On 11.03.21 11:41, Daniel Gustafsson wrote:
Then there are a few where we get padding back where we really should have ended up with the "Cipher cannot be initialized" error since DES is in the legacy provider:select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des'); - decrypt_iv ------------- - foo + decrypt_iv +---------------------------------- + \177\177\177\177\177\177\177\177 (1 row)
The attached patch appears to address these cases.
From 1b9cf580e9e441806def681eea71ce6fd2228206 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <[email protected]> Date: Thu, 11 Mar 2021 23:58:29 +0100 Subject: [PATCH] Check for error return of px_cipher_decrypt() --- contrib/pgcrypto/px.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index a243f575d3..4205e9c3ef 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -292,6 +292,7 @@ static int combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen) { + int err = 0; unsigned bs, i, pad; @@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, /* decrypt */ *rlen = dlen; - px_cipher_decrypt(c, data, dlen, res); + err = px_cipher_decrypt(c, data, dlen, res); + if (err) + return err; /* unpad */ if (bs > 1 && cx->padding) -- 2.30.1
