Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> from some looking at the code in pgcrypto.c it seems to me that the
> coding pattern in most functions there only checks for errors from the
> corresponding initialization function, in the case of say decrypt_iv()
> that means only the IV and the key are actually "validated" because that
> is what the init function sees(it never sees that data!), if the actual
> decrypt call fails (because the data is maybe a bit weird^broken) it
> will happily ignore that and return random data.
Yeah. In pg_decrypt() we have
err = px_combo_init(c, (uint8 *) VARDATA(key), klen, NULL, 0);
if (!err)
err = px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen,
(uint8 *) VARDATA(res), &rlen);
but in pg_decrypt_iv() it's just
err = px_combo_init(c, (uint8 *) VARDATA(key), klen,
(uint8 *) VARDATA(iv), ivlen);
if (!err)
px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen,
(uint8 *) VARDATA(res), &rlen);
It looks to me like the result of px_combo_decrypt should be assigned to
"err" here. If I make that change, the test case you provide is
rejected:
ERROR: decrypt_iv error: Data not a multiple of block size
but the module's regression tests all still pass, indicating that this
sort of case isn't tested.
pg_encrypt_iv() has the identical usage error with respect to
px_combo_encrypt.
Marko, does this look right to you?
regards, tom lane
