PostgreSQL Source Code git master
openssl.c File Reference
#include "postgres.h"
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "px.h"
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for openssl.c:

Go to the source code of this file.

Data Structures

struct  OSSLDigest
 
struct  ossl_cipher
 
struct  OSSLCipher
 
struct  ossl_cipher_lookup
 

Macros

#define MAX_KEY   (512/8)
 
#define MAX_IV   (128/8)
 

Typedefs

typedef struct OSSLDigest OSSLDigest
 
typedef const EVP_CIPHER *(* ossl_EVP_cipher_func) (void)
 
typedef struct OSSLCipher OSSLCipher
 

Functions

static void ResOwnerReleaseOSSLDigest (Datum res)
 
static void ResourceOwnerRememberOSSLDigest (ResourceOwner owner, OSSLDigest *digest)
 
static void ResourceOwnerForgetOSSLDigest (ResourceOwner owner, OSSLDigest *digest)
 
static void free_openssl_digest (OSSLDigest *digest)
 
static unsigned digest_result_size (PX_MD *h)
 
static unsigned digest_block_size (PX_MD *h)
 
static void digest_reset (PX_MD *h)
 
static void digest_update (PX_MD *h, const uint8 *data, unsigned dlen)
 
static void digest_finish (PX_MD *h, uint8 *dst)
 
static void digest_free (PX_MD *h)
 
int px_find_digest (const char *name, PX_MD **res)
 
static void ResOwnerReleaseOSSLCipher (Datum res)
 
static void ResourceOwnerRememberOSSLCipher (ResourceOwner owner, OSSLCipher *od)
 
static void ResourceOwnerForgetOSSLCipher (ResourceOwner owner, OSSLCipher *od)
 
static void free_openssl_cipher (OSSLCipher *od)
 
static unsigned gen_ossl_block_size (PX_Cipher *c)
 
static unsigned gen_ossl_key_size (PX_Cipher *c)
 
static unsigned gen_ossl_iv_size (PX_Cipher *c)
 
static void gen_ossl_free (PX_Cipher *c)
 
static int gen_ossl_decrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
 
static int gen_ossl_encrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
 
static int bf_check_supported_key_len (void)
 
static int bf_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des3_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_cast_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_ecb_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_cbc_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
int px_find_cipher (const char *name, PX_Cipher **res)
 
bool CheckFIPSMode (void)
 
void CheckBuiltinCryptoMode (void)
 

Variables

static const ResourceOwnerDesc ossldigest_resowner_desc
 
static const ResourceOwnerDesc osslcipher_resowner_desc
 
static PX_Alias ossl_aliases []
 
static const struct ossl_cipher ossl_bf_cbc
 
static const struct ossl_cipher ossl_bf_ecb
 
static const struct ossl_cipher ossl_bf_cfb
 
static const struct ossl_cipher ossl_des_ecb
 
static const struct ossl_cipher ossl_des_cbc
 
static const struct ossl_cipher ossl_des3_ecb
 
static const struct ossl_cipher ossl_des3_cbc
 
static const struct ossl_cipher ossl_cast_ecb
 
static const struct ossl_cipher ossl_cast_cbc
 
static const struct ossl_cipher ossl_aes_ecb
 
static const struct ossl_cipher ossl_aes_cbc
 
static const struct ossl_cipher_lookup ossl_cipher_types []
 

Macro Definition Documentation

◆ MAX_IV

#define MAX_IV   (128/8)

Definition at line 47 of file openssl.c.

◆ MAX_KEY

#define MAX_KEY   (512/8)

Definition at line 46 of file openssl.c.

Typedef Documentation

◆ ossl_EVP_cipher_func

typedef const EVP_CIPHER *(* ossl_EVP_cipher_func) (void)

Definition at line 234 of file openssl.c.

◆ OSSLCipher

typedef struct OSSLCipher OSSLCipher

◆ OSSLDigest

typedef struct OSSLDigest OSSLDigest

Function Documentation

◆ bf_check_supported_key_len()

static int bf_check_supported_key_len ( void  )
static

Definition at line 405 of file openssl.c.

406{
407 static const uint8 key[56] = {
408 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
409 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
410 0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
411 0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
412 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
413 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
414 };
415
416 static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
417 static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
418 uint8 out[8];
419 EVP_CIPHER_CTX *evp_ctx;
420 int outlen;
421 int status = 0;
422
423 /* encrypt with 448bits key and verify output */
424 evp_ctx = EVP_CIPHER_CTX_new();
425 if (!evp_ctx)
426 return 0;
427 if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
428 goto leave;
429 if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
430 goto leave;
431 if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
432 goto leave;
433
434 if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
435 goto leave;
436
437 if (memcmp(out, res, 8) != 0)
438 goto leave; /* Output does not match -> strong cipher is
439 * not supported */
440 status = 1;
441
442leave:
443 EVP_CIPHER_CTX_free(evp_ctx);
444 return status;
445}
uint8_t uint8
Definition: c.h:486
const void * data

References data, sort-test::key, and res.

Referenced by bf_init().

◆ bf_init()

static int bf_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 448 of file openssl.c.

449{
450 OSSLCipher *od = c->ptr;
451 unsigned bs = gen_ossl_block_size(c);
452 static int bf_is_strong = -1;
453
454 /*
455 * Test if key len is supported. BF_set_key silently cut large keys and it
456 * could be a problem when user transfer encrypted data from one server to
457 * another.
458 */
459
460 if (bf_is_strong == -1)
461 bf_is_strong = bf_check_supported_key_len();
462
463 if (!bf_is_strong && klen > 16)
464 return PXE_KEY_TOO_BIG;
465
466 /* Key len is supported. We can use it. */
467 od->klen = klen;
468 memcpy(od->key, key, klen);
469
470 if (iv)
471 memcpy(od->iv, iv, bs);
472 else
473 memset(od->iv, 0, bs);
474 return 0;
475}
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:303
static int bf_check_supported_key_len(void)
Definition: openssl.c:405
char * c
#define PXE_KEY_TOO_BIG
Definition: px.h:53
unsigned klen
Definition: openssl.c:260
uint8 iv[MAX_IV]
Definition: openssl.c:259
uint8 key[MAX_KEY]
Definition: openssl.c:258

References bf_check_supported_key_len(), gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, OSSLCipher::klen, and PXE_KEY_TOO_BIG.

◆ CheckBuiltinCryptoMode()

void CheckBuiltinCryptoMode ( void  )

Definition at line 835 of file openssl.c.

836{
838 return;
839
842 errmsg("use of built-in crypto functions is disabled"));
843
845
846 if (CheckFIPSMode() == true)
848 errmsg("use of non-FIPS validated crypto not allowed when OpenSSL is in FIPS mode"));
849}
#define Assert(condition)
Definition: c.h:815
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
bool CheckFIPSMode(void)
Definition: openssl.c:805
int builtin_crypto_enabled
Definition: pgcrypto.c:59
@ BC_ON
Definition: px.h:94
@ BC_OFF
Definition: px.h:95
@ BC_FIPS
Definition: px.h:96

References Assert, BC_FIPS, BC_OFF, BC_ON, builtin_crypto_enabled, CheckFIPSMode(), ereport, errmsg(), and ERROR.

Referenced by px_crypt(), and px_gen_salt().

◆ CheckFIPSMode()

bool CheckFIPSMode ( void  )

Definition at line 805 of file openssl.c.

806{
807 int fips_enabled = 0;
808
809 /*
810 * EVP_default_properties_is_fips_enabled was added in OpenSSL 3.0, before
811 * that FIPS_mode() was used to test for FIPS being enabled. The last
812 * upstream OpenSSL version before 3.0 which supported FIPS was 1.0.2, but
813 * there are forks of 1.1.1 which are FIPS validated so we still need to
814 * test with FIPS_mode() even though we don't support 1.0.2.
815 */
816 fips_enabled =
817#if OPENSSL_VERSION_NUMBER >= 0x30000000L
818 EVP_default_properties_is_fips_enabled(NULL);
819#else
820 FIPS_mode();
821#endif
822
823 return (fips_enabled == 1);
824}

Referenced by CheckBuiltinCryptoMode(), and pg_check_fipsmode().

◆ digest_block_size()

static unsigned digest_block_size ( PX_MD h)
static

Definition at line 111 of file openssl.c.

112{
113 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
114 int result = EVP_MD_CTX_block_size(digest->ctx);
115
116 if (result < 0)
117 elog(ERROR, "EVP_MD_CTX_block_size() failed");
118
119 return result;
120}
#define elog(elevel,...)
Definition: elog.h:225
EVP_MD_CTX * ctx
Definition: openssl.c:60
union px_digest::@8 p
void * ptr
Definition: px.h:119

References OSSLDigest::ctx, elog, ERROR, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_finish()

static void digest_finish ( PX_MD h,
uint8 dst 
)
static

Definition at line 141 of file openssl.c.

142{
143 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
144
145 if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
146 elog(ERROR, "EVP_DigestFinal_ex() failed");
147}
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:76

References OSSLDigest::ctx, elog, ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_free()

static void digest_free ( PX_MD h)
static

Definition at line 150 of file openssl.c.

151{
152 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
153
154 free_openssl_digest(digest);
155 pfree(h);
156}
void pfree(void *pointer)
Definition: mcxt.c:1521
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:90

References free_openssl_digest(), px_digest::p, pfree(), and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_reset()

static void digest_reset ( PX_MD h)
static

Definition at line 123 of file openssl.c.

124{
125 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
126
127 if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
128 elog(ERROR, "EVP_DigestInit_ex() failed");
129}
const EVP_MD * algo
Definition: openssl.c:59

References OSSLDigest::algo, OSSLDigest::ctx, elog, ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_result_size()

static unsigned digest_result_size ( PX_MD h)
static

Definition at line 99 of file openssl.c.

100{
101 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
102 int result = EVP_MD_CTX_size(digest->ctx);
103
104 if (result < 0)
105 elog(ERROR, "EVP_MD_CTX_size() failed");
106
107 return result;
108}

References OSSLDigest::ctx, elog, ERROR, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_update()

static void digest_update ( PX_MD h,
const uint8 data,
unsigned  dlen 
)
static

Definition at line 132 of file openssl.c.

133{
134 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
135
136 if (!EVP_DigestUpdate(digest->ctx, data, dlen))
137 elog(ERROR, "EVP_DigestUpdate() failed");
138}

References OSSLDigest::ctx, data, elog, ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ free_openssl_cipher()

static void free_openssl_cipher ( OSSLCipher od)
static

Definition at line 292 of file openssl.c.

293{
294 EVP_CIPHER_CTX_free(od->evp_ctx);
295 if (od->owner != NULL)
297 pfree(od);
298}
static void ResourceOwnerForgetOSSLCipher(ResourceOwner owner, OSSLCipher *od)
Definition: openssl.c:286
ResourceOwner owner
Definition: openssl.c:264
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:256

References OSSLCipher::evp_ctx, OSSLCipher::owner, pfree(), and ResourceOwnerForgetOSSLCipher().

Referenced by gen_ossl_free(), and ResOwnerReleaseOSSLCipher().

◆ free_openssl_digest()

static void free_openssl_digest ( OSSLDigest digest)
static

Definition at line 90 of file openssl.c.

91{
92 EVP_MD_CTX_destroy(digest->ctx);
93 if (digest->owner != NULL)
94 ResourceOwnerForgetOSSLDigest(digest->owner, digest);
95 pfree(digest);
96}
static void ResourceOwnerForgetOSSLDigest(ResourceOwner owner, OSSLDigest *digest)
Definition: openssl.c:84
ResourceOwner owner
Definition: openssl.c:62

References OSSLDigest::ctx, OSSLDigest::owner, pfree(), and ResourceOwnerForgetOSSLDigest().

Referenced by digest_free(), and ResOwnerReleaseOSSLDigest().

◆ gen_ossl_block_size()

static unsigned gen_ossl_block_size ( PX_Cipher c)
static

Definition at line 303 of file openssl.c.

304{
305 OSSLCipher *od = (OSSLCipher *) c->ptr;
306
307 return od->ciph->block_size;
308}
const struct ossl_cipher * ciph
Definition: openssl.c:262
int block_size
Definition: openssl.c:243

References ossl_cipher::block_size, and OSSLCipher::ciph.

Referenced by bf_init(), ossl_aes_init(), ossl_cast_init(), ossl_des3_init(), ossl_des_init(), and px_find_cipher().

◆ gen_ossl_decrypt()

static int gen_ossl_decrypt ( PX_Cipher c,
int  padding,
const uint8 data,
unsigned  dlen,
uint8 res,
unsigned *  rlen 
)
static

Definition at line 338 of file openssl.c.

340{
341 OSSLCipher *od = c->ptr;
342 int outlen,
343 outlen2;
344
345 if (!od->init)
346 {
347 if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
348 return PXE_CIPHER_INIT;
349 if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
350 return PXE_CIPHER_INIT;
351 if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
352 return PXE_CIPHER_INIT;
353 if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
354 return PXE_CIPHER_INIT;
355 od->init = true;
356 }
357
358 if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
359 return PXE_DECRYPT_FAILED;
360 if (!EVP_DecryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
361 return PXE_DECRYPT_FAILED;
362 *rlen = outlen + outlen2;
363
364 return 0;
365}
#define PXE_DECRYPT_FAILED
Definition: px.h:64
#define PXE_CIPHER_INIT
Definition: px.h:54
unsigned init
Definition: openssl.c:261
const EVP_CIPHER * evp_ciph
Definition: openssl.c:257

References data, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, PXE_CIPHER_INIT, PXE_DECRYPT_FAILED, and res.

Referenced by px_find_cipher().

◆ gen_ossl_encrypt()

static int gen_ossl_encrypt ( PX_Cipher c,
int  padding,
const uint8 data,
unsigned  dlen,
uint8 res,
unsigned *  rlen 
)
static

Definition at line 368 of file openssl.c.

370{
371 OSSLCipher *od = c->ptr;
372 int outlen,
373 outlen2;
374
375 if (!od->init)
376 {
377 if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
378 return PXE_CIPHER_INIT;
379 if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
380 return PXE_CIPHER_INIT;
381 if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
382 return PXE_CIPHER_INIT;
383 if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
384 return PXE_CIPHER_INIT;
385 od->init = true;
386 }
387
388 if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
389 return PXE_ENCRYPT_FAILED;
390 if (!EVP_EncryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
391 return PXE_ENCRYPT_FAILED;
392 *rlen = outlen + outlen2;
393
394 return 0;
395}
#define PXE_ENCRYPT_FAILED
Definition: px.h:65

References data, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, PXE_CIPHER_INIT, PXE_ENCRYPT_FAILED, and res.

Referenced by px_find_cipher().

◆ gen_ossl_free()

static void gen_ossl_free ( PX_Cipher c)
static

Definition at line 329 of file openssl.c.

330{
331 OSSLCipher *od = (OSSLCipher *) c->ptr;
332
334 pfree(c);
335}
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:292

References free_openssl_cipher(), and pfree().

Referenced by px_find_cipher().

◆ gen_ossl_iv_size()

static unsigned gen_ossl_iv_size ( PX_Cipher c)
static

Definition at line 319 of file openssl.c.

320{
321 unsigned ivlen;
322 OSSLCipher *od = (OSSLCipher *) c->ptr;
323
324 ivlen = od->ciph->block_size;
325 return ivlen;
326}

References ossl_cipher::block_size, and OSSLCipher::ciph.

Referenced by px_find_cipher().

◆ gen_ossl_key_size()

static unsigned gen_ossl_key_size ( PX_Cipher c)
static

Definition at line 311 of file openssl.c.

312{
313 OSSLCipher *od = (OSSLCipher *) c->ptr;
314
315 return od->ciph->max_key_size;
316}
int max_key_size
Definition: openssl.c:244

References OSSLCipher::ciph, and ossl_cipher::max_key_size.

Referenced by px_find_cipher().

◆ ossl_aes_cbc_init()

static int ossl_aes_cbc_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 591 of file openssl.c.

592{
593 OSSLCipher *od = c->ptr;
594 int err;
595
596 err = ossl_aes_init(c, key, klen, iv);
597 if (err)
598 return err;
599
600 switch (od->klen)
601 {
602 case 128 / 8:
603 od->evp_ciph = EVP_aes_128_cbc();
604 break;
605 case 192 / 8:
606 od->evp_ciph = EVP_aes_192_cbc();
607 break;
608 case 256 / 8:
609 od->evp_ciph = EVP_aes_256_cbc();
610 break;
611 default:
612 /* shouldn't happen */
614 break;
615 }
616
617 return err;
618}
void err(int eval, const char *fmt,...)
Definition: err.c:43
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:536

References err(), OSSLCipher::evp_ciph, sort-test::key, OSSLCipher::klen, ossl_aes_init(), and PXE_CIPHER_INIT.

◆ ossl_aes_ecb_init()

static int ossl_aes_ecb_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 561 of file openssl.c.

562{
563 OSSLCipher *od = c->ptr;
564 int err;
565
566 err = ossl_aes_init(c, key, klen, iv);
567 if (err)
568 return err;
569
570 switch (od->klen)
571 {
572 case 128 / 8:
573 od->evp_ciph = EVP_aes_128_ecb();
574 break;
575 case 192 / 8:
576 od->evp_ciph = EVP_aes_192_ecb();
577 break;
578 case 256 / 8:
579 od->evp_ciph = EVP_aes_256_ecb();
580 break;
581 default:
582 /* shouldn't happen */
584 break;
585 }
586
587 return err;
588}

References err(), OSSLCipher::evp_ciph, sort-test::key, OSSLCipher::klen, ossl_aes_init(), and PXE_CIPHER_INIT.

◆ ossl_aes_init()

static int ossl_aes_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 536 of file openssl.c.

537{
538 OSSLCipher *od = c->ptr;
539 unsigned bs = gen_ossl_block_size(c);
540
541 if (klen <= 128 / 8)
542 od->klen = 128 / 8;
543 else if (klen <= 192 / 8)
544 od->klen = 192 / 8;
545 else if (klen <= 256 / 8)
546 od->klen = 256 / 8;
547 else
548 return PXE_KEY_TOO_BIG;
549
550 memcpy(od->key, key, klen);
551
552 if (iv)
553 memcpy(od->iv, iv, bs);
554 else
555 memset(od->iv, 0, bs);
556
557 return 0;
558}

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, OSSLCipher::klen, and PXE_KEY_TOO_BIG.

Referenced by ossl_aes_cbc_init(), and ossl_aes_ecb_init().

◆ ossl_cast_init()

static int ossl_cast_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 518 of file openssl.c.

519{
520 OSSLCipher *od = c->ptr;
521 unsigned bs = gen_ossl_block_size(c);
522
523 od->klen = klen;
524 memcpy(od->key, key, klen);
525
526 if (iv)
527 memcpy(od->iv, iv, bs);
528 else
529 memset(od->iv, 0, bs);
530 return 0;
531}

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ ossl_des3_init()

static int ossl_des3_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 499 of file openssl.c.

500{
501 OSSLCipher *od = c->ptr;
502 unsigned bs = gen_ossl_block_size(c);
503
504 od->klen = 24;
505 memset(od->key, 0, 24);
506 memcpy(od->key, key, klen > 24 ? 24 : klen);
507
508 if (iv)
509 memcpy(od->iv, iv, bs);
510 else
511 memset(od->iv, 0, bs);
512 return 0;
513}

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ ossl_des_init()

static int ossl_des_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 480 of file openssl.c.

481{
482 OSSLCipher *od = c->ptr;
483 unsigned bs = gen_ossl_block_size(c);
484
485 od->klen = 8;
486 memset(od->key, 0, 8);
487 memcpy(od->key, key, klen > 8 ? 8 : klen);
488
489 if (iv)
490 memcpy(od->iv, iv, bs);
491 else
492 memset(od->iv, 0, bs);
493 return 0;
494}

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ px_find_cipher()

int px_find_cipher ( const char *  name,
PX_Cipher **  res 
)

Definition at line 737 of file openssl.c.

738{
739 const struct ossl_cipher_lookup *i;
740 PX_Cipher *c = NULL;
741 EVP_CIPHER_CTX *ctx;
742 OSSLCipher *od;
743
745 for (i = ossl_cipher_types; i->name; i++)
746 if (strcmp(i->name, name) == 0)
747 break;
748 if (i->name == NULL)
749 return PXE_NO_CIPHER;
750
752
753 /*
754 * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
755 * The order is crucial, to make sure we don't leak anything on
756 * out-of-memory or other error.
757 */
758 od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
759 od->ciph = i->ciph;
760
761 /* Allocate an EVP_CIPHER_CTX object. */
762 ctx = EVP_CIPHER_CTX_new();
763 if (!ctx)
764 {
765 pfree(od);
766 return PXE_CIPHER_INIT;
767 }
768
769 od->evp_ctx = ctx;
772
773 if (i->ciph->cipher_func)
774 od->evp_ciph = i->ciph->cipher_func();
775
776 /* The PX_Cipher is allocated in current memory context */
777 c = palloc(sizeof(*c));
778 c->block_size = gen_ossl_block_size;
779 c->key_size = gen_ossl_key_size;
780 c->iv_size = gen_ossl_iv_size;
781 c->free = gen_ossl_free;
782 c->init = od->ciph->init;
783 c->encrypt = gen_ossl_encrypt;
784 c->decrypt = gen_ossl_decrypt;
785 c->ptr = od;
786
787 *res = c;
788 return 0;
789}
int i
Definition: isn.c:72
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:1215
MemoryContext TopMemoryContext
Definition: mcxt.c:149
void * palloc(Size size)
Definition: mcxt.c:1317
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:311
static int gen_ossl_encrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:368
static int gen_ossl_decrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:338
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:329
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:319
static PX_Alias ossl_aliases[]
Definition: openssl.c:624
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:719
static void ResourceOwnerRememberOSSLCipher(ResourceOwner owner, OSSLCipher *od)
Definition: openssl.c:281
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:129
#define PXE_NO_CIPHER
Definition: px.h:49
ResourceOwner CurrentResourceOwner
Definition: resowner.c:165
void ResourceOwnerEnlarge(ResourceOwner owner)
Definition: resowner.c:442
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:241
Definition: px.h:149
const char * name

References OSSLCipher::ciph, CurrentResourceOwner, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, gen_ossl_block_size(), gen_ossl_decrypt(), gen_ossl_encrypt(), gen_ossl_free(), gen_ossl_iv_size(), gen_ossl_key_size(), i, ossl_cipher::init, MemoryContextAllocZero(), name, ossl_aliases, ossl_cipher_types, OSSLCipher::owner, palloc(), pfree(), px_resolve_alias(), PXE_CIPHER_INIT, PXE_NO_CIPHER, res, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLCipher(), and TopMemoryContext.

Referenced by pgp_load_cipher(), and px_find_combo().

◆ px_find_digest()

int px_find_digest ( const char *  name,
PX_MD **  res 
)

Definition at line 161 of file openssl.c.

162{
163 const EVP_MD *md;
164 EVP_MD_CTX *ctx;
165 PX_MD *h;
166 OSSLDigest *digest;
167
168 md = EVP_get_digestbyname(name);
169 if (md == NULL)
170 return PXE_NO_HASH;
171
173
174 /*
175 * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
176 * The order is crucial, to make sure we don't leak anything on
177 * out-of-memory or other error.
178 */
179 digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
180
181 ctx = EVP_MD_CTX_create();
182 if (!ctx)
183 {
184 pfree(digest);
185 return PXE_CIPHER_INIT;
186 }
187 if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
188 {
189 EVP_MD_CTX_destroy(ctx);
190 pfree(digest);
191 return PXE_CIPHER_INIT;
192 }
193
194 digest->algo = md;
195 digest->ctx = ctx;
196 digest->owner = CurrentResourceOwner;
197 ResourceOwnerRememberOSSLDigest(digest->owner, digest);
198
199 /* The PX_MD object is allocated in the current memory context. */
200 h = palloc(sizeof(*h));
203 h->reset = digest_reset;
206 h->free = digest_free;
207 h->p.ptr = digest;
208
209 *res = h;
210 return 0;
211}
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:1181
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:132
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:99
static void ResourceOwnerRememberOSSLDigest(ResourceOwner owner, OSSLDigest *digest)
Definition: openssl.c:79
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:141
static void digest_reset(PX_MD *h)
Definition: openssl.c:123
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:111
static void digest_free(PX_MD *h)
Definition: openssl.c:150
#define PXE_NO_HASH
Definition: px.h:48
Definition: px.h:108
void(* free)(PX_MD *h)
Definition: px.h:114
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:112
unsigned(* result_size)(PX_MD *h)
Definition: px.h:109
void(* reset)(PX_MD *h)
Definition: px.h:111
unsigned(* block_size)(PX_MD *h)
Definition: px.h:110
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:113

References OSSLDigest::algo, px_digest::block_size, OSSLDigest::ctx, CurrentResourceOwner, digest_block_size(), digest_finish(), digest_free(), digest_reset(), digest_result_size(), digest_update(), px_digest::finish, px_digest::free, MemoryContextAlloc(), name, OSSLDigest::owner, px_digest::p, palloc(), pfree(), px_digest::ptr, PXE_CIPHER_INIT, PXE_NO_HASH, res, px_digest::reset, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLDigest(), px_digest::result_size, TopMemoryContext, and px_digest::update.

Referenced by pg_digest(), pgp_load_digest(), px_crypt_md5(), and px_find_hmac().

◆ ResourceOwnerForgetOSSLCipher()

static void ResourceOwnerForgetOSSLCipher ( ResourceOwner  owner,
OSSLCipher od 
)
inlinestatic

Definition at line 286 of file openssl.c.

287{
289}
static const ResourceOwnerDesc osslcipher_resowner_desc
Definition: openssl.c:270
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:327
void ResourceOwnerForget(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:554

References osslcipher_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by free_openssl_cipher().

◆ ResourceOwnerForgetOSSLDigest()

static void ResourceOwnerForgetOSSLDigest ( ResourceOwner  owner,
OSSLDigest digest 
)
inlinestatic

Definition at line 84 of file openssl.c.

85{
87}
static const ResourceOwnerDesc ossldigest_resowner_desc
Definition: openssl.c:68

References ossldigest_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by free_openssl_digest().

◆ ResourceOwnerRememberOSSLCipher()

static void ResourceOwnerRememberOSSLCipher ( ResourceOwner  owner,
OSSLCipher od 
)
inlinestatic

Definition at line 281 of file openssl.c.

282{
284}
void ResourceOwnerRemember(ResourceOwner owner, Datum value, const ResourceOwnerDesc *kind)
Definition: resowner.c:514

References osslcipher_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by px_find_cipher().

◆ ResourceOwnerRememberOSSLDigest()

static void ResourceOwnerRememberOSSLDigest ( ResourceOwner  owner,
OSSLDigest digest 
)
inlinestatic

Definition at line 79 of file openssl.c.

References ossldigest_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by px_find_digest().

◆ ResOwnerReleaseOSSLCipher()

static void ResOwnerReleaseOSSLCipher ( Datum  res)
static

Definition at line 794 of file openssl.c.

795{
797}
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:317

References DatumGetPointer(), free_openssl_cipher(), and res.

◆ ResOwnerReleaseOSSLDigest()

static void ResOwnerReleaseOSSLDigest ( Datum  res)
static

Definition at line 216 of file openssl.c.

217{
219
220 digest->owner = NULL;
221 free_openssl_digest(digest);
222}

References DatumGetPointer(), free_openssl_digest(), OSSLDigest::owner, and res.

Variable Documentation

◆ ossl_aes_cbc

const struct ossl_cipher ossl_aes_cbc
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:591

Definition at line 703 of file openssl.c.

◆ ossl_aes_ecb

const struct ossl_cipher ossl_aes_ecb
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:561

Definition at line 696 of file openssl.c.

◆ ossl_aliases

PX_Alias ossl_aliases[]
static
Initial value:
= {
{"bf", "bf-cbc"},
{"blowfish", "bf-cbc"},
{"blowfish-cbc", "bf-cbc"},
{"blowfish-ecb", "bf-ecb"},
{"blowfish-cfb", "bf-cfb"},
{"des", "des-cbc"},
{"3des", "des3-cbc"},
{"3des-ecb", "des3-ecb"},
{"3des-cbc", "des3-cbc"},
{"cast5", "cast5-cbc"},
{"aes", "aes-cbc"},
{"rijndael", "aes-cbc"},
{"rijndael-cbc", "aes-cbc"},
{"rijndael-ecb", "aes-ecb"},
{NULL}
}

Definition at line 624 of file openssl.c.

Referenced by px_find_cipher().

◆ ossl_bf_cbc

const struct ossl_cipher ossl_bf_cbc
static
Initial value:
= {
EVP_bf_cbc,
64 / 8, 448 / 8
}
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:448

Definition at line 642 of file openssl.c.

◆ ossl_bf_cfb

const struct ossl_cipher ossl_bf_cfb
static
Initial value:
= {
EVP_bf_cfb,
64 / 8, 448 / 8
}

Definition at line 654 of file openssl.c.

◆ ossl_bf_ecb

const struct ossl_cipher ossl_bf_ecb
static
Initial value:
= {
EVP_bf_ecb,
64 / 8, 448 / 8
}

Definition at line 648 of file openssl.c.

◆ ossl_cast_cbc

const struct ossl_cipher ossl_cast_cbc
static
Initial value:
= {
EVP_cast5_cbc,
64 / 8, 128 / 8
}
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:518

Definition at line 690 of file openssl.c.

◆ ossl_cast_ecb

const struct ossl_cipher ossl_cast_ecb
static
Initial value:
= {
EVP_cast5_ecb,
64 / 8, 128 / 8
}

Definition at line 684 of file openssl.c.

◆ ossl_cipher_types

const struct ossl_cipher_lookup ossl_cipher_types[]
static
Initial value:
= {
{"bf-cbc", &ossl_bf_cbc},
{"bf-ecb", &ossl_bf_ecb},
{"bf-cfb", &ossl_bf_cfb},
{"des-ecb", &ossl_des_ecb},
{"des-cbc", &ossl_des_cbc},
{"des3-ecb", &ossl_des3_ecb},
{"des3-cbc", &ossl_des3_cbc},
{"cast5-ecb", &ossl_cast_ecb},
{"cast5-cbc", &ossl_cast_cbc},
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
{NULL}
}
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:660
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:678
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:696
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:672
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:654
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:690
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:666
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:648
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:642
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:684
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:703

Definition at line 719 of file openssl.c.

Referenced by px_find_cipher().

◆ ossl_des3_cbc

const struct ossl_cipher ossl_des3_cbc
static
Initial value:
= {
EVP_des_ede3_cbc,
64 / 8, 192 / 8
}
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:499

Definition at line 678 of file openssl.c.

◆ ossl_des3_ecb

const struct ossl_cipher ossl_des3_ecb
static
Initial value:
= {
EVP_des_ede3_ecb,
64 / 8, 192 / 8
}

Definition at line 672 of file openssl.c.

◆ ossl_des_cbc

const struct ossl_cipher ossl_des_cbc
static
Initial value:
= {
EVP_des_cbc,
64 / 8, 64 / 8
}
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:480

Definition at line 666 of file openssl.c.

◆ ossl_des_ecb

const struct ossl_cipher ossl_des_ecb
static
Initial value:
= {
EVP_des_ecb,
64 / 8, 64 / 8
}

Definition at line 660 of file openssl.c.

◆ osslcipher_resowner_desc

const ResourceOwnerDesc osslcipher_resowner_desc
static
Initial value:
=
{
.name = "pgcrypto OpenSSL cipher handle",
.release_priority = RELEASE_PRIO_FIRST,
.ReleaseResource = ResOwnerReleaseOSSLCipher,
.DebugPrint = NULL,
}
static void ResOwnerReleaseOSSLCipher(Datum res)
Definition: openssl.c:794
@ RESOURCE_RELEASE_BEFORE_LOCKS
Definition: resowner.h:54
#define RELEASE_PRIO_FIRST
Definition: resowner.h:80

Definition at line 270 of file openssl.c.

Referenced by ResourceOwnerForgetOSSLCipher(), and ResourceOwnerRememberOSSLCipher().

◆ ossldigest_resowner_desc

const ResourceOwnerDesc ossldigest_resowner_desc
static
Initial value:
=
{
.name = "pgcrypto OpenSSL digest handle",
.release_priority = RELEASE_PRIO_FIRST,
.ReleaseResource = ResOwnerReleaseOSSLDigest,
.DebugPrint = NULL,
}
static void ResOwnerReleaseOSSLDigest(Datum res)
Definition: openssl.c:216

Definition at line 68 of file openssl.c.

Referenced by ResourceOwnerForgetOSSLDigest(), and ResourceOwnerRememberOSSLDigest().