NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitf5576a2

committed

pgcrypto: Remove internal padding implementation

Use the padding provided by OpenSSL instead of doing it ourselves.The internal implementation was once applicable to the non-OpenSSLcode paths, but those have since been removed. The padding algorithmis still the same.The OpenSSL padding implementation is stricter than the previousinternal one: Bad padding during decryption is now an error, andencryption without padding now requires the input size to be amultiple of the block size, otherwise it is also an error.Previously, these cases silently proceeded, in spite of thedocumentation saying otherwise.Add some test cases about this, too. (The test cases are inrijndael.sql, but they apply to all encryption algorithms.)Reviewed-by: Jacob Champion <pchampion@vmware.com>Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>Discussion:https://www.postgresql.org/message-id/flat/ba94c26b-0c58-c97e-7a44-f44e08b4cca2%40enterprisedb.com

1 parent9ca234b commitf5576a2Copy full SHA for f5576a2

File tree

6 files changed

+52

-134

lines changed

contrib/pgcrypto
- expected
  - rijndael.out
- openssl.c
- pgp-cfb.c
- px.c
- px.h
- sql
  - rijndael.sql

6 files changed

+52

-134

lines changed

`‎contrib/pgcrypto/expected/rijndael.out`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,12 @@ SELECT encrypt(`
`39`	`39`	`\x8ea2b7ca516745bfeafc49904b496089`
`40`	`40`	`(1 row)`
`41`	`41`
	`42`	`+-- without padding, input not multiple of block size`
	`43`	`+SELECT encrypt(`
	`44`	`+'\x00112233445566778899aabbccddeeff00',`
	`45`	`+'\x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',`
	`46`	`+'aes-cbc/pad:none');`
	`47`	`+ERROR: encrypt error: Encryption failed`
`42`	`48`	`-- key padding`
`43`	`49`	`SELECT encrypt(`
`44`	`50`	`'\x0011223344',`
`@@ -95,6 +101,14 @@ select encode(decrypt(encrypt('foo', '0123456', 'aes'), '0123456', 'aes'), 'esca`
`95`	`101`	`foo`
`96`	`102`	`(1 row)`
`97`	`103`
	`104`	`+-- data not multiple of block size`
	`105`	`+select encode(decrypt(encrypt('foo', '0123456', 'aes') \|\| '\x00'::bytea, '0123456', 'aes'), 'escape');`
	`106`	`+ERROR: decrypt error: Decryption failed`
	`107`	`+-- bad padding`
	`108`	`+-- (The input value is the result of encrypt_iv('abcdefghijklmnopqrstuvwxyz', '0123456', 'abcd', 'aes')`
	`109`	`+-- with the 16th byte changed (s/db/eb/) to corrupt the padding of the last block.)`
	`110`	`+select encode(decrypt_iv('\xa21a9c15231465964e3396d32095e67eb52bab05f556a581621dee1b85385789', '0123456', 'abcd', 'aes'), 'escape');`
	`111`	`+ERROR: decrypt_iv error: Decryption failed`
`98`	`112`	`-- iv`
`99`	`113`	`select encrypt_iv('foo', '0123456', 'abcd', 'aes');`
`100`	`114`	`encrypt_iv`

`‎contrib/pgcrypto/openssl.c`

Lines changed: 14 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -369,17 +369,17 @@ gen_ossl_free(PX_Cipher *c)`
`369`	`369`	`}`
`370`	`370`
`371`	`371`	`staticint`
`372`		`-gen_ossl_decrypt(PX_Cipherc,constuint8data,unsigneddlen,`
`373`		`-uint8*res)`
	`372`	`+gen_ossl_decrypt(PX_Cipherc,intpadding,constuint8data,unsigneddlen,`
	`373`	`+uint8res,unsignedrlen)`
`374`	`374`	`{`
`375`	`375`	`OSSLCipher*od=c->ptr;`
`376`		`-intoutlen;`
	`376`	`+intoutlen,outlen2;`
`377`	`377`
`378`	`378`	`if (!od->init)`
`379`	`379`	`{`
`380`	`380`	`if (!EVP_DecryptInit_ex(od->evp_ctx,od->evp_ciph,NULL,NULL,NULL))`
`381`	`381`	`returnPXE_CIPHER_INIT;`
`382`		`-if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx,0))`
	`382`	`+if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx,padding))`
`383`	`383`	`returnPXE_CIPHER_INIT;`
`384`	`384`	`if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx,od->klen))`
`385`	`385`	`returnPXE_CIPHER_INIT;`
`@@ -390,22 +390,25 @@ gen_ossl_decrypt(PX_Cipher c, const uint8 data, unsigned dlen,`
`390`	`390`
`391`	`391`	`if (!EVP_DecryptUpdate(od->evp_ctx,res,&outlen,data,dlen))`
`392`	`392`	`returnPXE_DECRYPT_FAILED;`
	`393`	`+if (!EVP_DecryptFinal_ex(od->evp_ctx,res+outlen,&outlen2))`
	`394`	`+returnPXE_DECRYPT_FAILED;`
	`395`	`+*rlen=outlen+outlen2;`
`393`	`396`
`394`	`397`	`return0;`
`395`	`398`	`}`
`396`	`399`
`397`	`400`	`staticint`
`398`		`-gen_ossl_encrypt(PX_Cipherc,constuint8data,unsigneddlen,`
`399`		`-uint8*res)`
	`401`	`+gen_ossl_encrypt(PX_Cipherc,intpadding,constuint8data,unsigneddlen,`
	`402`	`+uint8res,unsignedrlen)`
`400`	`403`	`{`
`401`	`404`	`OSSLCipher*od=c->ptr;`
`402`		`-intoutlen;`
	`405`	`+intoutlen,outlen2;`
`403`	`406`
`404`	`407`	`if (!od->init)`
`405`	`408`	`{`
`406`	`409`	`if (!EVP_EncryptInit_ex(od->evp_ctx,od->evp_ciph,NULL,NULL,NULL))`
`407`	`410`	`returnPXE_CIPHER_INIT;`
`408`		`-if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx,0))`
	`411`	`+if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx,padding))`
`409`	`412`	`returnPXE_CIPHER_INIT;`
`410`	`413`	`if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx,od->klen))`
`411`	`414`	`returnPXE_CIPHER_INIT;`
`@@ -416,6 +419,9 @@ gen_ossl_encrypt(PX_Cipher c, const uint8 data, unsigned dlen,`
`416`	`419`
`417`	`420`	`if (!EVP_EncryptUpdate(od->evp_ctx,res,&outlen,data,dlen))`
`418`	`421`	`returnPXE_ENCRYPT_FAILED;`
	`422`	`+if (!EVP_EncryptFinal_ex(od->evp_ctx,res+outlen,&outlen2))`
	`423`	`+returnPXE_ENCRYPT_FAILED;`
	`424`	`+*rlen=outlen+outlen2;`
`419`	`425`
`420`	`426`	`return0;`
`421`	`427`	`}`

`‎contrib/pgcrypto/pgp-cfb.c`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -220,7 +220,9 @@ cfb_process(PGP_CFB ctx, const uint8 data, int len, uint8 *dst,`
`220`	`220`
`221`	`221`	`while (len>0)`
`222`	`222`	`{`
`223`		`-px_cipher_encrypt(ctx->ciph,ctx->fr,ctx->block_size,ctx->fre);`
	`223`	`+unsignedrlen;`
	`224`	`+`
	`225`	`+px_cipher_encrypt(ctx->ciph,0,ctx->fr,ctx->block_size,ctx->fre,&rlen);`
`224`	`226`	`if (ctx->block_no<5)`
`225`	`227`	`ctx->block_no++;`
`226`	`228`

`‎contrib/pgcrypto/px.c`

Lines changed: 2 additions & 118 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,6 @@ static const struct error_desc px_err_list[] = {`
`44`	`44`	`{PXE_ERR_GENERIC,"Some PX error (not specified)"},`
`45`	`45`	`{PXE_NO_HASH,"No such hash algorithm"},`
`46`	`46`	`{PXE_NO_CIPHER,"No such cipher algorithm"},`
`47`		`-{PXE_NOTBLOCKSIZE,"Data not a multiple of block size"},`
`48`	`47`	`{PXE_BAD_OPTION,"Unknown option"},`
`49`	`48`	`{PXE_BAD_FORMAT,"Badly formatted type"},`
`50`	`49`	`{PXE_KEY_TOO_BIG,"Key was too big"},`
`@@ -221,129 +220,14 @@ static int`
`221`	`220`	`combo_encrypt(PX_Combocx,constuint8data,unsigneddlen,`
`222`	`221`	`uint8res,unsignedrlen)`
`223`	`222`	`{`
`224`		`-interr=0;`
`225`		`-uint8*bbuf;`
`226`		`-unsignedbs,`
`227`		`-bpos,`
`228`		`-i,`
`229`		`-pad;`
`230`		`-`
`231`		`-PX_Cipher*c=cx->cipher;`
`232`		`-`
`233`		`-bbuf=NULL;`
`234`		`-bs=px_cipher_block_size(c);`
`235`		`-`
`236`		`-/* encrypt */`
`237`		`-if (bs>1)`
`238`		`-{`
`239`		`-bbuf=palloc(bs*4);`
`240`		`-bpos=dlen %bs;`
`241`		`-*rlen=dlen-bpos;`
`242`		`-memcpy(bbuf,data+*rlen,bpos);`
`243`		`-`
`244`		`-/* encrypt full-block data */`
`245`		`-if (*rlen)`
`246`		`-{`
`247`		`-err=px_cipher_encrypt(c,data,*rlen,res);`
`248`		`-if (err)`
`249`		`-gotoout;`
`250`		`-}`
`251`		`-`
`252`		`-/* bbuf has now bpos bytes of stuff */`
`253`		`-if (cx->padding)`
`254`		`-{`
`255`		`-pad=bs- (bpos %bs);`
`256`		`-for (i=0;i<pad;i++)`
`257`		`-bbuf[bpos++]=pad;`
`258`		`-}`
`259`		`-elseif (bpos %bs)`
`260`		`-{`
`261`		`-/* ERROR? */`
`262`		`-pad=bs- (bpos %bs);`
`263`		`-for (i=0;i<pad;i++)`
`264`		`-bbuf[bpos++]=0;`
`265`		`-}`
`266`		`-`
`267`		`-/* encrypt the rest - pad */`
`268`		`-if (bpos)`
`269`		`-{`
`270`		`-err=px_cipher_encrypt(c,bbuf,bpos,res+*rlen);`
`271`		`-*rlen+=bpos;`
`272`		`-}`
`273`		`-}`
`274`		`-else`
`275`		`-{`
`276`		`-/* stream cipher/mode - no pad needed */`
`277`		`-err=px_cipher_encrypt(c,data,dlen,res);`
`278`		`-if (err)`
`279`		`-gotoout;`
`280`		`-*rlen=dlen;`
`281`		`-}`
`282`		`-out:`
`283`		`-if (bbuf)`
`284`		`-pfree(bbuf);`
`285`		`-`
`286`		`-returnerr;`
	`223`	`+returnpx_cipher_encrypt(cx->cipher,cx->padding,data,dlen,res,rlen);`
`287`	`224`	`}`
`288`	`225`
`289`	`226`	`staticint`
`290`	`227`	`combo_decrypt(PX_Combocx,constuint8data,unsigneddlen,`
`291`	`228`	`uint8res,unsignedrlen)`
`292`	`229`	`{`
`293`		`-interr=0;`
`294`		`-unsignedbs,`
`295`		`-i,`
`296`		`-pad;`
`297`		`-unsignedpad_ok;`
`298`		`-`
`299`		`-PX_Cipher*c=cx->cipher;`
`300`		`-`
`301`		`-/* decide whether zero-length input is allowed */`
`302`		`-if (dlen==0)`
`303`		`-{`
`304`		`-/* with padding, empty ciphertext is not allowed */`
`305`		`-if (cx->padding)`
`306`		`-returnPXE_DECRYPT_FAILED;`
`307`		`-`
`308`		`-/* without padding, report empty result */`
`309`		`-*rlen=0;`
`310`		`-return0;`
`311`		`-}`
`312`		`-`
`313`		`-bs=px_cipher_block_size(c);`
`314`		`-if (bs>1&& (dlen %bs)!=0)`
`315`		`-gotoblock_error;`
`316`		`-`
`317`		`-/* decrypt */`
`318`		`-*rlen=dlen;`
`319`		`-err=px_cipher_decrypt(c,data,dlen,res);`
`320`		`-if (err)`
`321`		`-returnerr;`
`322`		`-`
`323`		`-/* unpad */`
`324`		`-if (bs>1&&cx->padding)`
`325`		`-{`
`326`		`-pad=res[*rlen-1];`
`327`		`-pad_ok=0;`
`328`		`-if (pad>0&&pad <=bs&&pad <=*rlen)`
`329`		`-{`
`330`		`-pad_ok=1;`
`331`		`-for (i=rlen-pad;i<rlen;i++)`
`332`		`-if (res[i]!=pad)`
`333`		`-{`
`334`		`-pad_ok=0;`
`335`		`-break;`
`336`		`-}`
`337`		`-}`
`338`		`-`
`339`		`-if (pad_ok)`
`340`		`-*rlen-=pad;`
`341`		`-}`
`342`		`-`
`343`		`-return0;`
`344`		`-`
`345`		`-block_error:`
`346`		`-returnPXE_NOTBLOCKSIZE;`
	`230`	`+returnpx_cipher_decrypt(cx->cipher,cx->padding,data,dlen,res,rlen);`
`347`	`231`	`}`
`348`	`232`
`349`	`233`	`staticvoid`

`‎contrib/pgcrypto/px.h`

Lines changed: 7 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@`
`47`	`47`	`#definePXE_ERR_GENERIC-1`
`48`	`48`	`#definePXE_NO_HASH-2`
`49`	`49`	`#definePXE_NO_CIPHER-3`
`50`		`-#definePXE_NOTBLOCKSIZE-4`
	`50`	`+/* -4 is unused */`
`51`	`51`	`#definePXE_BAD_OPTION-5`
`52`	`52`	`#definePXE_BAD_FORMAT-6`
`53`	`53`	`#definePXE_KEY_TOO_BIG-7`
`@@ -144,8 +144,8 @@ struct px_cipher`
`144`	`144`	`unsigned(iv_size) (PX_Cipherc);`
`145`	`145`
`146`	`146`	`int(init) (PX_Cipherc,constuint8key,unsignedklen,constuint8iv);`
`147`		`-int(encrypt) (PX_Cipherc,constuint8data,unsigneddlen,uint8res);`
`148`		`-int(decrypt) (PX_Cipherc,constuint8data,unsigneddlen,uint8res);`
	`147`	`+int(encrypt) (PX_Cipherc,intpadding,constuint8data,unsigneddlen,uint8res,unsigned*rlen);`
	`148`	`+int(decrypt) (PX_Cipherc,intpadding,constuint8data,unsigneddlen,uint8res,unsigned*rlen);`
`149`	`149`	`void(free) (PX_Cipherc);`
`150`	`150`	`/* private */`
`151`	`151`	`void*ptr;`
`@@ -208,10 +208,10 @@ voidpx_debug(const char *fmt,...) pg_attribute_printf(1, 2);`
`208`	`208`	`#definepx_cipher_block_size(c)(c)->block_size(c)`
`209`	`209`	`#definepx_cipher_iv_size(c)(c)->iv_size(c)`
`210`	`210`	`#definepx_cipher_init(c,k,klen,iv)(c)->init(c, k, klen, iv)`
`211`		`-#definepx_cipher_encrypt(c,data,dlen,res) \`
`212`		`-(c)->encrypt(c, data, dlen, res)`
`213`		`-#definepx_cipher_decrypt(c,data,dlen,res) \`
`214`		`-(c)->decrypt(c, data, dlen, res)`
	`211`	`+#definepx_cipher_encrypt(c,padding,data,dlen,res,rlen) \`
	`212`	`+(c)->encrypt(c,padding,data, dlen, res, rlen)`
	`213`	`+#definepx_cipher_decrypt(c,padding,data,dlen,res,rlen) \`
	`214`	`+(c)->decrypt(c,padding,data, dlen, res, rlen)`
`215`	`215`	`#definepx_cipher_free(c)(c)->free(c)`
`216`	`216`
`217`	`217`

`‎contrib/pgcrypto/sql/rijndael.sql`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,12 @@ SELECT encrypt(`
`24`	`24`	`'\x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',`
`25`	`25`	`'aes-cbc/pad:none');`
`26`	`26`
	`27`	`+-- without padding, input not multiple of block size`
	`28`	`+SELECT encrypt(`
	`29`	`+'\x00112233445566778899aabbccddeeff00',`
	`30`	`+'\x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',`
	`31`	`+'aes-cbc/pad:none');`
	`32`	`+`
`27`	`33`	`-- key padding`
`28`	`34`
`29`	`35`	`SELECT encrypt(`
`@@ -50,6 +56,12 @@ select encrypt('foo', '0123456789012345678901', 'aes');`
`50`	`56`
`51`	`57`	`-- decrypt`
`52`	`58`	`select encode(decrypt(encrypt('foo','0123456','aes'),'0123456','aes'),'escape');`
	`59`	`+-- data not multiple of block size`
	`60`	`+select encode(decrypt(encrypt('foo','0123456','aes')\|\|'\x00'::bytea,'0123456','aes'),'escape');`
	`61`	`+-- bad padding`
	`62`	`+-- (The input value is the result of encrypt_iv('abcdefghijklmnopqrstuvwxyz', '0123456', 'abcd', 'aes')`
	`63`	`+-- with the 16th byte changed (s/db/eb/) to corrupt the padding of the last block.)`
	`64`	`+select encode(decrypt_iv('\xa21a9c15231465964e3396d32095e67eb52bab05f556a581621dee1b85385789','0123456','abcd','aes'),'escape');`
`53`	`65`
`54`	`66`	`-- iv`
`55`	`67`	`select encrypt_iv('foo','0123456','abcd','aes');`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf5576a2

File tree

6 files changed

6 files changed

`‎contrib/pgcrypto/expected/rijndael.out`

`‎contrib/pgcrypto/openssl.c`

`‎contrib/pgcrypto/pgp-cfb.c`

`‎contrib/pgcrypto/px.c`

`‎contrib/pgcrypto/px.h`

`‎contrib/pgcrypto/sql/rijndael.sql`

0 commit comments