cryptohash_openssl.c File Reference

#include "postgres.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include "common/cryptohash.h"
#include "common/md5.h"
#include "common/sha1.h"
#include "common/sha2.h"
#include "utils/memutils.h"
#include "utils/resowner.h"

Include dependency graph for cryptohash_openssl.c:

Go to the source code of this file.

Data Structures
struct	pg_cryptohash_ctx

Macros
#define	ALLOC(size)   MemoryContextAlloc(TopMemoryContext, size)
#define	FREE(ptr)   pfree(ptr)

Typedefs
typedef enum pg_cryptohash_errno	pg_cryptohash_errno

Enumerations
enum	pg_cryptohash_errno {   PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN , PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN ,   PG_CRYPTOHASH_ERROR_OPENSSL }

Functions
static void	ResOwnerReleaseCryptoHash (Datum res)
static void	ResourceOwnerRememberCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
static void	ResourceOwnerForgetCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
static const char *	SSLerrmessage (unsigned long ecode)
pg_cryptohash_ctx *	pg_cryptohash_create (pg_cryptohash_type type)
int	pg_cryptohash_init (pg_cryptohash_ctx *ctx)
int	pg_cryptohash_update (pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
int	pg_cryptohash_final (pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
void	pg_cryptohash_free (pg_cryptohash_ctx *ctx)
const char *	pg_cryptohash_error (pg_cryptohash_ctx *ctx)

Variables
static const ResourceOwnerDesc	cryptohash_resowner_desc

Macro Definition Documentation

ALLOC

#define ALLOC

(

size

)

MemoryContextAlloc(TopMemoryContext, size)

Definition at line 42 of file cryptohash_openssl.c.

FREE

#define FREE

(

ptr

)

pfree(ptr)

Definition at line 43 of file cryptohash_openssl.c.

Typedef Documentation

pg_cryptohash_errno

typedef enum pg_cryptohash_errno pg_cryptohash_errno

Enumeration Type Documentation

pg_cryptohash_errno

enum pg_cryptohash_errno

Enumerator
PG_CRYPTOHASH_ERROR_NONE
PG_CRYPTOHASH_ERROR_DEST_LEN
PG_CRYPTOHASH_ERROR_NONE
PG_CRYPTOHASH_ERROR_DEST_LEN
PG_CRYPTOHASH_ERROR_OPENSSL

Definition at line 50 of file cryptohash_openssl.c.

{
    PG_CRYPTOHASH_ERROR_NONE = 0,
    PG_CRYPTOHASH_ERROR_DEST_LEN,
    PG_CRYPTOHASH_ERROR_OPENSSL,
} pg_cryptohash_errno;

Function Documentation

pg_cryptohash_create()

pg_cryptohash_ctx* pg_cryptohash_create

(

pg_cryptohash_type

type

)

Definition at line 122 of file cryptohash_openssl.c.

{
    pg_cryptohash_ctx *ctx;
 
    /*
     * Make sure that the resource owner has space to remember this reference.
     * This can error out with "out of memory", so do this before any other
     * allocation to avoid leaking.
     */
#ifndef FRONTEND
    ResourceOwnerEnlarge(CurrentResourceOwner);
#endif
 
    ctx = ALLOC(sizeof(pg_cryptohash_ctx));
    if (ctx == NULL)
        return NULL;
    memset(ctx, 0, sizeof(pg_cryptohash_ctx));
    ctx->type = type;
    ctx->error = PG_CRYPTOHASH_ERROR_NONE;
    ctx->errreason = NULL;
 
    /*
     * Initialization takes care of assigning the correct type for OpenSSL.
     * Also ensure that there aren't any unconsumed errors in the queue from
     * previous runs.
     */
    ERR_clear_error();
    ctx->evpctx = EVP_MD_CTX_create();
 
    if (ctx->evpctx == NULL)
    {
        explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
        FREE(ctx);
#ifndef FRONTEND
        ereport(ERROR,
                (errcode(ERRCODE_OUT_OF_MEMORY),
                 errmsg("out of memory")));
#else
        return NULL;
#endif
    }
 
#ifndef FRONTEND
    ctx->resowner = CurrentResourceOwner;
    ResourceOwnerRememberCryptoHash(CurrentResourceOwner, ctx);
#endif
 
    return ctx;
}

References ALLOC, CurrentResourceOwner, ereport, errcode(), errmsg(), pg_cryptohash_ctx::error, ERROR, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, PG_CRYPTOHASH_ERROR_NONE, ResourceOwnerEnlarge(), ResourceOwnerRememberCryptoHash(), pg_cryptohash_ctx::resowner, type, and pg_cryptohash_ctx::type.

pg_cryptohash_error()

const char* pg_cryptohash_error

(

pg_cryptohash_ctx *

ctx

)

Definition at line 349 of file cryptohash_openssl.c.

{
    /*
     * This implementation would never fail because of an out-of-memory error,
     * except when creating the context.
     */
    if (ctx == NULL)
        return _("out of memory");
 
    /*
     * If a reason is provided, rely on it, else fallback to any error code
     * set.
     */
    if (ctx->errreason)
        return ctx->errreason;
 
    switch (ctx->error)
    {
        case PG_CRYPTOHASH_ERROR_NONE:
            return _("success");
        case PG_CRYPTOHASH_ERROR_DEST_LEN:
            return _("destination buffer too small");
        case PG_CRYPTOHASH_ERROR_OPENSSL:
            return _("OpenSSL failure");
    }
 
    Assert(false);              /* cannot be reached */
    return _("success");
}

References _, Assert(), pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_NONE, and PG_CRYPTOHASH_ERROR_OPENSSL.

pg_cryptohash_final()

int pg_cryptohash_final	(	pg_cryptohash_ctx *	ctx,
		uint8 *	dest,
		size_t	len
	)

Definition at line 255 of file cryptohash_openssl.c.

{
    int         status = 0;
 
    if (ctx == NULL)
        return -1;
 
    switch (ctx->type)
    {
        case PG_MD5:
            if (len < MD5_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
        case PG_SHA1:
            if (len < SHA1_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
        case PG_SHA224:
            if (len < PG_SHA224_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
        case PG_SHA256:
            if (len < PG_SHA256_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
        case PG_SHA384:
            if (len < PG_SHA384_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
        case PG_SHA512:
            if (len < PG_SHA512_DIGEST_LENGTH)
            {
                ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
                return -1;
            }
            break;
    }
 
    status = EVP_DigestFinal_ex(ctx->evpctx, dest, 0);
 
    /* OpenSSL internals return 1 on success, 0 on failure */
    if (status <= 0)
    {
        ctx->errreason = SSLerrmessage(ERR_get_error());
        ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
        return -1;
    }
    return 0;
}

References generate_unaccent_rules::dest, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, MD5_DIGEST_LENGTH, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA224_DIGEST_LENGTH, PG_SHA256, PG_SHA256_DIGEST_LENGTH, PG_SHA384, PG_SHA384_DIGEST_LENGTH, PG_SHA512, PG_SHA512_DIGEST_LENGTH, SHA1_DIGEST_LENGTH, SSLerrmessage(), and pg_cryptohash_ctx::type.

pg_cryptohash_free()

void pg_cryptohash_free

(

pg_cryptohash_ctx *

ctx

)

Definition at line 326 of file cryptohash_openssl.c.

{
    if (ctx == NULL)
        return;
 
    EVP_MD_CTX_destroy(ctx->evpctx);
 
#ifndef FRONTEND
    if (ctx->resowner)
        ResourceOwnerForgetCryptoHash(ctx->resowner, ctx);
#endif
 
    explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
    FREE(ctx);
}

References pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, ResourceOwnerForgetCryptoHash(), and pg_cryptohash_ctx::resowner.

Referenced by ResOwnerReleaseCryptoHash().

pg_cryptohash_init()

int pg_cryptohash_init

(

pg_cryptohash_ctx *

ctx

)

Definition at line 178 of file cryptohash_openssl.c.

{
    int         status = 0;
 
    if (ctx == NULL)
        return -1;
 
    switch (ctx->type)
    {
        case PG_MD5:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_md5(), NULL);
            break;
        case PG_SHA1:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha1(), NULL);
            break;
        case PG_SHA224:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha224(), NULL);
            break;
        case PG_SHA256:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha256(), NULL);
            break;
        case PG_SHA384:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha384(), NULL);
            break;
        case PG_SHA512:
            status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha512(), NULL);
            break;
    }
 
    /* OpenSSL internals return 1 on success, 0 on failure */
    if (status <= 0)
    {
        ctx->errreason = SSLerrmessage(ERR_get_error());
        ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
 
        /*
         * The OpenSSL error queue should normally be empty since we've
         * consumed an error, but cipher initialization can in FIPS-enabled
         * OpenSSL builds generate two errors so clear the queue here as well.
         */
        ERR_clear_error();
        return -1;
    }
    return 0;
}

References pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA256, PG_SHA384, PG_SHA512, SSLerrmessage(), and pg_cryptohash_ctx::type.

pg_cryptohash_update()

int pg_cryptohash_update	(	pg_cryptohash_ctx *	ctx,
		const uint8 *	data,
		size_t	len
	)

Definition at line 230 of file cryptohash_openssl.c.

{
    int         status = 0;
 
    if (ctx == NULL)
        return -1;
 
    status = EVP_DigestUpdate(ctx->evpctx, data, len);
 
    /* OpenSSL internals return 1 on success, 0 on failure */
    if (status <= 0)
    {
        ctx->errreason = SSLerrmessage(ERR_get_error());
        ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
        return -1;
    }
    return 0;
}

References data, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, PG_CRYPTOHASH_ERROR_OPENSSL, and SSLerrmessage().

ResourceOwnerForgetCryptoHash()

static void ResourceOwnerForgetCryptoHash ( ResourceOwner  owner, pg_cryptohash_ctx *  ctx  )

inlinestatic

Definition at line 96 of file cryptohash_openssl.c.

{
    ResourceOwnerForget(owner, PointerGetDatum(ctx), &cryptohash_resowner_desc);
}

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by pg_cryptohash_free().

ResourceOwnerRememberCryptoHash()

static void ResourceOwnerRememberCryptoHash ( ResourceOwner  owner, pg_cryptohash_ctx *  ctx  )

inlinestatic

Definition at line 91 of file cryptohash_openssl.c.

{
    ResourceOwnerRemember(owner, PointerGetDatum(ctx), &cryptohash_resowner_desc);
}

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by pg_cryptohash_create().

ResOwnerReleaseCryptoHash()

static void ResOwnerReleaseCryptoHash ( Datum  res )

static

Definition at line 383 of file cryptohash_openssl.c.

{
    pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) DatumGetPointer(res);
 
    ctx->resowner = NULL;
    pg_cryptohash_free(ctx);
}

References DatumGetPointer(), pg_cryptohash_free(), res, and pg_cryptohash_ctx::resowner.

SSLerrmessage()

static const char* SSLerrmessage ( unsigned long  ecode )

static

Definition at line 103 of file cryptohash_openssl.c.

{
    if (ecode == 0)
        return NULL;
 
    /*
     * This may return NULL, but we would fall back to a default error path if
     * that were the case.
     */
    return ERR_reason_error_string(ecode);
}

Referenced by pg_cryptohash_final(), pg_cryptohash_init(), and pg_cryptohash_update().

Variable Documentation

cryptohash_resowner_desc

const ResourceOwnerDesc cryptohash_resowner_desc

static

Initial value:

=
{
    .name = "OpenSSL cryptohash context",
    .release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
    .release_priority = RELEASE_PRIO_CRYPTOHASH_CONTEXTS,
    .ReleaseResource = ResOwnerReleaseCryptoHash,
    .DebugPrint = NULL          
}

Definition at line 80 of file cryptohash_openssl.c.

Referenced by ResourceOwnerForgetCryptoHash(), and ResourceOwnerRememberCryptoHash().