Fix and simplify some code related to cryptohashes

michaelpq · michaelpq · commit 15b824da97af · 2021-01-08T10:37:03.000+09:00
This commit addresses two issues: - In pgcrypto, MD5 computation called pg_cryptohash_{init,update,final} without checking for the result status. - Simplify pg_checksum_raw_context to use only one variable for all the SHA2 options available in checksum manifests. Reported-by: Heikki Linnakangas Discussion: https://postgr.es/m/f62f26bb-47a5-8411-46e5-4350823e06a5@iki.fi
diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
@@ -96,23 +96,26 @@ int_md5_update(PX_MD *h, const uint8 *data, unsigned dlen)
 {
 	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-	pg_cryptohash_update(ctx, data, dlen);
+	if (pg_cryptohash_update(ctx, data, dlen) < 0)
+		elog(ERROR, "could not update %s context", "MD5");
 }
 
 static void
 int_md5_reset(PX_MD *h)
 {
 	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-	pg_cryptohash_init(ctx);
+	if (pg_cryptohash_init(ctx) < 0)
+		elog(ERROR, "could not initialize %s context", "MD5");
 }
 
 static void
 int_md5_finish(PX_MD *h, uint8 *dst)
 {
 	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-	pg_cryptohash_final(ctx, dst);
+	if (pg_cryptohash_final(ctx, dst) < 0)
+		elog(ERROR, "could not finalize %s context", "MD5");
 }
 
 static void
diff --git a/src/common/checksum_helper.c b/src/common/checksum_helper.c
@@ -93,42 +93,42 @@ pg_checksum_init(pg_checksum_context *context, pg_checksum_type type)
 			INIT_CRC32C(context->raw_context.c_crc32c);
 			break;
 		case CHECKSUM_TYPE_SHA224:
-			context->raw_context.c_sha224 = pg_cryptohash_create(PG_SHA224);
-			if (context->raw_context.c_sha224 == NULL)
+			context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA224);
+			if (context->raw_context.c_sha2 == NULL)
 				return -1;
-			if (pg_cryptohash_init(context->raw_context.c_sha224) < 0)
+			if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
 			{
-				pg_cryptohash_free(context->raw_context.c_sha224);
+				pg_cryptohash_free(context->raw_context.c_sha2);
 				return -1;
 			}
 			break;
 		case CHECKSUM_TYPE_SHA256:
-			context->raw_context.c_sha256 = pg_cryptohash_create(PG_SHA256);
-			if (context->raw_context.c_sha256 == NULL)
+			context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA256);
+			if (context->raw_context.c_sha2 == NULL)
 				return -1;
-			if (pg_cryptohash_init(context->raw_context.c_sha256) < 0)
+			if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
 			{
-				pg_cryptohash_free(context->raw_context.c_sha256);
+				pg_cryptohash_free(context->raw_context.c_sha2);
 				return -1;
 			}
 			break;
 		case CHECKSUM_TYPE_SHA384:
-			context->raw_context.c_sha384 = pg_cryptohash_create(PG_SHA384);
-			if (context->raw_context.c_sha384 == NULL)
+			context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA384);
+			if (context->raw_context.c_sha2 == NULL)
 				return -1;
-			if (pg_cryptohash_init(context->raw_context.c_sha384) < 0)
+			if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
 			{
-				pg_cryptohash_free(context->raw_context.c_sha384);
+				pg_cryptohash_free(context->raw_context.c_sha2);
 				return -1;
 			}
 			break;
 		case CHECKSUM_TYPE_SHA512:
-			context->raw_context.c_sha512 = pg_cryptohash_create(PG_SHA512);
-			if (context->raw_context.c_sha512 == NULL)
+			context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA512);
+			if (context->raw_context.c_sha2 == NULL)
 				return -1;
-			if (pg_cryptohash_init(context->raw_context.c_sha512) < 0)
+			if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
 			{
-				pg_cryptohash_free(context->raw_context.c_sha512);
+				pg_cryptohash_free(context->raw_context.c_sha2);
 				return -1;
 			}
 			break;
@@ -154,19 +154,10 @@ pg_checksum_update(pg_checksum_context *context, const uint8 *input,
 			COMP_CRC32C(context->raw_context.c_crc32c, input, len);
 			break;
 		case CHECKSUM_TYPE_SHA224:
-			if (pg_cryptohash_update(context->raw_context.c_sha224, input, len) < 0)
-				return -1;
-			break;
 		case CHECKSUM_TYPE_SHA256:
-			if (pg_cryptohash_update(context->raw_context.c_sha256, input, len) < 0)
-				return -1;
-			break;
 		case CHECKSUM_TYPE_SHA384:
-			if (pg_cryptohash_update(context->raw_context.c_sha384, input, len) < 0)
-				return -1;
-			break;
 		case CHECKSUM_TYPE_SHA512:
-			if (pg_cryptohash_update(context->raw_context.c_sha512, input, len) < 0)
+			if (pg_cryptohash_update(context->raw_context.c_sha2, input, len) < 0)
 				return -1;
 			break;
 	}
@@ -207,27 +198,27 @@ pg_checksum_final(pg_checksum_context *context, uint8 *output)
 			memcpy(output, &context->raw_context.c_crc32c, retval);
 			break;
 		case CHECKSUM_TYPE_SHA224:
-			if (pg_cryptohash_final(context->raw_context.c_sha224, output) < 0)
+			if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
 				return -1;
-			pg_cryptohash_free(context->raw_context.c_sha224);
+			pg_cryptohash_free(context->raw_context.c_sha2);
 			retval = PG_SHA224_DIGEST_LENGTH;
 			break;
 		case CHECKSUM_TYPE_SHA256:
-			if (pg_cryptohash_final(context->raw_context.c_sha256, output) < 0)
+			if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
 				return -1;
-			pg_cryptohash_free(context->raw_context.c_sha256);
+			pg_cryptohash_free(context->raw_context.c_sha2);
 			retval = PG_SHA224_DIGEST_LENGTH;
 			break;
 		case CHECKSUM_TYPE_SHA384:
-			if (pg_cryptohash_final(context->raw_context.c_sha384, output) < 0)
+			if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
 				return -1;
-			pg_cryptohash_free(context->raw_context.c_sha384);
+			pg_cryptohash_free(context->raw_context.c_sha2);
 			retval = PG_SHA384_DIGEST_LENGTH;
 			break;
 		case CHECKSUM_TYPE_SHA512:
-			if (pg_cryptohash_final(context->raw_context.c_sha512, output) < 0)
+			if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
 				return -1;
-			pg_cryptohash_free(context->raw_context.c_sha512);
+			pg_cryptohash_free(context->raw_context.c_sha2);
 			retval = PG_SHA512_DIGEST_LENGTH;
 			break;
 	}
diff --git a/src/include/common/checksum_helper.h b/src/include/common/checksum_helper.h
@@ -42,10 +42,7 @@ typedef enum pg_checksum_type
 typedef union pg_checksum_raw_context
 {
 	pg_crc32c	c_crc32c;
-	pg_cryptohash_ctx *c_sha224;
-	pg_cryptohash_ctx *c_sha256;
-	pg_cryptohash_ctx *c_sha384;
-	pg_cryptohash_ctx *c_sha512;
+	pg_cryptohash_ctx *c_sha2;
 } pg_checksum_raw_context;
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -96,23 +96,26 @@ int_md5_update(PX_MD h, const uint8 data, unsigned dlen)`
`96`	`96`	`{`
`97`	`97`	`pg_cryptohash_ctx ctx = (pg_cryptohash_ctx ) h->p.ptr;`
`98`	`98`
`99`		`- pg_cryptohash_update(ctx, data, dlen);`
	`99`	`+ if (pg_cryptohash_update(ctx, data, dlen) < 0)`
	`100`	`+ elog(ERROR, "could not update %s context", "MD5");`
`100`	`101`	`}`
`101`	`102`
`102`	`103`	`static void`
`103`	`104`	`int_md5_reset(PX_MD *h)`
`104`	`105`	`{`
`105`	`106`	`pg_cryptohash_ctx ctx = (pg_cryptohash_ctx ) h->p.ptr;`
`106`	`107`
`107`		`- pg_cryptohash_init(ctx);`
	`108`	`+ if (pg_cryptohash_init(ctx) < 0)`
	`109`	`+ elog(ERROR, "could not initialize %s context", "MD5");`
`108`	`110`	`}`
`109`	`111`
`110`	`112`	`static void`
`111`	`113`	`int_md5_finish(PX_MD h, uint8 dst)`
`112`	`114`	`{`
`113`	`115`	`pg_cryptohash_ctx ctx = (pg_cryptohash_ctx ) h->p.ptr;`
`114`	`116`
`115`		`- pg_cryptohash_final(ctx, dst);`
	`117`	`+ if (pg_cryptohash_final(ctx, dst) < 0)`
	`118`	`+ elog(ERROR, "could not finalize %s context", "MD5");`
`116`	`119`	`}`
`117`	`120`
`118`	`121`	`static void`