PostgreSQL Source Code  git master
cryptohash_openssl.c File Reference
#include "postgres.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include "common/cryptohash.h"
#include "common/md5.h"
#include "common/sha1.h"
#include "common/sha2.h"
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for cryptohash_openssl.c:

Go to the source code of this file.

Data Structures

struct  pg_cryptohash_ctx
 

Macros

#define ALLOC(size)   MemoryContextAlloc(TopMemoryContext, size)
 
#define FREE(ptr)   pfree(ptr)
 

Typedefs

typedef enum pg_cryptohash_errno pg_cryptohash_errno
 

Enumerations

enum  pg_cryptohash_errno {
  PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN , PG_CRYPTOHASH_ERROR_NONE = 0 , PG_CRYPTOHASH_ERROR_DEST_LEN ,
  PG_CRYPTOHASH_ERROR_OPENSSL
}
 

Functions

static void ResOwnerReleaseCryptoHash (Datum res)
 
static void ResourceOwnerRememberCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
 
static void ResourceOwnerForgetCryptoHash (ResourceOwner owner, pg_cryptohash_ctx *ctx)
 
static const char * SSLerrmessage (unsigned long ecode)
 
pg_cryptohash_ctxpg_cryptohash_create (pg_cryptohash_type type)
 
int pg_cryptohash_init (pg_cryptohash_ctx *ctx)
 
int pg_cryptohash_update (pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
 
int pg_cryptohash_final (pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
 
void pg_cryptohash_free (pg_cryptohash_ctx *ctx)
 
const char * pg_cryptohash_error (pg_cryptohash_ctx *ctx)
 

Variables

static const ResourceOwnerDesc cryptohash_resowner_desc
 

Macro Definition Documentation

◆ ALLOC

#define ALLOC (   size)    MemoryContextAlloc(TopMemoryContext, size)

Definition at line 42 of file cryptohash_openssl.c.

◆ FREE

#define FREE (   ptr)    pfree(ptr)

Definition at line 43 of file cryptohash_openssl.c.

Typedef Documentation

◆ pg_cryptohash_errno

Enumeration Type Documentation

◆ pg_cryptohash_errno

Enumerator
PG_CRYPTOHASH_ERROR_NONE 
PG_CRYPTOHASH_ERROR_DEST_LEN 
PG_CRYPTOHASH_ERROR_NONE 
PG_CRYPTOHASH_ERROR_DEST_LEN 
PG_CRYPTOHASH_ERROR_OPENSSL 

Definition at line 50 of file cryptohash_openssl.c.

51 {
pg_cryptohash_errno
@ PG_CRYPTOHASH_ERROR_DEST_LEN
@ PG_CRYPTOHASH_ERROR_NONE
@ PG_CRYPTOHASH_ERROR_OPENSSL

Function Documentation

◆ pg_cryptohash_create()

pg_cryptohash_ctx* pg_cryptohash_create ( pg_cryptohash_type  type)

Definition at line 122 of file cryptohash_openssl.c.

123 {
124  pg_cryptohash_ctx *ctx;
125 
126  /*
127  * Make sure that the resource owner has space to remember this reference.
128  * This can error out with "out of memory", so do this before any other
129  * allocation to avoid leaking.
130  */
131 #ifndef FRONTEND
133 #endif
134 
135  ctx = ALLOC(sizeof(pg_cryptohash_ctx));
136  if (ctx == NULL)
137  return NULL;
138  memset(ctx, 0, sizeof(pg_cryptohash_ctx));
139  ctx->type = type;
141  ctx->errreason = NULL;
142 
143  /*
144  * Initialization takes care of assigning the correct type for OpenSSL.
145  * Also ensure that there aren't any unconsumed errors in the queue from
146  * previous runs.
147  */
148  ERR_clear_error();
149  ctx->evpctx = EVP_MD_CTX_create();
150 
151  if (ctx->evpctx == NULL)
152  {
153  explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
154  FREE(ctx);
155 #ifndef FRONTEND
156  ereport(ERROR,
157  (errcode(ERRCODE_OUT_OF_MEMORY),
158  errmsg("out of memory")));
159 #else
160  return NULL;
161 #endif
162  }
163 
164 #ifndef FRONTEND
167 #endif
168 
169  return ctx;
170 }
#define FREE(ptr)
#define ALLOC(size)
static void ResourceOwnerRememberCryptoHash(ResourceOwner owner, pg_cryptohash_ctx *ctx)
int errcode(int sqlerrcode)
Definition: elog.c:859
int errmsg(const char *fmt,...)
Definition: elog.c:1072
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
void explicit_bzero(void *buf, size_t len)
ResourceOwner CurrentResourceOwner
Definition: resowner.c:165
void ResourceOwnerEnlarge(ResourceOwner owner)
Definition: resowner.c:442
pg_cryptohash_errno error
Definition: cryptohash.c:54
ResourceOwner resowner
pg_cryptohash_type type
Definition: cryptohash.c:53
const char * errreason
const char * type

References ALLOC, CurrentResourceOwner, ereport, errcode(), errmsg(), pg_cryptohash_ctx::error, ERROR, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, PG_CRYPTOHASH_ERROR_NONE, ResourceOwnerEnlarge(), ResourceOwnerRememberCryptoHash(), pg_cryptohash_ctx::resowner, type, and pg_cryptohash_ctx::type.

◆ pg_cryptohash_error()

const char* pg_cryptohash_error ( pg_cryptohash_ctx ctx)

Definition at line 349 of file cryptohash_openssl.c.

350 {
351  /*
352  * This implementation would never fail because of an out-of-memory error,
353  * except when creating the context.
354  */
355  if (ctx == NULL)
356  return _("out of memory");
357 
358  /*
359  * If a reason is provided, rely on it, else fallback to any error code
360  * set.
361  */
362  if (ctx->errreason)
363  return ctx->errreason;
364 
365  switch (ctx->error)
366  {
368  return _("success");
370  return _("destination buffer too small");
372  return _("OpenSSL failure");
373  }
374 
375  Assert(false); /* cannot be reached */
376  return _("success");
377 }
#define _(x)
Definition: elog.c:90
Assert(fmt[strlen(fmt) - 1] !='\n')

References _, Assert(), pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_NONE, and PG_CRYPTOHASH_ERROR_OPENSSL.

◆ pg_cryptohash_final()

int pg_cryptohash_final ( pg_cryptohash_ctx ctx,
uint8 dest,
size_t  len 
)

Definition at line 255 of file cryptohash_openssl.c.

256 {
257  int status = 0;
258 
259  if (ctx == NULL)
260  return -1;
261 
262  switch (ctx->type)
263  {
264  case PG_MD5:
265  if (len < MD5_DIGEST_LENGTH)
266  {
268  return -1;
269  }
270  break;
271  case PG_SHA1:
272  if (len < SHA1_DIGEST_LENGTH)
273  {
275  return -1;
276  }
277  break;
278  case PG_SHA224:
280  {
282  return -1;
283  }
284  break;
285  case PG_SHA256:
287  {
289  return -1;
290  }
291  break;
292  case PG_SHA384:
294  {
296  return -1;
297  }
298  break;
299  case PG_SHA512:
301  {
303  return -1;
304  }
305  break;
306  }
307 
308  status = EVP_DigestFinal_ex(ctx->evpctx, dest, 0);
309 
310  /* OpenSSL internals return 1 on success, 0 on failure */
311  if (status <= 0)
312  {
313  ctx->errreason = SSLerrmessage(ERR_get_error());
315  return -1;
316  }
317  return 0;
318 }
@ PG_SHA512
Definition: cryptohash.h:26
@ PG_SHA224
Definition: cryptohash.h:23
@ PG_SHA384
Definition: cryptohash.h:25
@ PG_SHA1
Definition: cryptohash.h:22
@ PG_SHA256
Definition: cryptohash.h:24
@ PG_MD5
Definition: cryptohash.h:21
static const char * SSLerrmessage(unsigned long ecode)
#define MD5_DIGEST_LENGTH
Definition: md5.h:20
const void size_t len
#define SHA1_DIGEST_LENGTH
Definition: sha1.h:17
#define PG_SHA256_DIGEST_LENGTH
Definition: sha2.h:23
#define PG_SHA384_DIGEST_LENGTH
Definition: sha2.h:26
#define PG_SHA512_DIGEST_LENGTH
Definition: sha2.h:29
#define PG_SHA224_DIGEST_LENGTH
Definition: sha2.h:20

References generate_unaccent_rules::dest, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, MD5_DIGEST_LENGTH, PG_CRYPTOHASH_ERROR_DEST_LEN, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA224_DIGEST_LENGTH, PG_SHA256, PG_SHA256_DIGEST_LENGTH, PG_SHA384, PG_SHA384_DIGEST_LENGTH, PG_SHA512, PG_SHA512_DIGEST_LENGTH, SHA1_DIGEST_LENGTH, SSLerrmessage(), and pg_cryptohash_ctx::type.

◆ pg_cryptohash_free()

void pg_cryptohash_free ( pg_cryptohash_ctx ctx)

Definition at line 326 of file cryptohash_openssl.c.

327 {
328  if (ctx == NULL)
329  return;
330 
331  EVP_MD_CTX_destroy(ctx->evpctx);
332 
333 #ifndef FRONTEND
334  if (ctx->resowner)
336 #endif
337 
338  explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
339  FREE(ctx);
340 }
static void ResourceOwnerForgetCryptoHash(ResourceOwner owner, pg_cryptohash_ctx *ctx)

References pg_cryptohash_ctx::evpctx, explicit_bzero(), FREE, ResourceOwnerForgetCryptoHash(), and pg_cryptohash_ctx::resowner.

Referenced by ResOwnerReleaseCryptoHash().

◆ pg_cryptohash_init()

int pg_cryptohash_init ( pg_cryptohash_ctx ctx)

Definition at line 178 of file cryptohash_openssl.c.

179 {
180  int status = 0;
181 
182  if (ctx == NULL)
183  return -1;
184 
185  switch (ctx->type)
186  {
187  case PG_MD5:
188  status = EVP_DigestInit_ex(ctx->evpctx, EVP_md5(), NULL);
189  break;
190  case PG_SHA1:
191  status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha1(), NULL);
192  break;
193  case PG_SHA224:
194  status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha224(), NULL);
195  break;
196  case PG_SHA256:
197  status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha256(), NULL);
198  break;
199  case PG_SHA384:
200  status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha384(), NULL);
201  break;
202  case PG_SHA512:
203  status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha512(), NULL);
204  break;
205  }
206 
207  /* OpenSSL internals return 1 on success, 0 on failure */
208  if (status <= 0)
209  {
210  ctx->errreason = SSLerrmessage(ERR_get_error());
212 
213  /*
214  * The OpenSSL error queue should normally be empty since we've
215  * consumed an error, but cipher initialization can in FIPS-enabled
216  * OpenSSL builds generate two errors so clear the queue here as well.
217  */
218  ERR_clear_error();
219  return -1;
220  }
221  return 0;
222 }

References pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, PG_CRYPTOHASH_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA256, PG_SHA384, PG_SHA512, SSLerrmessage(), and pg_cryptohash_ctx::type.

◆ pg_cryptohash_update()

int pg_cryptohash_update ( pg_cryptohash_ctx ctx,
const uint8 data,
size_t  len 
)

Definition at line 230 of file cryptohash_openssl.c.

231 {
232  int status = 0;
233 
234  if (ctx == NULL)
235  return -1;
236 
237  status = EVP_DigestUpdate(ctx->evpctx, data, len);
238 
239  /* OpenSSL internals return 1 on success, 0 on failure */
240  if (status <= 0)
241  {
242  ctx->errreason = SSLerrmessage(ERR_get_error());
244  return -1;
245  }
246  return 0;
247 }
const void * data

References data, pg_cryptohash_ctx::error, pg_cryptohash_ctx::errreason, pg_cryptohash_ctx::evpctx, len, PG_CRYPTOHASH_ERROR_OPENSSL, and SSLerrmessage().

◆ ResourceOwnerForgetCryptoHash()

static void ResourceOwnerForgetCryptoHash ( ResourceOwner  owner,
pg_cryptohash_ctx ctx 
)
inlinestatic

Definition at line 96 of file cryptohash_openssl.c.

97 {
99 }
static const ResourceOwnerDesc cryptohash_resowner_desc
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:322
void ResourceOwnerForget(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:554

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by pg_cryptohash_free().

◆ ResourceOwnerRememberCryptoHash()

static void ResourceOwnerRememberCryptoHash ( ResourceOwner  owner,
pg_cryptohash_ctx ctx 
)
inlinestatic

Definition at line 91 of file cryptohash_openssl.c.

92 {
94 }
void ResourceOwnerRemember(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:514

References cryptohash_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by pg_cryptohash_create().

◆ ResOwnerReleaseCryptoHash()

static void ResOwnerReleaseCryptoHash ( Datum  res)
static

Definition at line 383 of file cryptohash_openssl.c.

384 {
386 
387  ctx->resowner = NULL;
388  pg_cryptohash_free(ctx);
389 }
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:312

References DatumGetPointer(), pg_cryptohash_free(), res, and pg_cryptohash_ctx::resowner.

◆ SSLerrmessage()

static const char* SSLerrmessage ( unsigned long  ecode)
static

Definition at line 103 of file cryptohash_openssl.c.

104 {
105  if (ecode == 0)
106  return NULL;
107 
108  /*
109  * This may return NULL, but we would fall back to a default error path if
110  * that were the case.
111  */
112  return ERR_reason_error_string(ecode);
113 }

Referenced by pg_cryptohash_final(), pg_cryptohash_init(), and pg_cryptohash_update().

Variable Documentation

◆ cryptohash_resowner_desc

const ResourceOwnerDesc cryptohash_resowner_desc
static
Initial value:
=
{
.name = "OpenSSL cryptohash context",
.release_priority = RELEASE_PRIO_CRYPTOHASH_CONTEXTS,
.ReleaseResource = ResOwnerReleaseCryptoHash,
.DebugPrint = NULL
}
static void ResOwnerReleaseCryptoHash(Datum res)
@ RESOURCE_RELEASE_BEFORE_LOCKS
Definition: resowner.h:54
#define RELEASE_PRIO_CRYPTOHASH_CONTEXTS
Definition: resowner.h:67

Definition at line 80 of file cryptohash_openssl.c.

Referenced by ResourceOwnerForgetCryptoHash(), and ResourceOwnerRememberCryptoHash().