PostgreSQL Source Code  git master
openssl.c
Go to the documentation of this file.
1 /*
2  * openssl.c
3  * Wrapper for OpenSSL library.
4  *
5  * Copyright (c) 2001 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/openssl.c
30  */
31 
32 #include "postgres.h"
33 
34 #include <openssl/evp.h>
35 #include <openssl/err.h>
36 #include <openssl/rand.h>
37 
38 #include "px.h"
39 #include "utils/memutils.h"
40 #include "utils/resowner.h"
41 
42 /*
43  * Max lengths we might want to handle.
44  */
45 #define MAX_KEY (512/8)
46 #define MAX_IV (128/8)
47 
48 /*
49  * Hashes
50  */
51 
52 /*
53  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLDigest
54  * objects in a linked list, allocated in TopMemoryContext. We use the
55  * ResourceOwner mechanism to free them on abort.
56  */
57 typedef struct OSSLDigest
58 {
59  const EVP_MD *algo;
60  EVP_MD_CTX *ctx;
61 
63  struct OSSLDigest *next;
64  struct OSSLDigest *prev;
65 } OSSLDigest;
66 
67 static OSSLDigest *open_digests = NULL;
69 
70 static void
72 {
73  EVP_MD_CTX_destroy(digest->ctx);
74  if (digest->prev)
75  digest->prev->next = digest->next;
76  else
77  open_digests = digest->next;
78  if (digest->next)
79  digest->next->prev = digest->prev;
80  pfree(digest);
81 }
82 
83 /*
84  * Close any open OpenSSL handles on abort.
85  */
86 static void
88  bool isCommit,
89  bool isTopLevel,
90  void *arg)
91 {
92  OSSLDigest *curr;
94 
95  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
96  return;
97 
98  next = open_digests;
99  while (next)
100  {
101  curr = next;
102  next = curr->next;
103 
104  if (curr->owner == CurrentResourceOwner)
105  {
106  if (isCommit)
107  elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
108  free_openssl_digest(curr);
109  }
110  }
111 }
112 
113 static unsigned
115 {
116  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
117 
118  return EVP_MD_CTX_size(digest->ctx);
119 }
120 
121 static unsigned
123 {
124  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
125 
126  return EVP_MD_CTX_block_size(digest->ctx);
127 }
128 
129 static void
131 {
132  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
133 
134  EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
135 }
136 
137 static void
138 digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
139 {
140  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
141 
142  EVP_DigestUpdate(digest->ctx, data, dlen);
143 }
144 
145 static void
147 {
148  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
149 
150  EVP_DigestFinal_ex(digest->ctx, dst, NULL);
151 }
152 
153 static void
155 {
156  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
157 
158  free_openssl_digest(digest);
159  px_free(h);
160 }
161 
162 static int px_openssl_initialized = 0;
163 
164 /* PUBLIC functions */
165 
166 int
167 px_find_digest(const char *name, PX_MD **res)
168 {
169  const EVP_MD *md;
170  EVP_MD_CTX *ctx;
171  PX_MD *h;
172  OSSLDigest *digest;
173 
175  {
177  OpenSSL_add_all_algorithms();
178  }
179 
181  {
184  }
185 
186  md = EVP_get_digestbyname(name);
187  if (md == NULL)
188  return PXE_NO_HASH;
189 
190  /*
191  * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
192  * The order is crucial, to make sure we don't leak anything on
193  * out-of-memory or other error.
194  */
195  digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
196 
197  ctx = EVP_MD_CTX_create();
198  if (!ctx)
199  {
200  pfree(digest);
201  return -1;
202  }
203  if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
204  {
205  pfree(digest);
206  return -1;
207  }
208 
209  digest->algo = md;
210  digest->ctx = ctx;
211  digest->owner = CurrentResourceOwner;
212  digest->next = open_digests;
213  digest->prev = NULL;
214  open_digests = digest;
215 
216  /* The PX_MD object is allocated in the current memory context. */
217  h = px_alloc(sizeof(*h));
220  h->reset = digest_reset;
221  h->update = digest_update;
222  h->finish = digest_finish;
223  h->free = digest_free;
224  h->p.ptr = (void *) digest;
225 
226  *res = h;
227  return 0;
228 }
229 
230 /*
231  * Ciphers
232  *
233  * We use OpenSSL's EVP* family of functions for these.
234  */
235 
236 /*
237  * prototype for the EVP functions that return an algorithm, e.g.
238  * EVP_aes_128_cbc().
239  */
240 typedef const EVP_CIPHER *(*ossl_EVP_cipher_func) (void);
241 
242 /*
243  * ossl_cipher contains the static information about each cipher.
244  */
246 {
247  int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
251 };
252 
253 /*
254  * OSSLCipher contains the state for using a cipher. A separate OSSLCipher
255  * object is allocated in each px_find_cipher() call.
256  *
257  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLCipher
258  * objects in a linked list, allocated in TopMemoryContext. We use the
259  * ResourceOwner mechanism to free them on abort.
260  */
261 typedef struct OSSLCipher
262 {
263  EVP_CIPHER_CTX *evp_ctx;
264  const EVP_CIPHER *evp_ciph;
267  unsigned klen;
268  unsigned init;
269  const struct ossl_cipher *ciph;
270 
272  struct OSSLCipher *next;
273  struct OSSLCipher *prev;
274 } OSSLCipher;
275 
276 static OSSLCipher *open_ciphers = NULL;
278 
279 static void
281 {
282  EVP_CIPHER_CTX_free(od->evp_ctx);
283  if (od->prev)
284  od->prev->next = od->next;
285  else
286  open_ciphers = od->next;
287  if (od->next)
288  od->next->prev = od->prev;
289  pfree(od);
290 }
291 
292 /*
293  * Close any open OpenSSL cipher handles on abort.
294  */
295 static void
297  bool isCommit,
298  bool isTopLevel,
299  void *arg)
300 {
301  OSSLCipher *curr;
302  OSSLCipher *next;
303 
304  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
305  return;
306 
307  next = open_ciphers;
308  while (next)
309  {
310  curr = next;
311  next = curr->next;
312 
313  if (curr->owner == CurrentResourceOwner)
314  {
315  if (isCommit)
316  elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr);
317  free_openssl_cipher(curr);
318  }
319  }
320 }
321 
322 /* Common routines for all algorithms */
323 
324 static unsigned
326 {
327  OSSLCipher *od = (OSSLCipher *) c->ptr;
328 
329  return od->ciph->block_size;
330 }
331 
332 static unsigned
334 {
335  OSSLCipher *od = (OSSLCipher *) c->ptr;
336 
337  return od->ciph->max_key_size;
338 }
339 
340 static unsigned
342 {
343  unsigned ivlen;
344  OSSLCipher *od = (OSSLCipher *) c->ptr;
345 
346  ivlen = od->ciph->block_size;
347  return ivlen;
348 }
349 
350 static void
352 {
353  OSSLCipher *od = (OSSLCipher *) c->ptr;
354 
356  px_free(c);
357 }
358 
359 static int
360 gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
361  uint8 *res)
362 {
363  OSSLCipher *od = c->ptr;
364  int outlen;
365 
366  if (!od->init)
367  {
368  if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
369  return PXE_CIPHER_INIT;
370  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
371  return PXE_CIPHER_INIT;
372  if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
373  return PXE_CIPHER_INIT;
374  od->init = true;
375  }
376 
377  if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
378  return PXE_DECRYPT_FAILED;
379 
380  return 0;
381 }
382 
383 static int
384 gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
385  uint8 *res)
386 {
387  OSSLCipher *od = c->ptr;
388  int outlen;
389 
390  if (!od->init)
391  {
392  if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
393  return PXE_CIPHER_INIT;
394  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
395  return PXE_CIPHER_INIT;
396  if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
397  return PXE_CIPHER_INIT;
398  od->init = true;
399  }
400 
401  if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
402  return PXE_ERR_GENERIC;
403 
404  return 0;
405 }
406 
407 /* Blowfish */
408 
409 /*
410  * Check if strong crypto is supported. Some OpenSSL installations
411  * support only short keys and unfortunately BF_set_key does not return any
412  * error value. This function tests if is possible to use strong key.
413  */
414 static int
416 {
417  static const uint8 key[56] = {
418  0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
419  0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
420  0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
421  0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
422  0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
423  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
424  };
425 
426  static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
427  static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
428  uint8 out[8];
429  EVP_CIPHER_CTX *evp_ctx;
430  int outlen;
431  int status = 0;
432 
433  /* encrypt with 448bits key and verify output */
434  evp_ctx = EVP_CIPHER_CTX_new();
435  if (!evp_ctx)
436  return 0;
437  if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
438  goto leave;
439  if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
440  goto leave;
441  if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
442  goto leave;
443 
444  if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
445  goto leave;
446 
447  if (memcmp(out, res, 8) != 0)
448  goto leave; /* Output does not match -> strong cipher is
449  * not supported */
450  status = 1;
451 
452 leave:
453  EVP_CIPHER_CTX_free(evp_ctx);
454  return status;
455 }
456 
457 static int
458 bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
459 {
460  OSSLCipher *od = c->ptr;
461  unsigned bs = gen_ossl_block_size(c);
462  static int bf_is_strong = -1;
463 
464  /*
465  * Test if key len is supported. BF_set_key silently cut large keys and it
466  * could be a problem when user transfer crypted data from one server to
467  * another.
468  */
469 
470  if (bf_is_strong == -1)
471  bf_is_strong = bf_check_supported_key_len();
472 
473  if (!bf_is_strong && klen > 16)
474  return PXE_KEY_TOO_BIG;
475 
476  /* Key len is supported. We can use it. */
477  od->klen = klen;
478  memcpy(od->key, key, klen);
479 
480  if (iv)
481  memcpy(od->iv, iv, bs);
482  else
483  memset(od->iv, 0, bs);
484  return 0;
485 }
486 
487 /* DES */
488 
489 static int
490 ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
491 {
492  OSSLCipher *od = c->ptr;
493  unsigned bs = gen_ossl_block_size(c);
494 
495  od->klen = 8;
496  memset(od->key, 0, 8);
497  memcpy(od->key, key, klen > 8 ? 8 : klen);
498 
499  if (iv)
500  memcpy(od->iv, iv, bs);
501  else
502  memset(od->iv, 0, bs);
503  return 0;
504 }
505 
506 /* DES3 */
507 
508 static int
509 ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
510 {
511  OSSLCipher *od = c->ptr;
512  unsigned bs = gen_ossl_block_size(c);
513 
514  od->klen = 24;
515  memset(od->key, 0, 24);
516  memcpy(od->key, key, klen > 24 ? 24 : klen);
517 
518  if (iv)
519  memcpy(od->iv, iv, bs);
520  else
521  memset(od->iv, 0, bs);
522  return 0;
523 }
524 
525 /* CAST5 */
526 
527 static int
528 ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
529 {
530  OSSLCipher *od = c->ptr;
531  unsigned bs = gen_ossl_block_size(c);
532 
533  od->klen = klen;
534  memcpy(od->key, key, klen);
535 
536  if (iv)
537  memcpy(od->iv, iv, bs);
538  else
539  memset(od->iv, 0, bs);
540  return 0;
541 }
542 
543 /* AES */
544 
545 static int
546 ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
547 {
548  OSSLCipher *od = c->ptr;
549  unsigned bs = gen_ossl_block_size(c);
550 
551  if (klen <= 128 / 8)
552  od->klen = 128 / 8;
553  else if (klen <= 192 / 8)
554  od->klen = 192 / 8;
555  else if (klen <= 256 / 8)
556  od->klen = 256 / 8;
557  else
558  return PXE_KEY_TOO_BIG;
559 
560  memcpy(od->key, key, klen);
561 
562  if (iv)
563  memcpy(od->iv, iv, bs);
564  else
565  memset(od->iv, 0, bs);
566 
567  return 0;
568 }
569 
570 static int
571 ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
572 {
573  OSSLCipher *od = c->ptr;
574  int err;
575 
576  err = ossl_aes_init(c, key, klen, iv);
577  if (err)
578  return err;
579 
580  switch (od->klen)
581  {
582  case 128 / 8:
583  od->evp_ciph = EVP_aes_128_ecb();
584  break;
585  case 192 / 8:
586  od->evp_ciph = EVP_aes_192_ecb();
587  break;
588  case 256 / 8:
589  od->evp_ciph = EVP_aes_256_ecb();
590  break;
591  default:
592  /* shouldn't happen */
593  err = PXE_CIPHER_INIT;
594  break;
595  }
596 
597  return err;
598 }
599 
600 static int
601 ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
602 {
603  OSSLCipher *od = c->ptr;
604  int err;
605 
606  err = ossl_aes_init(c, key, klen, iv);
607  if (err)
608  return err;
609 
610  switch (od->klen)
611  {
612  case 128 / 8:
613  od->evp_ciph = EVP_aes_128_cbc();
614  break;
615  case 192 / 8:
616  od->evp_ciph = EVP_aes_192_cbc();
617  break;
618  case 256 / 8:
619  od->evp_ciph = EVP_aes_256_cbc();
620  break;
621  default:
622  /* shouldn't happen */
623  err = PXE_CIPHER_INIT;
624  break;
625  }
626 
627  return err;
628 }
629 
630 /*
631  * aliases
632  */
633 
634 static PX_Alias ossl_aliases[] = {
635  {"bf", "bf-cbc"},
636  {"blowfish", "bf-cbc"},
637  {"blowfish-cbc", "bf-cbc"},
638  {"blowfish-ecb", "bf-ecb"},
639  {"blowfish-cfb", "bf-cfb"},
640  {"des", "des-cbc"},
641  {"3des", "des3-cbc"},
642  {"3des-ecb", "des3-ecb"},
643  {"3des-cbc", "des3-cbc"},
644  {"cast5", "cast5-cbc"},
645  {"aes", "aes-cbc"},
646  {"rijndael", "aes-cbc"},
647  {"rijndael-cbc", "aes-cbc"},
648  {"rijndael-ecb", "aes-ecb"},
649  {NULL}
650 };
651 
652 static const struct ossl_cipher ossl_bf_cbc = {
653  bf_init,
654  EVP_bf_cbc,
655  64 / 8, 448 / 8
656 };
657 
658 static const struct ossl_cipher ossl_bf_ecb = {
659  bf_init,
660  EVP_bf_ecb,
661  64 / 8, 448 / 8
662 };
663 
664 static const struct ossl_cipher ossl_bf_cfb = {
665  bf_init,
666  EVP_bf_cfb,
667  64 / 8, 448 / 8
668 };
669 
670 static const struct ossl_cipher ossl_des_ecb = {
672  EVP_des_ecb,
673  64 / 8, 64 / 8
674 };
675 
676 static const struct ossl_cipher ossl_des_cbc = {
678  EVP_des_cbc,
679  64 / 8, 64 / 8
680 };
681 
682 static const struct ossl_cipher ossl_des3_ecb = {
684  EVP_des_ede3_ecb,
685  64 / 8, 192 / 8
686 };
687 
688 static const struct ossl_cipher ossl_des3_cbc = {
690  EVP_des_ede3_cbc,
691  64 / 8, 192 / 8
692 };
693 
694 static const struct ossl_cipher ossl_cast_ecb = {
696  EVP_cast5_ecb,
697  64 / 8, 128 / 8
698 };
699 
700 static const struct ossl_cipher ossl_cast_cbc = {
702  EVP_cast5_cbc,
703  64 / 8, 128 / 8
704 };
705 
706 static const struct ossl_cipher ossl_aes_ecb = {
708  NULL, /* EVP_aes_XXX_ecb(), determined in init
709  * function */
710  128 / 8, 256 / 8
711 };
712 
713 static const struct ossl_cipher ossl_aes_cbc = {
715  NULL, /* EVP_aes_XXX_cbc(), determined in init
716  * function */
717  128 / 8, 256 / 8
718 };
719 
720 /*
721  * Special handlers
722  */
724 {
725  const char *name;
726  const struct ossl_cipher *ciph;
727 };
728 
729 static const struct ossl_cipher_lookup ossl_cipher_types[] = {
730  {"bf-cbc", &ossl_bf_cbc},
731  {"bf-ecb", &ossl_bf_ecb},
732  {"bf-cfb", &ossl_bf_cfb},
733  {"des-ecb", &ossl_des_ecb},
734  {"des-cbc", &ossl_des_cbc},
735  {"des3-ecb", &ossl_des3_ecb},
736  {"des3-cbc", &ossl_des3_cbc},
737  {"cast5-ecb", &ossl_cast_ecb},
738  {"cast5-cbc", &ossl_cast_cbc},
739  {"aes-ecb", &ossl_aes_ecb},
740  {"aes-cbc", &ossl_aes_cbc},
741  {NULL}
742 };
743 
744 /* PUBLIC functions */
745 
746 int
747 px_find_cipher(const char *name, PX_Cipher **res)
748 {
749  const struct ossl_cipher_lookup *i;
750  PX_Cipher *c = NULL;
751  EVP_CIPHER_CTX *ctx;
752  OSSLCipher *od;
753 
754  name = px_resolve_alias(ossl_aliases, name);
755  for (i = ossl_cipher_types; i->name; i++)
756  if (strcmp(i->name, name) == 0)
757  break;
758  if (i->name == NULL)
759  return PXE_NO_CIPHER;
760 
762  {
765  }
766 
767  /*
768  * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
769  * The order is crucial, to make sure we don't leak anything on
770  * out-of-memory or other error.
771  */
772  od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
773  od->ciph = i->ciph;
774 
775  /* Allocate an EVP_CIPHER_CTX object. */
776  ctx = EVP_CIPHER_CTX_new();
777  if (!ctx)
778  {
779  pfree(od);
780  return PXE_CIPHER_INIT;
781  }
782 
783  od->evp_ctx = ctx;
785  od->next = open_ciphers;
786  od->prev = NULL;
787  open_ciphers = od;
788 
789  if (i->ciph->cipher_func)
790  od->evp_ciph = i->ciph->cipher_func();
791 
792  /* The PX_Cipher is allocated in current memory context */
793  c = px_alloc(sizeof(*c));
797  c->free = gen_ossl_free;
798  c->init = od->ciph->init;
801  c->ptr = od;
802 
803  *res = c;
804  return 0;
805 }
EVP_MD_CTX * ctx
Definition: openssl.c:60
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:700
void * ptr
Definition: px.h:122
ResourceOwner owner
Definition: openssl.c:62
static bool cipher_resowner_callback_registered
Definition: openssl.c:277
unsigned init
Definition: openssl.c:268
const EVP_CIPHER *(* ossl_EVP_cipher_func)(void)
Definition: openssl.c:240
static bool digest_resowner_callback_registered
Definition: openssl.c:68
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:546
#define PXE_DECRYPT_FAILED
Definition: px.h:76
struct OSSLDigest OSSLDigest
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:682
void(* free)(PX_MD *h)
Definition: px.h:117
struct OSSLCipher * prev
Definition: openssl.c:273
ResourceOwner CurrentResourceOwner
Definition: resowner.c:142
#define px_free(p)
Definition: px.h:46
static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:296
int max_key_size
Definition: openssl.c:250
unsigned(* block_size)(PX_Cipher *c)
Definition: px.h:153
unsigned char uint8
Definition: c.h:357
#define MAX_IV
Definition: openssl.c:46
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:713
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:280
int(* decrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:159
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:132
void * ptr
Definition: px.h:162
#define MAX_KEY
Definition: openssl.c:45
int px_find_digest(const char *name, PX_MD **res)
Definition: openssl.c:167
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:509
static OSSLCipher * open_ciphers
Definition: openssl.c:276
void(* free)(PX_Cipher *c)
Definition: px.h:160
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:601
Definition: px.h:126
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:670
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:247
struct OSSLCipher * next
Definition: openssl.c:272
const EVP_MD * algo
Definition: openssl.c:59
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:351
uint8 key[MAX_KEY]
Definition: openssl.c:265
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:263
static int px_openssl_initialized
Definition: openssl.c:162
void pfree(void *pointer)
Definition: mcxt.c:1056
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:664
unsigned(* block_size)(PX_MD *h)
Definition: px.h:113
struct OSSLDigest * prev
Definition: openssl.c:64
Definition: px.h:110
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:706
int block_size
Definition: openssl.c:249
static OSSLDigest * open_digests
Definition: openssl.c:67
static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:87
#define PXE_NO_HASH
Definition: px.h:61
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:115
const char * name
Definition: openssl.c:725
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:116
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:122
unsigned(* iv_size)(PX_Cipher *c)
Definition: px.h:155
char * c
unsigned klen
Definition: openssl.c:267
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:528
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:333
ResourceReleasePhase
Definition: resowner.h:46
#define init()
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:146
unsigned(* key_size)(PX_Cipher *c)
Definition: px.h:154
MemoryContext TopMemoryContext
Definition: mcxt.c:44
static void digest_free(PX_MD *h)
Definition: openssl.c:154
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:688
int(* encrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:158
struct OSSLDigest * next
Definition: openssl.c:63
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:571
#define WARNING
Definition: elog.h:40
unsigned(* result_size)(PX_MD *h)
Definition: px.h:112
ossl_EVP_cipher_func cipher_func
Definition: openssl.c:248
union px_digest::@13 p
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:839
#define PXE_KEY_TOO_BIG
Definition: px.h:66
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:729
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:694
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:71
static int gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:384
#define PXE_CIPHER_INIT
Definition: px.h:67
void(* reset)(PX_MD *h)
Definition: px.h:114
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:325
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: px.h:157
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:490
int px_find_cipher(const char *name, PX_Cipher **res)
Definition: openssl.c:747
Definition: px.h:151
static PX_Alias ossl_aliases[]
Definition: openssl.c:634
const char * name
Definition: encode.c:521
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:658
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:341
#define px_alloc(s)
Definition: px.h:44
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:114
const struct ossl_cipher * ciph
Definition: openssl.c:726
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:796
const struct ossl_cipher * ciph
Definition: openssl.c:269
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:796
#define elog(elevel,...)
Definition: elog.h:228
int i
#define PXE_NO_CIPHER
Definition: px.h:62
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:138
static int bf_check_supported_key_len(void)
Definition: openssl.c:415
void * arg
ResourceOwner owner
Definition: openssl.c:271
const EVP_CIPHER * evp_ciph
Definition: openssl.c:264
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:676
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:226
uint8 iv[MAX_IV]
Definition: openssl.c:266
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:458
static void digest_reset(PX_MD *h)
Definition: openssl.c:130
#define PXE_ERR_GENERIC
Definition: px.h:60
static int gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:360
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:652
struct OSSLCipher OSSLCipher