PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
openssl.c
Go to the documentation of this file.
1 /*
2  * openssl.c
3  * Wrapper for OpenSSL library.
4  *
5  * Copyright (c) 2001 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/openssl.c
30  */
31 
32 #include "postgres.h"
33 
34 #include "px.h"
35 
36 #include <openssl/evp.h>
37 #include <openssl/err.h>
38 #include <openssl/rand.h>
39 
40 #include "utils/memutils.h"
41 #include "utils/resowner.h"
42 
43 /*
44  * Max lengths we might want to handle.
45  */
46 #define MAX_KEY (512/8)
47 #define MAX_IV (128/8)
48 
49 /*
50  * Hashes
51  */
52 
53 /*
54  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLDigest
55  * objects in a linked list, allocated in TopMemoryContext. We use the
56  * ResourceOwner mechanism to free them on abort.
57  */
58 typedef struct OSSLDigest
59 {
60  const EVP_MD *algo;
61  EVP_MD_CTX *ctx;
62 
64  struct OSSLDigest *next;
65  struct OSSLDigest *prev;
66 } OSSLDigest;
67 
70 
71 static void
73 {
74  EVP_MD_CTX_destroy(digest->ctx);
75  if (digest->prev)
76  digest->prev->next = digest->next;
77  else
78  open_digests = digest->next;
79  if (digest->next)
80  digest->next->prev = digest->prev;
81  pfree(digest);
82 }
83 
84 /*
85  * Close any open OpenSSL handles on abort.
86  */
87 static void
89  bool isCommit,
90  bool isTopLevel,
91  void *arg)
92 {
93  OSSLDigest *curr;
95 
96  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
97  return;
98 
99  next = open_digests;
100  while (next)
101  {
102  curr = next;
103  next = curr->next;
104 
105  if (curr->owner == CurrentResourceOwner)
106  {
107  if (isCommit)
108  elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
109  free_openssl_digest(curr);
110  }
111  }
112 }
113 
114 static unsigned
116 {
117  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
118 
119  return EVP_MD_CTX_size(digest->ctx);
120 }
121 
122 static unsigned
124 {
125  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
126 
127  return EVP_MD_CTX_block_size(digest->ctx);
128 }
129 
130 static void
132 {
133  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
134 
135  EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
136 }
137 
138 static void
139 digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
140 {
141  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
142 
143  EVP_DigestUpdate(digest->ctx, data, dlen);
144 }
145 
146 static void
148 {
149  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
150 
151  EVP_DigestFinal_ex(digest->ctx, dst, NULL);
152 }
153 
154 static void
156 {
157  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
158 
159  free_openssl_digest(digest);
160  px_free(h);
161 }
162 
163 static int px_openssl_initialized = 0;
164 
165 /* PUBLIC functions */
166 
167 int
168 px_find_digest(const char *name, PX_MD **res)
169 {
170  const EVP_MD *md;
171  EVP_MD_CTX *ctx;
172  PX_MD *h;
173  OSSLDigest *digest;
174 
176  {
178  OpenSSL_add_all_algorithms();
179  }
180 
182  {
185  }
186 
187  md = EVP_get_digestbyname(name);
188  if (md == NULL)
189  return PXE_NO_HASH;
190 
191  /*
192  * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
193  * The order is crucial, to make sure we don't leak anything on
194  * out-of-memory or other error.
195  */
196  digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
197 
198  ctx = EVP_MD_CTX_create();
199  if (!ctx)
200  {
201  pfree(digest);
202  return -1;
203  }
204  if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
205  {
206  pfree(digest);
207  return -1;
208  }
209 
210  digest->algo = md;
211  digest->ctx = ctx;
212  digest->owner = CurrentResourceOwner;
213  digest->next = open_digests;
214  digest->prev = NULL;
215  open_digests = digest;
216 
217  /* The PX_MD object is allocated in the current memory context. */
218  h = px_alloc(sizeof(*h));
221  h->reset = digest_reset;
222  h->update = digest_update;
223  h->finish = digest_finish;
224  h->free = digest_free;
225  h->p.ptr = (void *) digest;
226 
227  *res = h;
228  return 0;
229 }
230 
231 /*
232  * Ciphers
233  *
234  * We use OpenSSL's EVP* family of functions for these.
235  */
236 
237 /*
238  * prototype for the EVP functions that return an algorithm, e.g.
239  * EVP_aes_128_cbc().
240  */
241 typedef const EVP_CIPHER *(*ossl_EVP_cipher_func)(void);
242 
243 /*
244  * ossl_cipher contains the static information about each cipher.
245  */
247 {
248  int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
252 };
253 
254 /*
255  * OSSLCipher contains the state for using a cipher. A separate OSSLCipher
256  * object is allocated in each px_find_cipher() call.
257  *
258  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLCipher
259  * objects in a linked list, allocated in TopMemoryContext. We use the
260  * ResourceOwner mechanism to free them on abort.
261  */
262 typedef struct OSSLCipher
263 {
264  EVP_CIPHER_CTX *evp_ctx;
265  const EVP_CIPHER *evp_ciph;
268  unsigned klen;
269  unsigned init;
270  const struct ossl_cipher *ciph;
271 
273  struct OSSLCipher *next;
274  struct OSSLCipher *prev;
275 } OSSLCipher;
276 
279 
280 static void
282 {
283  EVP_CIPHER_CTX_free(od->evp_ctx);
284  if (od->prev)
285  od->prev->next = od->next;
286  else
287  open_ciphers = od->next;
288  if (od->next)
289  od->next->prev = od->prev;
290  pfree(od);
291 }
292 
293 /*
294  * Close any open OpenSSL cipher handles on abort.
295  */
296 static void
298  bool isCommit,
299  bool isTopLevel,
300  void *arg)
301 {
302  OSSLCipher *curr;
303  OSSLCipher *next;
304 
305  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
306  return;
307 
308  next = open_ciphers;
309  while (next)
310  {
311  curr = next;
312  next = curr->next;
313 
314  if (curr->owner == CurrentResourceOwner)
315  {
316  if (isCommit)
317  elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr);
318  free_openssl_cipher(curr);
319  }
320  }
321 }
322 
323 /* Common routines for all algorithms */
324 
325 static unsigned
327 {
328  OSSLCipher *od = (OSSLCipher *) c->ptr;
329 
330  return od->ciph->block_size;
331 }
332 
333 static unsigned
335 {
336  OSSLCipher *od = (OSSLCipher *) c->ptr;
337 
338  return od->ciph->max_key_size;
339 }
340 
341 static unsigned
343 {
344  unsigned ivlen;
345  OSSLCipher *od = (OSSLCipher *) c->ptr;
346 
347  ivlen = od->ciph->block_size;
348  return ivlen;
349 }
350 
351 static void
353 {
354  OSSLCipher *od = (OSSLCipher *) c->ptr;
355 
357  px_free(c);
358 }
359 
360 static int
361 gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
362  uint8 *res)
363 {
364  OSSLCipher *od = c->ptr;
365  int outlen;
366 
367  if (!od->init)
368  {
369  if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
370  return PXE_CIPHER_INIT;
371  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
372  return PXE_CIPHER_INIT;
373  if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
374  return PXE_CIPHER_INIT;
375  od->init = true;
376  }
377 
378  if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
379  return PXE_DECRYPT_FAILED;
380 
381  return 0;
382 }
383 
384 static int
385 gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
386  uint8 *res)
387 {
388  OSSLCipher *od = c->ptr;
389  int outlen;
390 
391  if (!od->init)
392  {
393  if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
394  return PXE_CIPHER_INIT;
395  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
396  return PXE_CIPHER_INIT;
397  if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
398  return PXE_CIPHER_INIT;
399  od->init = true;
400  }
401 
402  if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
403  return PXE_ERR_GENERIC;
404 
405  return 0;
406 }
407 
408 /* Blowfish */
409 
410 /*
411  * Check if strong crypto is supported. Some openssl installations
412  * support only short keys and unfortunately BF_set_key does not return any
413  * error value. This function tests if is possible to use strong key.
414  */
415 static int
417 {
418  static const uint8 key[56] = {
419  0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
420  0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
421  0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
422  0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
423  0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
424  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
425  };
426 
427  static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
428  static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
429  uint8 out[8];
430  EVP_CIPHER_CTX *evp_ctx;
431  int outlen;
432  int status = 0;
433 
434  /* encrypt with 448bits key and verify output */
435  evp_ctx = EVP_CIPHER_CTX_new();
436  if (!evp_ctx)
437  return 0;
438  if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
439  goto leave;
440  if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
441  goto leave;
442  if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
443  goto leave;
444 
445  if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
446  goto leave;
447 
448  if (memcmp(out, res, 8) != 0)
449  goto leave; /* Output does not match -> strong cipher is
450  * not supported */
451  status = 1;
452 
453 leave:
454  EVP_CIPHER_CTX_free(evp_ctx);
455  return status;
456 }
457 
458 static int
459 bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
460 {
461  OSSLCipher *od = c->ptr;
462  unsigned bs = gen_ossl_block_size(c);
463  static int bf_is_strong = -1;
464 
465  /*
466  * Test if key len is supported. BF_set_key silently cut large keys and it
467  * could be a problem when user transfer crypted data from one server to
468  * another.
469  */
470 
471  if (bf_is_strong == -1)
472  bf_is_strong = bf_check_supported_key_len();
473 
474  if (!bf_is_strong && klen > 16)
475  return PXE_KEY_TOO_BIG;
476 
477  /* Key len is supported. We can use it. */
478  od->klen = klen;
479  memcpy(od->key, key, klen);
480 
481  if (iv)
482  memcpy(od->iv, iv, bs);
483  else
484  memset(od->iv, 0, bs);
485  return 0;
486 }
487 
488 /* DES */
489 
490 static int
491 ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
492 {
493  OSSLCipher *od = c->ptr;
494  unsigned bs = gen_ossl_block_size(c);
495 
496  od->klen = 8;
497  memset(od->key, 0, 8);
498  memcpy(od->key, key, klen > 8 ? 8 : klen);
499 
500  if (iv)
501  memcpy(od->iv, iv, bs);
502  else
503  memset(od->iv, 0, bs);
504  return 0;
505 }
506 
507 /* DES3 */
508 
509 static int
510 ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
511 {
512  OSSLCipher *od = c->ptr;
513  unsigned bs = gen_ossl_block_size(c);
514 
515  od->klen = 24;
516  memset(od->key, 0, 24);
517  memcpy(od->key, key, klen > 24 ? 24 : klen);
518 
519  if (iv)
520  memcpy(od->iv, iv, bs);
521  else
522  memset(od->iv, 0, bs);
523  return 0;
524 }
525 
526 /* CAST5 */
527 
528 static int
529 ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
530 {
531  OSSLCipher *od = c->ptr;
532  unsigned bs = gen_ossl_block_size(c);
533 
534  od->klen = klen;
535  memcpy(od->key, key, klen);
536 
537  if (iv)
538  memcpy(od->iv, iv, bs);
539  else
540  memset(od->iv, 0, bs);
541  return 0;
542 }
543 
544 /* AES */
545 
546 static int
547 ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
548 {
549  OSSLCipher *od = c->ptr;
550  unsigned bs = gen_ossl_block_size(c);
551 
552  if (klen <= 128 / 8)
553  od->klen = 128 / 8;
554  else if (klen <= 192 / 8)
555  od->klen = 192 / 8;
556  else if (klen <= 256 / 8)
557  od->klen = 256 / 8;
558  else
559  return PXE_KEY_TOO_BIG;
560 
561  memcpy(od->key, key, klen);
562 
563  if (iv)
564  memcpy(od->iv, iv, bs);
565  else
566  memset(od->iv, 0, bs);
567 
568  return 0;
569 }
570 
571 static int
572 ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
573 {
574  OSSLCipher *od = c->ptr;
575  int err;
576 
577  err = ossl_aes_init(c, key, klen, iv);
578  if (err)
579  return err;
580 
581  switch (od->klen)
582  {
583  case 128 / 8:
584  od->evp_ciph = EVP_aes_128_ecb();
585  break;
586  case 192 / 8:
587  od->evp_ciph = EVP_aes_192_ecb();
588  break;
589  case 256 / 8:
590  od->evp_ciph = EVP_aes_256_ecb();
591  break;
592  default:
593  /* shouldn't happen */
594  err = PXE_CIPHER_INIT;
595  break;
596  }
597 
598  return err;
599 }
600 
601 static int
602 ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
603 {
604  OSSLCipher *od = c->ptr;
605  int err;
606 
607  err = ossl_aes_init(c, key, klen, iv);
608  if (err)
609  return err;
610 
611  switch (od->klen)
612  {
613  case 128 / 8:
614  od->evp_ciph = EVP_aes_128_cbc();
615  break;
616  case 192 / 8:
617  od->evp_ciph = EVP_aes_192_cbc();
618  break;
619  case 256 / 8:
620  od->evp_ciph = EVP_aes_256_cbc();
621  break;
622  default:
623  /* shouldn't happen */
624  err = PXE_CIPHER_INIT;
625  break;
626  }
627 
628  return err;
629 }
630 
631 /*
632  * aliases
633  */
634 
635 static PX_Alias ossl_aliases[] = {
636  {"bf", "bf-cbc"},
637  {"blowfish", "bf-cbc"},
638  {"blowfish-cbc", "bf-cbc"},
639  {"blowfish-ecb", "bf-ecb"},
640  {"blowfish-cfb", "bf-cfb"},
641  {"des", "des-cbc"},
642  {"3des", "des3-cbc"},
643  {"3des-ecb", "des3-ecb"},
644  {"3des-cbc", "des3-cbc"},
645  {"cast5", "cast5-cbc"},
646  {"aes", "aes-cbc"},
647  {"rijndael", "aes-cbc"},
648  {"rijndael-cbc", "aes-cbc"},
649  {"rijndael-ecb", "aes-ecb"},
650  {NULL}
651 };
652 
653 static const struct ossl_cipher ossl_bf_cbc = {
654  bf_init,
655  EVP_bf_cbc,
656  64 / 8, 448 / 8
657 };
658 
659 static const struct ossl_cipher ossl_bf_ecb = {
660  bf_init,
661  EVP_bf_ecb,
662  64 / 8, 448 / 8
663 };
664 
665 static const struct ossl_cipher ossl_bf_cfb = {
666  bf_init,
667  EVP_bf_cfb,
668  64 / 8, 448 / 8
669 };
670 
671 static const struct ossl_cipher ossl_des_ecb = {
673  EVP_des_ecb,
674  64 / 8, 64 / 8
675 };
676 
677 static const struct ossl_cipher ossl_des_cbc = {
679  EVP_des_cbc,
680  64 / 8, 64 / 8
681 };
682 
683 static const struct ossl_cipher ossl_des3_ecb = {
685  EVP_des_ede3_ecb,
686  64 / 8, 192 / 8
687 };
688 
689 static const struct ossl_cipher ossl_des3_cbc = {
691  EVP_des_ede3_cbc,
692  64 / 8, 192 / 8
693 };
694 
695 static const struct ossl_cipher ossl_cast_ecb = {
697  EVP_cast5_ecb,
698  64 / 8, 128 / 8
699 };
700 
701 static const struct ossl_cipher ossl_cast_cbc = {
703  EVP_cast5_cbc,
704  64 / 8, 128 / 8
705 };
706 
707 static const struct ossl_cipher ossl_aes_ecb = {
709  NULL, /* EVP_aes_XXX_ecb(), determined in init function */
710  128 / 8, 256 / 8
711 };
712 
713 static const struct ossl_cipher ossl_aes_cbc = {
715  NULL, /* EVP_aes_XXX_cbc(), determined in init function */
716  128 / 8, 256 / 8
717 };
718 
719 /*
720  * Special handlers
721  */
723 {
724  const char *name;
725  const struct ossl_cipher *ciph;
726 };
727 
728 static const struct ossl_cipher_lookup ossl_cipher_types[] = {
729  {"bf-cbc", &ossl_bf_cbc},
730  {"bf-ecb", &ossl_bf_ecb},
731  {"bf-cfb", &ossl_bf_cfb},
732  {"des-ecb", &ossl_des_ecb},
733  {"des-cbc", &ossl_des_cbc},
734  {"des3-ecb", &ossl_des3_ecb},
735  {"des3-cbc", &ossl_des3_cbc},
736  {"cast5-ecb", &ossl_cast_ecb},
737  {"cast5-cbc", &ossl_cast_cbc},
738  {"aes-ecb", &ossl_aes_ecb},
739  {"aes-cbc", &ossl_aes_cbc},
740  {NULL}
741 };
742 
743 /* PUBLIC functions */
744 
745 int
746 px_find_cipher(const char *name, PX_Cipher **res)
747 {
748  const struct ossl_cipher_lookup *i;
749  PX_Cipher *c = NULL;
750  EVP_CIPHER_CTX *ctx;
751  OSSLCipher *od;
752 
753  name = px_resolve_alias(ossl_aliases, name);
754  for (i = ossl_cipher_types; i->name; i++)
755  if (strcmp(i->name, name) == 0)
756  break;
757  if (i->name == NULL)
758  return PXE_NO_CIPHER;
759 
761  {
764  }
765 
766  /*
767  * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
768  * The order is crucial, to make sure we don't leak anything on
769  * out-of-memory or other error.
770  */
771  od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
772  od->ciph = i->ciph;
773 
774  /* Allocate an EVP_CIPHER_CTX object. */
775  ctx = EVP_CIPHER_CTX_new();
776  if (!ctx)
777  {
778  pfree(od);
779  return PXE_CIPHER_INIT;
780  }
781 
782  od->evp_ctx = ctx;
784  od->next = open_ciphers;
785  od->prev = NULL;
786  open_ciphers = od;
787 
788  if (i->ciph->cipher_func)
789  od->evp_ciph = i->ciph->cipher_func();
790 
791  /* The PX_Cipher is allocated in current memory context */
792  c = px_alloc(sizeof(*c));
796  c->free = gen_ossl_free;
797  c->init = od->ciph->init;
800  c->ptr = od;
801 
802  *res = c;
803  return 0;
804 }
void(* free)(PX_Cipher *c)
Definition: px.h:163
EVP_MD_CTX * ctx
Definition: openssl.c:61
unsigned(* key_size)(PX_Cipher *c)
Definition: px.h:157
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:701
void * ptr
Definition: px.h:125
ResourceOwner owner
Definition: openssl.c:63
static bool cipher_resowner_callback_registered
Definition: openssl.c:278
static int32 next
Definition: blutils.c:210
unsigned(* result_size)(PX_MD *h)
Definition: px.h:115
unsigned init
Definition: openssl.c:269
static bool digest_resowner_callback_registered
Definition: openssl.c:69
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:547
#define PXE_DECRYPT_FAILED
Definition: px.h:79
struct OSSLDigest OSSLDigest
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:683
struct OSSLCipher * prev
Definition: openssl.c:274
ResourceOwner CurrentResourceOwner
Definition: resowner.c:138
#define px_free(p)
Definition: px.h:46
static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:297
int max_key_size
Definition: openssl.c:251
unsigned char uint8
Definition: c.h:266
#define MAX_IV
Definition: openssl.c:47
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:713
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:281
const EVP_CIPHER *(* ossl_EVP_cipher_func)(void)
Definition: openssl.c:241
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:140
void * ptr
Definition: px.h:165
#define MAX_KEY
Definition: openssl.c:46
int px_find_digest(const char *name, PX_MD **res)
Definition: openssl.c:168
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:510
static OSSLCipher * open_ciphers
Definition: openssl.c:277
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:602
Definition: px.h:129
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:671
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:118
struct OSSLCipher * next
Definition: openssl.c:273
const EVP_MD * algo
Definition: openssl.c:60
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:352
uint8 key[MAX_KEY]
Definition: openssl.c:266
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:264
static int px_openssl_initialized
Definition: openssl.c:163
void pfree(void *pointer)
Definition: mcxt.c:950
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:665
void(* free)(PX_MD *h)
Definition: px.h:120
struct OSSLDigest * prev
Definition: openssl.c:65
Definition: px.h:113
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:707
int block_size
Definition: openssl.c:250
static OSSLDigest * open_digests
Definition: openssl.c:68
static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:88
#define PXE_NO_HASH
Definition: px.h:64
const char * name
Definition: openssl.c:724
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:123
char * c
unsigned klen
Definition: openssl.c:268
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:529
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:334
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: px.h:160
ResourceReleasePhase
Definition: resowner.h:45
unsigned(* iv_size)(PX_Cipher *c)
Definition: px.h:158
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:147
MemoryContext TopMemoryContext
Definition: mcxt.c:43
int(* encrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:161
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:119
static void digest_free(PX_MD *h)
Definition: openssl.c:155
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:689
struct OSSLDigest * next
Definition: openssl.c:64
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:572
#define WARNING
Definition: elog.h:40
ossl_EVP_cipher_func cipher_func
Definition: openssl.c:249
union px_digest::@13 p
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:248
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:742
#define PXE_KEY_TOO_BIG
Definition: px.h:69
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:728
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:695
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:72
static int gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:385
#define PXE_CIPHER_INIT
Definition: px.h:70
#define NULL
Definition: c.h:229
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:326
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:491
int px_find_cipher(const char *name, PX_Cipher **res)
Definition: openssl.c:746
Definition: px.h:154
static PX_Alias ossl_aliases[]
Definition: openssl.c:635
const char * name
Definition: encode.c:521
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:659
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:342
#define px_alloc(s)
Definition: px.h:44
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:115
const struct ossl_cipher * ciph
Definition: openssl.c:725
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:793
const struct ossl_cipher * ciph
Definition: openssl.c:270
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:707
int i
#define PXE_NO_CIPHER
Definition: px.h:65
void(* reset)(PX_MD *h)
Definition: px.h:117
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:139
static int bf_check_supported_key_len(void)
Definition: openssl.c:416
void * arg
ResourceOwner owner
Definition: openssl.c:272
const EVP_CIPHER * evp_ciph
Definition: openssl.c:265
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:677
#define elog
Definition: elog.h:219
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:224
uint8 iv[MAX_IV]
Definition: openssl.c:267
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:459
unsigned(* block_size)(PX_Cipher *c)
Definition: px.h:156
unsigned(* block_size)(PX_MD *h)
Definition: px.h:116
static void digest_reset(PX_MD *h)
Definition: openssl.c:131
#define PXE_ERR_GENERIC
Definition: px.h:63
static int gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:361
int(* decrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:162
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:653
struct OSSLCipher OSSLCipher