Re: pgcrypto decrypt_iv() issue

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
Cc: Postgres-Bugs <pgsql-bugs(at)postgresql(dot)org>, Marko Kreen <markokr(at)gmail(dot)com>
Subject: Re: pgcrypto decrypt_iv() issue
Date: 2012-01-27 06:37:11
Message-ID: 23889.1327646231@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> from some looking at the code in pgcrypto.c it seems to me that the
> coding pattern in most functions there only checks for errors from the
> corresponding initialization function, in the case of say decrypt_iv()
> that means only the IV and the key are actually "validated" because that
> is what the init function sees(it never sees that data!), if the actual
> decrypt call fails (because the data is maybe a bit weird^broken) it
> will happily ignore that and return random data.

Yeah. In pg_decrypt() we have

err = px_combo_init(c, (uint8 *) VARDATA(key), klen, NULL, 0);
if (!err)
err = px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen,
(uint8 *) VARDATA(res), &rlen);

but in pg_decrypt_iv() it's just

err = px_combo_init(c, (uint8 *) VARDATA(key), klen,
(uint8 *) VARDATA(iv), ivlen);
if (!err)
px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen,
(uint8 *) VARDATA(res), &rlen);

It looks to me like the result of px_combo_decrypt should be assigned to
"err" here. If I make that change, the test case you provide is
rejected:

ERROR: decrypt_iv error: Data not a multiple of block size

but the module's regression tests all still pass, indicating that this
sort of case isn't tested.

pg_encrypt_iv() has the identical usage error with respect to
px_combo_encrypt.

Marko, does this look right to you?

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Magnus Hagander 2012-01-27 09:38:33 Re: Doc-bug; minor typo in auto_explain documentation
Previous Message Jeff Davis 2012-01-27 02:06:07 Re: 8.4, 9.0 bug (doesn't exist in 9.1) related to window functions