Fix generation of padding message before encrypting Elgamal in pgcrypto

fe0a0b5, which has added a stronger random source in Postgres, has introduced a thinko when creating a padding message which gets encrypted for Elgamal. The padding message cannot have zeros, which are replaced by random bytes. However if pg_strong_random() failed, the message would finish by being considered in correct shape for encryption with zeros. Author: Tom Lane Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/20186.1546188423@sss.pgh.pa.us Backpatch-through: 10
author: Michael Paquier <michael@paquier.xyz> 2019-01-01 10:39:29 +0900
committer: Michael Paquier <michael@paquier.xyz> 2019-01-01 10:39:29 +0900
commit: 2882bab920a41186ed9ec719947b1e730fd335a8 (patch)
tree: 5d07c3ec3c3746bb502032e3e8bc40d177bc5fa9
parent: 6dd690be366148ad0cd9a7f99ca094d89aa76f02 (diff)
download: postgresql-2882bab920a41186ed9ec719947b1e730fd335a8.tar.gz
postgresql-2882bab920a41186ed9ec719947b1e730fd335a8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c
index 44398766643..e4ff832f90d 100644
--- a/contrib/pgcrypto/pgp-pubenc.c
+++ b/contrib/pgcrypto/pgp-pubenc.c
@@ -66,7 +66,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
 			{
 				px_memset(buf, 0, res_len);
 				px_free(buf);
-				break;
+				return PXE_NO_RANDOM;
 			}
 		}
 		if (*p != 0)
author	Michael Paquier <michael@paquier.xyz>	2019-01-01 10:39:29 +0900
committer	Michael Paquier <michael@paquier.xyz>	2019-01-01 10:39:29 +0900
commit	2882bab920a41186ed9ec719947b1e730fd335a8 (patch)
tree	5d07c3ec3c3746bb502032e3e8bc40d177bc5fa9
parent	6dd690be366148ad0cd9a7f99ca094d89aa76f02 (diff)
download	postgresql-2882bab920a41186ed9ec719947b1e730fd335a8.tar.gz postgresql-2882bab920a41186ed9ec719947b1e730fd335a8.zip