openssl.c File Reference

#include "postgres.h"
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "px.h"
#include "utils/memutils.h"
#include "utils/resowner.h"

Include dependency graph for openssl.c:

Go to the source code of this file.

Data Structures
struct	OSSLDigest
struct	ossl_cipher
struct	OSSLCipher
struct	ossl_cipher_lookup

Macros
#define	MAX_KEY   (512/8)
#define	MAX_IV   (128/8)

Typedefs
typedef struct OSSLDigest	OSSLDigest
typedef const EVP_CIPHER *(*	ossl_EVP_cipher_func) (void)
typedef struct OSSLCipher	OSSLCipher

Functions
static void	ResOwnerReleaseOSSLDigest (Datum res)
static void	ResourceOwnerRememberOSSLDigest (ResourceOwner owner, OSSLDigest *digest)
static void	ResourceOwnerForgetOSSLDigest (ResourceOwner owner, OSSLDigest *digest)
static void	free_openssl_digest (OSSLDigest *digest)
static unsigned	digest_result_size (PX_MD *h)
static unsigned	digest_block_size (PX_MD *h)
static void	digest_reset (PX_MD *h)
static void	digest_update (PX_MD *h, const uint8 *data, unsigned dlen)
static void	digest_finish (PX_MD *h, uint8 *dst)
static void	digest_free (PX_MD *h)
int	px_find_digest (const char *name, PX_MD **res)
static void	ResOwnerReleaseOSSLCipher (Datum res)
static void	ResourceOwnerRememberOSSLCipher (ResourceOwner owner, OSSLCipher *od)
static void	ResourceOwnerForgetOSSLCipher (ResourceOwner owner, OSSLCipher *od)
static void	free_openssl_cipher (OSSLCipher *od)
static unsigned	gen_ossl_block_size (PX_Cipher *c)
static unsigned	gen_ossl_key_size (PX_Cipher *c)
static unsigned	gen_ossl_iv_size (PX_Cipher *c)
static void	gen_ossl_free (PX_Cipher *c)
static int	gen_ossl_decrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
static int	gen_ossl_encrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
static int	bf_check_supported_key_len (void)
static int	bf_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_des_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_des3_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_cast_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_aes_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_aes_ecb_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_aes_cbc_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
static int	ossl_aes_cfb_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
int	px_find_cipher (const char *name, PX_Cipher **res)
bool	CheckFIPSMode (void)
void	CheckBuiltinCryptoMode (void)

Variables
static const ResourceOwnerDesc	ossldigest_resowner_desc
static const ResourceOwnerDesc	osslcipher_resowner_desc
static PX_Alias	ossl_aliases []
static const struct ossl_cipher	ossl_bf_cbc
static const struct ossl_cipher	ossl_bf_ecb
static const struct ossl_cipher	ossl_bf_cfb
static const struct ossl_cipher	ossl_des_ecb
static const struct ossl_cipher	ossl_des_cbc
static const struct ossl_cipher	ossl_des3_ecb
static const struct ossl_cipher	ossl_des3_cbc
static const struct ossl_cipher	ossl_cast_ecb
static const struct ossl_cipher	ossl_cast_cbc
static const struct ossl_cipher	ossl_aes_ecb
static const struct ossl_cipher	ossl_aes_cbc
static const struct ossl_cipher	ossl_aes_cfb
static const struct ossl_cipher_lookup	ossl_cipher_types []

Macro Definition Documentation

MAX_IV

#define MAX_IV   (128/8)

Definition at line 47 of file openssl.c.

MAX_KEY

#define MAX_KEY   (512/8)

Definition at line 46 of file openssl.c.

Typedef Documentation

ossl_EVP_cipher_func

typedef const EVP_CIPHER *(* ossl_EVP_cipher_func) (void)

Definition at line 234 of file openssl.c.

OSSLCipher

typedef struct OSSLCipher OSSLCipher

OSSLDigest

typedef struct OSSLDigest OSSLDigest

Function Documentation

bf_check_supported_key_len()

static int bf_check_supported_key_len ( void  )

static

Definition at line 405 of file openssl.c.

{
    static const uint8 key[56] = {
        0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
        0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
        0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
        0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
        0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff
    };
 
    static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
    static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
    uint8       out[8];
    EVP_CIPHER_CTX *evp_ctx;
    int         outlen;
    int         status = 0;
 
    /* encrypt with 448bits key and verify output */
    evp_ctx = EVP_CIPHER_CTX_new();
    if (!evp_ctx)
        return 0;
    if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
        goto leave;
    if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
        goto leave;
    if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
        goto leave;
 
    if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
        goto leave;
 
    if (memcmp(out, res, 8) != 0)
        goto leave;             /* Output does not match -> strong cipher is
                                 * not supported */
    status = 1;
 
leave:
    EVP_CIPHER_CTX_free(evp_ctx);
    return status;
}

References data, and fb().

Referenced by bf_init().

bf_init()

static int bf_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 448 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    unsigned    bs = gen_ossl_block_size(c);
    static int  bf_is_strong = -1;
 
    /*
     * Test if key len is supported. BF_set_key silently cut large keys and it
     * could be a problem when user transfer encrypted data from one server to
     * another.
     */
 
    if (bf_is_strong == -1)
        bf_is_strong = bf_check_supported_key_len();
 
    if (!bf_is_strong && klen > 16)
        return PXE_KEY_TOO_BIG;
 
    /* Key len is supported. We can use it. */
    od->klen = klen;
    memcpy(od->key, key, klen);
 
    if (iv)
        memcpy(od->iv, iv, bs);
    else
        memset(od->iv, 0, bs);
    return 0;
}

References bf_check_supported_key_len(), fb(), gen_ossl_block_size(), and PXE_KEY_TOO_BIG.

CheckBuiltinCryptoMode()

void CheckBuiltinCryptoMode

(

void

)

Definition at line 874 of file openssl.c.

{
    if (builtin_crypto_enabled == BC_ON)
        return;
 
    if (builtin_crypto_enabled == BC_OFF)
        ereport(ERROR,
                errmsg("use of built-in crypto functions is disabled"));
 
    Assert(builtin_crypto_enabled == BC_FIPS);
 
    if (CheckFIPSMode() == true)
        ereport(ERROR,
                errmsg("use of non-FIPS validated crypto not allowed when OpenSSL is in FIPS mode"));
}

References Assert, BC_FIPS, BC_OFF, BC_ON, builtin_crypto_enabled, CheckFIPSMode(), ereport, errmsg(), and ERROR.

Referenced by px_crypt(), and px_gen_salt().

CheckFIPSMode()

bool CheckFIPSMode

(

void

)

Definition at line 844 of file openssl.c.

{
    int         fips_enabled = 0;
 
    /*
     * EVP_default_properties_is_fips_enabled was added in OpenSSL 3.0, before
     * that FIPS_mode() was used to test for FIPS being enabled.  The last
     * upstream OpenSSL version before 3.0 which supported FIPS was 1.0.2, but
     * there are forks of 1.1.1 which are FIPS validated so we still need to
     * test with FIPS_mode() even though we don't support 1.0.2.
     */
    fips_enabled =
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
        EVP_default_properties_is_fips_enabled(NULL);
#else
        FIPS_mode();
#endif
 
    return (fips_enabled == 1);
}

References fb().

Referenced by CheckBuiltinCryptoMode(), and pg_check_fipsmode().

digest_block_size()

static unsigned digest_block_size ( PX_MD *  h )

static

Definition at line 111 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
    int         result = EVP_MD_CTX_block_size(digest->ctx);
 
    if (result < 0)
        elog(ERROR, "EVP_MD_CTX_block_size() failed");
 
    return result;
}

References elog, ERROR, fb(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

digest_finish()

static void digest_finish ( PX_MD *  h, uint8 *  dst  )

static

Definition at line 141 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
    if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
        elog(ERROR, "EVP_DigestFinal_ex() failed");
}

References elog, ERROR, fb(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

digest_free()

static void digest_free ( PX_MD *  h )

static

Definition at line 150 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
    free_openssl_digest(digest);
    pfree(h);
}

References fb(), free_openssl_digest(), px_digest::p, pfree(), and px_digest::ptr.

Referenced by px_find_digest().

digest_reset()

static void digest_reset ( PX_MD *  h )

static

Definition at line 123 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
    if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
        elog(ERROR, "EVP_DigestInit_ex() failed");
}

References elog, ERROR, fb(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

digest_result_size()

static unsigned digest_result_size ( PX_MD *  h )

static

Definition at line 99 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
    int         result = EVP_MD_CTX_size(digest->ctx);
 
    if (result < 0)
        elog(ERROR, "EVP_MD_CTX_size() failed");
 
    return result;
}

References elog, ERROR, fb(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

digest_update()

static void digest_update ( PX_MD *  h, const uint8 *  data, unsigned  dlen  )

static

Definition at line 132 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
 
    if (!EVP_DigestUpdate(digest->ctx, data, dlen))
        elog(ERROR, "EVP_DigestUpdate() failed");
}

References data, elog, ERROR, fb(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

free_openssl_cipher()

static void free_openssl_cipher ( OSSLCipher *  od )

static

Definition at line 292 of file openssl.c.

{
    EVP_CIPHER_CTX_free(od->evp_ctx);
    if (od->owner != NULL)
        ResourceOwnerForgetOSSLCipher(od->owner, od);
    pfree(od);
}

References fb(), pfree(), and ResourceOwnerForgetOSSLCipher().

Referenced by gen_ossl_free(), and ResOwnerReleaseOSSLCipher().

free_openssl_digest()

static void free_openssl_digest ( OSSLDigest *  digest )

static

Definition at line 90 of file openssl.c.

{
    EVP_MD_CTX_destroy(digest->ctx);
    if (digest->owner != NULL)
        ResourceOwnerForgetOSSLDigest(digest->owner, digest);
    pfree(digest);
}

References fb(), pfree(), and ResourceOwnerForgetOSSLDigest().

Referenced by digest_free(), and ResOwnerReleaseOSSLDigest().

gen_ossl_block_size()

static unsigned gen_ossl_block_size ( PX_Cipher *  c )

static

Definition at line 303 of file openssl.c.

{
    OSSLCipher *od = (OSSLCipher *) c->ptr;
 
    return od->ciph->block_size;
}

References fb().

Referenced by bf_init(), ossl_aes_init(), ossl_cast_init(), ossl_des3_init(), ossl_des_init(), and px_find_cipher().

gen_ossl_decrypt()

static int gen_ossl_decrypt ( PX_Cipher *  c, int  padding, const uint8 *  data, unsigned  dlen, uint8 *  res, unsigned *  rlen  )

static

Definition at line 338 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    int         outlen,
                outlen2;
 
    if (!od->init)
    {
        if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
            return PXE_CIPHER_INIT;
        if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
            return PXE_CIPHER_INIT;
        if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
            return PXE_CIPHER_INIT;
        if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
            return PXE_CIPHER_INIT;
        od->init = true;
    }
 
    if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
        return PXE_DECRYPT_FAILED;
    if (!EVP_DecryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
        return PXE_DECRYPT_FAILED;
    *rlen = outlen + outlen2;
 
    return 0;
}

References data, fb(), OSSLCipher::init, PXE_CIPHER_INIT, and PXE_DECRYPT_FAILED.

Referenced by px_find_cipher().

gen_ossl_encrypt()

static int gen_ossl_encrypt ( PX_Cipher *  c, int  padding, const uint8 *  data, unsigned  dlen, uint8 *  res, unsigned *  rlen  )

static

Definition at line 368 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    int         outlen,
                outlen2;
 
    if (!od->init)
    {
        if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
            return PXE_CIPHER_INIT;
        if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
            return PXE_CIPHER_INIT;
        if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
            return PXE_CIPHER_INIT;
        if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
            return PXE_CIPHER_INIT;
        od->init = true;
    }
 
    if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
        return PXE_ENCRYPT_FAILED;
    if (!EVP_EncryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
        return PXE_ENCRYPT_FAILED;
    *rlen = outlen + outlen2;
 
    return 0;
}

References data, fb(), OSSLCipher::init, PXE_CIPHER_INIT, and PXE_ENCRYPT_FAILED.

Referenced by px_find_cipher().

gen_ossl_free()

static void gen_ossl_free ( PX_Cipher *  c )

static

Definition at line 329 of file openssl.c.

{
    OSSLCipher *od = (OSSLCipher *) c->ptr;
 
    free_openssl_cipher(od);
    pfree(c);
}

References fb(), free_openssl_cipher(), and pfree().

Referenced by px_find_cipher().

gen_ossl_iv_size()

static unsigned gen_ossl_iv_size ( PX_Cipher *  c )

static

Definition at line 319 of file openssl.c.

{
    unsigned    ivlen;
    OSSLCipher *od = (OSSLCipher *) c->ptr;
 
    ivlen = od->ciph->block_size;
    return ivlen;
}

References fb().

Referenced by px_find_cipher().

gen_ossl_key_size()

static unsigned gen_ossl_key_size ( PX_Cipher *  c )

static

Definition at line 311 of file openssl.c.

{
    OSSLCipher *od = (OSSLCipher *) c->ptr;
 
    return od->ciph->max_key_size;
}

References fb().

Referenced by px_find_cipher().

ossl_aes_cbc_init()

static int ossl_aes_cbc_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 591 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    int         err;
 
    err = ossl_aes_init(c, key, klen, iv);
    if (err)
        return err;
 
    switch (od->klen)
    {
        case 128 / 8:
            od->evp_ciph = EVP_aes_128_cbc();
            break;
        case 192 / 8:
            od->evp_ciph = EVP_aes_192_cbc();
            break;
        case 256 / 8:
            od->evp_ciph = EVP_aes_256_cbc();
            break;
        default:
            /* shouldn't happen */
            err = PXE_CIPHER_INIT;
            break;
    }
 
    return err;
}

References err(), fb(), ossl_aes_init(), and PXE_CIPHER_INIT.

ossl_aes_cfb_init()

static int ossl_aes_cfb_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 621 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    int         err;
 
    err = ossl_aes_init(c, key, klen, iv);
    if (err)
        return err;
 
    switch (od->klen)
    {
        case 128 / 8:
            od->evp_ciph = EVP_aes_128_cfb();
            break;
        case 192 / 8:
            od->evp_ciph = EVP_aes_192_cfb();
            break;
        case 256 / 8:
            od->evp_ciph = EVP_aes_256_cfb();
            break;
        default:
            /* shouldn't happen */
            err = PXE_CIPHER_INIT;
            break;
    }
 
    return err;
}

References err(), fb(), ossl_aes_init(), and PXE_CIPHER_INIT.

ossl_aes_ecb_init()

static int ossl_aes_ecb_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 561 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    int         err;
 
    err = ossl_aes_init(c, key, klen, iv);
    if (err)
        return err;
 
    switch (od->klen)
    {
        case 128 / 8:
            od->evp_ciph = EVP_aes_128_ecb();
            break;
        case 192 / 8:
            od->evp_ciph = EVP_aes_192_ecb();
            break;
        case 256 / 8:
            od->evp_ciph = EVP_aes_256_ecb();
            break;
        default:
            /* shouldn't happen */
            err = PXE_CIPHER_INIT;
            break;
    }
 
    return err;
}

References err(), fb(), ossl_aes_init(), and PXE_CIPHER_INIT.

ossl_aes_init()

static int ossl_aes_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 536 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    unsigned    bs = gen_ossl_block_size(c);
 
    if (klen <= 128 / 8)
        od->klen = 128 / 8;
    else if (klen <= 192 / 8)
        od->klen = 192 / 8;
    else if (klen <= 256 / 8)
        od->klen = 256 / 8;
    else
        return PXE_KEY_TOO_BIG;
 
    memcpy(od->key, key, klen);
 
    if (iv)
        memcpy(od->iv, iv, bs);
    else
        memset(od->iv, 0, bs);
 
    return 0;
}

References fb(), gen_ossl_block_size(), and PXE_KEY_TOO_BIG.

Referenced by ossl_aes_cbc_init(), ossl_aes_cfb_init(), and ossl_aes_ecb_init().

ossl_cast_init()

static int ossl_cast_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 518 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    unsigned    bs = gen_ossl_block_size(c);
 
    od->klen = klen;
    memcpy(od->key, key, klen);
 
    if (iv)
        memcpy(od->iv, iv, bs);
    else
        memset(od->iv, 0, bs);
    return 0;
}

References fb(), and gen_ossl_block_size().

ossl_des3_init()

static int ossl_des3_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 499 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    unsigned    bs = gen_ossl_block_size(c);
 
    od->klen = 24;
    memset(od->key, 0, 24);
    memcpy(od->key, key, klen > 24 ? 24 : klen);
 
    if (iv)
        memcpy(od->iv, iv, bs);
    else
        memset(od->iv, 0, bs);
    return 0;
}

References fb(), and gen_ossl_block_size().

ossl_des_init()

static int ossl_des_init ( PX_Cipher *  c, const uint8 *  key, unsigned  klen, const uint8 *  iv  )

static

Definition at line 480 of file openssl.c.

{
    OSSLCipher *od = c->ptr;
    unsigned    bs = gen_ossl_block_size(c);
 
    od->klen = 8;
    memset(od->key, 0, 8);
    memcpy(od->key, key, klen > 8 ? 8 : klen);
 
    if (iv)
        memcpy(od->iv, iv, bs);
    else
        memset(od->iv, 0, bs);
    return 0;
}

References fb(), and gen_ossl_block_size().

px_find_cipher()

int px_find_cipher	(	const char *	name,
		PX_Cipher **	res
	)

Definition at line 776 of file openssl.c.

{
    const struct ossl_cipher_lookup *i;
    PX_Cipher  *c = NULL;
    EVP_CIPHER_CTX *ctx;
    OSSLCipher *od;
 
    name = px_resolve_alias(ossl_aliases, name);
    for (i = ossl_cipher_types; i->name; i++)
        if (strcmp(i->name, name) == 0)
            break;
    if (i->name == NULL)
        return PXE_NO_CIPHER;
 
    ResourceOwnerEnlarge(CurrentResourceOwner);
 
    /*
     * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
     * The order is crucial, to make sure we don't leak anything on
     * out-of-memory or other error.
     */
    od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
    od->ciph = i->ciph;
 
    /* Allocate an EVP_CIPHER_CTX object. */
    ctx = EVP_CIPHER_CTX_new();
    if (!ctx)
    {
        pfree(od);
        return PXE_CIPHER_INIT;
    }
 
    od->evp_ctx = ctx;
    od->owner = CurrentResourceOwner;
    ResourceOwnerRememberOSSLCipher(od->owner, od);
 
    if (i->ciph->cipher_func)
        od->evp_ciph = i->ciph->cipher_func();
 
    /* The PX_Cipher is allocated in current memory context */
    c = palloc_object(PX_Cipher);
    c->block_size = gen_ossl_block_size;
    c->key_size = gen_ossl_key_size;
    c->iv_size = gen_ossl_iv_size;
    c->free = gen_ossl_free;
    c->init = od->ciph->init;
    c->encrypt = gen_ossl_encrypt;
    c->decrypt = gen_ossl_decrypt;
    c->ptr = od;
 
    *res = c;
    return 0;
}

References CurrentResourceOwner, fb(), gen_ossl_block_size(), gen_ossl_decrypt(), gen_ossl_encrypt(), gen_ossl_free(), gen_ossl_iv_size(), gen_ossl_key_size(), i, MemoryContextAllocZero(), ossl_cipher_lookup::name, name, ossl_aliases, ossl_cipher_types, palloc_object, pfree(), px_resolve_alias(), PXE_CIPHER_INIT, PXE_NO_CIPHER, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLCipher(), and TopMemoryContext.

Referenced by pgp_load_cipher(), and px_find_combo().

px_find_digest()

int px_find_digest	(	const char *	name,
		PX_MD **	res
	)

Definition at line 161 of file openssl.c.

{
    const EVP_MD *md;
    EVP_MD_CTX *ctx;
    PX_MD      *h;
    OSSLDigest *digest;
 
    md = EVP_get_digestbyname(name);
    if (md == NULL)
        return PXE_NO_HASH;
 
    ResourceOwnerEnlarge(CurrentResourceOwner);
 
    /*
     * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
     * The order is crucial, to make sure we don't leak anything on
     * out-of-memory or other error.
     */
    digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
 
    ctx = EVP_MD_CTX_create();
    if (!ctx)
    {
        pfree(digest);
        return PXE_CIPHER_INIT;
    }
    if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
    {
        EVP_MD_CTX_destroy(ctx);
        pfree(digest);
        return PXE_CIPHER_INIT;
    }
 
    digest->algo = md;
    digest->ctx = ctx;
    digest->owner = CurrentResourceOwner;
    ResourceOwnerRememberOSSLDigest(digest->owner, digest);
 
    /* The PX_MD object is allocated in the current memory context. */
    h = palloc_object(PX_MD);
    h->result_size = digest_result_size;
    h->block_size = digest_block_size;
    h->reset = digest_reset;
    h->update = digest_update;
    h->finish = digest_finish;
    h->free = digest_free;
    h->p.ptr = digest;
 
    *res = h;
    return 0;
}

References px_digest::block_size, CurrentResourceOwner, digest_block_size(), digest_finish(), digest_free(), digest_reset(), digest_result_size(), digest_update(), fb(), px_digest::finish, px_digest::free, MemoryContextAlloc(), name, px_digest::p, palloc_object, pfree(), px_digest::ptr, PXE_CIPHER_INIT, PXE_NO_HASH, px_digest::reset, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLDigest(), px_digest::result_size, TopMemoryContext, and px_digest::update.

Referenced by pg_digest(), pgp_load_digest(), px_crypt_md5(), px_crypt_shacrypt(), and px_find_hmac().

ResourceOwnerForgetOSSLCipher()

static void ResourceOwnerForgetOSSLCipher ( ResourceOwner  owner, OSSLCipher *  od  )

inlinestatic

Definition at line 286 of file openssl.c.

{
    ResourceOwnerForget(owner, PointerGetDatum(od), &osslcipher_resowner_desc);
}

References fb(), osslcipher_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by free_openssl_cipher().

ResourceOwnerForgetOSSLDigest()

static void ResourceOwnerForgetOSSLDigest ( ResourceOwner  owner, OSSLDigest *  digest  )

inlinestatic

Definition at line 84 of file openssl.c.

{
    ResourceOwnerForget(owner, PointerGetDatum(digest), &ossldigest_resowner_desc);
}

References fb(), ossldigest_resowner_desc, PointerGetDatum(), and ResourceOwnerForget().

Referenced by free_openssl_digest().

ResourceOwnerRememberOSSLCipher()

static void ResourceOwnerRememberOSSLCipher ( ResourceOwner  owner, OSSLCipher *  od  )

inlinestatic

Definition at line 281 of file openssl.c.

{
    ResourceOwnerRemember(owner, PointerGetDatum(od), &osslcipher_resowner_desc);
}

References fb(), osslcipher_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by px_find_cipher().

ResourceOwnerRememberOSSLDigest()

static void ResourceOwnerRememberOSSLDigest ( ResourceOwner  owner, OSSLDigest *  digest  )

inlinestatic

Definition at line 79 of file openssl.c.

{
    ResourceOwnerRemember(owner, PointerGetDatum(digest), &ossldigest_resowner_desc);
}

References fb(), ossldigest_resowner_desc, PointerGetDatum(), and ResourceOwnerRemember().

Referenced by px_find_digest().

ResOwnerReleaseOSSLCipher()

static void ResOwnerReleaseOSSLCipher ( Datum  res )

static

Definition at line 833 of file openssl.c.

{
    free_openssl_cipher((OSSLCipher *) DatumGetPointer(res));
}

References DatumGetPointer(), and free_openssl_cipher().

ResOwnerReleaseOSSLDigest()

static void ResOwnerReleaseOSSLDigest ( Datum  res )

static

Definition at line 216 of file openssl.c.

{
    OSSLDigest *digest = (OSSLDigest *) DatumGetPointer(res);
 
    digest->owner = NULL;
    free_openssl_digest(digest);
}

References DatumGetPointer(), fb(), free_openssl_digest(), and OSSLDigest::owner.

Variable Documentation

ossl_aes_cbc

const struct ossl_cipher ossl_aes_cbc

static

Initial value:

= {
    ossl_aes_cbc_init,
    NULL,                       
    128 / 8, 256 / 8
}

Definition at line 734 of file openssl.c.

                                               {
    ossl_aes_cbc_init,
    NULL,                       /* EVP_aes_XXX_cbc(), determined in init
                                 * function */
    128 / 8, 256 / 8
};

ossl_aes_cfb

const struct ossl_cipher ossl_aes_cfb

static

Initial value:

= {
    ossl_aes_cfb_init,
    NULL,                       
    128 / 8, 256 / 8
}

Definition at line 741 of file openssl.c.

                                               {
    ossl_aes_cfb_init,
    NULL,                       /* EVP_aes_XXX_cfb(), determined in init
                                 * function */
    128 / 8, 256 / 8
};

ossl_aes_ecb

const struct ossl_cipher ossl_aes_ecb

static

Initial value:

= {
    ossl_aes_ecb_init,
    NULL,                       
    128 / 8, 256 / 8
}

Definition at line 727 of file openssl.c.

                                               {
    ossl_aes_ecb_init,
    NULL,                       /* EVP_aes_XXX_ecb(), determined in init
                                 * function */
    128 / 8, 256 / 8
};

ossl_aliases

PX_Alias ossl_aliases[]

static

Initial value:

= {
    {"bf", "bf-cbc"},
    {"blowfish", "bf-cbc"},
    {"blowfish-cbc", "bf-cbc"},
    {"blowfish-ecb", "bf-ecb"},
    {"blowfish-cfb", "bf-cfb"},
    {"des", "des-cbc"},
    {"3des", "des3-cbc"},
    {"3des-ecb", "des3-ecb"},
    {"3des-cbc", "des3-cbc"},
    {"cast5", "cast5-cbc"},
    {"aes", "aes-cbc"},
    {"rijndael", "aes-cbc"},
    {"rijndael-cbc", "aes-cbc"},
    {"rijndael-ecb", "aes-ecb"},
    {"rijndael-cfb", "aes-cfb"},
    {NULL}
}

Definition at line 654 of file openssl.c.

                                 {
    {"bf", "bf-cbc"},
    {"blowfish", "bf-cbc"},
    {"blowfish-cbc", "bf-cbc"},
    {"blowfish-ecb", "bf-ecb"},
    {"blowfish-cfb", "bf-cfb"},
    {"des", "des-cbc"},
    {"3des", "des3-cbc"},
    {"3des-ecb", "des3-ecb"},
    {"3des-cbc", "des3-cbc"},
    {"cast5", "cast5-cbc"},
    {"aes", "aes-cbc"},
    {"rijndael", "aes-cbc"},
    {"rijndael-cbc", "aes-cbc"},
    {"rijndael-ecb", "aes-ecb"},
    {"rijndael-cfb", "aes-cfb"},
    {NULL}
};

Referenced by px_find_cipher().

ossl_bf_cbc

const struct ossl_cipher ossl_bf_cbc

static

Initial value:

= {
    bf_init,
    EVP_bf_cbc,
    64 / 8, 448 / 8
}

Definition at line 673 of file openssl.c.

                                              {
    bf_init,
    EVP_bf_cbc,
    64 / 8, 448 / 8
};

ossl_bf_cfb

const struct ossl_cipher ossl_bf_cfb

static

Initial value:

= {
    bf_init,
    EVP_bf_cfb,
    64 / 8, 448 / 8
}

Definition at line 685 of file openssl.c.

                                              {
    bf_init,
    EVP_bf_cfb,
    64 / 8, 448 / 8
};

ossl_bf_ecb

const struct ossl_cipher ossl_bf_ecb

static

Initial value:

= {
    bf_init,
    EVP_bf_ecb,
    64 / 8, 448 / 8
}

Definition at line 679 of file openssl.c.

                                              {
    bf_init,
    EVP_bf_ecb,
    64 / 8, 448 / 8
};

ossl_cast_cbc

const struct ossl_cipher ossl_cast_cbc

static

Initial value:

= {
    ossl_cast_init,
    EVP_cast5_cbc,
    64 / 8, 128 / 8
}

Definition at line 721 of file openssl.c.

                                                {
    ossl_cast_init,
    EVP_cast5_cbc,
    64 / 8, 128 / 8
};

ossl_cast_ecb

const struct ossl_cipher ossl_cast_ecb

static

Initial value:

= {
    ossl_cast_init,
    EVP_cast5_ecb,
    64 / 8, 128 / 8
}

Definition at line 715 of file openssl.c.

                                                {
    ossl_cast_init,
    EVP_cast5_ecb,
    64 / 8, 128 / 8
};

ossl_cipher_types

const struct ossl_cipher_lookup ossl_cipher_types[]

static

Initial value:

= {
    {"bf-cbc", &ossl_bf_cbc},
    {"bf-ecb", &ossl_bf_ecb},
    {"bf-cfb", &ossl_bf_cfb},
    {"des-ecb", &ossl_des_ecb},
    {"des-cbc", &ossl_des_cbc},
    {"des3-ecb", &ossl_des3_ecb},
    {"des3-cbc", &ossl_des3_cbc},
    {"cast5-ecb", &ossl_cast_ecb},
    {"cast5-cbc", &ossl_cast_cbc},
    {"aes-ecb", &ossl_aes_ecb},
    {"aes-cbc", &ossl_aes_cbc},
    {"aes-cfb", &ossl_aes_cfb},
    {NULL}
}

Definition at line 757 of file openssl.c.

                                                             {
    {"bf-cbc", &ossl_bf_cbc},
    {"bf-ecb", &ossl_bf_ecb},
    {"bf-cfb", &ossl_bf_cfb},
    {"des-ecb", &ossl_des_ecb},
    {"des-cbc", &ossl_des_cbc},
    {"des3-ecb", &ossl_des3_ecb},
    {"des3-cbc", &ossl_des3_cbc},
    {"cast5-ecb", &ossl_cast_ecb},
    {"cast5-cbc", &ossl_cast_cbc},
    {"aes-ecb", &ossl_aes_ecb},
    {"aes-cbc", &ossl_aes_cbc},
    {"aes-cfb", &ossl_aes_cfb},
    {NULL}
};

Referenced by px_find_cipher().

ossl_des3_cbc

const struct ossl_cipher ossl_des3_cbc

static

Initial value:

= {
    ossl_des3_init,
    EVP_des_ede3_cbc,
    64 / 8, 192 / 8
}

Definition at line 709 of file openssl.c.

                                                {
    ossl_des3_init,
    EVP_des_ede3_cbc,
    64 / 8, 192 / 8
};

ossl_des3_ecb

const struct ossl_cipher ossl_des3_ecb

static

Initial value:

= {
    ossl_des3_init,
    EVP_des_ede3_ecb,
    64 / 8, 192 / 8
}

Definition at line 703 of file openssl.c.

                                                {
    ossl_des3_init,
    EVP_des_ede3_ecb,
    64 / 8, 192 / 8
};

ossl_des_cbc

const struct ossl_cipher ossl_des_cbc

static

Initial value:

= {
    ossl_des_init,
    EVP_des_cbc,
    64 / 8, 64 / 8
}

Definition at line 697 of file openssl.c.

                                               {
    ossl_des_init,
    EVP_des_cbc,
    64 / 8, 64 / 8
};

ossl_des_ecb

const struct ossl_cipher ossl_des_ecb

static

Initial value:

= {
    ossl_des_init,
    EVP_des_ecb,
    64 / 8, 64 / 8
}

Definition at line 691 of file openssl.c.

                                               {
    ossl_des_init,
    EVP_des_ecb,
    64 / 8, 64 / 8
};

osslcipher_resowner_desc

const ResourceOwnerDesc osslcipher_resowner_desc

static

Initial value:

=
{
    .name = "pgcrypto OpenSSL cipher handle",
    .release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
    .release_priority = RELEASE_PRIO_FIRST,
    .ReleaseResource = ResOwnerReleaseOSSLCipher,
    .DebugPrint = NULL,         
}

Definition at line 270 of file openssl.c.

{
    .name = "pgcrypto OpenSSL cipher handle",
    .release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
    .release_priority = RELEASE_PRIO_FIRST,
    .ReleaseResource = ResOwnerReleaseOSSLCipher,
    .DebugPrint = NULL,         /* default message is fine */
};

Referenced by ResourceOwnerForgetOSSLCipher(), and ResourceOwnerRememberOSSLCipher().

ossldigest_resowner_desc

const ResourceOwnerDesc ossldigest_resowner_desc

static

Initial value:

=
{
    .name = "pgcrypto OpenSSL digest handle",
    .release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
    .release_priority = RELEASE_PRIO_FIRST,
    .ReleaseResource = ResOwnerReleaseOSSLDigest,
    .DebugPrint = NULL,         
}

Definition at line 68 of file openssl.c.

{
    .name = "pgcrypto OpenSSL digest handle",
    .release_phase = RESOURCE_RELEASE_BEFORE_LOCKS,
    .release_priority = RELEASE_PRIO_FIRST,
    .ReleaseResource = ResOwnerReleaseOSSLDigest,
    .DebugPrint = NULL,         /* default message is fine */
};

Referenced by ResourceOwnerForgetOSSLDigest(), and ResourceOwnerRememberOSSLDigest().