PostgreSQL Source Code  git master
openssl.c
Go to the documentation of this file.
1 /*
2  * openssl.c
3  * Wrapper for OpenSSL library.
4  *
5  * Copyright (c) 2001 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/openssl.c
30  */
31 
32 #include "postgres.h"
33 
34 #include <openssl/evp.h>
35 #include <openssl/err.h>
36 #include <openssl/rand.h>
37 
38 #include "px.h"
39 #include "utils/memutils.h"
40 #include "utils/resowner.h"
41 
42 /*
43  * Max lengths we might want to handle.
44  */
45 #define MAX_KEY (512/8)
46 #define MAX_IV (128/8)
47 
48 /*
49  * Hashes
50  */
51 
52 /*
53  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLDigest
54  * objects in a linked list, allocated in TopMemoryContext. We use the
55  * ResourceOwner mechanism to free them on abort.
56  */
57 typedef struct OSSLDigest
58 {
59  const EVP_MD *algo;
60  EVP_MD_CTX *ctx;
61 
63  struct OSSLDigest *next;
64  struct OSSLDigest *prev;
65 } OSSLDigest;
66 
67 static OSSLDigest *open_digests = NULL;
69 
70 static void
72 {
73  EVP_MD_CTX_destroy(digest->ctx);
74  if (digest->prev)
75  digest->prev->next = digest->next;
76  else
77  open_digests = digest->next;
78  if (digest->next)
79  digest->next->prev = digest->prev;
80  pfree(digest);
81 }
82 
83 /*
84  * Close any open OpenSSL handles on abort.
85  */
86 static void
88  bool isCommit,
89  bool isTopLevel,
90  void *arg)
91 {
92  OSSLDigest *curr;
94 
95  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
96  return;
97 
98  next = open_digests;
99  while (next)
100  {
101  curr = next;
102  next = curr->next;
103 
104  if (curr->owner == CurrentResourceOwner)
105  {
106  if (isCommit)
107  elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
108  free_openssl_digest(curr);
109  }
110  }
111 }
112 
113 static unsigned
115 {
116  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
117  int result = EVP_MD_CTX_size(digest->ctx);
118 
119  if (result < 0)
120  elog(ERROR, "EVP_MD_CTX_size() failed");
121 
122  return result;
123 }
124 
125 static unsigned
127 {
128  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
129  int result = EVP_MD_CTX_block_size(digest->ctx);
130 
131  if (result < 0)
132  elog(ERROR, "EVP_MD_CTX_block_size() failed");
133 
134  return result;
135 }
136 
137 static void
139 {
140  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
141 
142  if (!EVP_DigestInit_ex(digest->ctx, digest->algo, NULL))
143  elog(ERROR, "EVP_DigestInit_ex() failed");
144 }
145 
146 static void
147 digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
148 {
149  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
150 
151  if (!EVP_DigestUpdate(digest->ctx, data, dlen))
152  elog(ERROR, "EVP_DigestUpdate() failed");
153 }
154 
155 static void
157 {
158  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
159 
160  if (!EVP_DigestFinal_ex(digest->ctx, dst, NULL))
161  elog(ERROR, "EVP_DigestFinal_ex() failed");
162 }
163 
164 static void
166 {
167  OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
168 
169  free_openssl_digest(digest);
170  pfree(h);
171 }
172 
173 static int px_openssl_initialized = 0;
174 
175 /* PUBLIC functions */
176 
177 int
178 px_find_digest(const char *name, PX_MD **res)
179 {
180  const EVP_MD *md;
181  EVP_MD_CTX *ctx;
182  PX_MD *h;
183  OSSLDigest *digest;
184 
186  {
188  OpenSSL_add_all_algorithms();
189  }
190 
192  {
195  }
196 
197  md = EVP_get_digestbyname(name);
198  if (md == NULL)
199  return PXE_NO_HASH;
200 
201  /*
202  * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
203  * The order is crucial, to make sure we don't leak anything on
204  * out-of-memory or other error.
205  */
206  digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
207 
208  ctx = EVP_MD_CTX_create();
209  if (!ctx)
210  {
211  pfree(digest);
212  return -1;
213  }
214  if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
215  {
216  EVP_MD_CTX_destroy(ctx);
217  pfree(digest);
218  return -1;
219  }
220 
221  digest->algo = md;
222  digest->ctx = ctx;
223  digest->owner = CurrentResourceOwner;
224  digest->next = open_digests;
225  digest->prev = NULL;
226  open_digests = digest;
227 
228  /* The PX_MD object is allocated in the current memory context. */
229  h = palloc(sizeof(*h));
232  h->reset = digest_reset;
233  h->update = digest_update;
234  h->finish = digest_finish;
235  h->free = digest_free;
236  h->p.ptr = (void *) digest;
237 
238  *res = h;
239  return 0;
240 }
241 
242 /*
243  * Ciphers
244  *
245  * We use OpenSSL's EVP* family of functions for these.
246  */
247 
248 /*
249  * prototype for the EVP functions that return an algorithm, e.g.
250  * EVP_aes_128_cbc().
251  */
252 typedef const EVP_CIPHER *(*ossl_EVP_cipher_func) (void);
253 
254 /*
255  * ossl_cipher contains the static information about each cipher.
256  */
258 {
259  int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
263 };
264 
265 /*
266  * OSSLCipher contains the state for using a cipher. A separate OSSLCipher
267  * object is allocated in each px_find_cipher() call.
268  *
269  * To make sure we don't leak OpenSSL handles on abort, we keep OSSLCipher
270  * objects in a linked list, allocated in TopMemoryContext. We use the
271  * ResourceOwner mechanism to free them on abort.
272  */
273 typedef struct OSSLCipher
274 {
275  EVP_CIPHER_CTX *evp_ctx;
276  const EVP_CIPHER *evp_ciph;
279  unsigned klen;
280  unsigned init;
281  const struct ossl_cipher *ciph;
282 
284  struct OSSLCipher *next;
285  struct OSSLCipher *prev;
286 } OSSLCipher;
287 
288 static OSSLCipher *open_ciphers = NULL;
290 
291 static void
293 {
294  EVP_CIPHER_CTX_free(od->evp_ctx);
295  if (od->prev)
296  od->prev->next = od->next;
297  else
298  open_ciphers = od->next;
299  if (od->next)
300  od->next->prev = od->prev;
301  pfree(od);
302 }
303 
304 /*
305  * Close any open OpenSSL cipher handles on abort.
306  */
307 static void
309  bool isCommit,
310  bool isTopLevel,
311  void *arg)
312 {
313  OSSLCipher *curr;
314  OSSLCipher *next;
315 
316  if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
317  return;
318 
319  next = open_ciphers;
320  while (next)
321  {
322  curr = next;
323  next = curr->next;
324 
325  if (curr->owner == CurrentResourceOwner)
326  {
327  if (isCommit)
328  elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr);
329  free_openssl_cipher(curr);
330  }
331  }
332 }
333 
334 /* Common routines for all algorithms */
335 
336 static unsigned
338 {
339  OSSLCipher *od = (OSSLCipher *) c->ptr;
340 
341  return od->ciph->block_size;
342 }
343 
344 static unsigned
346 {
347  OSSLCipher *od = (OSSLCipher *) c->ptr;
348 
349  return od->ciph->max_key_size;
350 }
351 
352 static unsigned
354 {
355  unsigned ivlen;
356  OSSLCipher *od = (OSSLCipher *) c->ptr;
357 
358  ivlen = od->ciph->block_size;
359  return ivlen;
360 }
361 
362 static void
364 {
365  OSSLCipher *od = (OSSLCipher *) c->ptr;
366 
368  pfree(c);
369 }
370 
371 static int
372 gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
373  uint8 *res)
374 {
375  OSSLCipher *od = c->ptr;
376  int outlen;
377 
378  if (!od->init)
379  {
380  if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
381  return PXE_CIPHER_INIT;
382  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
383  return PXE_CIPHER_INIT;
384  if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
385  return PXE_CIPHER_INIT;
386  od->init = true;
387  }
388 
389  if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
390  return PXE_DECRYPT_FAILED;
391 
392  return 0;
393 }
394 
395 static int
396 gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
397  uint8 *res)
398 {
399  OSSLCipher *od = c->ptr;
400  int outlen;
401 
402  if (!od->init)
403  {
404  if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
405  return PXE_CIPHER_INIT;
406  if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
407  return PXE_CIPHER_INIT;
408  if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
409  return PXE_CIPHER_INIT;
410  od->init = true;
411  }
412 
413  if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen))
414  return PXE_ENCRYPT_FAILED;
415 
416  return 0;
417 }
418 
419 /* Blowfish */
420 
421 /*
422  * Check if strong crypto is supported. Some OpenSSL installations
423  * support only short keys and unfortunately BF_set_key does not return any
424  * error value. This function tests if is possible to use strong key.
425  */
426 static int
428 {
429  static const uint8 key[56] = {
430  0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
431  0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
432  0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
433  0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
434  0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
435  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
436  };
437 
438  static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
439  static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
440  uint8 out[8];
441  EVP_CIPHER_CTX *evp_ctx;
442  int outlen;
443  int status = 0;
444 
445  /* encrypt with 448bits key and verify output */
446  evp_ctx = EVP_CIPHER_CTX_new();
447  if (!evp_ctx)
448  return 0;
449  if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
450  goto leave;
451  if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56))
452  goto leave;
453  if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL))
454  goto leave;
455 
456  if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8))
457  goto leave;
458 
459  if (memcmp(out, res, 8) != 0)
460  goto leave; /* Output does not match -> strong cipher is
461  * not supported */
462  status = 1;
463 
464 leave:
465  EVP_CIPHER_CTX_free(evp_ctx);
466  return status;
467 }
468 
469 static int
470 bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
471 {
472  OSSLCipher *od = c->ptr;
473  unsigned bs = gen_ossl_block_size(c);
474  static int bf_is_strong = -1;
475 
476  /*
477  * Test if key len is supported. BF_set_key silently cut large keys and it
478  * could be a problem when user transfer crypted data from one server to
479  * another.
480  */
481 
482  if (bf_is_strong == -1)
483  bf_is_strong = bf_check_supported_key_len();
484 
485  if (!bf_is_strong && klen > 16)
486  return PXE_KEY_TOO_BIG;
487 
488  /* Key len is supported. We can use it. */
489  od->klen = klen;
490  memcpy(od->key, key, klen);
491 
492  if (iv)
493  memcpy(od->iv, iv, bs);
494  else
495  memset(od->iv, 0, bs);
496  return 0;
497 }
498 
499 /* DES */
500 
501 static int
502 ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
503 {
504  OSSLCipher *od = c->ptr;
505  unsigned bs = gen_ossl_block_size(c);
506 
507  od->klen = 8;
508  memset(od->key, 0, 8);
509  memcpy(od->key, key, klen > 8 ? 8 : klen);
510 
511  if (iv)
512  memcpy(od->iv, iv, bs);
513  else
514  memset(od->iv, 0, bs);
515  return 0;
516 }
517 
518 /* DES3 */
519 
520 static int
521 ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
522 {
523  OSSLCipher *od = c->ptr;
524  unsigned bs = gen_ossl_block_size(c);
525 
526  od->klen = 24;
527  memset(od->key, 0, 24);
528  memcpy(od->key, key, klen > 24 ? 24 : klen);
529 
530  if (iv)
531  memcpy(od->iv, iv, bs);
532  else
533  memset(od->iv, 0, bs);
534  return 0;
535 }
536 
537 /* CAST5 */
538 
539 static int
540 ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
541 {
542  OSSLCipher *od = c->ptr;
543  unsigned bs = gen_ossl_block_size(c);
544 
545  od->klen = klen;
546  memcpy(od->key, key, klen);
547 
548  if (iv)
549  memcpy(od->iv, iv, bs);
550  else
551  memset(od->iv, 0, bs);
552  return 0;
553 }
554 
555 /* AES */
556 
557 static int
558 ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
559 {
560  OSSLCipher *od = c->ptr;
561  unsigned bs = gen_ossl_block_size(c);
562 
563  if (klen <= 128 / 8)
564  od->klen = 128 / 8;
565  else if (klen <= 192 / 8)
566  od->klen = 192 / 8;
567  else if (klen <= 256 / 8)
568  od->klen = 256 / 8;
569  else
570  return PXE_KEY_TOO_BIG;
571 
572  memcpy(od->key, key, klen);
573 
574  if (iv)
575  memcpy(od->iv, iv, bs);
576  else
577  memset(od->iv, 0, bs);
578 
579  return 0;
580 }
581 
582 static int
583 ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
584 {
585  OSSLCipher *od = c->ptr;
586  int err;
587 
588  err = ossl_aes_init(c, key, klen, iv);
589  if (err)
590  return err;
591 
592  switch (od->klen)
593  {
594  case 128 / 8:
595  od->evp_ciph = EVP_aes_128_ecb();
596  break;
597  case 192 / 8:
598  od->evp_ciph = EVP_aes_192_ecb();
599  break;
600  case 256 / 8:
601  od->evp_ciph = EVP_aes_256_ecb();
602  break;
603  default:
604  /* shouldn't happen */
605  err = PXE_CIPHER_INIT;
606  break;
607  }
608 
609  return err;
610 }
611 
612 static int
613 ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
614 {
615  OSSLCipher *od = c->ptr;
616  int err;
617 
618  err = ossl_aes_init(c, key, klen, iv);
619  if (err)
620  return err;
621 
622  switch (od->klen)
623  {
624  case 128 / 8:
625  od->evp_ciph = EVP_aes_128_cbc();
626  break;
627  case 192 / 8:
628  od->evp_ciph = EVP_aes_192_cbc();
629  break;
630  case 256 / 8:
631  od->evp_ciph = EVP_aes_256_cbc();
632  break;
633  default:
634  /* shouldn't happen */
635  err = PXE_CIPHER_INIT;
636  break;
637  }
638 
639  return err;
640 }
641 
642 /*
643  * aliases
644  */
645 
646 static PX_Alias ossl_aliases[] = {
647  {"bf", "bf-cbc"},
648  {"blowfish", "bf-cbc"},
649  {"blowfish-cbc", "bf-cbc"},
650  {"blowfish-ecb", "bf-ecb"},
651  {"blowfish-cfb", "bf-cfb"},
652  {"des", "des-cbc"},
653  {"3des", "des3-cbc"},
654  {"3des-ecb", "des3-ecb"},
655  {"3des-cbc", "des3-cbc"},
656  {"cast5", "cast5-cbc"},
657  {"aes", "aes-cbc"},
658  {"rijndael", "aes-cbc"},
659  {"rijndael-cbc", "aes-cbc"},
660  {"rijndael-ecb", "aes-ecb"},
661  {NULL}
662 };
663 
664 static const struct ossl_cipher ossl_bf_cbc = {
665  bf_init,
666  EVP_bf_cbc,
667  64 / 8, 448 / 8
668 };
669 
670 static const struct ossl_cipher ossl_bf_ecb = {
671  bf_init,
672  EVP_bf_ecb,
673  64 / 8, 448 / 8
674 };
675 
676 static const struct ossl_cipher ossl_bf_cfb = {
677  bf_init,
678  EVP_bf_cfb,
679  64 / 8, 448 / 8
680 };
681 
682 static const struct ossl_cipher ossl_des_ecb = {
684  EVP_des_ecb,
685  64 / 8, 64 / 8
686 };
687 
688 static const struct ossl_cipher ossl_des_cbc = {
690  EVP_des_cbc,
691  64 / 8, 64 / 8
692 };
693 
694 static const struct ossl_cipher ossl_des3_ecb = {
696  EVP_des_ede3_ecb,
697  64 / 8, 192 / 8
698 };
699 
700 static const struct ossl_cipher ossl_des3_cbc = {
702  EVP_des_ede3_cbc,
703  64 / 8, 192 / 8
704 };
705 
706 static const struct ossl_cipher ossl_cast_ecb = {
708  EVP_cast5_ecb,
709  64 / 8, 128 / 8
710 };
711 
712 static const struct ossl_cipher ossl_cast_cbc = {
714  EVP_cast5_cbc,
715  64 / 8, 128 / 8
716 };
717 
718 static const struct ossl_cipher ossl_aes_ecb = {
720  NULL, /* EVP_aes_XXX_ecb(), determined in init
721  * function */
722  128 / 8, 256 / 8
723 };
724 
725 static const struct ossl_cipher ossl_aes_cbc = {
727  NULL, /* EVP_aes_XXX_cbc(), determined in init
728  * function */
729  128 / 8, 256 / 8
730 };
731 
732 /*
733  * Special handlers
734  */
736 {
737  const char *name;
738  const struct ossl_cipher *ciph;
739 };
740 
741 static const struct ossl_cipher_lookup ossl_cipher_types[] = {
742  {"bf-cbc", &ossl_bf_cbc},
743  {"bf-ecb", &ossl_bf_ecb},
744  {"bf-cfb", &ossl_bf_cfb},
745  {"des-ecb", &ossl_des_ecb},
746  {"des-cbc", &ossl_des_cbc},
747  {"des3-ecb", &ossl_des3_ecb},
748  {"des3-cbc", &ossl_des3_cbc},
749  {"cast5-ecb", &ossl_cast_ecb},
750  {"cast5-cbc", &ossl_cast_cbc},
751  {"aes-ecb", &ossl_aes_ecb},
752  {"aes-cbc", &ossl_aes_cbc},
753  {NULL}
754 };
755 
756 /* PUBLIC functions */
757 
758 int
759 px_find_cipher(const char *name, PX_Cipher **res)
760 {
761  const struct ossl_cipher_lookup *i;
762  PX_Cipher *c = NULL;
763  EVP_CIPHER_CTX *ctx;
764  OSSLCipher *od;
765 
766  name = px_resolve_alias(ossl_aliases, name);
767  for (i = ossl_cipher_types; i->name; i++)
768  if (strcmp(i->name, name) == 0)
769  break;
770  if (i->name == NULL)
771  return PXE_NO_CIPHER;
772 
774  {
777  }
778 
779  /*
780  * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
781  * The order is crucial, to make sure we don't leak anything on
782  * out-of-memory or other error.
783  */
784  od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
785  od->ciph = i->ciph;
786 
787  /* Allocate an EVP_CIPHER_CTX object. */
788  ctx = EVP_CIPHER_CTX_new();
789  if (!ctx)
790  {
791  pfree(od);
792  return PXE_CIPHER_INIT;
793  }
794 
795  od->evp_ctx = ctx;
797  od->next = open_ciphers;
798  od->prev = NULL;
799  open_ciphers = od;
800 
801  if (i->ciph->cipher_func)
802  od->evp_ciph = i->ciph->cipher_func();
803 
804  /* The PX_Cipher is allocated in current memory context */
805  c = palloc(sizeof(*c));
809  c->free = gen_ossl_free;
810  c->init = od->ciph->init;
813  c->ptr = od;
814 
815  *res = c;
816  return 0;
817 }
EVP_MD_CTX * ctx
Definition: openssl.c:60
static const struct ossl_cipher ossl_cast_cbc
Definition: openssl.c:712
void * ptr
Definition: px.h:110
ResourceOwner owner
Definition: openssl.c:62
static bool cipher_resowner_callback_registered
Definition: openssl.c:289
unsigned init
Definition: openssl.c:280
const EVP_CIPHER *(* ossl_EVP_cipher_func)(void)
Definition: openssl.c:252
static bool digest_resowner_callback_registered
Definition: openssl.c:68
static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:558
#define PXE_DECRYPT_FAILED
Definition: px.h:63
struct OSSLDigest OSSLDigest
static const struct ossl_cipher ossl_des3_ecb
Definition: openssl.c:694
void(* free)(PX_MD *h)
Definition: px.h:105
struct OSSLCipher * prev
Definition: openssl.c:285
ResourceOwner CurrentResourceOwner
Definition: resowner.c:146
static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:308
int max_key_size
Definition: openssl.c:262
unsigned(* block_size)(PX_Cipher *c)
Definition: px.h:141
unsigned char uint8
Definition: c.h:439
#define MAX_IV
Definition: openssl.c:46
static const struct ossl_cipher ossl_aes_cbc
Definition: openssl.c:725
static void free_openssl_cipher(OSSLCipher *od)
Definition: openssl.c:292
int(* decrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:147
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:133
void * ptr
Definition: px.h:150
#define MAX_KEY
Definition: openssl.c:45
int px_find_digest(const char *name, PX_MD **res)
Definition: openssl.c:178
static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:521
static OSSLCipher * open_ciphers
Definition: openssl.c:288
void(* free)(PX_Cipher *c)
Definition: px.h:148
static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:613
Definition: px.h:114
static const struct ossl_cipher ossl_des_ecb
Definition: openssl.c:682
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:259
struct OSSLCipher * next
Definition: openssl.c:284
const EVP_MD * algo
Definition: openssl.c:59
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:363
uint8 key[MAX_KEY]
Definition: openssl.c:277
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:275
static int px_openssl_initialized
Definition: openssl.c:173
void pfree(void *pointer)
Definition: mcxt.c:1169
static const struct ossl_cipher ossl_bf_cfb
Definition: openssl.c:676
unsigned(* block_size)(PX_MD *h)
Definition: px.h:101
#define ERROR
Definition: elog.h:46
struct OSSLDigest * prev
Definition: openssl.c:64
union px_digest::@9 p
Definition: px.h:98
static const struct ossl_cipher ossl_aes_ecb
Definition: openssl.c:718
int block_size
Definition: openssl.c:261
static OSSLDigest * open_digests
Definition: openssl.c:67
static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg)
Definition: openssl.c:87
#define PXE_NO_HASH
Definition: px.h:48
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:103
const char * name
Definition: openssl.c:737
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:104
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:126
unsigned(* iv_size)(PX_Cipher *c)
Definition: px.h:143
char * c
unsigned klen
Definition: openssl.c:279
static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:540
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:345
ResourceReleasePhase
Definition: resowner.h:46
#define init()
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:156
unsigned(* key_size)(PX_Cipher *c)
Definition: px.h:142
MemoryContext TopMemoryContext
Definition: mcxt.c:48
static void digest_free(PX_MD *h)
Definition: openssl.c:165
static const struct ossl_cipher ossl_des3_cbc
Definition: openssl.c:700
int(* encrypt)(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: px.h:146
struct OSSLDigest * next
Definition: openssl.c:63
static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:583
#define WARNING
Definition: elog.h:40
unsigned(* result_size)(PX_MD *h)
Definition: px.h:100
ossl_EVP_cipher_func cipher_func
Definition: openssl.c:260
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:906
#define PXE_KEY_TOO_BIG
Definition: px.h:53
#define PXE_ENCRYPT_FAILED
Definition: px.h:64
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:741
static const struct ossl_cipher ossl_cast_ecb
Definition: openssl.c:706
static void free_openssl_digest(OSSLDigest *digest)
Definition: openssl.c:71
static int gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:396
#define PXE_CIPHER_INIT
Definition: px.h:54
void(* reset)(PX_MD *h)
Definition: px.h:102
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:337
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: px.h:145
static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:502
int px_find_cipher(const char *name, PX_Cipher **res)
Definition: openssl.c:759
Definition: px.h:139
static PX_Alias ossl_aliases[]
Definition: openssl.c:646
const char * name
Definition: encode.c:515
static const struct ossl_cipher ossl_bf_ecb
Definition: openssl.c:670
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:353
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:114
const struct ossl_cipher * ciph
Definition: openssl.c:738
void RegisterResourceReleaseCallback(ResourceReleaseCallback callback, void *arg)
Definition: resowner.c:849
void * palloc(Size size)
Definition: mcxt.c:1062
const struct ossl_cipher * ciph
Definition: openssl.c:281
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:863
#define elog(elevel,...)
Definition: elog.h:232
int i
#define PXE_NO_CIPHER
Definition: px.h:49
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:147
static int bf_check_supported_key_len(void)
Definition: openssl.c:427
void * arg
ResourceOwner owner
Definition: openssl.c:283
const EVP_CIPHER * evp_ciph
Definition: openssl.c:276
static const struct ossl_cipher ossl_des_cbc
Definition: openssl.c:688
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:227
uint8 iv[MAX_IV]
Definition: openssl.c:278
static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:470
static void digest_reset(PX_MD *h)
Definition: openssl.c:138
static int gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
Definition: openssl.c:372
static const struct ossl_cipher ossl_bf_cbc
Definition: openssl.c:664
struct OSSLCipher OSSLCipher