On 11.03.21 11:41, Daniel Gustafsson wrote:
Then there are a few where we get padding back where we really should have
ended up with the "Cipher cannot be initialized" error since DES is in the
legacy provider:
select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd',
'des');
- decrypt_iv
-------------
- foo
+ decrypt_iv
+----------------------------------
+ \177\177\177\177\177\177\177\177
(1 row)
The attached patch appears to address these cases.
From 1b9cf580e9e441806def681eea71ce6fd2228206 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <pe...@eisentraut.org>
Date: Thu, 11 Mar 2021 23:58:29 +0100
Subject: [PATCH] Check for error return of px_cipher_decrypt()
---
contrib/pgcrypto/px.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index a243f575d3..4205e9c3ef 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -292,6 +292,7 @@ static int
combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
uint8 *res, unsigned *rlen)
{
+ int err = 0;
unsigned bs,
i,
pad;
@@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned
dlen,
/* decrypt */
*rlen = dlen;
- px_cipher_decrypt(c, data, dlen, res);
+ err = px_cipher_decrypt(c, data, dlen, res);
+ if (err)
+ return err;
/* unpad */
if (bs > 1 && cx->padding)
--
2.30.1
