Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitce9b75d

Browse files
author
Neil Conway
committed
Patch from Marko Kreen:
pgcrypto crypt()/md5 and hmac() leak memory when compiled againstOpenSSL as openssl.c digest ->reset will do two DigestInit callsagainst a context. This happened to work with OpenSSL 0.9.6but not with 0.9.7+.Reason for the messy code was that I tried to avoid creatingwrapper structure to transport algorithm info and tried to useOpenSSL context for it. The fix is to create wrapper structure.It also uses newer digest API to avoid memory allocationson reset with newer OpenSSLs.Thanks to Daniel Blaisdell for reporting it.
1 parent1b65847 commitce9b75d

File tree

1 file changed

+70
-32
lines changed

1 file changed

+70
-32
lines changed

‎contrib/pgcrypto/openssl.c

Lines changed: 70 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2727
* SUCH DAMAGE.
2828
*
29-
* $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.26 2005/10/15 02:49:06 momjian Exp $
29+
* $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.27 2006/02/18 20:48:51 neilc Exp $
3030
*/
3131

3232
#include"postgres.h"
@@ -47,17 +47,24 @@
4747
#defineMAX_IV(128/8)
4848

4949
/*
50-
* Does OpenSSL support AES?
50+
* Compatibility with OpenSSL 0.9.6
51+
*
52+
* It needs AES and newer DES and digest API.
5153
*/
5254
#ifOPENSSL_VERSION_NUMBER >=0x00907000L
5355

54-
/* Yes, it does. */
56+
/*
57+
* Nothing needed for OpenSSL 0.9.7+
58+
*/
59+
5560
#include<openssl/aes.h>
61+
5662
#else/* old OPENSSL */
5763

5864
/*
59-
*No, it does not. So use included rijndael code to emulate it.
65+
*Emulate OpenSSL AES.
6066
*/
67+
6168
#include"rijndael.c"
6269

6370
#defineAES_ENCRYPT 1
@@ -90,12 +97,11 @@
9097
memcpy(iv, (src) + (len) - 16, 16); \
9198
} \
9299
} while (0)
93-
#endif/* old OPENSSL */
94100

95101
/*
96-
*Compatibility with older OpenSSLAPI for DES.
102+
*Emulate DES_*API
97103
*/
98-
#ifOPENSSL_VERSION_NUMBER<0x00907000L
104+
99105
#defineDES_key_schedule des_key_schedule
100106
#defineDES_cblock des_cblock
101107
#defineDES_set_key(k,ks) \
@@ -110,63 +116,91 @@
110116
#defineDES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) \
111117
des_ede3_cbc_encrypt((i), (o), \
112118
(l), *(k1), *(k2), *(k3), (iv), (e))
113-
#endif
119+
120+
/*
121+
* Emulate newer digest API.
122+
*/
123+
124+
staticvoidEVP_MD_CTX_init(EVP_MD_CTX*ctx)
125+
{
126+
memset(ctx,0,sizeof(*ctx));
127+
}
128+
129+
staticintEVP_MD_CTX_cleanup(EVP_MD_CTX*ctx)
130+
{
131+
memset(ctx,0,sizeof(*ctx));
132+
return1;
133+
}
134+
135+
staticintEVP_DigestInit_ex(EVP_MD_CTX*ctx,constEVP_MD*md,void*engine)
136+
{
137+
EVP_DigestInit(ctx,md);
138+
return1;
139+
}
140+
141+
staticintEVP_DigestFinal_ex(EVP_MD_CTX*ctx,unsignedchar*res,unsignedint*len)
142+
{
143+
EVP_DigestFinal(ctx,res,len);
144+
return1;
145+
}
146+
147+
#endif/* old OpenSSL */
114148

115149
/*
116150
* Hashes
117151
*/
152+
153+
typedefstructOSSLDigest {
154+
constEVP_MD*algo;
155+
EVP_MD_CTXctx;
156+
}OSSLDigest;
157+
118158
staticunsigned
119159
digest_result_size(PX_MD*h)
120160
{
121-
returnEVP_MD_CTX_size((EVP_MD_CTX*)h->p.ptr);
161+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
162+
returnEVP_MD_CTX_size(&digest->ctx);
122163
}
123164

124165
staticunsigned
125166
digest_block_size(PX_MD*h)
126167
{
127-
returnEVP_MD_CTX_block_size((EVP_MD_CTX*)h->p.ptr);
168+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
169+
returnEVP_MD_CTX_block_size(&digest->ctx);
128170
}
129171

130172
staticvoid
131173
digest_reset(PX_MD*h)
132174
{
133-
EVP_MD_CTX*ctx= (EVP_MD_CTX*)h->p.ptr;
134-
constEVP_MD*md;
175+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
135176

136-
md=EVP_MD_CTX_md(ctx);
137-
138-
EVP_DigestInit(ctx,md);
177+
EVP_DigestInit_ex(&digest->ctx,digest->algo,NULL);
139178
}
140179

141180
staticvoid
142181
digest_update(PX_MD*h,constuint8*data,unsigneddlen)
143182
{
144-
EVP_MD_CTX*ctx= (EVP_MD_CTX*)h->p.ptr;
183+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
145184

146-
EVP_DigestUpdate(ctx,data,dlen);
185+
EVP_DigestUpdate(&digest->ctx,data,dlen);
147186
}
148187

149188
staticvoid
150189
digest_finish(PX_MD*h,uint8*dst)
151190
{
152-
EVP_MD_CTX*ctx= (EVP_MD_CTX*)h->p.ptr;
153-
constEVP_MD*md=EVP_MD_CTX_md(ctx);
154-
155-
EVP_DigestFinal(ctx,dst,NULL);
191+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
156192

157-
/*
158-
* Some builds of 0.9.7x clear all of ctx in EVP_DigestFinal. Fix it by
159-
* reinitializing ctx.
160-
*/
161-
EVP_DigestInit(ctx,md);
193+
EVP_DigestFinal_ex(&digest->ctx,dst,NULL);
162194
}
163195

164196
staticvoid
165197
digest_free(PX_MD*h)
166198
{
167-
EVP_MD_CTX*ctx= (EVP_MD_CTX*)h->p.ptr;
199+
OSSLDigest*digest= (OSSLDigest*)h->p.ptr;
200+
201+
EVP_MD_CTX_cleanup(&digest->ctx);
168202

169-
px_free(ctx);
203+
px_free(digest);
170204
px_free(h);
171205
}
172206

@@ -178,8 +212,8 @@ int
178212
px_find_digest(constchar*name,PX_MD**res)
179213
{
180214
constEVP_MD*md;
181-
EVP_MD_CTX*ctx;
182215
PX_MD*h;
216+
OSSLDigest*digest;
183217

184218
if (!px_openssl_initialized)
185219
{
@@ -191,8 +225,12 @@ px_find_digest(const char *name, PX_MD ** res)
191225
if (md==NULL)
192226
returnPXE_NO_HASH;
193227

194-
ctx=px_alloc(sizeof(*ctx));
195-
EVP_DigestInit(ctx,md);
228+
digest=px_alloc(sizeof(*digest));
229+
digest->algo=md;
230+
231+
EVP_MD_CTX_init(&digest->ctx);
232+
if (EVP_DigestInit_ex(&digest->ctx,digest->algo,NULL)==0)
233+
return-1;
196234

197235
h=px_alloc(sizeof(*h));
198236
h->result_size=digest_result_size;
@@ -201,7 +239,7 @@ px_find_digest(const char *name, PX_MD ** res)
201239
h->update=digest_update;
202240
h->finish=digest_finish;
203241
h->free=digest_free;
204-
h->p.ptr= (void*)ctx;
242+
h->p.ptr= (void*)digest;
205243

206244
*res=h;
207245
return0;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp