pgcrypto: Detect errors with EVP calls from OpenSSL

michaelpq · michaelpq · commit dfd8bf2b9255 · 2020-12-08T15:22:38.000+09:00
The following routines are called within pgcrypto when handling digests
but there were no checks for failures:
- EVP_MD_CTX_size (can fail with -1 as of 3.0.0)
- EVP_MD_CTX_block_size (can fail with -1 as of 3.0.0)
- EVP_DigestInit_ex
- EVP_DigestUpdate
- EVP_DigestFinal_ex

A set of elog(ERROR) is added by this commit to detect such failures,
that should never happen except in the event of a processing failure
internal to OpenSSL.

Note that it would be possible to use ERR_reason_error_string() to get
more context about such errors, but these refer mainly to the internals
of OpenSSL, so it is not really obvious how useful that would be.  This
is left out for simplicity.

Per report from Coverity.  Thanks to Tom Lane for the discussion.

Backpatch-through: 9.5
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
@@ -114,40 +114,51 @@ static unsigned
 digest_result_size(PX_MD *h)
 {
 	OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
+	int			result = EVP_MD_CTX_size(digest->ctx);
 
-	return EVP_MD_CTX_size(digest->ctx);
+	if (result < 0)
+		elog(ERROR, "EVP_MD_CTX_size() failed");
+
+	return result;
 }
 
 static unsigned
 digest_block_size(PX_MD *h)
 {
 	OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
+	int			result = EVP_MD_CTX_block_size(digest->ctx);
+
+	if (result < 0)
+		elog(ERROR, "EVP_MD_CTX_block_size() failed");
 
-	return EVP_MD_CTX_block_size(digest->ctx);
+	return result;
 }
 
 static void
 digest_reset(PX_MD *h)
 {
 	OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
-	EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
+	if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
+		elog(ERROR, "EVP_DigestInit_ex() failed");
 }
 
 static void
 digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
 {
 	OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
-	EVP_DigestUpdate(digest->ctx, data, dlen);
+	if (!EVP_DigestUpdate(digest->ctx, data, dlen))
+		elog(ERROR, "EVP_DigestUpdate() failed");
 }
 
 static void
 digest_finish(PX_MD *h, uint8 *dst)
 {
 	OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
-	EVP_DigestFinal_ex(digest->ctx, dst, NULL);
+	if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
+		elog(ERROR, "EVP_DigestFinal_ex() failed");
 }
 
 static void

Original file line number	Diff line number	Diff line change
`@@ -114,40 +114,51 @@ static unsigned`
`114`	`114`	`digest_result_size(PX_MD *h)`
`115`	`115`	`{`
`116`	`116`	`OSSLDigest digest = (OSSLDigest ) h->p.ptr;`
	`117`	`+ int result = EVP_MD_CTX_size(digest->ctx);`
`117`	`118`
`118`		`- return EVP_MD_CTX_size(digest->ctx);`
	`119`	`+ if (result < 0)`
	`120`	`+ elog(ERROR, "EVP_MD_CTX_size() failed");`
	`121`	`+`
	`122`	`+ return result;`
`119`	`123`	`}`
`120`	`124`
`121`	`125`	`static unsigned`
`122`	`126`	`digest_block_size(PX_MD *h)`
`123`	`127`	`{`
`124`	`128`	`OSSLDigest digest = (OSSLDigest ) h->p.ptr;`
	`129`	`+ int result = EVP_MD_CTX_block_size(digest->ctx);`
	`130`	`+`
	`131`	`+ if (result < 0)`
	`132`	`+ elog(ERROR, "EVP_MD_CTX_block_size() failed");`
`125`	`133`
`126`		`- return EVP_MD_CTX_block_size(digest->ctx);`
	`134`	`+ return result;`
`127`	`135`	`}`
`128`	`136`
`129`	`137`	`static void`
`130`	`138`	`digest_reset(PX_MD *h)`
`131`	`139`	`{`
`132`	`140`	`OSSLDigest digest = (OSSLDigest ) h->p.ptr;`
`133`	`141`
`134`		`- EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);`
	`142`	`+ if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))`
	`143`	`+ elog(ERROR, "EVP_DigestInit_ex() failed");`
`135`	`144`	`}`
`136`	`145`
`137`	`146`	`static void`
`138`	`147`	`digest_update(PX_MD h, const uint8 data, unsigned dlen)`
`139`	`148`	`{`
`140`	`149`	`OSSLDigest digest = (OSSLDigest ) h->p.ptr;`
`141`	`150`
`142`		`- EVP_DigestUpdate(digest->ctx, data, dlen);`
	`151`	`+ if (!EVP_DigestUpdate(digest->ctx, data, dlen))`
	`152`	`+ elog(ERROR, "EVP_DigestUpdate() failed");`
`143`	`153`	`}`
`144`	`154`
`145`	`155`	`static void`
`146`	`156`	`digest_finish(PX_MD h, uint8 dst)`
`147`	`157`	`{`
`148`	`158`	`OSSLDigest digest = (OSSLDigest ) h->p.ptr;`
`149`	`159`
`150`		`- EVP_DigestFinal_ex(digest->ctx, dst, NULL);`
	`160`	`+ if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))`
	`161`	`+ elog(ERROR, "EVP_DigestFinal_ex() failed");`
`151`	`162`	`}`
`152`	`163`
`153`	`164`	`static void`