This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 09d185cce [util] check if EVP_CIPHER_CTX_new() returns null
09d185cce is described below
commit 09d185cce0f223feebfa4e2b00f70cb4103fe808
Author: Alexey Serbin <[email protected]>
AuthorDate: Tue Oct 31 15:42:20 2023 -0700
[util] check if EVP_CIPHER_CTX_new() returns null
Per documentation [1], EVP_CIPHER_CTX_new() can return nullptr in case
of a failure. This patch updates the code to handle such a condition.
I also updated the code to use the traits and ssl_make_unique() for
brevity and uniformity across src/kudu/util and src/kudu/security.
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_new.html
Change-Id: Ia41c543325ed1407b5afce5d391a14e4ea0276d1
Reviewed-on: http://gerrit.cloudera.org:8080/20642
Tested-by: Kudu Jenkins
Reviewed-by: Mahesh Reddy <[email protected]>
Reviewed-by: Attila Bukor <[email protected]>
---
src/kudu/util/env_posix.cc | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/src/kudu/util/env_posix.cc b/src/kudu/util/env_posix.cc
index 74eb76bba..9ac97a9ba 100644
--- a/src/kudu/util/env_posix.cc
+++ b/src/kudu/util/env_posix.cc
@@ -89,6 +89,7 @@
using base::subtle::Atomic64;
using base::subtle::Barrier_AtomicIncrement;
+using kudu::security::ssl_make_unique;
using std::accumulate;
using std::shared_ptr;
using std::string;
@@ -242,10 +243,15 @@ const uint8_t kEncryptionHeaderSize = 64;
const char* const kEncryptionHeaderMagic = "kuduenc";
-using evp_ctx_unique_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+namespace security {
-namespace {
+template<> struct SslTypeTraits<EVP_CIPHER_CTX> {
+ static constexpr auto kFreeFunc = &EVP_CIPHER_CTX_free;
+};
+} // namespace security
+
+namespace {
struct FreeDeleter {
inline void operator()(void* ptr) const {
@@ -472,10 +478,14 @@ Status DoEncryptV(const EncryptionHeader* eh,
InlineBigEndianEncodeFixed64(&iv[0], 0);
InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize);
- evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
-
- OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm),
- nullptr, eh->key, iv),
+ const auto* cipher = GetEVPCipher(eh->algorithm);
+ if (!cipher) {
+ return Status::RuntimeError(
+ StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm));
+ }
+ auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new());
+ OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context");
+ OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), cipher, nullptr, eh->key,
iv),
"Failed to initialize encryption");
OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0),
"failed to disable padding");
@@ -517,9 +527,14 @@ Status DoDecryptV(const EncryptionHeader* eh, uint64_t
offset, ArrayView<Slice>
InlineBigEndianEncodeFixed64(&iv[0], 0);
InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize);
- evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
- OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm),
- nullptr, eh->key, iv),
+ const auto* cipher = GetEVPCipher(eh->algorithm);
+ if (!cipher) {
+ return Status::RuntimeError(
+ StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm));
+ }
+ auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new());
+ OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context");
+ OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, eh->key,
iv),
"Failed to initialize decryption");
OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0),
"failed to disable padding");
