This is an automated email from the ASF dual-hosted git repository. laiyingchun pushed a commit to branch branch-1.17.x in repository https://gitbox.apache.org/repos/asf/kudu.git
commit fcbc4a3f3b51d5a8116b677d75878bb2feb57b01 Author: Alexey Serbin <ale...@apache.org> AuthorDate: Tue Oct 31 15:42:20 2023 -0700 [util] check if EVP_CIPHER_CTX_new() returns null Per documentation [1], EVP_CIPHER_CTX_new() can return nullptr in case of a failure. This patch updates the code to handle such a condition. I also updated the code to use the traits and ssl_make_unique() for brevity and uniformity across src/kudu/util and src/kudu/security. [1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_new.html Change-Id: Ia41c543325ed1407b5afce5d391a14e4ea0276d1 Reviewed-on: http://gerrit.cloudera.org:8080/20642 Tested-by: Kudu Jenkins Reviewed-by: Mahesh Reddy <mre...@cloudera.com> Reviewed-by: Attila Bukor <abu...@apache.org> (cherry picked from commit 09d185cce0f223feebfa4e2b00f70cb4103fe808) Reviewed-on: http://gerrit.cloudera.org:8080/20666 Reviewed-by: Yingchun Lai <laiyingc...@apache.org> --- src/kudu/util/env_posix.cc | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/src/kudu/util/env_posix.cc b/src/kudu/util/env_posix.cc index 27713f15e..b6cf3fcfb 100644 --- a/src/kudu/util/env_posix.cc +++ b/src/kudu/util/env_posix.cc @@ -88,6 +88,7 @@ using base::subtle::Atomic64; using base::subtle::Barrier_AtomicIncrement; +using kudu::security::ssl_make_unique; using std::accumulate; using std::string; using std::unique_ptr; @@ -222,10 +223,15 @@ const uint8_t kEncryptionHeaderSize = 64; const char* const kEncryptionHeaderMagic = "kuduenc"; -using evp_ctx_unique_ptr = std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)>; +namespace security { -namespace { +template<> struct SslTypeTraits<EVP_CIPHER_CTX> { + static constexpr auto kFreeFunc = &EVP_CIPHER_CTX_free; +}; +} // namespace security + +namespace { struct FreeDeleter { inline void operator()(void* ptr) const { @@ -452,10 +458,14 @@ Status DoEncryptV(const EncryptionHeader* eh, InlineBigEndianEncodeFixed64(&iv[0], 0); InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize); - evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free); - - OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm), - nullptr, eh->key, iv), + const auto* cipher = GetEVPCipher(eh->algorithm); + if (!cipher) { + return Status::RuntimeError( + StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm)); + } + auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new()); + OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context"); + OPENSSL_RET_NOT_OK(EVP_EncryptInit_ex(ctx.get(), cipher, nullptr, eh->key, iv), "Failed to initialize encryption"); OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0), "failed to disable padding"); @@ -497,9 +507,14 @@ Status DoDecryptV(const EncryptionHeader* eh, uint64_t offset, ArrayView<Slice> InlineBigEndianEncodeFixed64(&iv[0], 0); InlineBigEndianEncodeFixed64(&iv[8], offset / kEncryptionBlockSize); - evp_ctx_unique_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free); - OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), GetEVPCipher(eh->algorithm), - nullptr, eh->key, iv), + const auto* cipher = GetEVPCipher(eh->algorithm); + if (!cipher) { + return Status::RuntimeError( + StringPrintf("no cipher for algorithm 0x%02x", eh->algorithm)); + } + auto ctx = ssl_make_unique(EVP_CIPHER_CTX_new()); + OPENSSL_RET_IF_NULL(ctx, "failed to create cipher context"); + OPENSSL_RET_NOT_OK(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, eh->key, iv), "Failed to initialize decryption"); OPENSSL_RET_NOT_OK(EVP_CIPHER_CTX_set_padding(ctx.get(), 0), "failed to disable padding");