diff options
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/checksum_helper.c | 20 | ||||
| -rw-r--r-- | src/common/cryptohash.c | 20 | ||||
| -rw-r--r-- | src/common/cryptohash_openssl.c | 33 | ||||
| -rw-r--r-- | src/common/md5_common.c | 4 | ||||
| -rw-r--r-- | src/common/scram-common.c | 8 |
5 files changed, 66 insertions, 19 deletions
diff --git a/src/common/checksum_helper.c b/src/common/checksum_helper.c index a895e2e2855..431e247d59d 100644 --- a/src/common/checksum_helper.c +++ b/src/common/checksum_helper.c @@ -198,28 +198,32 @@ pg_checksum_final(pg_checksum_context *context, uint8 *output) memcpy(output, &context->raw_context.c_crc32c, retval); break; case CHECKSUM_TYPE_SHA224: - if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) + retval = PG_SHA224_DIGEST_LENGTH; + if (pg_cryptohash_final(context->raw_context.c_sha2, + output, retval) < 0) return -1; pg_cryptohash_free(context->raw_context.c_sha2); - retval = PG_SHA224_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA256: - if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) + retval = PG_SHA256_DIGEST_LENGTH; + if (pg_cryptohash_final(context->raw_context.c_sha2, + output, retval) < 0) return -1; pg_cryptohash_free(context->raw_context.c_sha2); - retval = PG_SHA256_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA384: - if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) + retval = PG_SHA384_DIGEST_LENGTH; + if (pg_cryptohash_final(context->raw_context.c_sha2, + output, retval) < 0) return -1; pg_cryptohash_free(context->raw_context.c_sha2); - retval = PG_SHA384_DIGEST_LENGTH; break; case CHECKSUM_TYPE_SHA512: - if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0) + retval = PG_SHA512_DIGEST_LENGTH; + if (pg_cryptohash_final(context->raw_context.c_sha2, + output, retval) < 0) return -1; pg_cryptohash_free(context->raw_context.c_sha2); - retval = PG_SHA512_DIGEST_LENGTH; break; } diff --git a/src/common/cryptohash.c b/src/common/cryptohash.c index 5b2c050d799..0dab74a094b 100644 --- a/src/common/cryptohash.c +++ b/src/common/cryptohash.c @@ -160,12 +160,12 @@ pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len) /* * pg_cryptohash_final * - * Finalize a hash context. Note that this implementation is designed - * to never fail, so this always returns 0 except if the caller has - * given a NULL context. + * Finalize a hash context. Note that this implementation is designed to + * never fail, so this always returns 0 except if the destination buffer + * is not large enough. */ int -pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest) +pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len) { if (ctx == NULL) return -1; @@ -173,21 +173,33 @@ pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest) switch (ctx->type) { case PG_MD5: + if (len < MD5_DIGEST_LENGTH) + return -1; pg_md5_final(&ctx->data.md5, dest); break; case PG_SHA1: + if (len < SHA1_DIGEST_LENGTH) + return -1; pg_sha1_final(&ctx->data.sha1, dest); break; case PG_SHA224: + if (len < PG_SHA224_DIGEST_LENGTH) + return -1; pg_sha224_final(&ctx->data.sha224, dest); break; case PG_SHA256: + if (len < PG_SHA256_DIGEST_LENGTH) + return -1; pg_sha256_final(&ctx->data.sha256, dest); break; case PG_SHA384: + if (len < PG_SHA384_DIGEST_LENGTH) + return -1; pg_sha384_final(&ctx->data.sha384, dest); break; case PG_SHA512: + if (len < PG_SHA512_DIGEST_LENGTH) + return -1; pg_sha512_final(&ctx->data.sha512, dest); break; } diff --git a/src/common/cryptohash_openssl.c b/src/common/cryptohash_openssl.c index 006e867403e..643cc7aea2c 100644 --- a/src/common/cryptohash_openssl.c +++ b/src/common/cryptohash_openssl.c @@ -24,6 +24,9 @@ #include <openssl/evp.h> #include "common/cryptohash.h" +#include "common/md5.h" +#include "common/sha1.h" +#include "common/sha2.h" #ifndef FRONTEND #include "utils/memutils.h" #include "utils/resowner.h" @@ -181,13 +184,41 @@ pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len) * Finalize a hash context. Returns 0 on success, and -1 on failure. */ int -pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest) +pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len) { int status = 0; if (ctx == NULL) return -1; + switch (ctx->type) + { + case PG_MD5: + if (len < MD5_DIGEST_LENGTH) + return -1; + break; + case PG_SHA1: + if (len < SHA1_DIGEST_LENGTH) + return -1; + break; + case PG_SHA224: + if (len < PG_SHA224_DIGEST_LENGTH) + return -1; + break; + case PG_SHA256: + if (len < PG_SHA256_DIGEST_LENGTH) + return -1; + break; + case PG_SHA384: + if (len < PG_SHA384_DIGEST_LENGTH) + return -1; + break; + case PG_SHA512: + if (len < PG_SHA512_DIGEST_LENGTH) + return -1; + break; + } + status = EVP_DigestFinal_ex(ctx->evpctx, dest, 0); /* OpenSSL internals return 1 on success, 0 on failure */ diff --git a/src/common/md5_common.c b/src/common/md5_common.c index b01c95ebb6e..2114890effe 100644 --- a/src/common/md5_common.c +++ b/src/common/md5_common.c @@ -78,7 +78,7 @@ pg_md5_hash(const void *buff, size_t len, char *hexsum) if (pg_cryptohash_init(ctx) < 0 || pg_cryptohash_update(ctx, buff, len) < 0 || - pg_cryptohash_final(ctx, sum) < 0) + pg_cryptohash_final(ctx, sum, sizeof(sum)) < 0) { pg_cryptohash_free(ctx); return false; @@ -100,7 +100,7 @@ pg_md5_binary(const void *buff, size_t len, void *outbuf) if (pg_cryptohash_init(ctx) < 0 || pg_cryptohash_update(ctx, buff, len) < 0 || - pg_cryptohash_final(ctx, outbuf) < 0) + pg_cryptohash_final(ctx, outbuf, MD5_DIGEST_LENGTH) < 0) { pg_cryptohash_free(ctx); return false; diff --git a/src/common/scram-common.c b/src/common/scram-common.c index 3f406d4e4dc..0b9557376e9 100644 --- a/src/common/scram-common.c +++ b/src/common/scram-common.c @@ -51,7 +51,7 @@ scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen) return -1; if (pg_cryptohash_init(sha256_ctx) < 0 || pg_cryptohash_update(sha256_ctx, key, keylen) < 0 || - pg_cryptohash_final(sha256_ctx, keybuf) < 0) + pg_cryptohash_final(sha256_ctx, keybuf, sizeof(keybuf)) < 0) { pg_cryptohash_free(sha256_ctx); return -1; @@ -112,7 +112,7 @@ scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx) Assert(ctx->sha256ctx != NULL); - if (pg_cryptohash_final(ctx->sha256ctx, h) < 0) + if (pg_cryptohash_final(ctx->sha256ctx, h, sizeof(h)) < 0) { pg_cryptohash_free(ctx->sha256ctx); return -1; @@ -122,7 +122,7 @@ scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx) if (pg_cryptohash_init(ctx->sha256ctx) < 0 || pg_cryptohash_update(ctx->sha256ctx, ctx->k_opad, SHA256_HMAC_B) < 0 || pg_cryptohash_update(ctx->sha256ctx, h, SCRAM_KEY_LEN) < 0 || - pg_cryptohash_final(ctx->sha256ctx, result) < 0) + pg_cryptohash_final(ctx->sha256ctx, result, SCRAM_KEY_LEN) < 0) { pg_cryptohash_free(ctx->sha256ctx); return -1; @@ -202,7 +202,7 @@ scram_H(const uint8 *input, int len, uint8 *result) if (pg_cryptohash_init(ctx) < 0 || pg_cryptohash_update(ctx, input, len) < 0 || - pg_cryptohash_final(ctx, result) < 0) + pg_cryptohash_final(ctx, result, SCRAM_KEY_LEN) < 0) { pg_cryptohash_free(ctx); return -1; |