raw_context.c_sha256); + pg_cryptohash_free(context->raw_context.c_sha2); return -1; } break; case CHECKSUM_TYPE_SHA384: - context->raw_context.c_sha384 = pg_cryptohash_create(PG_SHA384); - if (context->raw_context.c_sha384 == NULL) + context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA384); + if (context->raw_context.c_sha2 == NULL) return -1; - if (pg_cryptohash_init(context->raw_context.c_sha384) < 0) + if (pg_cryptohash_init(context->raw_context.c_sha2) < 0) { - pg_cryptohash_free(context->raw_context.c_sha384); + pg_cryptohash_free(context->raw_context.c_sha2); return -1; } break; case CHECKSUM_TYPE_SHA512: - context->raw_context.c_sha512 = pg_cryptohash_create(PG_SHA512); - if (context->raw_context.c_sha512 == NULL) + context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA512); + if (context->raw_context.c_sha2 == NULL) return -1; - if (pg_cryptohash_init(context->raw_context.c_sha512) < 0) + if (pg_cryptohash_init(context->raw_context.c_sha2) < 0) { - pg_cryptohash_free(context->raw_context.c_sha512); + pg_cryptohash_free(context->raw_context.c_sha2); return -1; } break; @@ -154,19 +154,10 @@ pg_checksum_update(pg_checksum_context *context, const uint8 *input, COMP_CRC32C(context->raw_context.c_crc32c, input, len); break; case CHECKSUM_TYPE_SHA224: - if (pg_cryptohash_update(context->raw_context.c_sha224, input, len) < 0) - return -1; - break; case CHECKSUM_TYPE_SHA256: - if (pg_cryptohash_update(context->raw_context.c_sha256, input, len) < 0) - return -1; - break; case CHECKSUM_TYPE_SHA384: - if (pg_cryptohash_update(context->raw_context.c_sha384, input, len) < 0) - return -1; - break; case CHECKSUM_TYPE_SHA512: - if (pg_cryptohash_update(context->raw_context.c_sha512, input, len) < 0) + if (pg_cryptohash_update(context->raw_context.c_sha2, input, len) < 0) return -1; break; } @@ -207,27 +198,27 @@ pg_checksum_final(pg_checksum_context *context, uint8 *output) memcpy(output, &context->raw_context.c_crc32c, retval); break; case CHECKSUM_TYPE_SHA224: - if (pg_cryptohash_final(context->raw_context.c_sha224, output) < 0) + if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) return -1; - pg_cryptohash_free(context->raw_context.c_sha224); + pg_cryptohash_free(context->raw_context.c_sha2); retval = PG_SHA224_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA256: - if (pg_cryptohash_final(context->raw_context.c_sha256, output) < 0) + if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) return -1; - pg_cryptohash_free(context->raw_context.c_sha256); + pg_cryptohash_free(context->raw_context.c_sha2); retval = PG_SHA224_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA384: - if (pg_cryptohash_final(context->raw_context.c_sha384, output) < 0) + if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) return -1; - pg_cryptohash_free(context->raw_context.c_sha384); + pg_cryptohash_free(context->raw_context.c_sha2); retval = PG_SHA384_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA512: - if (pg_cryptohash_final(context->raw_context.c_sha512, output) < 0) + if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) return -1; - pg_cryptohash_free(context->raw_context.c_sha512); + pg_cryptohash_free(context->raw_context.c_sha2); retval = PG_SHA512_DIGEST_LENGTH; break; } diff --git a/src/include/common/checksum_helper.h b/src/include/common/checksum_helper.h index ebdf1ccf447..cac7570ea13 100644 --- a/src/include/common/checksum_helper.h +++ b/src/include/common/checksum_helper.h @@ -42,10 +42,7 @@ typedef enum pg_checksum_type typedef union pg_checksum_raw_context { pg_crc32c c_crc32c; - pg_cryptohash_ctx *c_sha224; - pg_cryptohash_ctx *c_sha256; - pg_cryptohash_ctx *c_sha384; - pg_cryptohash_ctx *c_sha512; + pg_cryptohash_ctx *c_sha2; } pg_checksum_raw_context; /* |