PostgreSQL Source Code git master
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
cryptohash_openssl.c File Reference
#include "postgres.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include "common/cryptohash.h"
#include "common/md5.h"
#include "common/sha1.h"
#include "common/sha2.h"
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for cryptohash_openssl.c:

Go to the source code of this file.

Data Structures

struct  pg_cryptohash_ctx
 

Macros

#define ALLOC(size)   MemoryContextAlloc(TopMemoryContext, size)
 
#define FREE(ptr)   pfree(ptr)
 

Typedefs

typedef enum pg_cryptohash_errno pg_cryptohash_errno
 

Enumerations

enum  pg_cryptohash_errno {
  PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN , PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN ,
  PG_CRYPTOHASH_ERROR_OPENSSL
}
 

Functions

static void ResOwnerReleaseCryptoHash (Datum res)
 
static void ResourceOwnerRememberCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
 
static void ResourceOwnerForgetCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
 
static const char * SSLerrmessage (unsigned long ecode)
 
pg_cryptohash_ctxpg_cryptohash_create (pg_cryptohash_type type)
 
int pg_cryptohash_init (pg_cryptohash_ctx *ctx)
 
int pg_cryptohash_update (pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
 
int pg_cryptohash_final (pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
 
void pg_cryptohash_free (pg_cryptohash_ctx *ctx)
 
const char * pg_cryptohash_error (pg_cryptohash_ctx *ctx)
 

Variables

static const ResourceOwnerDesc cryptohash_resowner_desc
 

Macro Definition Documentation

◆ ALLOC

#define ALLOC (   size)    MemoryContextAlloc(TopMemoryContext, size)

Definition at line 42 of file cryptohash_openssl.c.

◆ FREE

#define FREE (   ptr)    pfree(ptr)

Definition at line 43 of file cryptohash_openssl.c.

Typedef Documentation

◆ pg_cryptohash_errno

typedef enum pg_cryptohash_errno pg_cryptohash_errno

Enumeration Type Documentation

◆ pg_cryptohash_errno

enum pg_cryptohash_errno
Enumerator
PG_CRYPTOHASH_ERROR_NONE 
PG_CRYPTOHASH_ERROR_DEST_LEN 
PG_CRYPTOHASH_ERROR_NONE 
PG_CRYPTOHASH_ERROR_DEST_LEN 
PG_CRYPTOHASH_ERROR_OPENSSL 

Definition at line 50 of file cryptohash_openssl.c.

51{
52 PG_CRYPTOHASH_ERROR_NONE = 0,
53 PG_CRYPTOHASH_ERROR_DEST_LEN,
54 PG_CRYPTOHASH_ERROR_OPENSSL,
55} pg_cryptohash_errno;
pg_cryptohash_errno
pg_cryptohash_errno
Definition: cryptohash_openssl.c:51
PG_CRYPTOHASH_ERROR_DEST_LEN
@ PG_CRYPTOHASH_ERROR_DEST_LEN
Definition: cryptohash_openssl.c:53
PG_CRYPTOHASH_ERROR_NONE
@ PG_CRYPTOHASH_ERROR_NONE
Definition: cryptohash_openssl.c:52
PG_CRYPTOHASH_ERROR_OPENSSL
@ PG_CRYPTOHASH_ERROR_OPENSSL
Definition: cryptohash_openssl.c:54

Function Documentation

◆ pg_cryptohash_create()

pg_cryptohash_ctx * pg_cryptohash_create ( pg_cryptohash_type  type)

Definition at line 122 of file cryptohash_openssl.c.

123{
124 pg_cryptohash_ctx *ctx;
125
126 /*
127 * Make sure that the resource owner has space to remember this reference.
128 * This can error out with "out of memory", so do this before any other
129 * allocation to avoid leaking.
130 */
131#ifndef FRONTEND
132 ResourceOwnerEnlarge(CurrentResourceOwner);
133#endif
134
135 ctx = ALLOC(sizeof(pg_cryptohash_ctx));
136 if (ctx == NULL)
137 return NULL;
138 memset(ctx, 0, sizeof(pg_cryptohash_ctx));
139 ctx->type = type;
140 ctx->error = PG_CRYPTOHASH_ERROR_NONE;
141 ctx->errreason = NULL;
142
143 /*
144 * Initialization takes care of assigning the correct type for OpenSSL.
145 * Also ensure that there aren't any unconsumed errors in the queue from
146 * previous runs.
147 */
148 ERR_clear_error();
149 ctx->evpctx = EVP_MD_CTX_create();
150
151 if (ctx->evpctx == NULL)
152 {
153 explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
154 FREE(ctx);
155#ifndef FRONTEND
156 ereport(ERROR,
157 (errcode(ERRCODE_OUT_OF_MEMORY),
158 errmsg("out of memory")));
159#else
160 return NULL;
161#endif
162 }
163
164#ifndef FRONTEND
165 ctx->resowner = CurrentResourceOwner;
166 ResourceOwnerRememberCryptoHash(CurrentResourceOwner, ctx);
167#endif
168
169 return ctx;
170}
FREE
#define FREE(ptr)
Definition: cryptohash_openssl.c:43
ALLOC
#define ALLOC(size)
Definition: cryptohash_openssl.c:42
ResourceOwnerRememberCryptoHash
static void ResourceOwnerRememberCryptoHash(ResourceOwner owner, pg_cryptohash_ctx *ctx)
Definition: cryptohash_openssl.c:91
errcode
int errcode(int sqlerrcode)
Definition: elog.c:863
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1080
ERROR
#define ERROR
Definition: elog.h:39
ereport
#define ereport(elevel,...)
Definition: elog.h:150
explicit_bzero
void explicit_bzero(void *buf, size_t len)
Definition: explicit_bzero.c:52
CurrentResourceOwner
ResourceOwner CurrentResourceOwner
Definition: resowner.c:173
ResourceOwnerEnlarge
void ResourceOwnerEnlarge(ResourceOwner owner)
Definition: resowner.c:449
pg_cryptohash_ctx
Definition: cryptohash.c:52
pg_cryptohash_ctx::error
pg_cryptohash_errno error
Definition: cryptohash.c:54
pg_cryptohash_ctx::resowner
ResourceOwner resowner
Definition: cryptohash_openssl.c:72
pg_cryptohash_ctx::type
pg_cryptohash_type type
Definition: cryptohash.c:53
pg_cryptohash_ctx::evpctx
EVP_MD_CTX * evpctx
Definition: cryptohash_openssl.c:69
pg_cryptohash_ctx::errreason
const char * errreason
Definition: cryptohash_openssl.c:67
type
const char * type
Definition: wait_event_funcs.c:27

References ALLOC, CurrentResourceOwner, ereport, errcode(), errmsg(), pg_cryptohash_ctx::error, ERROR, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, PG_CRYPTOHASH_ERROR_NONE, ResourceOwnerEnlarge(), ResourceOwnerRememberCryptoHash(), pg_cryptohash_ctx::resowner, type, and pg_cryptohash_ctx::type.

◆ pg_cryptohash_error()

const char * pg_cryptohash_error ( pg_cryptohash_ctx ctx)

Definition at line 349 of file cryptohash_openssl.c.

350{
351 /*
352 * This implementation would never fail because of an out-of-memory error,
353 * except when creating the context.
354 */
355 if (ctx == NULL)
356 return _("out of memory");
357
358 /*
359 * If a reason is provided, rely on it, else fallback to any error code
360 * set.
361 */
362 if (ctx->errreason)
363 return ctx->errreason;
364
365 switch (ctx->error)
366 {
367 case PG_CRYPTOHASH_ERROR_NONE:
368 return _("success");
369 case PG_CRYPTOHASH_ERROR_DEST_LEN:
370 return _("destination buffer too small");
371 case PG_CRYPTOHASH_ERROR_OPENSSL:
372 return _("OpenSSL failure");
373 }
374
375 Assert(false); /* cannot be reached */
376 return _("success");
377}
_
#define _(x)
Definition: elog.c:91
Assert
Assert(PointerIsAligned(start, uint64))

References _, Assert(), pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_NONE, and PG_CRYPTOHASH_ERROR_OPENSSL.

◆ pg_cryptohash_final()

int pg_cryptohash_final ( pg_cryptohash_ctx ctx,
uint8 dest,
size_t  len 
)

Definition at line 255 of file cryptohash_openssl.c.

256{
257 int status = 0;
258
259 if (ctx == NULL)
260 return -1;
261
262 switch (ctx->type)
263 {
264 case PG_MD5:
265 if (len < MD5_DIGEST_LENGTH)
266 {
267 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
268 return -1;
269 }
270 break;
271 case PG_SHA1:
272 if (len < SHA1_DIGEST_LENGTH)
273 {
274 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
275 return -1;
276 }
277 break;
278 case PG_SHA224:
279 if (len < PG_SHA224_DIGEST_LENGTH)
280 {
281 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
282 return -1;
283 }
284 break;
285 case PG_SHA256:
286 if (len < PG_SHA256_DIGEST_LENGTH)
287 {
288 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
289 return -1;
290 }
291 break;
292 case PG_SHA384:
293 if (len < PG_SHA384_DIGEST_LENGTH)
294 {
295 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
296 return -1;
297 }
298 break;
299 case PG_SHA512:
300 if (len < PG_SHA512_DIGEST_LENGTH)
301 {
302 ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
303 return -1;
304 }
305 break;
306 }
307
308 status = EVP_DigestFinal_ex(ctx->evpctx, dest, 0);
309
310 /* OpenSSL internals return 1 on success, 0 on failure */
311 if (status <= 0)
312 {
313 ctx->errreason = SSLerrmessage(ERR_get_error());
314 ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
315 return -1;
316 }
317 return 0;
318}
PG_SHA512
@ PG_SHA512
Definition: cryptohash.h:26
PG_SHA224
@ PG_SHA224
Definition: cryptohash.h:23
PG_SHA384
@ PG_SHA384
Definition: cryptohash.h:25
PG_SHA1
@ PG_SHA1
Definition: cryptohash.h:22
PG_SHA256
@ PG_SHA256
Definition: cryptohash.h:24
PG_MD5
@ PG_MD5
Definition: cryptohash.h:21
SSLerrmessage
static const char * SSLerrmessage(unsigned long ecode)
Definition: cryptohash_openssl.c:103
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition: md5.h:20
generate_unaccent_rules.dest
dest
Definition: generate_unaccent_rules.py:285
len
const void size_t len
Definition: pg_crc32c_sse42.c:28
SHA1_DIGEST_LENGTH
#define SHA1_DIGEST_LENGTH
Definition: sha1.h:17
PG_SHA256_DIGEST_LENGTH
#define PG_SHA256_DIGEST_LENGTH
Definition: sha2.h:23
PG_SHA384_DIGEST_LENGTH
#define PG_SHA384_DIGEST_LENGTH
Definition: sha2.h:26
PG_SHA512_DIGEST_LENGTH
#define PG_SHA512_DIGEST_LENGTH
Definition: sha2.h:29
PG_SHA224_DIGEST_LENGTH
#define PG_SHA224_DIGEST_LENGTH
Definition: sha2.h:20

References generate_unaccent_rules::dest, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, MD5_DIGEST_LENGTH, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA224_DIGEST_LENGTH, PG_SHA256, PG_SHA256_DIGEST_LENGTH, PG_SHA384, PG_SHA384_DIGEST_LENGTH, PG_SHA512, PG_SHA512_DIGEST_LENGTH, SHA1_DIGEST_LENGTH, SSLerrmessage(), and pg_cryptohash_ctx::type.

◆ pg_cryptohash_free()

void pg_cryptohash_free ( pg_cryptohash_ctx ctx)

Definition at line 326 of file cryptohash_openssl.c.

327{
328 if (ctx == NULL)
329 return;
330
331 EVP_MD_CTX_destroy(ctx->evpctx);
332
333#ifndef FRONTEND
334 if (ctx->resowner)
335 ResourceOwnerForgetCryptoHash(ctx->resowner, ctx);
336#endif
337
338 explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
339 FREE(ctx);
340}
ResourceOwnerForgetCryptoHash
static void ResourceOwnerForgetCryptoHash(ResourceOwner owner, pg_cryptohash_ctx *ctx)
Definition: cryptohash_openssl.c:96

References pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, ResourceOwnerForgetCryptoHash(), and pg_cryptohash_ctx::resowner.

Referenced by ResOwnerReleaseCryptoHash().

◆ pg_cryptohash_init()

int pg_cryptohash_init ( pg_cryptohash_ctx ctx)

Definition at line 178 of file cryptohash_openssl.c.

179{
180 int status = 0;
181
182 if (ctx == NULL)
183 return -1;
184
185 switch (ctx->type)
186 {
187 case PG_MD5:
188 status = EVP_DigestInit_ex(ctx->evpctx, EVP_md5(), NULL);
189 break;
190 case PG_SHA1:
191 status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha1(), NULL);
192 break;
193 case PG_SHA224:
194 status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha224(), NULL);
195 break;
196 case PG_SHA256:
197 status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha256(), NULL);
198 break;
199 case PG_SHA384:
200 status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha384(), NULL);
201 break;
202 case PG_SHA512:
203 status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha512(), NULL);
204 break;
205 }
206
207 /* OpenSSL internals return 1 on success, 0 on failure */
208 if (status <= 0)
209 {
210 ctx->errreason = SSLerrmessage(ERR_get_error());
211 ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
212
213 /*
214 * The OpenSSL error queue should normally be empty since we've
215 * consumed an error, but cipher initialization can in FIPS-enabled
216 * OpenSSL builds generate two errors so clear the queue here as well.
217 */
218 ERR_clear_error();
219 return -1;
220 }
221 return 0;
222}

References pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA256, PG_SHA384, PG_SHA512, SSLerrmessage(), and pg_cryptohash_ctx::type.

◆ pg_cryptohash_update()

int pg_cryptohash_update ( pg_cryptohash_ctx ctx,
const uint8 data,
size_t  len 
)

Definition at line 230 of file cryptohash_openssl.c.

231{
232 int status = 0;
233
234 if (ctx == NULL)
235 return -1;
236
237 status = EVP_DigestUpdate(ctx->evpctx, data, len);
238
239 /* OpenSSL internals return 1 on success, 0 on failure */
240 if (status <= 0)
241 {
242 ctx->errreason = SSLerrmessage(ERR_get_error());
243 ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
244 return -1;
245 }
246 return 0;
247}
data
const void * data
Definition: pg_crc32c_sse42.c:27

References data, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, PG_CRYPTOHASH_ERROR_OPENSSL, and SSLerrmessage().

◆ ResourceOwnerForgetCryptoHash()

static void ResourceOwnerForgetCryptoHash ( ResourceOwner  owner,
pg_cryptohash_ctx ctx 
)
inlinestatic

Definition at line 96 of file cryptohash_openssl.c.

97{
98 ResourceOwnerForget(owner, PointerGetDatum(ctx), &cryptohash_resowner_desc);
99}
cryptohash_resowner_desc
static const ResourceOwnerDesc cryptohash_resowner_desc
Definition: cryptohash_openssl.c:80
PointerGetDatum
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:332
ResourceOwnerForget
void ResourceOwnerForget(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:561

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by pg_cryptohash_free().

◆ ResourceOwnerRememberCryptoHash()

static void ResourceOwnerRememberCryptoHash ( ResourceOwner  owner,
pg_cryptohash_ctx ctx 
)
inlinestatic

Definition at line 91 of file cryptohash_openssl.c.

92{
93 ResourceOwnerRemember(owner, PointerGetDatum(ctx), &cryptohash_resowner_desc);
94}
ResourceOwnerRemember
void ResourceOwnerRemember(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:521

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by pg_cryptohash_create().

◆ ResOwnerReleaseCryptoHash()

static void ResOwnerReleaseCryptoHash ( Datum  res)
static

Definition at line 383 of file cryptohash_openssl.c.

384{
385 pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) DatumGetPointer(res);
386
387 ctx->resowner = NULL;
388 pg_cryptohash_free(ctx);
389}
pg_cryptohash_free
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
Definition: cryptohash_openssl.c:326
DatumGetPointer
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:322

References DatumGetPointer(), pg_cryptohash_free(), and pg_cryptohash_ctx::resowner.

◆ SSLerrmessage()

static const char * SSLerrmessage ( unsigned long  ecode)
static

Definition at line 103 of file cryptohash_openssl.c.

104{
105 if (ecode == 0)
106 return NULL;
107
108 /*
109 * This may return NULL, but we would fall back to a default error path if
110 * that were the case.
111 */
112 return ERR_reason_error_string(ecode);
113}

Referenced by pg_cryptohash_final(), pg_cryptohash_init(), and pg_cryptohash_update().

Variable Documentation

◆ cryptohash_resowner_desc

const ResourceOwnerDesc cryptohash_resowner_desc
static
Initial value:
=
{
.name = "OpenSSL cryptohash context",
.release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
.release_priority = RELEASE_PRIO_CRYPTOHASH_CONTEXTS,
.ReleaseResource = ResOwnerReleaseCryptoHash,
.DebugPrint = NULL
}
ResOwnerReleaseCryptoHash
static void ResOwnerReleaseCryptoHash(Datum res)
Definition: cryptohash_openssl.c:383
RESOURCE_RELEASE_BEFORE_LOCKS
@ RESOURCE_RELEASE_BEFORE_LOCKS
Definition: resowner.h:54
RELEASE_PRIO_CRYPTOHASH_CONTEXTS
#define RELEASE_PRIO_CRYPTOHASH_CONTEXTS
Definition: resowner.h:67

Definition at line 80 of file cryptohash_openssl.c.

Referenced by ResourceOwnerForgetCryptoHash(), and ResourceOwnerRememberCryptoHash().