This is an automated email from the ASF dual-hosted git repository.
laiyingchun pushed a commit to branch branch-1.17.x
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit fcbc4a3f3b51d5a8116b677d75878bb2feb57b01
Author: Alexey Serbin <ale...@apache.org>
AuthorDate: Tue Oct 31 15:42:20 2023 -0700
[util] check if EVP_CIPHER_CTX_new() returns null
Per documentation [1], EVP_CIPHER_CTX_new() can return nullptr in case
of a failure. This patch updates the code to handle such a condition.
I also updated the code to use the traits and ssl_make_unique() for
brevity and uniformity across src/kudu/util and src/kudu/security.
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_new.html
Change-Id: Ia41c543325ed1407b5afce5d391a14e4ea0276d1
Reviewed-on: http://gerrit.cloudera.org:8080/20642
Tested-by: Kudu Jenkins
Reviewed-by: Mahesh Reddy <mre...@cloudera.com>
Reviewed-by: Attila Bukor <abu...@apache.org>
(cherry picked from commit 09d185cce0f223feebfa4e2b00f70cb4103fe808)
Reviewed-on: http://gerrit.cloudera.org:8080/20666
Reviewed-by: Yingchun Lai <laiyingc...@apache.org>
---
src/kudu/util/env_posix.cc | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/src/kudu/util/env_posix.cc b/src/kudu/util/env_posix.cc
index 27713f15e..b6cf3fcfb 100644
--- a/src/kudu/util/env_posix.cc
+++ b/src/kudu/util/env_posix.cc
@@ -88,6 +88,7 @@
using base::subtle::Atomic64;
using base::subtle::Barrier_AtomicIncrement;
+using kudu::security::ssl_make_unique;
using std::accumulate;
using std::string;
using std::unique_ptr;
@@ -222,10 +223,15 @@ const uint8_t kEncryptionHeaderSize = 64;
const char* const kEncryptionHeaderMagic = "kuduenc";
-using evp_ctx_unique_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+namespace security {
-namespace {
+template<> struct SslTypeTraits<EVP_CIPHER_CTX> {
+ static constexpr auto kFreeFunc = &EVP_CIPHER_CTX_free;
+};
+} // namespace security
+
+namespace {
struct FreeDeleter {
inline void operator()(void* ptr) const {
@@ -452,10 +458,14 @@ Status DoEncryptV(const EncryptionHeader* eh,
InlineBigEndianEncodeFixed64(&iv[0], 0);
InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize);
- evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
-
- OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm),
- nullptr, eh->key, iv),
+ const auto* cipher = GetEVPCipher(eh->algorithm);
+ if (!cipher) {
+ return Status::RuntimeError(
+ StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm));
+ }
+ auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new());
+ OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context");
+ OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), cipher, nullptr, eh->key,
iv),
"Failed to initialize encryption");
OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0),
"failed to disable padding");
@@ -497,9 +507,14 @@ Status DoDecryptV(const EncryptionHeader* eh, uint64_t
offset, ArrayView<Slice>
InlineBigEndianEncodeFixed64(&iv[0], 0);
InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize);
- evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
- OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm),
- nullptr, eh->key, iv),
+ const auto* cipher = GetEVPCipher(eh->algorithm);
+ if (!cipher) {
+ return Status::RuntimeError(
+ StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm));
+ }
+ auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new());
+ OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context");
+ OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, eh->key,
iv),
"Failed to initialize decryption");
OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0),
"failed to disable padding");
