PostgreSQL Source Code  git master
openssl.c File Reference
#include "postgres.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "px.h"
#include "utils/memutils.h"
#include "utils/resowner.h"
Include dependency graph for openssl.c:

Go to the source code of this file.

Data Structures

struct  OSSLDigest
 
struct  ossl_cipher
 
struct  OSSLCipher
 
struct  ossl_cipher_lookup
 

Macros

#define MAX_KEY   (512/8)
 
#define MAX_IV   (128/8)
 

Typedefs

typedef struct OSSLDigest OSSLDigest
 
typedef const EVP_CIPHER *(* ossl_EVP_cipher_func) (void)
 
typedef struct OSSLCipher OSSLCipher
 

Functions

static void free_openssl_digest (OSSLDigest *digest)
 
static void digest_free_callback (ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
 
static unsigned digest_result_size (PX_MD *h)
 
static unsigned digest_block_size (PX_MD *h)
 
static void digest_reset (PX_MD *h)
 
static void digest_update (PX_MD *h, const uint8 *data, unsigned dlen)
 
static void digest_finish (PX_MD *h, uint8 *dst)
 
static void digest_free (PX_MD *h)
 
int px_find_digest (const char *name, PX_MD **res)
 
static void free_openssl_cipher (OSSLCipher *od)
 
static void cipher_free_callback (ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
 
static unsigned gen_ossl_block_size (PX_Cipher *c)
 
static unsigned gen_ossl_key_size (PX_Cipher *c)
 
static unsigned gen_ossl_iv_size (PX_Cipher *c)
 
static void gen_ossl_free (PX_Cipher *c)
 
static int gen_ossl_decrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
 
static int gen_ossl_encrypt (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
 
static int bf_check_supported_key_len (void)
 
static int bf_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_des3_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_cast_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_ecb_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
static int ossl_aes_cbc_init (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
 
int px_find_cipher (const char *name, PX_Cipher **res)
 

Variables

static OSSLDigestopen_digests = NULL
 
static bool digest_resowner_callback_registered = false
 
static int px_openssl_initialized = 0
 
static OSSLCipheropen_ciphers = NULL
 
static bool cipher_resowner_callback_registered = false
 
static PX_Alias ossl_aliases []
 
static const struct ossl_cipher ossl_bf_cbc
 
static const struct ossl_cipher ossl_bf_ecb
 
static const struct ossl_cipher ossl_bf_cfb
 
static const struct ossl_cipher ossl_des_ecb
 
static const struct ossl_cipher ossl_des_cbc
 
static const struct ossl_cipher ossl_des3_ecb
 
static const struct ossl_cipher ossl_des3_cbc
 
static const struct ossl_cipher ossl_cast_ecb
 
static const struct ossl_cipher ossl_cast_cbc
 
static const struct ossl_cipher ossl_aes_ecb
 
static const struct ossl_cipher ossl_aes_cbc
 
static const struct ossl_cipher_lookup ossl_cipher_types []
 

Macro Definition Documentation

◆ MAX_IV

#define MAX_IV   (128/8)

Definition at line 46 of file openssl.c.

◆ MAX_KEY

#define MAX_KEY   (512/8)

Definition at line 45 of file openssl.c.

Typedef Documentation

◆ ossl_EVP_cipher_func

typedef const EVP_CIPHER*(* ossl_EVP_cipher_func) (void)

Definition at line 252 of file openssl.c.

◆ OSSLCipher

typedef struct OSSLCipher OSSLCipher

◆ OSSLDigest

typedef struct OSSLDigest OSSLDigest

Function Documentation

◆ bf_check_supported_key_len()

static int bf_check_supported_key_len ( void  )
static

Definition at line 439 of file openssl.c.

440 {
441  static const uint8 key[56] = {
442  0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
443  0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
444  0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
445  0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
446  0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
447  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
448  };
449 
450  static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
451  static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
452  uint8 out[8];
453  EVP_CIPHER_CTX *evp_ctx;
454  int outlen;
455  int status = 0;
456 
457  /* encrypt with 448bits key and verify output */
458  evp_ctx = EVP_CIPHER_CTX_new();
459  if (!evp_ctx)
460  return 0;
461  if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
462  goto leave;
463  if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
464  goto leave;
465  if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
466  goto leave;
467 
468  if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
469  goto leave;
470 
471  if (memcmp(out, res, 8) != 0)
472  goto leave; /* Output does not match -> strong cipher is
473  * not supported */
474  status = 1;
475 
476 leave:
477  EVP_CIPHER_CTX_free(evp_ctx);
478  return status;
479 }
unsigned char uint8
Definition: c.h:440
const void * data
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:225

References data, OSSLCipher::evp_ctx, sort-test::key, res, and status().

Referenced by bf_init().

◆ bf_init()

static int bf_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 482 of file openssl.c.

483 {
484  OSSLCipher *od = c->ptr;
485  unsigned bs = gen_ossl_block_size(c);
486  static int bf_is_strong = -1;
487 
488  /*
489  * Test if key len is supported. BF_set_key silently cut large keys and it
490  * could be a problem when user transfer crypted data from one server to
491  * another.
492  */
493 
494  if (bf_is_strong == -1)
495  bf_is_strong = bf_check_supported_key_len();
496 
497  if (!bf_is_strong && klen > 16)
498  return PXE_KEY_TOO_BIG;
499 
500  /* Key len is supported. We can use it. */
501  od->klen = klen;
502  memcpy(od->key, key, klen);
503 
504  if (iv)
505  memcpy(od->iv, iv, bs);
506  else
507  memset(od->iv, 0, bs);
508  return 0;
509 }
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:337
static int bf_check_supported_key_len(void)
Definition: openssl.c:439
char * c
#define PXE_KEY_TOO_BIG
Definition: px.h:53
unsigned klen
Definition: openssl.c:279
uint8 iv[MAX_IV]
Definition: openssl.c:278
uint8 key[MAX_KEY]
Definition: openssl.c:277

References bf_check_supported_key_len(), gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, OSSLCipher::klen, and PXE_KEY_TOO_BIG.

◆ cipher_free_callback()

static void cipher_free_callback ( ResourceReleasePhase  phase,
bool  isCommit,
bool  isTopLevel,
void *  arg 
)
static

Definition at line 308 of file openssl.c.

312 {
313  OSSLCipher *curr;
314  OSSLCipher *next;
315 
316  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
317  return;
318 
319  next = open_ciphers;
320  while (next)
321  {
322  curr = next;
323  next = curr->next;
324 
325  if (curr->owner == CurrentResourceOwner)
326  {
327  if (isCommit)
328  elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr);
329  free_openssl_cipher(curr);
330  }
331  }
332 }
static int32 next
Definition: blutils.c:219
#define WARNING
Definition: elog.h:32
static OSSLCipher * open_ciphers
Definition: openssl.c:288
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:292
ResourceOwner CurrentResourceOwner
Definition: resowner.c:146
@ RESOURCE_RELEASE_AFTER_LOCKS
Definition: resowner.h:50
struct OSSLCipher * next
Definition: openssl.c:284
ResourceOwner owner
Definition: openssl.c:283

References CurrentResourceOwner, elog(), free_openssl_cipher(), next, OSSLCipher::next, open_ciphers, OSSLCipher::owner, RESOURCE_RELEASE_AFTER_LOCKS, and WARNING.

Referenced by px_find_cipher().

◆ digest_block_size()

static unsigned digest_block_size ( PX_MD h)
static

Definition at line 126 of file openssl.c.

127 {
128  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
129  int result = EVP_MD_CTX_block_size(digest->ctx);
130 
131  if (result < 0)
132  elog(ERROR, "EVP_MD_CTX_block_size() failed");
133 
134  return result;
135 }
#define ERROR
Definition: elog.h:35
EVP_MD_CTX * ctx
Definition: openssl.c:60
union px_digest::@8 p
void * ptr
Definition: px.h:111

References OSSLDigest::ctx, elog(), ERROR, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_finish()

static void digest_finish ( PX_MD h,
uint8 dst 
)
static

Definition at line 156 of file openssl.c.

157 {
158  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
159 
160  if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
161  elog(ERROR, "EVP_DigestFinal_ex() failed");
162 }
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:77

References OSSLDigest::ctx, elog(), ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_free()

static void digest_free ( PX_MD h)
static

Definition at line 165 of file openssl.c.

166 {
167  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
168 
169  free_openssl_digest(digest);
170  pfree(h);
171 }
void pfree(void *pointer)
Definition: mcxt.c:1306
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:71

References free_openssl_digest(), px_digest::p, pfree(), and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_free_callback()

static void digest_free_callback ( ResourceReleasePhase  phase,
bool  isCommit,
bool  isTopLevel,
void *  arg 
)
static

Definition at line 87 of file openssl.c.

91 {
92  OSSLDigest *curr;
94 
95  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
96  return;
97 
99  while (next)
100  {
101  curr = next;
102  next = curr->next;
103 
104  if (curr->owner == CurrentResourceOwner)
105  {
106  if (isCommit)
107  elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
108  free_openssl_digest(curr);
109  }
110  }
111 }
static OSSLDigest * open_digests
Definition: openssl.c:67
struct OSSLDigest * next
Definition: openssl.c:63
ResourceOwner owner
Definition: openssl.c:62

References CurrentResourceOwner, elog(), free_openssl_digest(), next, OSSLDigest::next, open_digests, OSSLDigest::owner, RESOURCE_RELEASE_AFTER_LOCKS, and WARNING.

Referenced by px_find_digest().

◆ digest_reset()

static void digest_reset ( PX_MD h)
static

Definition at line 138 of file openssl.c.

139 {
140  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
141 
142  if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
143  elog(ERROR, "EVP_DigestInit_ex() failed");
144 }
const EVP_MD * algo
Definition: openssl.c:59

References OSSLDigest::algo, OSSLDigest::ctx, elog(), ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_result_size()

static unsigned digest_result_size ( PX_MD h)
static

Definition at line 114 of file openssl.c.

115 {
116  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
117  int result = EVP_MD_CTX_size(digest->ctx);
118 
119  if (result < 0)
120  elog(ERROR, "EVP_MD_CTX_size() failed");
121 
122  return result;
123 }

References OSSLDigest::ctx, elog(), ERROR, px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ digest_update()

static void digest_update ( PX_MD h,
const uint8 data,
unsigned  dlen 
)
static

Definition at line 147 of file openssl.c.

148 {
149  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
150 
151  if (!EVP_DigestUpdate(digest->ctx, data, dlen))
152  elog(ERROR, "EVP_DigestUpdate() failed");
153 }

References OSSLDigest::ctx, data, elog(), ERROR, if(), px_digest::p, and px_digest::ptr.

Referenced by px_find_digest().

◆ free_openssl_cipher()

static void free_openssl_cipher ( OSSLCipher od)
static

Definition at line 292 of file openssl.c.

293 {
294  EVP_CIPHER_CTX_free(od->evp_ctx);
295  if (od->prev)
296  od->prev->next = od->next;
297  else
298  open_ciphers = od->next;
299  if (od->next)
300  od->next->prev = od->prev;
301  pfree(od);
302 }
struct OSSLCipher * prev
Definition: openssl.c:285
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:275

References OSSLCipher::evp_ctx, OSSLCipher::next, open_ciphers, pfree(), and OSSLCipher::prev.

Referenced by cipher_free_callback(), and gen_ossl_free().

◆ free_openssl_digest()

static void free_openssl_digest ( OSSLDigest digest)
static

Definition at line 71 of file openssl.c.

72 {
73  EVP_MD_CTX_destroy(digest->ctx);
74  if (digest->prev)
75  digest->prev->next = digest->next;
76  else
77  open_digests = digest->next;
78  if (digest->next)
79  digest->next->prev = digest->prev;
80  pfree(digest);
81 }
struct OSSLDigest * prev
Definition: openssl.c:64

References OSSLDigest::ctx, OSSLDigest::next, open_digests, pfree(), and OSSLDigest::prev.

Referenced by digest_free(), and digest_free_callback().

◆ gen_ossl_block_size()

static unsigned gen_ossl_block_size ( PX_Cipher c)
static

Definition at line 337 of file openssl.c.

338 {
339  OSSLCipher *od = (OSSLCipher *) c->ptr;
340 
341  return od->ciph->block_size;
342 }
const struct ossl_cipher * ciph
Definition: openssl.c:281
int block_size
Definition: openssl.c:261

References ossl_cipher::block_size, and OSSLCipher::ciph.

Referenced by bf_init(), ossl_aes_init(), ossl_cast_init(), ossl_des3_init(), ossl_des_init(), and px_find_cipher().

◆ gen_ossl_decrypt()

static int gen_ossl_decrypt ( PX_Cipher c,
int  padding,
const uint8 data,
unsigned  dlen,
uint8 res,
unsigned *  rlen 
)
static

Definition at line 372 of file openssl.c.

374 {
375  OSSLCipher *od = c->ptr;
376  int outlen,
377  outlen2;
378 
379  if (!od->init)
380  {
381  if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
382  return PXE_CIPHER_INIT;
383  if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
384  return PXE_CIPHER_INIT;
385  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
386  return PXE_CIPHER_INIT;
387  if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
388  return PXE_CIPHER_INIT;
389  od->init = true;
390  }
391 
392  if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
393  return PXE_DECRYPT_FAILED;
394  if (!EVP_DecryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
395  return PXE_DECRYPT_FAILED;
396  *rlen = outlen + outlen2;
397 
398  return 0;
399 }
#define PXE_DECRYPT_FAILED
Definition: px.h:64
#define PXE_CIPHER_INIT
Definition: px.h:54
unsigned init
Definition: openssl.c:280
const EVP_CIPHER * evp_ciph
Definition: openssl.c:276

References data, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, PXE_CIPHER_INIT, PXE_DECRYPT_FAILED, and res.

Referenced by px_find_cipher().

◆ gen_ossl_encrypt()

static int gen_ossl_encrypt ( PX_Cipher c,
int  padding,
const uint8 data,
unsigned  dlen,
uint8 res,
unsigned *  rlen 
)
static

Definition at line 402 of file openssl.c.

404 {
405  OSSLCipher *od = c->ptr;
406  int outlen,
407  outlen2;
408 
409  if (!od->init)
410  {
411  if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
412  return PXE_CIPHER_INIT;
413  if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, padding))
414  return PXE_CIPHER_INIT;
415  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
416  return PXE_CIPHER_INIT;
417  if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
418  return PXE_CIPHER_INIT;
419  od->init = true;
420  }
421 
422  if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
423  return PXE_ENCRYPT_FAILED;
424  if (!EVP_EncryptFinal_ex(od->evp_ctx, res + outlen, &outlen2))
425  return PXE_ENCRYPT_FAILED;
426  *rlen = outlen + outlen2;
427 
428  return 0;
429 }
#define PXE_ENCRYPT_FAILED
Definition: px.h:65

References data, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, OSSLCipher::init, OSSLCipher::iv, OSSLCipher::key, OSSLCipher::klen, PXE_CIPHER_INIT, PXE_ENCRYPT_FAILED, and res.

Referenced by px_find_cipher().

◆ gen_ossl_free()

static void gen_ossl_free ( PX_Cipher c)
static

Definition at line 363 of file openssl.c.

364 {
365  OSSLCipher *od = (OSSLCipher *) c->ptr;
366 
368  pfree(c);
369 }

References free_openssl_cipher(), and pfree().

Referenced by px_find_cipher().

◆ gen_ossl_iv_size()

static unsigned gen_ossl_iv_size ( PX_Cipher c)
static

Definition at line 353 of file openssl.c.

354 {
355  unsigned ivlen;
356  OSSLCipher *od = (OSSLCipher *) c->ptr;
357 
358  ivlen = od->ciph->block_size;
359  return ivlen;
360 }

References ossl_cipher::block_size, and OSSLCipher::ciph.

Referenced by px_find_cipher().

◆ gen_ossl_key_size()

static unsigned gen_ossl_key_size ( PX_Cipher c)
static

Definition at line 345 of file openssl.c.

346 {
347  OSSLCipher *od = (OSSLCipher *) c->ptr;
348 
349  return od->ciph->max_key_size;
350 }
int max_key_size
Definition: openssl.c:262

References OSSLCipher::ciph, and ossl_cipher::max_key_size.

Referenced by px_find_cipher().

◆ ossl_aes_cbc_init()

static int ossl_aes_cbc_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 625 of file openssl.c.

626 {
627  OSSLCipher *od = c->ptr;
628  int err;
629 
630  err = ossl_aes_init(c, key, klen, iv);
631  if (err)
632  return err;
633 
634  switch (od->klen)
635  {
636  case 128 / 8:
637  od->evp_ciph = EVP_aes_128_cbc();
638  break;
639  case 192 / 8:
640  od->evp_ciph = EVP_aes_192_cbc();
641  break;
642  case 256 / 8:
643  od->evp_ciph = EVP_aes_256_cbc();
644  break;
645  default:
646  /* shouldn't happen */
647  err = PXE_CIPHER_INIT;
648  break;
649  }
650 
651  return err;
652 }
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:570

References OSSLCipher::evp_ciph, OSSLCipher::iv, sort-test::key, OSSLCipher::klen, ossl_aes_init(), and PXE_CIPHER_INIT.

◆ ossl_aes_ecb_init()

static int ossl_aes_ecb_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 595 of file openssl.c.

596 {
597  OSSLCipher *od = c->ptr;
598  int err;
599 
600  err = ossl_aes_init(c, key, klen, iv);
601  if (err)
602  return err;
603 
604  switch (od->klen)
605  {
606  case 128 / 8:
607  od->evp_ciph = EVP_aes_128_ecb();
608  break;
609  case 192 / 8:
610  od->evp_ciph = EVP_aes_192_ecb();
611  break;
612  case 256 / 8:
613  od->evp_ciph = EVP_aes_256_ecb();
614  break;
615  default:
616  /* shouldn't happen */
617  err = PXE_CIPHER_INIT;
618  break;
619  }
620 
621  return err;
622 }

References OSSLCipher::evp_ciph, OSSLCipher::iv, sort-test::key, OSSLCipher::klen, ossl_aes_init(), and PXE_CIPHER_INIT.

◆ ossl_aes_init()

static int ossl_aes_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 570 of file openssl.c.

571 {
572  OSSLCipher *od = c->ptr;
573  unsigned bs = gen_ossl_block_size(c);
574 
575  if (klen <= 128 / 8)
576  od->klen = 128 / 8;
577  else if (klen <= 192 / 8)
578  od->klen = 192 / 8;
579  else if (klen <= 256 / 8)
580  od->klen = 256 / 8;
581  else
582  return PXE_KEY_TOO_BIG;
583 
584  memcpy(od->key, key, klen);
585 
586  if (iv)
587  memcpy(od->iv, iv, bs);
588  else
589  memset(od->iv, 0, bs);
590 
591  return 0;
592 }

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, OSSLCipher::klen, and PXE_KEY_TOO_BIG.

Referenced by ossl_aes_cbc_init(), and ossl_aes_ecb_init().

◆ ossl_cast_init()

static int ossl_cast_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 552 of file openssl.c.

553 {
554  OSSLCipher *od = c->ptr;
555  unsigned bs = gen_ossl_block_size(c);
556 
557  od->klen = klen;
558  memcpy(od->key, key, klen);
559 
560  if (iv)
561  memcpy(od->iv, iv, bs);
562  else
563  memset(od->iv, 0, bs);
564  return 0;
565 }

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ ossl_des3_init()

static int ossl_des3_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 533 of file openssl.c.

534 {
535  OSSLCipher *od = c->ptr;
536  unsigned bs = gen_ossl_block_size(c);
537 
538  od->klen = 24;
539  memset(od->key, 0, 24);
540  memcpy(od->key, key, klen > 24 ? 24 : klen);
541 
542  if (iv)
543  memcpy(od->iv, iv, bs);
544  else
545  memset(od->iv, 0, bs);
546  return 0;
547 }

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ ossl_des_init()

static int ossl_des_init ( PX_Cipher c,
const uint8 key,
unsigned  klen,
const uint8 iv 
)
static

Definition at line 514 of file openssl.c.

515 {
516  OSSLCipher *od = c->ptr;
517  unsigned bs = gen_ossl_block_size(c);
518 
519  od->klen = 8;
520  memset(od->key, 0, 8);
521  memcpy(od->key, key, klen > 8 ? 8 : klen);
522 
523  if (iv)
524  memcpy(od->iv, iv, bs);
525  else
526  memset(od->iv, 0, bs);
527  return 0;
528 }

References gen_ossl_block_size(), OSSLCipher::iv, OSSLCipher::key, sort-test::key, and OSSLCipher::klen.

◆ px_find_cipher()

int px_find_cipher ( const char *  name,
PX_Cipher **  res 
)

Definition at line 771 of file openssl.c.

772 {
773  const struct ossl_cipher_lookup *i;
774  PX_Cipher *c = NULL;
775  EVP_CIPHER_CTX *ctx;
776  OSSLCipher *od;
777 
779  for (i = ossl_cipher_types; i->name; i++)
780  if (strcmp(i->name, name) == 0)
781  break;
782  if (i->name == NULL)
783  return PXE_NO_CIPHER;
784 
786  {
789  }
790 
791  /*
792  * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
793  * The order is crucial, to make sure we don't leak anything on
794  * out-of-memory or other error.
795  */
796  od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
797  od->ciph = i->ciph;
798 
799  /* Allocate an EVP_CIPHER_CTX object. */
800  ctx = EVP_CIPHER_CTX_new();
801  if (!ctx)
802  {
803  pfree(od);
804  return PXE_CIPHER_INIT;
805  }
806 
807  od->evp_ctx = ctx;
809  od->next = open_ciphers;
810  od->prev = NULL;
811  open_ciphers = od;
812 
813  if (i->ciph->cipher_func)
814  od->evp_ciph = i->ciph->cipher_func();
815 
816  /* The PX_Cipher is allocated in current memory context */
817  c = palloc(sizeof(*c));
818  c->block_size = gen_ossl_block_size;
819  c->key_size = gen_ossl_key_size;
820  c->iv_size = gen_ossl_iv_size;
821  c->free = gen_ossl_free;
822  c->init = od->ciph->init;
823  c->encrypt = gen_ossl_encrypt;
824  c->decrypt = gen_ossl_decrypt;
825  c->ptr = od;
826 
827  *res = c;
828  return 0;
829 }
const char * name
Definition: encode.c:561
int i
Definition: isn.c:73
MemoryContext TopMemoryContext
Definition: mcxt.c:130
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:1037
void * palloc(Size size)
Definition: mcxt.c:1199
static bool cipher_resowner_callback_registered
Definition: openssl.c:289
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:345
static int gen_ossl_encrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:402
static int gen_ossl_decrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:372
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:363
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:353
static PX_Alias ossl_aliases[]
Definition: openssl.c:658
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:753
static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:308
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:129
#define PXE_NO_CIPHER
Definition: px.h:49
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:854
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:259
Definition: px.h:141

References OSSLCipher::ciph, cipher_free_callback(), cipher_resowner_callback_registered, CurrentResourceOwner, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, gen_ossl_block_size(), gen_ossl_decrypt(), gen_ossl_encrypt(), gen_ossl_free(), gen_ossl_iv_size(), gen_ossl_key_size(), i, ossl_cipher::init, MemoryContextAllocZero(), name, OSSLCipher::next, open_ciphers, ossl_aliases, ossl_cipher_types, OSSLCipher::owner, palloc(), pfree(), OSSLCipher::prev, px_resolve_alias(), PXE_CIPHER_INIT, PXE_NO_CIPHER, RegisterResourceReleaseCallback(), res, and TopMemoryContext.

Referenced by pgp_load_cipher(), and px_find_combo().

◆ px_find_digest()

int px_find_digest ( const char *  name,
PX_MD **  res 
)

Definition at line 178 of file openssl.c.

179 {
180  const EVP_MD *md;
181  EVP_MD_CTX *ctx;
182  PX_MD *h;
183  OSSLDigest *digest;
184 
186  {
188  OpenSSL_add_all_algorithms();
189  }
190 
192  {
195  }
196 
197  md = EVP_get_digestbyname(name);
198  if (md == NULL)
199  return PXE_NO_HASH;
200 
201  /*
202  * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
203  * The order is crucial, to make sure we don't leak anything on
204  * out-of-memory or other error.
205  */
206  digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
207 
208  ctx = EVP_MD_CTX_create();
209  if (!ctx)
210  {
211  pfree(digest);
212  return PXE_CIPHER_INIT;
213  }
214  if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
215  {
216  EVP_MD_CTX_destroy(ctx);
217  pfree(digest);
218  return PXE_CIPHER_INIT;
219  }
220 
221  digest->algo = md;
222  digest->ctx = ctx;
223  digest->owner = CurrentResourceOwner;
224  digest->next = open_digests;
225  digest->prev = NULL;
226  open_digests = digest;
227 
228  /* The PX_MD object is allocated in the current memory context. */
229  h = palloc(sizeof(*h));
232  h->reset = digest_reset;
233  h->update = digest_update;
234  h->finish = digest_finish;
235  h->free = digest_free;
236  h->p.ptr = (void *) digest;
237 
238  *res = h;
239  return 0;
240 }
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:994
static bool digest_resowner_callback_registered
Definition: openssl.c:68
static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:87
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:147
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:114
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:156
static int px_openssl_initialized
Definition: openssl.c:173
static void digest_reset(PX_MD *h)
Definition: openssl.c:138
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:126
static void digest_free(PX_MD *h)
Definition: openssl.c:165
#define PXE_NO_HASH
Definition: px.h:48
Definition: px.h:100
void(* free)(PX_MD *h)
Definition: px.h:106
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:104
unsigned(* result_size)(PX_MD *h)
Definition: px.h:101
void(* reset)(PX_MD *h)
Definition: px.h:103
unsigned(* block_size)(PX_MD *h)
Definition: px.h:102
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:105

References OSSLDigest::algo, px_digest::block_size, OSSLDigest::ctx, CurrentResourceOwner, digest_block_size(), digest_finish(), digest_free(), digest_free_callback(), digest_reset(), digest_resowner_callback_registered, digest_result_size(), digest_update(), px_digest::finish, px_digest::free, MemoryContextAlloc(), name, OSSLDigest::next, open_digests, OSSLDigest::owner, px_digest::p, palloc(), pfree(), OSSLDigest::prev, px_digest::ptr, px_openssl_initialized, PXE_CIPHER_INIT, PXE_NO_HASH, RegisterResourceReleaseCallback(), res, px_digest::reset, px_digest::result_size, TopMemoryContext, and px_digest::update.

Referenced by pg_digest(), pgp_load_digest(), px_crypt_md5(), and px_find_hmac().

Variable Documentation

◆ cipher_resowner_callback_registered

bool cipher_resowner_callback_registered = false
static

Definition at line 289 of file openssl.c.

Referenced by px_find_cipher().

◆ digest_resowner_callback_registered

bool digest_resowner_callback_registered = false
static

Definition at line 68 of file openssl.c.

Referenced by px_find_digest().

◆ open_ciphers

OSSLCipher* open_ciphers = NULL
static

Definition at line 288 of file openssl.c.

Referenced by cipher_free_callback(), free_openssl_cipher(), and px_find_cipher().

◆ open_digests

OSSLDigest* open_digests = NULL
static

Definition at line 67 of file openssl.c.

Referenced by digest_free_callback(), free_openssl_digest(), and px_find_digest().

◆ ossl_aes_cbc

const struct ossl_cipher ossl_aes_cbc
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:625

Definition at line 658 of file openssl.c.

◆ ossl_aes_ecb

const struct ossl_cipher ossl_aes_ecb
static
Initial value:
= {
NULL,
128 / 8, 256 / 8
}
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:595

Definition at line 658 of file openssl.c.

◆ ossl_aliases

PX_Alias ossl_aliases[]
static
Initial value:
= {
{"bf", "bf-cbc"},
{"blowfish", "bf-cbc"},
{"blowfish-cbc", "bf-cbc"},
{"blowfish-ecb", "bf-ecb"},
{"blowfish-cfb", "bf-cfb"},
{"des", "des-cbc"},
{"3des", "des3-cbc"},
{"3des-ecb", "des3-ecb"},
{"3des-cbc", "des3-cbc"},
{"cast5", "cast5-cbc"},
{"aes", "aes-cbc"},
{"rijndael", "aes-cbc"},
{"rijndael-cbc", "aes-cbc"},
{"rijndael-ecb", "aes-ecb"},
{NULL}
}

Definition at line 658 of file openssl.c.

Referenced by px_find_cipher().

◆ ossl_bf_cbc

const struct ossl_cipher ossl_bf_cbc
static
Initial value:
= {
EVP_bf_cbc,
64 / 8, 448 / 8
}
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:482

Definition at line 658 of file openssl.c.

◆ ossl_bf_cfb

const struct ossl_cipher ossl_bf_cfb
static
Initial value:
= {
EVP_bf_cfb,
64 / 8, 448 / 8
}

Definition at line 658 of file openssl.c.

◆ ossl_bf_ecb

const struct ossl_cipher ossl_bf_ecb
static
Initial value:
= {
EVP_bf_ecb,
64 / 8, 448 / 8
}

Definition at line 658 of file openssl.c.

◆ ossl_cast_cbc

const struct ossl_cipher ossl_cast_cbc
static
Initial value:
= {
EVP_cast5_cbc,
64 / 8, 128 / 8
}
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:552

Definition at line 658 of file openssl.c.

◆ ossl_cast_ecb

const struct ossl_cipher ossl_cast_ecb
static
Initial value:
= {
EVP_cast5_ecb,
64 / 8, 128 / 8
}

Definition at line 658 of file openssl.c.

◆ ossl_cipher_types

const struct ossl_cipher_lookup ossl_cipher_types[]
static
Initial value:
= {
{"bf-cbc", &ossl_bf_cbc},
{"bf-ecb", &ossl_bf_ecb},
{"bf-cfb", &ossl_bf_cfb},
{"des-ecb", &ossl_des_ecb},
{"des-cbc", &ossl_des_cbc},
{"des3-ecb", &ossl_des3_ecb},
{"des3-cbc", &ossl_des3_cbc},
{"cast5-ecb", &ossl_cast_ecb},
{"cast5-cbc", &ossl_cast_cbc},
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
{NULL}
}
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:694
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:712
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:730
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:706
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:688
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:724
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:700
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:682
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:676
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:718
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:737

Definition at line 658 of file openssl.c.

Referenced by px_find_cipher().

◆ ossl_des3_cbc

const struct ossl_cipher ossl_des3_cbc
static
Initial value:
= {
EVP_des_ede3_cbc,
64 / 8, 192 / 8
}
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:533

Definition at line 658 of file openssl.c.

◆ ossl_des3_ecb

const struct ossl_cipher ossl_des3_ecb
static
Initial value:
= {
EVP_des_ede3_ecb,
64 / 8, 192 / 8
}

Definition at line 658 of file openssl.c.

◆ ossl_des_cbc

const struct ossl_cipher ossl_des_cbc
static
Initial value:
= {
EVP_des_cbc,
64 / 8, 64 / 8
}
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:514

Definition at line 658 of file openssl.c.

◆ ossl_des_ecb

const struct ossl_cipher ossl_des_ecb
static
Initial value:
= {
EVP_des_ecb,
64 / 8, 64 / 8
}

Definition at line 658 of file openssl.c.

◆ px_openssl_initialized

int px_openssl_initialized = 0
static

Definition at line 173 of file openssl.c.

Referenced by px_find_digest().