PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
openssl.c File Reference
#include "postgres.h"
#include "px.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for openssl.c:

Go to the source code of this file.

Data Structures

struct  OSSLDigest
 
struct  ossl_cipher
 
struct  OSSLCipher
 
struct  ossl_cipher_lookup
 

Macros

#define MAX_KEY   (512/8)
 
#define MAX_IV   (128/8)
 

Typedefs

typedef struct OSSLDigest OSSLDigest
 
typedef const EVP_CIPHER *(* ossl_EVP_cipher_func )(void)
 
typedef struct OSSLCipher OSSLCipher
 

Functions

static void free_openssl_digest (OSSLDigest *digest)
 
static void digest_free_callback (ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
 
static unsigned digest_result_size (PX_MD *h)
 
static unsigned digest_block_size (PX_MD *h)
 
static void digest_reset (PX_MD *h)
 
static void digest_update (PX_MD *h, const uint8 *data, unsigned dlen)
 
static void digest_finish (PX_MD *h, uint8 *dst)
 
static void digest_free (PX_MD *h)
 
int px_find_digest (const char *name, PX_MD **res)
 
static void free_openssl_cipher (OSSLCipher *od)
 
static void cipher_free_callback (ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
 
static unsigned gen_ossl_block_size (PX_Cipher *c)
 
static unsigned gen_ossl_key_size (PX_Cipher *c)
 
static unsigned gen_ossl_iv_size (PX_Cipher *c)
 
static void gen_ossl_free (PX_Cipher *c)
 
static int gen_ossl_decrypt (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
 
static int gen_ossl_encrypt (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
 
static int bf_check_supported_key_len (void)
 
static int bf_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des3_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_cast_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_ecb_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_cbc_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
int px_find_cipher (const char *name, PX_Cipher **res)
 

Variables

static OSSLDigestopen_digests = NULL
 
static bool digest_resowner_callback_registered = false
 
static int px_openssl_initialized = 0
 
static OSSLCipheropen_ciphers = NULL
 
static bool cipher_resowner_callback_registered = false
 
static PX_Alias ossl_aliases []
 
static const struct ossl_cipher ossl_bf_cbc
 
static const struct ossl_cipher ossl_bf_ecb
 
static const struct ossl_cipher ossl_bf_cfb
 
static const struct ossl_cipher ossl_des_ecb
 
static const struct ossl_cipher ossl_des_cbc
 
static const struct ossl_cipher ossl_des3_ecb
 
static const struct ossl_cipher ossl_des3_cbc
 
static const struct ossl_cipher ossl_cast_ecb
 
static const struct ossl_cipher ossl_cast_cbc
 
static const struct ossl_cipher ossl_aes_ecb
 
static const struct ossl_cipher ossl_aes_cbc
 
static const struct
ossl_cipher_lookup 
ossl_cipher_types []
 

Macro Definition Documentation

#define MAX_IV   (128/8)

Definition at line 47 of file openssl.c.

#define MAX_KEY   (512/8)

Definition at line 46 of file openssl.c.

Typedef Documentation

typedef const EVP_CIPHER*(* ossl_EVP_cipher_func)(void)

Definition at line 241 of file openssl.c.

Function Documentation

static int bf_check_supported_key_len ( void  )
static

Definition at line 416 of file openssl.c.

References OSSLCipher::evp_ctx, OSSLCipher::key, and status().

Referenced by bf_init().

417 {
418  static const uint8 key[56] = {
419  0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
420  0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
421  0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
422  0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
423  0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
424  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
425  };
426 
427  static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
428  static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
429  uint8 out[8];
430  EVP_CIPHER_CTX *evp_ctx;
431  int outlen;
432  int status = 0;
433 
434  /* encrypt with 448bits key and verify output */
435  evp_ctx = EVP_CIPHER_CTX_new();
436  if (!evp_ctx)
437  return 0;
438  if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
439  goto leave;
440  if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
441  goto leave;
442  if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
443  goto leave;
444 
445  if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
446  goto leave;
447 
448  if (memcmp(out, res, 8) != 0)
449  goto leave; /* Output does not match -> strong cipher is
450  * not supported */
451  status = 1;
452 
453 leave:
454  EVP_CIPHER_CTX_free(evp_ctx);
455  return status;
456 }
unsigned char uint8
Definition: c.h:256
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:225
static int bf_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 459 of file openssl.c.

References bf_check_supported_key_len(), gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, px_cipher::ptr, and PXE_KEY_TOO_BIG.

460 {
461  OSSLCipher *od = c->ptr;
462  unsigned bs = gen_ossl_block_size(c);
463  static int bf_is_strong = -1;
464 
465  /*
466  * Test if key len is supported. BF_set_key silently cut large keys and it
467  * could be a problem when user transfer crypted data from one server to
468  * another.
469  */
470 
471  if (bf_is_strong == -1)
472  bf_is_strong = bf_check_supported_key_len();
473 
474  if (!bf_is_strong && klen > 16)
475  return PXE_KEY_TOO_BIG;
476 
477  /* Key len is supported. We can use it. */
478  od->klen = klen;
479  memcpy(od->key, key, klen);
480 
481  if (iv)
482  memcpy(od->iv, iv, bs);
483  else
484  memset(od->iv, 0, bs);
485  return 0;
486 }
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
uint8 key[MAX_KEY]
Definition: openssl.c:266
unsigned klen
Definition: openssl.c:268
#define PXE_KEY_TOO_BIG
Definition: px.h:69
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
static int bf_check_supported_key_len(void)
Definition: openssl.c:416
uint8 iv[MAX_IV]
Definition: openssl.c:267
static void cipher_free_callback ( ResourceReleasePhase  phase,
bool  isCommit,
bool  isTopLevel,
void *  arg 
)
static

Definition at line 297 of file openssl.c.

References CurrentResourceOwner, elog, free_openssl_cipher(), next, OSSLCipher::next, open_ciphers, OSSLCipher::owner, RESOURCE_RELEASE_AFTER_LOCKS, and WARNING.

Referenced by px_find_cipher().

301 {
302  OSSLCipher *curr;
303  OSSLCipher *next;
304 
305  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
306  return;
307 
308  next = open_ciphers;
309  while (next)
310  {
311  curr = next;
312  next = curr->next;
313 
314  if (curr->owner == CurrentResourceOwner)
315  {
316  if (isCommit)
317  elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr);
318  free_openssl_cipher(curr);
319  }
320  }
321 }
static int32 next
Definition: blutils.c:210
ResourceOwner CurrentResourceOwner
Definition: resowner.c:138
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:281
static OSSLCipher * open_ciphers
Definition: openssl.c:277
struct OSSLCipher * next
Definition: openssl.c:273
#define WARNING
Definition: elog.h:40
ResourceOwner owner
Definition: openssl.c:272
#define elog
Definition: elog.h:219
static unsigned digest_block_size ( PX_MD h)
static

Definition at line 123 of file openssl.c.

References OSSLDigest::ctx, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

124 {
125  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
126 
127  return EVP_MD_CTX_block_size(digest->ctx);
128 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
union px_digest::@13 p
static void digest_finish ( PX_MD h,
uint8 dst 
)
static

Definition at line 147 of file openssl.c.

References OSSLDigest::ctx, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

148 {
149  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
150 
151  EVP_DigestFinal_ex(digest->ctx, dst, NULL);
152 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
union px_digest::@13 p
static void digest_free ( PX_MD h)
static

Definition at line 155 of file openssl.c.

References free_openssl_digest(), px_digest::p, px_digest::ptr, and px_free.

Referenced by px_find_digest().

156 {
157  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
158 
159  free_openssl_digest(digest);
160  px_free(h);
161 }
void * ptr
Definition: px.h:125
#define px_free(p)
Definition: px.h:46
union px_digest::@13 p
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:72
static void digest_free_callback ( ResourceReleasePhase  phase,
bool  isCommit,
bool  isTopLevel,
void *  arg 
)
static

Definition at line 88 of file openssl.c.

References CurrentResourceOwner, elog, free_openssl_digest(), OSSLDigest::next, next, open_digests, OSSLDigest::owner, RESOURCE_RELEASE_AFTER_LOCKS, and WARNING.

Referenced by px_find_digest().

92 {
93  OSSLDigest *curr;
95 
96  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
97  return;
98 
99  next = open_digests;
100  while (next)
101  {
102  curr = next;
103  next = curr->next;
104 
105  if (curr->owner == CurrentResourceOwner)
106  {
107  if (isCommit)
108  elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
109  free_openssl_digest(curr);
110  }
111  }
112 }
ResourceOwner owner
Definition: openssl.c:63
static int32 next
Definition: blutils.c:210
ResourceOwner CurrentResourceOwner
Definition: resowner.c:138
static OSSLDigest * open_digests
Definition: openssl.c:68
struct OSSLDigest * next
Definition: openssl.c:64
#define WARNING
Definition: elog.h:40
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:72
#define elog
Definition: elog.h:219
static void digest_reset ( PX_MD h)
static

Definition at line 131 of file openssl.c.

References OSSLDigest::algo, OSSLDigest::ctx, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

132 {
133  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
134 
135  EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
136 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
const EVP_MD * algo
Definition: openssl.c:60
union px_digest::@13 p
static unsigned digest_result_size ( PX_MD h)
static

Definition at line 115 of file openssl.c.

References OSSLDigest::ctx, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

116 {
117  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
118 
119  return EVP_MD_CTX_size(digest->ctx);
120 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
union px_digest::@13 p
static void digest_update ( PX_MD h,
const uint8 data,
unsigned  dlen 
)
static

Definition at line 139 of file openssl.c.

References OSSLDigest::ctx, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

140 {
141  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
142 
143  EVP_DigestUpdate(digest->ctx, data, dlen);
144 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
union px_digest::@13 p
static void free_openssl_cipher ( OSSLCipher od)
static

Definition at line 281 of file openssl.c.

References OSSLCipher::evp_ctx, OSSLCipher::next, pfree(), and OSSLCipher::prev.

Referenced by cipher_free_callback(), and gen_ossl_free().

282 {
283  EVP_CIPHER_CTX_free(od->evp_ctx);
284  if (od->prev)
285  od->prev->next = od->next;
286  else
287  open_ciphers = od->next;
288  if (od->next)
289  od->next->prev = od->prev;
290  pfree(od);
291 }
struct OSSLCipher * prev
Definition: openssl.c:274
static OSSLCipher * open_ciphers
Definition: openssl.c:277
struct OSSLCipher * next
Definition: openssl.c:273
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:264
void pfree(void *pointer)
Definition: mcxt.c:949
static void free_openssl_digest ( OSSLDigest digest)
static

Definition at line 72 of file openssl.c.

References OSSLDigest::ctx, OSSLDigest::next, pfree(), and OSSLDigest::prev.

Referenced by digest_free(), and digest_free_callback().

73 {
74  EVP_MD_CTX_destroy(digest->ctx);
75  if (digest->prev)
76  digest->prev->next = digest->next;
77  else
78  open_digests = digest->next;
79  if (digest->next)
80  digest->next->prev = digest->prev;
81  pfree(digest);
82 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void pfree(void *pointer)
Definition: mcxt.c:949
struct OSSLDigest * prev
Definition: openssl.c:65
static OSSLDigest * open_digests
Definition: openssl.c:68
struct OSSLDigest * next
Definition: openssl.c:64
static unsigned gen_ossl_block_size ( PX_Cipher c)
static

Definition at line 326 of file openssl.c.

References ossl_cipher::block_size, OSSLCipher::ciph, and px_cipher::ptr.

Referenced by bf_init(), ossl_aes_init(), ossl_cast_init(), ossl_des3_init(), ossl_des_init(), and px_find_cipher().

327 {
328  OSSLCipher *od = (OSSLCipher *) c->ptr;
329 
330  return od->ciph->block_size;
331 }
void * ptr
Definition: px.h:165
int block_size
Definition: openssl.c:250
const struct ossl_cipher * ciph
Definition: openssl.c:270
static int gen_ossl_decrypt ( PX_Cipher c,
const uint8 data,
unsigned  dlen,
uint8 res 
)
static

Definition at line 361 of file openssl.c.

References OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, px_cipher::ptr, PXE_CIPHER_INIT, and PXE_DECRYPT_FAILED.

Referenced by px_find_cipher().

363 {
364  OSSLCipher *od = c->ptr;
365  int outlen;
366 
367  if (!od->init)
368  {
369  if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
370  return PXE_CIPHER_INIT;
371  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
372  return PXE_CIPHER_INIT;
373  if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
374  return PXE_CIPHER_INIT;
375  od->init = true;
376  }
377 
378  if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
379  return PXE_DECRYPT_FAILED;
380 
381  return 0;
382 }
unsigned init
Definition: openssl.c:269
#define PXE_DECRYPT_FAILED
Definition: px.h:79
void * ptr
Definition: px.h:165
uint8 key[MAX_KEY]
Definition: openssl.c:266
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:264
unsigned klen
Definition: openssl.c:268
#define PXE_CIPHER_INIT
Definition: px.h:70
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
uint8 iv[MAX_IV]
Definition: openssl.c:267
static int gen_ossl_encrypt ( PX_Cipher c,
const uint8 data,
unsigned  dlen,
uint8 res 
)
static

Definition at line 385 of file openssl.c.

References OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, px_cipher::ptr, PXE_CIPHER_INIT, and PXE_ERR_GENERIC.

Referenced by px_find_cipher().

387 {
388  OSSLCipher *od = c->ptr;
389  int outlen;
390 
391  if (!od->init)
392  {
393  if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
394  return PXE_CIPHER_INIT;
395  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
396  return PXE_CIPHER_INIT;
397  if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
398  return PXE_CIPHER_INIT;
399  od->init = true;
400  }
401 
402  if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
403  return PXE_ERR_GENERIC;
404 
405  return 0;
406 }
unsigned init
Definition: openssl.c:269
void * ptr
Definition: px.h:165
uint8 key[MAX_KEY]
Definition: openssl.c:266
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:264
unsigned klen
Definition: openssl.c:268
#define PXE_CIPHER_INIT
Definition: px.h:70
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
uint8 iv[MAX_IV]
Definition: openssl.c:267
#define PXE_ERR_GENERIC
Definition: px.h:63
static void gen_ossl_free ( PX_Cipher c)
static

Definition at line 352 of file openssl.c.

References free_openssl_cipher(), px_cipher::ptr, and px_free.

Referenced by px_find_cipher().

353 {
354  OSSLCipher *od = (OSSLCipher *) c->ptr;
355 
357  px_free(c);
358 }
#define px_free(p)
Definition: px.h:46
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:281
void * ptr
Definition: px.h:165
static unsigned gen_ossl_iv_size ( PX_Cipher c)
static

Definition at line 342 of file openssl.c.

References ossl_cipher::block_size, OSSLCipher::ciph, and px_cipher::ptr.

Referenced by px_find_cipher().

343 {
344  unsigned ivlen;
345  OSSLCipher *od = (OSSLCipher *) c->ptr;
346 
347  ivlen = od->ciph->block_size;
348  return ivlen;
349 }
void * ptr
Definition: px.h:165
int block_size
Definition: openssl.c:250
const struct ossl_cipher * ciph
Definition: openssl.c:270
static unsigned gen_ossl_key_size ( PX_Cipher c)
static

Definition at line 334 of file openssl.c.

References OSSLCipher::ciph, ossl_cipher::max_key_size, and px_cipher::ptr.

Referenced by px_find_cipher().

335 {
336  OSSLCipher *od = (OSSLCipher *) c->ptr;
337 
338  return od->ciph->max_key_size;
339 }
int max_key_size
Definition: openssl.c:251
void * ptr
Definition: px.h:165
const struct ossl_cipher * ciph
Definition: openssl.c:270
static int ossl_aes_cbc_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 602 of file openssl.c.

References OSSLCipher::evp_ciph, OSSLCipher::klen, ossl_aes_init(), px_cipher::ptr, and PXE_CIPHER_INIT.

603 {
604  OSSLCipher *od = c->ptr;
605  int err;
606 
607  err = ossl_aes_init(c, key, klen, iv);
608  if (err)
609  return err;
610 
611  switch (od->klen)
612  {
613  case 128 / 8:
614  od->evp_ciph = EVP_aes_128_cbc();
615  break;
616  case 192 / 8:
617  od->evp_ciph = EVP_aes_192_cbc();
618  break;
619  case 256 / 8:
620  od->evp_ciph = EVP_aes_256_cbc();
621  break;
622  default:
623  /* shouldn't happen */
624  err = PXE_CIPHER_INIT;
625  break;
626  }
627 
628  return err;
629 }
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:547
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
unsigned klen
Definition: openssl.c:268
#define PXE_CIPHER_INIT
Definition: px.h:70
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
static int ossl_aes_ecb_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 572 of file openssl.c.

References OSSLCipher::evp_ciph, OSSLCipher::klen, ossl_aes_init(), px_cipher::ptr, and PXE_CIPHER_INIT.

573 {
574  OSSLCipher *od = c->ptr;
575  int err;
576 
577  err = ossl_aes_init(c, key, klen, iv);
578  if (err)
579  return err;
580 
581  switch (od->klen)
582  {
583  case 128 / 8:
584  od->evp_ciph = EVP_aes_128_ecb();
585  break;
586  case 192 / 8:
587  od->evp_ciph = EVP_aes_192_ecb();
588  break;
589  case 256 / 8:
590  od->evp_ciph = EVP_aes_256_ecb();
591  break;
592  default:
593  /* shouldn't happen */
594  err = PXE_CIPHER_INIT;
595  break;
596  }
597 
598  return err;
599 }
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:547
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
unsigned klen
Definition: openssl.c:268
#define PXE_CIPHER_INIT
Definition: px.h:70
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
static int ossl_aes_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 547 of file openssl.c.

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, px_cipher::ptr, and PXE_KEY_TOO_BIG.

Referenced by ossl_aes_cbc_init(), and ossl_aes_ecb_init().

548 {
549  OSSLCipher *od = c->ptr;
550  unsigned bs = gen_ossl_block_size(c);
551 
552  if (klen <= 128 / 8)
553  od->klen = 128 / 8;
554  else if (klen <= 192 / 8)
555  od->klen = 192 / 8;
556  else if (klen <= 256 / 8)
557  od->klen = 256 / 8;
558  else
559  return PXE_KEY_TOO_BIG;
560 
561  memcpy(od->key, key, klen);
562 
563  if (iv)
564  memcpy(od->iv, iv, bs);
565  else
566  memset(od->iv, 0, bs);
567 
568  return 0;
569 }
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
uint8 key[MAX_KEY]
Definition: openssl.c:266
unsigned klen
Definition: openssl.c:268
#define PXE_KEY_TOO_BIG
Definition: px.h:69
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
uint8 iv[MAX_IV]
Definition: openssl.c:267
static int ossl_cast_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 529 of file openssl.c.

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, and px_cipher::ptr.

530 {
531  OSSLCipher *od = c->ptr;
532  unsigned bs = gen_ossl_block_size(c);
533 
534  od->klen = klen;
535  memcpy(od->key, key, klen);
536 
537  if (iv)
538  memcpy(od->iv, iv, bs);
539  else
540  memset(od->iv, 0, bs);
541  return 0;
542 }
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
uint8 key[MAX_KEY]
Definition: openssl.c:266
unsigned klen
Definition: openssl.c:268
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
uint8 iv[MAX_IV]
Definition: openssl.c:267
static int ossl_des3_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 510 of file openssl.c.

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, and px_cipher::ptr.

511 {
512  OSSLCipher *od = c->ptr;
513  unsigned bs = gen_ossl_block_size(c);
514 
515  od->klen = 24;
516  memset(od->key, 0, 24);
517  memcpy(od->key, key, klen > 24 ? 24 : klen);
518 
519  if (iv)
520  memcpy(od->iv, iv, bs);
521  else
522  memset(od->iv, 0, bs);
523  return 0;
524 }
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
uint8 key[MAX_KEY]
Definition: openssl.c:266
unsigned klen
Definition: openssl.c:268
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
uint8 iv[MAX_IV]
Definition: openssl.c:267
static int ossl_des_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 491 of file openssl.c.

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, and px_cipher::ptr.

492 {
493  OSSLCipher *od = c->ptr;
494  unsigned bs = gen_ossl_block_size(c);
495 
496  od->klen = 8;
497  memset(od->key, 0, 8);
498  memcpy(od->key, key, klen > 8 ? 8 : klen);
499 
500  if (iv)
501  memcpy(od->iv, iv, bs);
502  else
503  memset(od->iv, 0, bs);
504  return 0;
505 }
void * ptr
Definition: px.h:165
uint8 iv[INT_MAX_IV]
Definition: internal.c:249
uint8 key[MAX_KEY]
Definition: openssl.c:266
unsigned klen
Definition: openssl.c:268
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
uint8 iv[MAX_IV]
Definition: openssl.c:267
int px_find_cipher ( const char *  name,
PX_Cipher **  res 
)

Definition at line 748 of file openssl.c.

References px_cipher::block_size, OSSLCipher::ciph, ossl_cipher_lookup::ciph, cipher_free_callback(), ossl_cipher::cipher_func, cipher_resowner_callback_registered, CurrentResourceOwner, px_cipher::decrypt, px_cipher::encrypt, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, px_cipher::free, gen_ossl_block_size(), gen_ossl_decrypt(), gen_ossl_encrypt(), gen_ossl_free(), gen_ossl_iv_size(), gen_ossl_key_size(), i, px_cipher::init, ossl_cipher::init, px_cipher::iv_size, px_cipher::key_size, int_cipher::load, MemoryContextAllocZero(), int_cipher::name, ossl_cipher_lookup::name, OSSLCipher::next, open_ciphers, OSSLCipher::owner, pfree(), OSSLCipher::prev, px_cipher::ptr, px_alloc, px_resolve_alias(), PXE_CIPHER_INIT, PXE_NO_CIPHER, RegisterResourceReleaseCallback(), and TopMemoryContext.

749 {
750  const struct ossl_cipher_lookup *i;
751  PX_Cipher *c = NULL;
752  EVP_CIPHER_CTX *ctx;
753  OSSLCipher *od;
754 
756  for (i = ossl_cipher_types; i->name; i++)
757  if (strcmp(i->name, name) == 0)
758  break;
759  if (i->name == NULL)
760  return PXE_NO_CIPHER;
761 
763  {
766  }
767 
768  /*
769  * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
770  * The order is crucial, to make sure we don't leak anything on
771  * out-of-memory or other error.
772  */
773  od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
774  od->ciph = i->ciph;
775 
776  /* Allocate an EVP_CIPHER_CTX object. */
777  ctx = EVP_CIPHER_CTX_new();
778  if (!ctx)
779  {
780  pfree(od);
781  return PXE_CIPHER_INIT;
782  }
783 
784  od->evp_ctx = ctx;
786  od->next = open_ciphers;
787  od->prev = NULL;
788  open_ciphers = od;
789 
790  if (i->ciph->cipher_func)
791  od->evp_ciph = i->ciph->cipher_func();
792 
793  /* The PX_Cipher is allocated in current memory context */
794  c = px_alloc(sizeof(*c));
798  c->free = gen_ossl_free;
799  c->init = od->ciph->init;
802  c->ptr = od;
803 
804  *res = c;
805  return 0;
806 }
void(* free)(PX_Cipher *c)
Definition: px.h:163
unsigned(* key_size)(PX_Cipher *c)
Definition: px.h:157
static bool cipher_resowner_callback_registered
Definition: openssl.c:278
struct OSSLCipher * prev
Definition: openssl.c:274
ResourceOwner CurrentResourceOwner
Definition: resowner.c:138
static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:297
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:140
void * ptr
Definition: px.h:165
static OSSLCipher * open_ciphers
Definition: openssl.c:277
struct OSSLCipher * next
Definition: openssl.c:273
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:352
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:264
void pfree(void *pointer)
Definition: mcxt.c:949
const char * name
Definition: openssl.c:726
char * c
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:334
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: px.h:160
unsigned(* iv_size)(PX_Cipher *c)
Definition: px.h:158
MemoryContext TopMemoryContext
Definition: mcxt.c:43
int(* encrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:161
ossl_EVP_cipher_func cipher_func
Definition: openssl.c:249
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:248
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:741
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:730
static int gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:385
#define PXE_CIPHER_INIT
Definition: px.h:70
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
Definition: px.h:154
static PX_Alias ossl_aliases[]
Definition: openssl.c:635
const char * name
Definition: encode.c:521
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:342
#define px_alloc(s)
Definition: px.h:44
const struct ossl_cipher * ciph
Definition: openssl.c:727
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:779
const struct ossl_cipher * ciph
Definition: openssl.c:270
int i
#define PXE_NO_CIPHER
Definition: px.h:65
ResourceOwner owner
Definition: openssl.c:272
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
unsigned(* block_size)(PX_Cipher *c)
Definition: px.h:156
static int gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:361
int(* decrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:162
int px_find_digest ( const char *  name,
PX_MD **  res 
)

Definition at line 168 of file openssl.c.

References OSSLDigest::algo, px_digest::block_size, OSSLDigest::ctx, CurrentResourceOwner, digest_block_size(), digest_finish(), digest_free(), digest_free_callback(), digest_reset(), digest_resowner_callback_registered, digest_result_size(), digest_update(), px_digest::finish, px_digest::free, int_digest::init, MemoryContextAlloc(), int_digest::name, OSSLDigest::next, open_digests, OSSLDigest::owner, px_digest::p, pfree(), pg_strcasecmp(), OSSLDigest::prev, px_digest::ptr, px_alloc, px_openssl_initialized, PXE_NO_HASH, RegisterResourceReleaseCallback(), px_digest::reset, px_digest::result_size, TopMemoryContext, and px_digest::update.

169 {
170  const EVP_MD *md;
171  EVP_MD_CTX *ctx;
172  PX_MD *h;
173  OSSLDigest *digest;
174 
176  {
178  OpenSSL_add_all_algorithms();
179  }
180 
182  {
185  }
186 
187  md = EVP_get_digestbyname(name);
188  if (md == NULL)
189  return PXE_NO_HASH;
190 
191  /*
192  * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
193  * The order is crucial, to make sure we don't leak anything on
194  * out-of-memory or other error.
195  */
196  digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
197 
198  ctx = EVP_MD_CTX_create();
199  if (!ctx)
200  {
201  pfree(digest);
202  return -1;
203  }
204  if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
205  {
206  pfree(digest);
207  return -1;
208  }
209 
210  digest->algo = md;
211  digest->ctx = ctx;
212  digest->owner = CurrentResourceOwner;
213  digest->next = open_digests;
214  digest->prev = NULL;
215  open_digests = digest;
216 
217  /* The PX_MD object is allocated in the current memory context. */
218  h = px_alloc(sizeof(*h));
221  h->reset = digest_reset;
222  h->update = digest_update;
223  h->finish = digest_finish;
224  h->free = digest_free;
225  h->p.ptr = (void *) digest;
226 
227  *res = h;
228  return 0;
229 }
EVP_MD_CTX * ctx
Definition: openssl.c:61
void * ptr
Definition: px.h:125
ResourceOwner owner
Definition: openssl.c:63
unsigned(* result_size)(PX_MD *h)
Definition: px.h:115
static bool digest_resowner_callback_registered
Definition: openssl.c:69
ResourceOwner CurrentResourceOwner
Definition: resowner.c:138
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:118
const EVP_MD * algo
Definition: openssl.c:60
static int px_openssl_initialized
Definition: openssl.c:163
void pfree(void *pointer)
Definition: mcxt.c:949
void(* free)(PX_MD *h)
Definition: px.h:120
struct OSSLDigest * prev
Definition: openssl.c:65
Definition: px.h:113
static OSSLDigest * open_digests
Definition: openssl.c:68
static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:88
#define PXE_NO_HASH
Definition: px.h:64
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:123
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:147
MemoryContext TopMemoryContext
Definition: mcxt.c:43
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:119
static void digest_free(PX_MD *h)
Definition: openssl.c:155
struct OSSLDigest * next
Definition: openssl.c:64
union px_digest::@13 p
const char * name
Definition: encode.c:521
#define px_alloc(s)
Definition: px.h:44
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:115
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:779
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:706
void(* reset)(PX_MD *h)
Definition: px.h:117
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:139
unsigned(* block_size)(PX_MD *h)
Definition: px.h:116
static void digest_reset(PX_MD *h)
Definition: openssl.c:131

Variable Documentation

bool cipher_resowner_callback_registered = false
static

Definition at line 278 of file openssl.c.

Referenced by px_find_cipher().

bool digest_resowner_callback_registered = false
static

Definition at line 69 of file openssl.c.

Referenced by px_find_digest().

OSSLCipher* open_ciphers = NULL
static

Definition at line 277 of file openssl.c.

Referenced by cipher_free_callback(), and px_find_cipher().

OSSLDigest* open_digests = NULL
static

Definition at line 68 of file openssl.c.

Referenced by digest_free_callback(), and px_find_digest().

const struct ossl_cipher ossl_aes_cbc
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:602

Definition at line 714 of file openssl.c.

const struct ossl_cipher ossl_aes_ecb
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:572

Definition at line 707 of file openssl.c.

PX_Alias ossl_aliases[]
static
Initial value:
= {
{"bf", "bf-cbc"},
{"blowfish", "bf-cbc"},
{"blowfish-cbc", "bf-cbc"},
{"blowfish-ecb", "bf-ecb"},
{"blowfish-cfb", "bf-cfb"},
{"des", "des-cbc"},
{"3des", "des3-cbc"},
{"3des-ecb", "des3-ecb"},
{"3des-cbc", "des3-cbc"},
{"cast5", "cast5-cbc"},
{"aes", "aes-cbc"},
{"rijndael", "aes-cbc"},
{"rijndael-cbc", "aes-cbc"},
{"rijndael-ecb", "aes-ecb"},
{NULL}
}

Definition at line 635 of file openssl.c.

const struct ossl_cipher ossl_bf_cbc
static
Initial value:
= {
EVP_bf_cbc,
64 / 8, 448 / 8
}
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:459

Definition at line 653 of file openssl.c.

const struct ossl_cipher ossl_bf_cfb
static
Initial value:
= {
EVP_bf_cfb,
64 / 8, 448 / 8
}
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:459

Definition at line 665 of file openssl.c.

const struct ossl_cipher ossl_bf_ecb
static
Initial value:
= {
EVP_bf_ecb,
64 / 8, 448 / 8
}
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:459

Definition at line 659 of file openssl.c.

const struct ossl_cipher ossl_cast_cbc
static
Initial value:
= {
EVP_cast5_cbc,
64 / 8, 128 / 8
}
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:529

Definition at line 701 of file openssl.c.

const struct ossl_cipher ossl_cast_ecb
static
Initial value:
= {
EVP_cast5_ecb,
64 / 8, 128 / 8
}
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:529

Definition at line 695 of file openssl.c.

const struct ossl_cipher_lookup ossl_cipher_types[]
static
Initial value:
= {
{"bf-cbc", &ossl_bf_cbc},
{"bf-ecb", &ossl_bf_ecb},
{"bf-cfb", &ossl_bf_cfb},
{"des-ecb", &ossl_des_ecb},
{"des-cbc", &ossl_des_cbc},
{"des3-ecb", &ossl_des3_ecb},
{"des3-cbc", &ossl_des3_cbc},
{"cast5-ecb", &ossl_cast_ecb},
{"cast5-cbc", &ossl_cast_cbc},
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
{NULL}
}
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:701
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:683
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:714
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:671
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:665
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:707
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:689
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:695
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:659
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:677
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:653

Definition at line 730 of file openssl.c.

const struct ossl_cipher ossl_des3_cbc
static
Initial value:
= {
EVP_des_ede3_cbc,
64 / 8, 192 / 8
}
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:510

Definition at line 689 of file openssl.c.

const struct ossl_cipher ossl_des3_ecb
static
Initial value:
= {
EVP_des_ede3_ecb,
64 / 8, 192 / 8
}
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:510

Definition at line 683 of file openssl.c.

const struct ossl_cipher ossl_des_cbc
static
Initial value:
= {
EVP_des_cbc,
64 / 8, 64 / 8
}
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:491

Definition at line 677 of file openssl.c.

const struct ossl_cipher ossl_des_ecb
static
Initial value:
= {
EVP_des_ecb,
64 / 8, 64 / 8
}
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:491

Definition at line 671 of file openssl.c.

int px_openssl_initialized = 0
static

Definition at line 163 of file openssl.c.

Referenced by px_find_digest().