PostgreSQL Source Code  git master
Data Structures | Macros | Typedefs | Enumerations | Functions
hmac_openssl.c File Reference
#include "postgres.h"
#include <openssl/err.h>
#include <openssl/hmac.h>
#include "common/hmac.h"
#include "common/md5.h"
#include "common/sha1.h"
#include "common/sha2.h"
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for hmac_openssl.c:

Go to the source code of this file.

Data Structures

struct  pg_hmac_ctx
 

Macros

#define ALLOC(size)   palloc(size)
 
#define FREE(ptr)   pfree(ptr)
 

Typedefs

typedef enum pg_hmac_errno pg_hmac_errno
 

Enumerations

enum  pg_hmac_errno {
  PG_HMAC_ERROR_NONE = 0 , PG_HMAC_ERROR_OOM , PG_HMAC_ERROR_INTERNAL , PG_HMAC_ERROR_NONE = 0 ,
  PG_HMAC_ERROR_DEST_LEN , PG_HMAC_ERROR_OPENSSL
}
 

Functions

static const char * SSLerrmessage (unsigned long ecode)
 
pg_hmac_ctxpg_hmac_create (pg_cryptohash_type type)
 
int pg_hmac_init (pg_hmac_ctx *ctx, const uint8 *key, size_t len)
 
int pg_hmac_update (pg_hmac_ctx *ctx, const uint8 *data, size_t len)
 
int pg_hmac_final (pg_hmac_ctx *ctx, uint8 *dest, size_t len)
 
void pg_hmac_free (pg_hmac_ctx *ctx)
 
const char * pg_hmac_error (pg_hmac_ctx *ctx)
 

Macro Definition Documentation

◆ ALLOC

#define ALLOC (   size)    palloc(size)

Definition at line 47 of file hmac_openssl.c.

◆ FREE

#define FREE (   ptr)    pfree(ptr)

Definition at line 49 of file hmac_openssl.c.

Typedef Documentation

◆ pg_hmac_errno

typedef enum pg_hmac_errno pg_hmac_errno

Enumeration Type Documentation

◆ pg_hmac_errno

enum pg_hmac_errno
Enumerator
PG_HMAC_ERROR_NONE 
PG_HMAC_ERROR_OOM 
PG_HMAC_ERROR_INTERNAL 
PG_HMAC_ERROR_NONE 
PG_HMAC_ERROR_DEST_LEN 
PG_HMAC_ERROR_OPENSSL 

Definition at line 56 of file hmac_openssl.c.

57 {
58  PG_HMAC_ERROR_NONE = 0,
59  PG_HMAC_ERROR_DEST_LEN,
60  PG_HMAC_ERROR_OPENSSL,
61 } pg_hmac_errno;
pg_hmac_errno
pg_hmac_errno
Definition: hmac_openssl.c:57
PG_HMAC_ERROR_OPENSSL
@ PG_HMAC_ERROR_OPENSSL
Definition: hmac_openssl.c:60
PG_HMAC_ERROR_DEST_LEN
@ PG_HMAC_ERROR_DEST_LEN
Definition: hmac_openssl.c:59
PG_HMAC_ERROR_NONE
@ PG_HMAC_ERROR_NONE
Definition: hmac_openssl.c:58

Function Documentation

◆ pg_hmac_create()

pg_hmac_ctx* pg_hmac_create ( pg_cryptohash_type  type)

Definition at line 122 of file hmac_openssl.c.

123 {
124  pg_hmac_ctx *ctx;
125 
126  ctx = ALLOC(sizeof(pg_hmac_ctx));
127  if (ctx == NULL)
128  return NULL;
129  memset(ctx, 0, sizeof(pg_hmac_ctx));
130 
131  ctx->type = type;
132  ctx->error = PG_HMAC_ERROR_NONE;
133  ctx->errreason = NULL;
134 
135 
136  /*
137  * Initialization takes care of assigning the correct type for OpenSSL.
138  * Also ensure that there aren't any unconsumed errors in the queue from
139  * previous runs.
140  */
141  ERR_clear_error();
142 
143 #ifdef USE_RESOWNER_FOR_HMAC
144  ResourceOwnerEnlarge(CurrentResourceOwner);
145 #endif
146 
147 #ifdef HAVE_HMAC_CTX_NEW
148  ctx->hmacctx = HMAC_CTX_new();
149 #else
150  ctx->hmacctx = ALLOC(sizeof(HMAC_CTX));
151 #endif
152 
153  if (ctx->hmacctx == NULL)
154  {
155  explicit_bzero(ctx, sizeof(pg_hmac_ctx));
156  FREE(ctx);
157 #ifndef FRONTEND
158  ereport(ERROR,
159  (errcode(ERRCODE_OUT_OF_MEMORY),
160  errmsg("out of memory")));
161 #endif
162  return NULL;
163  }
164 
165 #ifndef HAVE_HMAC_CTX_NEW
166  memset(ctx->hmacctx, 0, sizeof(HMAC_CTX));
167 #endif
168 
169 #ifdef USE_RESOWNER_FOR_HMAC
170  ctx->resowner = CurrentResourceOwner;
171  ResourceOwnerRememberHMAC(CurrentResourceOwner, ctx);
172 #endif
173 
174  return ctx;
175 }
errcode
int errcode(int sqlerrcode)
Definition: elog.c:859
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1072
ERROR
#define ERROR
Definition: elog.h:39
ereport
#define ereport(elevel,...)
Definition: elog.h:149
FREE
#define FREE(ptr)
Definition: hmac_openssl.c:49
ALLOC
#define ALLOC(size)
Definition: hmac_openssl.c:47
explicit_bzero
void explicit_bzero(void *buf, size_t len)
Definition: explicit_bzero.c:50
CurrentResourceOwner
ResourceOwner CurrentResourceOwner
Definition: resowner.c:165
ResourceOwnerEnlarge
void ResourceOwnerEnlarge(ResourceOwner owner)
Definition: resowner.c:442
pg_hmac_ctx
Definition: hmac.c:51
pg_hmac_ctx::errreason
const char * errreason
Definition: hmac.c:55
pg_hmac_ctx::hmacctx
HMAC_CTX * hmacctx
Definition: hmac_openssl.c:66
pg_hmac_ctx::type
pg_cryptohash_type type
Definition: hmac.c:53
pg_hmac_ctx::error
pg_hmac_errno error
Definition: hmac.c:54
type
const char * type
Definition: wait_event_funcs.c:27

References ALLOC, CurrentResourceOwner, ereport, errcode(), errmsg(), pg_hmac_ctx::error, ERROR, pg_hmac_ctx::errreason, explicit_bzero(), FREE, pg_hmac_ctx::hmacctx, PG_HMAC_ERROR_NONE, ResourceOwnerEnlarge(), type, and pg_hmac_ctx::type.

◆ pg_hmac_error()

const char* pg_hmac_error ( pg_hmac_ctx ctx)

Definition at line 354 of file hmac_openssl.c.

355 {
356  if (ctx == NULL)
357  return _("out of memory");
358 
359  /*
360  * If a reason is provided, rely on it, else fallback to any error code
361  * set.
362  */
363  if (ctx->errreason)
364  return ctx->errreason;
365 
366  switch (ctx->error)
367  {
368  case PG_HMAC_ERROR_NONE:
369  return _("success");
370  case PG_HMAC_ERROR_DEST_LEN:
371  return _("destination buffer too small");
372  case PG_HMAC_ERROR_OPENSSL:
373  return _("OpenSSL failure");
374  }
375 
376  Assert(false); /* cannot be reached */
377  return _("success");
378 }
Assert
#define Assert(condition)
Definition: c.h:858
_
#define _(x)
Definition: elog.c:90

References _, Assert, pg_hmac_ctx::error, pg_hmac_ctx::errreason, PG_HMAC_ERROR_DEST_LEN, PG_HMAC_ERROR_NONE, and PG_HMAC_ERROR_OPENSSL.

◆ pg_hmac_final()

int pg_hmac_final ( pg_hmac_ctx ctx,
uint8 dest,
size_t  len 
)

Definition at line 254 of file hmac_openssl.c.

255 {
256  int status = 0;
257  uint32 outlen;
258 
259  if (ctx == NULL)
260  return -1;
261 
262  switch (ctx->type)
263  {
264  case PG_MD5:
265  if (len < MD5_DIGEST_LENGTH)
266  {
267  ctx->error = PG_HMAC_ERROR_DEST_LEN;
268  return -1;
269  }
270  break;
271  case PG_SHA1:
272  if (len < SHA1_DIGEST_LENGTH)
273  {
274  ctx->error = PG_HMAC_ERROR_DEST_LEN;
275  return -1;
276  }
277  break;
278  case PG_SHA224:
279  if (len < PG_SHA224_DIGEST_LENGTH)
280  {
281  ctx->error = PG_HMAC_ERROR_DEST_LEN;
282  return -1;
283  }
284  break;
285  case PG_SHA256:
286  if (len < PG_SHA256_DIGEST_LENGTH)
287  {
288  ctx->error = PG_HMAC_ERROR_DEST_LEN;
289  return -1;
290  }
291  break;
292  case PG_SHA384:
293  if (len < PG_SHA384_DIGEST_LENGTH)
294  {
295  ctx->error = PG_HMAC_ERROR_DEST_LEN;
296  return -1;
297  }
298  break;
299  case PG_SHA512:
300  if (len < PG_SHA512_DIGEST_LENGTH)
301  {
302  ctx->error = PG_HMAC_ERROR_DEST_LEN;
303  return -1;
304  }
305  break;
306  }
307 
308  status = HMAC_Final(ctx->hmacctx, dest, &outlen);
309 
310  /* OpenSSL internals return 1 on success, 0 on failure */
311  if (status <= 0)
312  {
313  ctx->errreason = SSLerrmessage(ERR_get_error());
314  ctx->error = PG_HMAC_ERROR_OPENSSL;
315  return -1;
316  }
317  return 0;
318 }
uint32
unsigned int uint32
Definition: c.h:506
PG_SHA512
@ PG_SHA512
Definition: cryptohash.h:26
PG_SHA224
@ PG_SHA224
Definition: cryptohash.h:23
PG_SHA384
@ PG_SHA384
Definition: cryptohash.h:25
PG_SHA1
@ PG_SHA1
Definition: cryptohash.h:22
PG_SHA256
@ PG_SHA256
Definition: cryptohash.h:24
PG_MD5
@ PG_MD5
Definition: cryptohash.h:21
SSLerrmessage
static const char * SSLerrmessage(unsigned long ecode)
Definition: hmac_openssl.c:103
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition: md5.h:20
generate_unaccent_rules.dest
dest
Definition: generate_unaccent_rules.py:280
len
const void size_t len
Definition: pg_crc32c_sse42.c:24
SHA1_DIGEST_LENGTH
#define SHA1_DIGEST_LENGTH
Definition: sha1.h:17
PG_SHA256_DIGEST_LENGTH
#define PG_SHA256_DIGEST_LENGTH
Definition: sha2.h:23
PG_SHA384_DIGEST_LENGTH
#define PG_SHA384_DIGEST_LENGTH
Definition: sha2.h:26
PG_SHA512_DIGEST_LENGTH
#define PG_SHA512_DIGEST_LENGTH
Definition: sha2.h:29
PG_SHA224_DIGEST_LENGTH
#define PG_SHA224_DIGEST_LENGTH
Definition: sha2.h:20

References generate_unaccent_rules::dest, pg_hmac_ctx::error, pg_hmac_ctx::errreason, pg_hmac_ctx::hmacctx, len, MD5_DIGEST_LENGTH, PG_HMAC_ERROR_DEST_LEN, PG_HMAC_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA224_DIGEST_LENGTH, PG_SHA256, PG_SHA256_DIGEST_LENGTH, PG_SHA384, PG_SHA384_DIGEST_LENGTH, PG_SHA512, PG_SHA512_DIGEST_LENGTH, SHA1_DIGEST_LENGTH, SSLerrmessage(), and pg_hmac_ctx::type.

◆ pg_hmac_free()

void pg_hmac_free ( pg_hmac_ctx ctx)

Definition at line 326 of file hmac_openssl.c.

327 {
328  if (ctx == NULL)
329  return;
330 
331 #ifdef HAVE_HMAC_CTX_FREE
332  HMAC_CTX_free(ctx->hmacctx);
333 #else
334  explicit_bzero(ctx->hmacctx, sizeof(HMAC_CTX));
335  FREE(ctx->hmacctx);
336 #endif
337 
338 #ifdef USE_RESOWNER_FOR_HMAC
339  if (ctx->resowner)
340  ResourceOwnerForgetHMAC(ctx->resowner, ctx);
341 #endif
342 
343  explicit_bzero(ctx, sizeof(pg_hmac_ctx));
344  FREE(ctx);
345 }

References explicit_bzero(), FREE, and pg_hmac_ctx::hmacctx.

◆ pg_hmac_init()

int pg_hmac_init ( pg_hmac_ctx ctx,
const uint8 key,
size_t  len 
)

Definition at line 183 of file hmac_openssl.c.

184 {
185  int status = 0;
186 
187  if (ctx == NULL)
188  return -1;
189 
190  switch (ctx->type)
191  {
192  case PG_MD5:
193  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_md5(), NULL);
194  break;
195  case PG_SHA1:
196  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_sha1(), NULL);
197  break;
198  case PG_SHA224:
199  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_sha224(), NULL);
200  break;
201  case PG_SHA256:
202  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_sha256(), NULL);
203  break;
204  case PG_SHA384:
205  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_sha384(), NULL);
206  break;
207  case PG_SHA512:
208  status = HMAC_Init_ex(ctx->hmacctx, key, len, EVP_sha512(), NULL);
209  break;
210  }
211 
212  /* OpenSSL internals return 1 on success, 0 on failure */
213  if (status <= 0)
214  {
215  ctx->errreason = SSLerrmessage(ERR_get_error());
216  ctx->error = PG_HMAC_ERROR_OPENSSL;
217  return -1;
218  }
219 
220  return 0;
221 }

References pg_hmac_ctx::error, pg_hmac_ctx::errreason, pg_hmac_ctx::hmacctx, sort-test::key, len, PG_HMAC_ERROR_OPENSSL, PG_MD5, PG_SHA1, PG_SHA224, PG_SHA256, PG_SHA384, PG_SHA512, SSLerrmessage(), and pg_hmac_ctx::type.

◆ pg_hmac_update()

int pg_hmac_update ( pg_hmac_ctx ctx,
const uint8 data,
size_t  len 
)

Definition at line 229 of file hmac_openssl.c.

230 {
231  int status = 0;
232 
233  if (ctx == NULL)
234  return -1;
235 
236  status = HMAC_Update(ctx->hmacctx, data, len);
237 
238  /* OpenSSL internals return 1 on success, 0 on failure */
239  if (status <= 0)
240  {
241  ctx->errreason = SSLerrmessage(ERR_get_error());
242  ctx->error = PG_HMAC_ERROR_OPENSSL;
243  return -1;
244  }
245  return 0;
246 }
data
const void * data
Definition: pg_crc32c_sse42.c:23

References data, pg_hmac_ctx::error, pg_hmac_ctx::errreason, pg_hmac_ctx::hmacctx, len, PG_HMAC_ERROR_OPENSSL, and SSLerrmessage().

◆ SSLerrmessage()

static const char* SSLerrmessage ( unsigned long  ecode)
static

Definition at line 103 of file hmac_openssl.c.

104 {
105  if (ecode == 0)
106  return NULL;
107 
108  /*
109  * This may return NULL, but we would fall back to a default error path if
110  * that were the case.
111  */
112  return ERR_reason_error_string(ecode);
113 }

Referenced by pg_hmac_final(), pg_hmac_init(), and pg_hmac_update().