Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
2dot5
ClickHouse
提交
52396acb
C
ClickHouse
项目概览
2dot5
/
ClickHouse
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
ClickHouse
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
52396acb
编写于
3月 25, 2021
作者:
A
alexey-milovidov
提交者:
GitHub
3月 25, 2021
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #22064 from ClickHouse/fix-overflow-aes
Fix missing check in decrypt for AEAD mode
上级
cb692662
6341b083
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
16 addition
and
4 deletion
+16
-4
docker/test/fasttest/run.sh
docker/test/fasttest/run.sh
+1
-0
src/Functions/FunctionsAES.h
src/Functions/FunctionsAES.h
+14
-4
tests/queries/0_stateless/01776_decrypt_aead_size_check.reference
...eries/0_stateless/01776_decrypt_aead_size_check.reference
+0
-0
tests/queries/0_stateless/01776_decrypt_aead_size_check.sql
tests/queries/0_stateless/01776_decrypt_aead_size_check.sql
+1
-0
未找到文件。
docker/test/fasttest/run.sh
浏览文件 @
52396acb
...
...
@@ -292,6 +292,7 @@ function run_tests
01318_decrypt
# Depends on OpenSSL
01663_aes_msan
# Depends on OpenSSL
01667_aes_args_check
# Depends on OpenSSL
01776_decrypt_aead_size_check
# Depends on OpenSSL
01281_unsucceeded_insert_select_queries_counter
01292_create_user
01294_lazy_database_concurrent
...
...
src/Functions/FunctionsAES.h
浏览文件 @
52396acb
...
...
@@ -538,8 +538,9 @@ private:
[[
maybe_unused
]]
const
auto
block_size
=
static_cast
<
size_t
>
(
EVP_CIPHER_block_size
(
evp_cipher
));
[[
maybe_unused
]]
const
auto
iv_size
=
static_cast
<
size_t
>
(
EVP_CIPHER_iv_length
(
evp_cipher
));
const
auto
key_size
=
static_cast
<
size_t
>
(
EVP_CIPHER_key_length
(
evp_cipher
));
const
auto
tag_size
=
16
;
// https://tools.ietf.org/html/rfc5116#section-5.1
const
size_t
key_size
=
static_cast
<
size_t
>
(
EVP_CIPHER_key_length
(
evp_cipher
));
static
constexpr
size_t
tag_size
=
16
;
// https://tools.ietf.org/html/rfc5116#section-5.1
auto
decrypted_result_column
=
ColumnString
::
create
();
auto
&
decrypted_result_column_data
=
decrypted_result_column
->
getChars
();
...
...
@@ -549,9 +550,17 @@ private:
size_t
resulting_size
=
0
;
for
(
size_t
r
=
0
;
r
<
input_rows_count
;
++
r
)
{
resulting_size
+=
input_column
->
getDataAt
(
r
).
size
+
1
;
size_t
string_size
=
input_column
->
getDataAt
(
r
).
size
;
resulting_size
+=
string_size
+
1
;
/// With terminating zero.
if
constexpr
(
mode
==
CipherMode
::
RFC5116_AEAD_AES_GCM
)
{
if
(
string_size
<
tag_size
)
throw
Exception
(
"Encrypted data is smaller than the size of additional data for AEAD mode, cannot decrypt."
,
ErrorCodes
::
BAD_ARGUMENTS
);
resulting_size
-=
tag_size
;
}
}
#if defined(MEMORY_SANITIZER)
...
...
@@ -565,6 +574,7 @@ private:
decrypted_result_column_data
.
resize
(
resulting_size
);
#endif
}
auto
*
decrypted
=
decrypted_result_column_data
.
data
();
KeyHolder
<
mode
>
key_holder
;
...
...
@@ -631,7 +641,7 @@ private:
// 1.a.2: Set AAD if present
if
(
aad_column
)
{
const
auto
aad_data
=
aad_column
->
getDataAt
(
r
);
StringRef
aad_data
=
aad_column
->
getDataAt
(
r
);
int
tmp_len
=
0
;
if
(
aad_data
.
size
!=
0
&&
EVP_DecryptUpdate
(
evp_ctx
,
nullptr
,
&
tmp_len
,
reinterpret_cast
<
const
unsigned
char
*>
(
aad_data
.
data
),
aad_data
.
size
)
!=
1
)
...
...
tests/queries/0_stateless/01776_decrypt_aead_size_check.reference
0 → 100644
浏览文件 @
52396acb
tests/queries/0_stateless/01776_decrypt_aead_size_check.sql
0 → 100644
浏览文件 @
52396acb
SELECT
decrypt
(
'aes-128-gcm'
,
'text'
,
'key'
,
'IV'
);
-- { serverError 36 }
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录