projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d137b14) | patch
pgcrypto: Detect errors with EVP calls from OpenSSL
authorMichael Paquier <[email protected]>
Tue, 8 Dec 2020 06:22:53 +0000 (15:22 +0900)
committerMichael Paquier <[email protected]>
Tue, 8 Dec 2020 06:22:53 +0000 (15:22 +0900)
commit5ba1df0f14d19a32c69adf97d452726fa6a28e02
tree9ce93aaf74b5485e54ee6ae23689e0fbaba0055ftree
parentd137b14c3cec73a521a504eae645d83e140b1f1ccommit | diff
pgcrypto: Detect errors with EVP calls from OpenSSL

The following routines are called within pgcrypto when handling digests
but there were no checks for failures:
- EVP_MD_CTX_size (can fail with -1 as of 3.0.0)
- EVP_MD_CTX_block_size (can fail with -1 as of 3.0.0)
- EVP_DigestInit_ex
- EVP_DigestUpdate
- EVP_DigestFinal_ex

A set of elog(ERROR) is added by this commit to detect such failures,
that should never happen except in the event of a processing failure
internal to OpenSSL.

Note that it would be possible to use ERR_reason_error_string() to get
more context about such errors, but these refer mainly to the internals
of OpenSSL, so it is not really obvious how useful that would be.  This
is left out for simplicity.

Per report from Coverity.  Thanks to Tom Lane for the discussion.

Backpatch-through: 9.5
contrib/pgcrypto/openssl.c diff | blob | blame | history
This is the main PostgreSQL git repository.