database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-05 23:56:58 +03:00
Code

Fix and simplify some code related to cryptohashes

Browse Source 
This commit addresses two issues:
- In pgcrypto, MD5 computation called pg_cryptohash_{init,update,final}
without checking for the result status.
- Simplify pg_checksum_raw_context to use only one variable for all the
SHA2 options available in checksum manifests.

Reported-by: Heikki Linnakangas
Discussion: https://postgr.es/m/f62f26bb-47a5-8411-46e5-4350823e06a5@iki.fi
This commit is contained in:
Michael Paquier 2021-01-08 10:37:03 +09:00
parent 9ffe227837
commit 15b824da97
3 changed files with 32 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/pgcrypto/internal.c
View File

@ -96,7 +96,8 @@ int_md5_update(PX_MD *h, const uint8 *data, unsigned dlen)
{ {
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
pg_cryptohash_update(ctx, data, dlen); if (pg_cryptohash_update(ctx, data, dlen) < 0)
elog(ERROR, "could not update %s context", "MD5");
} }
static void static void
@ -104,7 +105,8 @@ int_md5_reset(PX_MD *h)
{ {
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
pg_cryptohash_init(ctx); if (pg_cryptohash_init(ctx) < 0)
elog(ERROR, "could not initialize %s context", "MD5");
} }
static void static void
@ -112,7 +114,8 @@ int_md5_finish(PX_MD *h, uint8 *dst)
{ {
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr; pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
pg_cryptohash_final(ctx, dst); if (pg_cryptohash_final(ctx, dst) < 0)
elog(ERROR, "could not finalize %s context", "MD5");
} }
static void static void

59
src/common/checksum_helper.c
View File

@ -93,42 +93,42 @@ pg_checksum_init(pg_checksum_context *context, pg_checksum_type type)
INIT_CRC32C(context->raw_context.c_crc32c); INIT_CRC32C(context->raw_context.c_crc32c);
break; break;
case CHECKSUM_TYPE_SHA224: case CHECKSUM_TYPE_SHA224:
context->raw_context.c_sha224 = pg_cryptohash_create(PG_SHA224); context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA224);
if (context->raw_context.c_sha224 == NULL) if (context->raw_context.c_sha2 == NULL)
return -1; return -1;
if (pg_cryptohash_init(context->raw_context.c_sha224) < 0) if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
{ {
pg_cryptohash_free(context->raw_context.c_sha224); pg_cryptohash_free(context->raw_context.c_sha2);
return -1; return -1;
} }
break; break;
case CHECKSUM_TYPE_SHA256: case CHECKSUM_TYPE_SHA256:
context->raw_context.c_sha256 = pg_cryptohash_create(PG_SHA256); context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA256);
if (context->raw_context.c_sha256 == NULL) if (context->raw_context.c_sha2 == NULL)
return -1; return -1;
if (pg_cryptohash_init(context->raw_context.c_sha256) < 0) if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
{ {
pg_cryptohash_free(context->raw_context.c_sha256); pg_cryptohash_free(context->raw_context.c_sha2);
return -1; return -1;
} }
break; break;
case CHECKSUM_TYPE_SHA384: case CHECKSUM_TYPE_SHA384:
context->raw_context.c_sha384 = pg_cryptohash_create(PG_SHA384); context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA384);
if (context->raw_context.c_sha384 == NULL) if (context->raw_context.c_sha2 == NULL)
return -1; return -1;
if (pg_cryptohash_init(context->raw_context.c_sha384) < 0) if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
{ {
pg_cryptohash_free(context->raw_context.c_sha384); pg_cryptohash_free(context->raw_context.c_sha2);
return -1; return -1;
} }
break; break;
case CHECKSUM_TYPE_SHA512: case CHECKSUM_TYPE_SHA512:
context->raw_context.c_sha512 = pg_cryptohash_create(PG_SHA512); context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA512);
if (context->raw_context.c_sha512 == NULL) if (context->raw_context.c_sha2 == NULL)
return -1; return -1;
if (pg_cryptohash_init(context->raw_context.c_sha512) < 0) if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
{ {
pg_cryptohash_free(context->raw_context.c_sha512); pg_cryptohash_free(context->raw_context.c_sha2);
return -1; return -1;
} }
break; break;
@ -154,19 +154,10 @@ pg_checksum_update(pg_checksum_context *context, const uint8 *input,
COMP_CRC32C(context->raw_context.c_crc32c, input, len); COMP_CRC32C(context->raw_context.c_crc32c, input, len);
break; break;
case CHECKSUM_TYPE_SHA224: case CHECKSUM_TYPE_SHA224:
if (pg_cryptohash_update(context->raw_context.c_sha224, input, len) < 0)
return -1;
break;
case CHECKSUM_TYPE_SHA256: case CHECKSUM_TYPE_SHA256:
if (pg_cryptohash_update(context->raw_context.c_sha256, input, len) < 0)
return -1;
break;
case CHECKSUM_TYPE_SHA384: case CHECKSUM_TYPE_SHA384:
if (pg_cryptohash_update(context->raw_context.c_sha384, input, len) < 0)
return -1;
break;
case CHECKSUM_TYPE_SHA512: case CHECKSUM_TYPE_SHA512:
if (pg_cryptohash_update(context->raw_context.c_sha512, input, len) < 0) if (pg_cryptohash_update(context->raw_context.c_sha2, input, len) < 0)
return -1; return -1;
break; break;
} }
@ -207,27 +198,27 @@ pg_checksum_final(pg_checksum_context *context, uint8 *output)
memcpy(output, &context->raw_context.c_crc32c, retval); memcpy(output, &context->raw_context.c_crc32c, retval);
break; break;
case CHECKSUM_TYPE_SHA224: case CHECKSUM_TYPE_SHA224:
if (pg_cryptohash_final(context->raw_context.c_sha224, output) < 0) if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
return -1; return -1;
pg_cryptohash_free(context->raw_context.c_sha224); pg_cryptohash_free(context->raw_context.c_sha2);
retval = PG_SHA224_DIGEST_LENGTH; retval = PG_SHA224_DIGEST_LENGTH;
break; break;
case CHECKSUM_TYPE_SHA256: case CHECKSUM_TYPE_SHA256:
if (pg_cryptohash_final(context->raw_context.c_sha256, output) < 0) if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
return -1; return -1;
pg_cryptohash_free(context->raw_context.c_sha256); pg_cryptohash_free(context->raw_context.c_sha2);
retval = PG_SHA224_DIGEST_LENGTH; retval = PG_SHA224_DIGEST_LENGTH;
break; break;
case CHECKSUM_TYPE_SHA384: case CHECKSUM_TYPE_SHA384:
if (pg_cryptohash_final(context->raw_context.c_sha384, output) < 0) if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
return -1; return -1;
pg_cryptohash_free(context->raw_context.c_sha384); pg_cryptohash_free(context->raw_context.c_sha2);
retval = PG_SHA384_DIGEST_LENGTH; retval = PG_SHA384_DIGEST_LENGTH;
break; break;
case CHECKSUM_TYPE_SHA512: case CHECKSUM_TYPE_SHA512:
if (pg_cryptohash_final(context->raw_context.c_sha512, output) < 0) if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
return -1; return -1;
pg_cryptohash_free(context->raw_context.c_sha512); pg_cryptohash_free(context->raw_context.c_sha2);
retval = PG_SHA512_DIGEST_LENGTH; retval = PG_SHA512_DIGEST_LENGTH;
break; break;
} }

5
src/include/common/checksum_helper.h
View File

@ -42,10 +42,7 @@ typedef enum pg_checksum_type
typedef union pg_checksum_raw_context typedef union pg_checksum_raw_context
{ {
pg_crc32c c_crc32c; pg_crc32c c_crc32c;
pg_cryptohash_ctx *c_sha224; pg_cryptohash_ctx *c_sha2;
pg_cryptohash_ctx *c_sha256;
pg_cryptohash_ctx *c_sha384;
pg_cryptohash_ctx *c_sha512;
} pg_checksum_raw_context; } pg_checksum_raw_context;
/* /*