Fix and simplify some code related to cryptohashes

This commit addresses two issues:
- In pgcrypto, MD5 computation called pg_cryptohash_{init,update,final}
without checking for the result status.
- Simplify pg_checksum_raw_context to use only one variable for all the
SHA2 options available in checksum manifests.

Reported-by: Heikki Linnakangas
Discussion: https://postgr.es/m/f62f26bb-47a5-8411-46e5-4350823e06a5@iki.fi

diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
index ea377bdf83ae9d2af9880cce51c2d7f2159a94f0..79ce5135992d43b3ddf28e00931dd533fe62fe1a 100644 (file)
--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -96,7 +96,8 @@ int_md5_update(PX_MD *h, const uint8 *data, unsigned dlen)
 {
    pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-   pg_cryptohash_update(ctx, data, dlen);
+   if (pg_cryptohash_update(ctx, data, dlen) < 0)
+       elog(ERROR, "could not update %s context", "MD5");
 }
 
 static void
@@ -104,7 +105,8 @@ int_md5_reset(PX_MD *h)
 {
    pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-   pg_cryptohash_init(ctx);
+   if (pg_cryptohash_init(ctx) < 0)
+       elog(ERROR, "could not initialize %s context", "MD5");
 }
 
 static void
@@ -112,7 +114,8 @@ int_md5_finish(PX_MD *h, uint8 *dst)
 {
    pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
 
-   pg_cryptohash_final(ctx, dst);
+   if (pg_cryptohash_final(ctx, dst) < 0)
+       elog(ERROR, "could not finalize %s context", "MD5");
 }
 
 static void

diff --git a/src/common/checksum_helper.c b/src/common/checksum_helper.c
index f6b49de405e5e0386846b257ecf636b44559f094..2881b2c178d7c11c45b95e74abb81bd7ef7e2427 100644 (file)
--- a/src/common/checksum_helper.c
+++ b/src/common/checksum_helper.c
@@ -93,42 +93,42 @@ pg_checksum_init(pg_checksum_context *context, pg_checksum_type type)
            INIT_CRC32C(context->raw_context.c_crc32c);
            break;
        case CHECKSUM_TYPE_SHA224:
-           context->raw_context.c_sha224 = pg_cryptohash_create(PG_SHA224);
-           if (context->raw_context.c_sha224 == NULL)
+           context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA224);
+           if (context->raw_context.c_sha2 == NULL)
                return -1;
-           if (pg_cryptohash_init(context->raw_context.c_sha224) < 0)
+           if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
            {
-               pg_cryptohash_free(context->raw_context.c_sha224);
+               pg_cryptohash_free(context->raw_context.c_sha2);
                return -1;
            }
            break;
        case CHECKSUM_TYPE_SHA256:
-           context->raw_context.c_sha256 = pg_cryptohash_create(PG_SHA256);
-           if (context->raw_context.c_sha256 == NULL)
+           context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA256);
+           if (context->raw_context.c_sha2 == NULL)
                return -1;
-           if (pg_cryptohash_init(context->raw_context.c_sha256) < 0)
+           if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
            {
-               pg_cryptohash_free(context->raw_context.c_sha256);
+               pg_cryptohash_free(context->raw_context.c_sha2);
                return -1;
            }
            break;
        case CHECKSUM_TYPE_SHA384:
-           context->raw_context.c_sha384 = pg_cryptohash_create(PG_SHA384);
-           if (context->raw_context.c_sha384 == NULL)
+           context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA384);
+           if (context->raw_context.c_sha2 == NULL)
                return -1;
-           if (pg_cryptohash_init(context->raw_context.c_sha384) < 0)
+           if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
            {
-               pg_cryptohash_free(context->raw_context.c_sha384);
+               pg_cryptohash_free(context->raw_context.c_sha2);
                return -1;
            }
            break;
        case CHECKSUM_TYPE_SHA512:
-           context->raw_context.c_sha512 = pg_cryptohash_create(PG_SHA512);
-           if (context->raw_context.c_sha512 == NULL)
+           context->raw_context.c_sha2 = pg_cryptohash_create(PG_SHA512);
+           if (context->raw_context.c_sha2 == NULL)
                return -1;
-           if (pg_cryptohash_init(context->raw_context.c_sha512) < 0)
+           if (pg_cryptohash_init(context->raw_context.c_sha2) < 0)
            {
-               pg_cryptohash_free(context->raw_context.c_sha512);
+               pg_cryptohash_free(context->raw_context.c_sha2);
                return -1;
            }
            break;
@@ -154,19 +154,10 @@ pg_checksum_update(pg_checksum_context *context, const uint8 *input,
            COMP_CRC32C(context->raw_context.c_crc32c, input, len);
            break;
        case CHECKSUM_TYPE_SHA224:
-           if (pg_cryptohash_update(context->raw_context.c_sha224, input, len) < 0)
-               return -1;
-           break;
        case CHECKSUM_TYPE_SHA256:
-           if (pg_cryptohash_update(context->raw_context.c_sha256, input, len) < 0)
-               return -1;
-           break;
        case CHECKSUM_TYPE_SHA384:
-           if (pg_cryptohash_update(context->raw_context.c_sha384, input, len) < 0)
-               return -1;
-           break;
        case CHECKSUM_TYPE_SHA512:
-           if (pg_cryptohash_update(context->raw_context.c_sha512, input, len) < 0)
+           if (pg_cryptohash_update(context->raw_context.c_sha2, input, len) < 0)
                return -1;
            break;
    }
@@ -207,27 +198,27 @@ pg_checksum_final(pg_checksum_context *context, uint8 *output)
            memcpy(output, &context->raw_context.c_crc32c, retval);
            break;
        case CHECKSUM_TYPE_SHA224:
-           if (pg_cryptohash_final(context->raw_context.c_sha224, output) < 0)
+           if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
                return -1;
-           pg_cryptohash_free(context->raw_context.c_sha224);
+           pg_cryptohash_free(context->raw_context.c_sha2);
            retval = PG_SHA224_DIGEST_LENGTH;
            break;
        case CHECKSUM_TYPE_SHA256:
-           if (pg_cryptohash_final(context->raw_context.c_sha256, output) < 0)
+           if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
                return -1;
-           pg_cryptohash_free(context->raw_context.c_sha256);
+           pg_cryptohash_free(context->raw_context.c_sha2);
            retval = PG_SHA224_DIGEST_LENGTH;
            break;
        case CHECKSUM_TYPE_SHA384:
-           if (pg_cryptohash_final(context->raw_context.c_sha384, output) < 0)
+           if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
                return -1;
-           pg_cryptohash_free(context->raw_context.c_sha384);
+           pg_cryptohash_free(context->raw_context.c_sha2);
            retval = PG_SHA384_DIGEST_LENGTH;
            break;
        case CHECKSUM_TYPE_SHA512:
-           if (pg_cryptohash_final(context->raw_context.c_sha512, output) < 0)
+           if (pg_cryptohash_final(context->raw_context.c_sha2, output) < 0)
                return -1;
-           pg_cryptohash_free(context->raw_context.c_sha512);
+           pg_cryptohash_free(context->raw_context.c_sha2);
            retval = PG_SHA512_DIGEST_LENGTH;
            break;
    }

diff --git a/src/include/common/checksum_helper.h b/src/include/common/checksum_helper.h
index ebdf1ccf447f13ec9c6001d0b4d4a6b1e5b02982..cac7570ea13773a9cded668fdeb028d2334990a6 100644 (file)
--- a/src/include/common/checksum_helper.h
+++ b/src/include/common/checksum_helper.h
@@ -42,10 +42,7 @@ typedef enum pg_checksum_type
 typedef union pg_checksum_raw_context
 {
    pg_crc32c   c_crc32c;
-   pg_cryptohash_ctx *c_sha224;
-   pg_cryptohash_ctx *c_sha256;
-   pg_cryptohash_ctx *c_sha384;
-   pg_cryptohash_ctx *c_sha512;
+   pg_cryptohash_ctx *c_sha2;
 } pg_checksum_raw_context;
 
 /*