PostgreSQL Source Code git master
px.h File Reference
#include <sys/param.h>
Include dependency graph for px.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  px_digest
 
struct  px_alias
 
struct  px_hmac
 
struct  px_cipher
 
struct  px_combo
 

Macros

#define PX_DEBUG
 
#define PX_MAX_SALT_LEN   128
 
#define PXE_OK   0
 
#define PXE_NO_HASH   -2
 
#define PXE_NO_CIPHER   -3
 
#define PXE_BAD_OPTION   -5
 
#define PXE_BAD_FORMAT   -6
 
#define PXE_KEY_TOO_BIG   -7
 
#define PXE_CIPHER_INIT   -8
 
#define PXE_HASH_UNUSABLE_FOR_HMAC   -9
 
#define PXE_BUG   -12
 
#define PXE_ARGUMENT_ERROR   -13
 
#define PXE_UNKNOWN_SALT_ALGO   -14
 
#define PXE_BAD_SALT_ROUNDS   -15
 
#define PXE_NO_RANDOM   -17
 
#define PXE_DECRYPT_FAILED   -18
 
#define PXE_ENCRYPT_FAILED   -19
 
#define PXE_PGP_CORRUPT_DATA   -100
 
#define PXE_PGP_CORRUPT_ARMOR   -101
 
#define PXE_PGP_UNSUPPORTED_COMPR   -102
 
#define PXE_PGP_UNSUPPORTED_CIPHER   -103
 
#define PXE_PGP_UNSUPPORTED_HASH   -104
 
#define PXE_PGP_COMPRESSION_ERROR   -105
 
#define PXE_PGP_NOT_TEXT   -106
 
#define PXE_PGP_UNEXPECTED_PKT   -107
 
#define PXE_PGP_MATH_FAILED   -109
 
#define PXE_PGP_SHORT_ELGAMAL_KEY   -110
 
#define PXE_PGP_UNKNOWN_PUBALGO   -112
 
#define PXE_PGP_WRONG_KEY   -113
 
#define PXE_PGP_MULTIPLE_KEYS   -114
 
#define PXE_PGP_EXPECT_PUBLIC_KEY   -115
 
#define PXE_PGP_EXPECT_SECRET_KEY   -116
 
#define PXE_PGP_NOT_V4_KEYPKT   -117
 
#define PXE_PGP_KEYPKT_CORRUPT   -118
 
#define PXE_PGP_NO_USABLE_KEY   -119
 
#define PXE_PGP_NEED_SECRET_PSW   -120
 
#define PXE_PGP_BAD_S2K_MODE   -121
 
#define PXE_PGP_UNSUPPORTED_PUBALGO   -122
 
#define PXE_PGP_MULTIPLE_SUBKEYS   -123
 
#define px_md_result_size(md)   (md)->result_size(md)
 
#define px_md_block_size(md)   (md)->block_size(md)
 
#define px_md_reset(md)   (md)->reset(md)
 
#define px_md_update(md, data, dlen)   (md)->update(md, data, dlen)
 
#define px_md_finish(md, buf)   (md)->finish(md, buf)
 
#define px_md_free(md)   (md)->free(md)
 
#define px_hmac_result_size(hmac)   (hmac)->result_size(hmac)
 
#define px_hmac_block_size(hmac)   (hmac)->block_size(hmac)
 
#define px_hmac_reset(hmac)   (hmac)->reset(hmac)
 
#define px_hmac_init(hmac, key, klen)   (hmac)->init(hmac, key, klen)
 
#define px_hmac_update(hmac, data, dlen)   (hmac)->update(hmac, data, dlen)
 
#define px_hmac_finish(hmac, buf)   (hmac)->finish(hmac, buf)
 
#define px_hmac_free(hmac)   (hmac)->free(hmac)
 
#define px_cipher_key_size(c)   (c)->key_size(c)
 
#define px_cipher_block_size(c)   (c)->block_size(c)
 
#define px_cipher_iv_size(c)   (c)->iv_size(c)
 
#define px_cipher_init(c, k, klen, iv)   (c)->init(c, k, klen, iv)
 
#define px_cipher_encrypt(c, padding, data, dlen, res, rlen)    (c)->encrypt(c, padding, data, dlen, res, rlen)
 
#define px_cipher_decrypt(c, padding, data, dlen, res, rlen)    (c)->decrypt(c, padding, data, dlen, res, rlen)
 
#define px_cipher_free(c)   (c)->free(c)
 
#define px_combo_encrypt_len(c, dlen)   (c)->encrypt_len(c, dlen)
 
#define px_combo_decrypt_len(c, dlen)   (c)->decrypt_len(c, dlen)
 
#define px_combo_init(c, key, klen, iv, ivlen)    (c)->init(c, key, klen, iv, ivlen)
 
#define px_combo_encrypt(c, data, dlen, res, rlen)    (c)->encrypt(c, data, dlen, res, rlen)
 
#define px_combo_decrypt(c, data, dlen, res, rlen)    (c)->decrypt(c, data, dlen, res, rlen)
 
#define px_combo_free(c)   (c)->free(c)
 

Typedefs

typedef enum BuiltinCryptoOptions BuiltinCryptoOptions
 
typedef struct px_digest PX_MD
 
typedef struct px_alias PX_Alias
 
typedef struct px_hmac PX_HMAC
 
typedef struct px_cipher PX_Cipher
 
typedef struct px_combo PX_Combo
 

Enumerations

enum  BuiltinCryptoOptions { BC_ON , BC_OFF , BC_FIPS }
 

Functions

int px_find_digest (const char *name, PX_MD **res)
 
int px_find_hmac (const char *name, PX_HMAC **res)
 
int px_find_cipher (const char *name, PX_Cipher **res)
 
int px_find_combo (const char *name, PX_Combo **res)
 
pg_noreturn void px_THROW_ERROR (int err)
 
const char * px_strerror (int err)
 
const char * px_resolve_alias (const PX_Alias *list, const char *name)
 
void px_set_debug_handler (void(*handler)(const char *))
 
void px_memset (void *ptr, int c, size_t len)
 
bool CheckFIPSMode (void)
 
void CheckBuiltinCryptoMode (void)
 
void px_debug (const char *fmt,...) pg_attribute_printf(1
 

Variables

int builtin_crypto_enabled
 

Macro Definition Documentation

◆ px_cipher_block_size

#define px_cipher_block_size (   c)    (c)->block_size(c)

Definition at line 219 of file px.h.

◆ px_cipher_decrypt

#define px_cipher_decrypt (   c,
  padding,
  data,
  dlen,
  res,
  rlen 
)     (c)->decrypt(c, padding, data, dlen, res, rlen)

Definition at line 224 of file px.h.

◆ px_cipher_encrypt

#define px_cipher_encrypt (   c,
  padding,
  data,
  dlen,
  res,
  rlen 
)     (c)->encrypt(c, padding, data, dlen, res, rlen)

Definition at line 222 of file px.h.

◆ px_cipher_free

#define px_cipher_free (   c)    (c)->free(c)

Definition at line 226 of file px.h.

◆ px_cipher_init

#define px_cipher_init (   c,
  k,
  klen,
  iv 
)    (c)->init(c, k, klen, iv)

Definition at line 221 of file px.h.

◆ px_cipher_iv_size

#define px_cipher_iv_size (   c)    (c)->iv_size(c)

Definition at line 220 of file px.h.

◆ px_cipher_key_size

#define px_cipher_key_size (   c)    (c)->key_size(c)

Definition at line 218 of file px.h.

◆ px_combo_decrypt

#define px_combo_decrypt (   c,
  data,
  dlen,
  res,
  rlen 
)     (c)->decrypt(c, data, dlen, res, rlen)

Definition at line 235 of file px.h.

◆ px_combo_decrypt_len

#define px_combo_decrypt_len (   c,
  dlen 
)    (c)->decrypt_len(c, dlen)

Definition at line 230 of file px.h.

◆ px_combo_encrypt

#define px_combo_encrypt (   c,
  data,
  dlen,
  res,
  rlen 
)     (c)->encrypt(c, data, dlen, res, rlen)

Definition at line 233 of file px.h.

◆ px_combo_encrypt_len

#define px_combo_encrypt_len (   c,
  dlen 
)    (c)->encrypt_len(c, dlen)

Definition at line 229 of file px.h.

◆ px_combo_free

#define px_combo_free (   c)    (c)->free(c)

Definition at line 237 of file px.h.

◆ px_combo_init

#define px_combo_init (   c,
  key,
  klen,
  iv,
  ivlen 
)     (c)->init(c, key, klen, iv, ivlen)

Definition at line 231 of file px.h.

◆ PX_DEBUG

#define PX_DEBUG

Definition at line 38 of file px.h.

◆ px_hmac_block_size

#define px_hmac_block_size (   hmac)    (hmac)->block_size(hmac)

Definition at line 210 of file px.h.

◆ px_hmac_finish

#define px_hmac_finish (   hmac,
  buf 
)    (hmac)->finish(hmac, buf)

Definition at line 214 of file px.h.

◆ px_hmac_free

#define px_hmac_free (   hmac)    (hmac)->free(hmac)

Definition at line 215 of file px.h.

◆ px_hmac_init

#define px_hmac_init (   hmac,
  key,
  klen 
)    (hmac)->init(hmac, key, klen)

Definition at line 212 of file px.h.

◆ px_hmac_reset

#define px_hmac_reset (   hmac)    (hmac)->reset(hmac)

Definition at line 211 of file px.h.

◆ px_hmac_result_size

#define px_hmac_result_size (   hmac)    (hmac)->result_size(hmac)

Definition at line 209 of file px.h.

◆ px_hmac_update

#define px_hmac_update (   hmac,
  data,
  dlen 
)    (hmac)->update(hmac, data, dlen)

Definition at line 213 of file px.h.

◆ PX_MAX_SALT_LEN

#define PX_MAX_SALT_LEN   128

Definition at line 41 of file px.h.

◆ px_md_block_size

#define px_md_block_size (   md)    (md)->block_size(md)

Definition at line 203 of file px.h.

◆ px_md_finish

#define px_md_finish (   md,
  buf 
)    (md)->finish(md, buf)

Definition at line 206 of file px.h.

◆ px_md_free

#define px_md_free (   md)    (md)->free(md)

Definition at line 207 of file px.h.

◆ px_md_reset

#define px_md_reset (   md)    (md)->reset(md)

Definition at line 204 of file px.h.

◆ px_md_result_size

#define px_md_result_size (   md)    (md)->result_size(md)

Definition at line 202 of file px.h.

◆ px_md_update

#define px_md_update (   md,
  data,
  dlen 
)    (md)->update(md, data, dlen)

Definition at line 205 of file px.h.

◆ PXE_ARGUMENT_ERROR

#define PXE_ARGUMENT_ERROR   -13

Definition at line 59 of file px.h.

◆ PXE_BAD_FORMAT

#define PXE_BAD_FORMAT   -6

Definition at line 52 of file px.h.

◆ PXE_BAD_OPTION

#define PXE_BAD_OPTION   -5

Definition at line 51 of file px.h.

◆ PXE_BAD_SALT_ROUNDS

#define PXE_BAD_SALT_ROUNDS   -15

Definition at line 61 of file px.h.

◆ PXE_BUG

#define PXE_BUG   -12

Definition at line 58 of file px.h.

◆ PXE_CIPHER_INIT

#define PXE_CIPHER_INIT   -8

Definition at line 54 of file px.h.

◆ PXE_DECRYPT_FAILED

#define PXE_DECRYPT_FAILED   -18

Definition at line 64 of file px.h.

◆ PXE_ENCRYPT_FAILED

#define PXE_ENCRYPT_FAILED   -19

Definition at line 65 of file px.h.

◆ PXE_HASH_UNUSABLE_FOR_HMAC

#define PXE_HASH_UNUSABLE_FOR_HMAC   -9

Definition at line 55 of file px.h.

◆ PXE_KEY_TOO_BIG

#define PXE_KEY_TOO_BIG   -7

Definition at line 53 of file px.h.

◆ PXE_NO_CIPHER

#define PXE_NO_CIPHER   -3

Definition at line 49 of file px.h.

◆ PXE_NO_HASH

#define PXE_NO_HASH   -2

Definition at line 48 of file px.h.

◆ PXE_NO_RANDOM

#define PXE_NO_RANDOM   -17

Definition at line 63 of file px.h.

◆ PXE_OK

#define PXE_OK   0

Definition at line 46 of file px.h.

◆ PXE_PGP_BAD_S2K_MODE

#define PXE_PGP_BAD_S2K_MODE   -121

Definition at line 88 of file px.h.

◆ PXE_PGP_COMPRESSION_ERROR

#define PXE_PGP_COMPRESSION_ERROR   -105

Definition at line 72 of file px.h.

◆ PXE_PGP_CORRUPT_ARMOR

#define PXE_PGP_CORRUPT_ARMOR   -101

Definition at line 68 of file px.h.

◆ PXE_PGP_CORRUPT_DATA

#define PXE_PGP_CORRUPT_DATA   -100

Definition at line 67 of file px.h.

◆ PXE_PGP_EXPECT_PUBLIC_KEY

#define PXE_PGP_EXPECT_PUBLIC_KEY   -115

Definition at line 82 of file px.h.

◆ PXE_PGP_EXPECT_SECRET_KEY

#define PXE_PGP_EXPECT_SECRET_KEY   -116

Definition at line 83 of file px.h.

◆ PXE_PGP_KEYPKT_CORRUPT

#define PXE_PGP_KEYPKT_CORRUPT   -118

Definition at line 85 of file px.h.

◆ PXE_PGP_MATH_FAILED

#define PXE_PGP_MATH_FAILED   -109

Definition at line 76 of file px.h.

◆ PXE_PGP_MULTIPLE_KEYS

#define PXE_PGP_MULTIPLE_KEYS   -114

Definition at line 81 of file px.h.

◆ PXE_PGP_MULTIPLE_SUBKEYS

#define PXE_PGP_MULTIPLE_SUBKEYS   -123

Definition at line 90 of file px.h.

◆ PXE_PGP_NEED_SECRET_PSW

#define PXE_PGP_NEED_SECRET_PSW   -120

Definition at line 87 of file px.h.

◆ PXE_PGP_NO_USABLE_KEY

#define PXE_PGP_NO_USABLE_KEY   -119

Definition at line 86 of file px.h.

◆ PXE_PGP_NOT_TEXT

#define PXE_PGP_NOT_TEXT   -106

Definition at line 73 of file px.h.

◆ PXE_PGP_NOT_V4_KEYPKT

#define PXE_PGP_NOT_V4_KEYPKT   -117

Definition at line 84 of file px.h.

◆ PXE_PGP_SHORT_ELGAMAL_KEY

#define PXE_PGP_SHORT_ELGAMAL_KEY   -110

Definition at line 77 of file px.h.

◆ PXE_PGP_UNEXPECTED_PKT

#define PXE_PGP_UNEXPECTED_PKT   -107

Definition at line 74 of file px.h.

◆ PXE_PGP_UNKNOWN_PUBALGO

#define PXE_PGP_UNKNOWN_PUBALGO   -112

Definition at line 79 of file px.h.

◆ PXE_PGP_UNSUPPORTED_CIPHER

#define PXE_PGP_UNSUPPORTED_CIPHER   -103

Definition at line 70 of file px.h.

◆ PXE_PGP_UNSUPPORTED_COMPR

#define PXE_PGP_UNSUPPORTED_COMPR   -102

Definition at line 69 of file px.h.

◆ PXE_PGP_UNSUPPORTED_HASH

#define PXE_PGP_UNSUPPORTED_HASH   -104

Definition at line 71 of file px.h.

◆ PXE_PGP_UNSUPPORTED_PUBALGO

#define PXE_PGP_UNSUPPORTED_PUBALGO   -122

Definition at line 89 of file px.h.

◆ PXE_PGP_WRONG_KEY

#define PXE_PGP_WRONG_KEY   -113

Definition at line 80 of file px.h.

◆ PXE_UNKNOWN_SALT_ALGO

#define PXE_UNKNOWN_SALT_ALGO   -14

Definition at line 60 of file px.h.

Typedef Documentation

◆ BuiltinCryptoOptions

◆ PX_Alias

typedef struct px_alias PX_Alias

Definition at line 100 of file px.h.

◆ PX_Cipher

typedef struct px_cipher PX_Cipher

Definition at line 102 of file px.h.

◆ PX_Combo

typedef struct px_combo PX_Combo

Definition at line 103 of file px.h.

◆ PX_HMAC

typedef struct px_hmac PX_HMAC

Definition at line 101 of file px.h.

◆ PX_MD

typedef struct px_digest PX_MD

Definition at line 99 of file px.h.

Enumeration Type Documentation

◆ BuiltinCryptoOptions

Enumerator
BC_ON 
BC_OFF 
BC_FIPS 

Definition at line 92 of file px.h.

93{
94 BC_ON,
95 BC_OFF,
96 BC_FIPS,
BuiltinCryptoOptions
Definition: px.h:93
@ BC_ON
Definition: px.h:94
@ BC_OFF
Definition: px.h:95
@ BC_FIPS
Definition: px.h:96

Function Documentation

◆ CheckBuiltinCryptoMode()

void CheckBuiltinCryptoMode ( void  )

Definition at line 874 of file openssl.c.

875{
877 return;
878
881 errmsg("use of built-in crypto functions is disabled"));
882
884
885 if (CheckFIPSMode() == true)
887 errmsg("use of non-FIPS validated crypto not allowed when OpenSSL is in FIPS mode"));
888}
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
Assert(PointerIsAligned(start, uint64))
bool CheckFIPSMode(void)
Definition: openssl.c:844
int builtin_crypto_enabled
Definition: pgcrypto.c:59

References Assert(), BC_FIPS, BC_OFF, BC_ON, builtin_crypto_enabled, CheckFIPSMode(), ereport, errmsg(), and ERROR.

Referenced by px_crypt(), and px_gen_salt().

◆ CheckFIPSMode()

bool CheckFIPSMode ( void  )

Definition at line 844 of file openssl.c.

845{
846 int fips_enabled = 0;
847
848 /*
849 * EVP_default_properties_is_fips_enabled was added in OpenSSL 3.0, before
850 * that FIPS_mode() was used to test for FIPS being enabled. The last
851 * upstream OpenSSL version before 3.0 which supported FIPS was 1.0.2, but
852 * there are forks of 1.1.1 which are FIPS validated so we still need to
853 * test with FIPS_mode() even though we don't support 1.0.2.
854 */
855 fips_enabled =
856#if OPENSSL_VERSION_NUMBER >= 0x30000000L
857 EVP_default_properties_is_fips_enabled(NULL);
858#else
859 FIPS_mode();
860#endif
861
862 return (fips_enabled == 1);
863}

Referenced by CheckBuiltinCryptoMode(), and pg_check_fipsmode().

◆ px_debug()

void px_debug ( const char *  fmt,
  ... 
)

◆ px_find_cipher()

int px_find_cipher ( const char *  name,
PX_Cipher **  res 
)

Definition at line 776 of file openssl.c.

777{
778 const struct ossl_cipher_lookup *i;
779 PX_Cipher *c = NULL;
780 EVP_CIPHER_CTX *ctx;
781 OSSLCipher *od;
782
784 for (i = ossl_cipher_types; i->name; i++)
785 if (strcmp(i->name, name) == 0)
786 break;
787 if (i->name == NULL)
788 return PXE_NO_CIPHER;
789
791
792 /*
793 * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher.
794 * The order is crucial, to make sure we don't leak anything on
795 * out-of-memory or other error.
796 */
797 od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od));
798 od->ciph = i->ciph;
799
800 /* Allocate an EVP_CIPHER_CTX object. */
801 ctx = EVP_CIPHER_CTX_new();
802 if (!ctx)
803 {
804 pfree(od);
805 return PXE_CIPHER_INIT;
806 }
807
808 od->evp_ctx = ctx;
811
812 if (i->ciph->cipher_func)
813 od->evp_ciph = i->ciph->cipher_func();
814
815 /* The PX_Cipher is allocated in current memory context */
816 c = palloc(sizeof(*c));
817 c->block_size = gen_ossl_block_size;
818 c->key_size = gen_ossl_key_size;
819 c->iv_size = gen_ossl_iv_size;
820 c->free = gen_ossl_free;
821 c->init = od->ciph->init;
822 c->encrypt = gen_ossl_encrypt;
823 c->decrypt = gen_ossl_decrypt;
824 c->ptr = od;
825
826 *res = c;
827 return 0;
828}
int i
Definition: isn.c:74
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:1215
void pfree(void *pointer)
Definition: mcxt.c:1524
MemoryContext TopMemoryContext
Definition: mcxt.c:149
void * palloc(Size size)
Definition: mcxt.c:1317
static unsigned gen_ossl_block_size(PX_Cipher *c)
Definition: openssl.c:303
static unsigned gen_ossl_key_size(PX_Cipher *c)
Definition: openssl.c:311
static int gen_ossl_encrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:368
static int gen_ossl_decrypt(PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: openssl.c:338
static void gen_ossl_free(PX_Cipher *c)
Definition: openssl.c:329
static unsigned gen_ossl_iv_size(PX_Cipher *c)
Definition: openssl.c:319
static PX_Alias ossl_aliases[]
Definition: openssl.c:654
static const struct ossl_cipher_lookup ossl_cipher_types[]
Definition: openssl.c:757
static void ResourceOwnerRememberOSSLCipher(ResourceOwner owner, OSSLCipher *od)
Definition: openssl.c:281
char * c
const char * px_resolve_alias(const PX_Alias *list, const char *name)
Definition: px.c:129
#define PXE_CIPHER_INIT
Definition: px.h:54
#define PXE_NO_CIPHER
Definition: px.h:49
ResourceOwner CurrentResourceOwner
Definition: resowner.c:173
void ResourceOwnerEnlarge(ResourceOwner owner)
Definition: resowner.c:452
const struct ossl_cipher * ciph
Definition: openssl.c:262
ResourceOwner owner
Definition: openssl.c:264
EVP_CIPHER_CTX * evp_ctx
Definition: openssl.c:256
const EVP_CIPHER * evp_ciph
Definition: openssl.c:257
int(* init)(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
Definition: openssl.c:241
Definition: px.h:149
const char * name

References OSSLCipher::ciph, CurrentResourceOwner, OSSLCipher::evp_ciph, OSSLCipher::evp_ctx, gen_ossl_block_size(), gen_ossl_decrypt(), gen_ossl_encrypt(), gen_ossl_free(), gen_ossl_iv_size(), gen_ossl_key_size(), i, ossl_cipher::init, MemoryContextAllocZero(), name, ossl_aliases, ossl_cipher_types, OSSLCipher::owner, palloc(), pfree(), px_resolve_alias(), PXE_CIPHER_INIT, PXE_NO_CIPHER, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLCipher(), and TopMemoryContext.

Referenced by pgp_load_cipher(), and px_find_combo().

◆ px_find_combo()

int px_find_combo ( const char *  name,
PX_Combo **  res 
)

Definition at line 285 of file px.c.

286{
287 int err;
288 char *buf,
289 *s_cipher,
290 *s_pad;
291
292 PX_Combo *cx;
293
294 cx = palloc0(sizeof(*cx));
295 buf = pstrdup(name);
296
297 err = parse_cipher_name(buf, &s_cipher, &s_pad);
298 if (err)
299 {
300 pfree(buf);
301 pfree(cx);
302 return err;
303 }
304
305 err = px_find_cipher(s_cipher, &cx->cipher);
306 if (err)
307 goto err1;
308
309 if (s_pad != NULL)
310 {
311 if (strcmp(s_pad, "pkcs") == 0)
312 cx->padding = 1;
313 else if (strcmp(s_pad, "none") == 0)
314 cx->padding = 0;
315 else
316 goto err1;
317 }
318 else
319 cx->padding = 1;
320
321 cx->init = combo_init;
322 cx->encrypt = combo_encrypt;
323 cx->decrypt = combo_decrypt;
324 cx->encrypt_len = combo_encrypt_len;
325 cx->decrypt_len = combo_decrypt_len;
326 cx->free = combo_free;
327
328 pfree(buf);
329
330 *res = cx;
331
332 return 0;
333
334err1:
335 if (cx->cipher)
336 px_cipher_free(cx->cipher);
337 pfree(cx);
338 pfree(buf);
339 return PXE_NO_CIPHER;
340}
void err(int eval, const char *fmt,...)
Definition: err.c:43
int cx(PlannerInfo *root, Gene *tour1, Gene *tour2, Gene *offspring, int num_gene, City *city_table)
char * pstrdup(const char *in)
Definition: mcxt.c:1699
void * palloc0(Size size)
Definition: mcxt.c:1347
int px_find_cipher(const char *name, PX_Cipher **res)
Definition: openssl.c:776
static char * buf
Definition: pg_test_fsync.c:72
static void combo_free(PX_Combo *cx)
Definition: px.c:232
static int combo_encrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: px.c:218
static int parse_cipher_name(char *full, char **cipher, char **pad)
Definition: px.c:243
static int combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen)
Definition: px.c:225
static unsigned combo_decrypt_len(PX_Combo *cx, unsigned dlen)
Definition: px.c:175
static unsigned combo_encrypt_len(PX_Combo *cx, unsigned dlen)
Definition: px.c:169
static int combo_init(PX_Combo *cx, const uint8 *key, unsigned klen, const uint8 *iv, unsigned ivlen)
Definition: px.c:181
#define px_cipher_free(c)
Definition: px.h:226
Definition: px.h:164

References buf, combo_decrypt(), combo_decrypt_len(), combo_encrypt(), combo_encrypt_len(), combo_free(), combo_init(), cx(), err(), name, palloc0(), parse_cipher_name(), pfree(), pstrdup(), px_cipher_free, px_find_cipher(), and PXE_NO_CIPHER.

Referenced by pg_decrypt(), pg_decrypt_iv(), pg_encrypt(), and pg_encrypt_iv().

◆ px_find_digest()

int px_find_digest ( const char *  name,
PX_MD **  res 
)

Definition at line 161 of file openssl.c.

162{
163 const EVP_MD *md;
164 EVP_MD_CTX *ctx;
165 PX_MD *h;
166 OSSLDigest *digest;
167
168 md = EVP_get_digestbyname(name);
169 if (md == NULL)
170 return PXE_NO_HASH;
171
173
174 /*
175 * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
176 * The order is crucial, to make sure we don't leak anything on
177 * out-of-memory or other error.
178 */
179 digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
180
181 ctx = EVP_MD_CTX_create();
182 if (!ctx)
183 {
184 pfree(digest);
185 return PXE_CIPHER_INIT;
186 }
187 if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
188 {
189 EVP_MD_CTX_destroy(ctx);
190 pfree(digest);
191 return PXE_CIPHER_INIT;
192 }
193
194 digest->algo = md;
195 digest->ctx = ctx;
196 digest->owner = CurrentResourceOwner;
197 ResourceOwnerRememberOSSLDigest(digest->owner, digest);
198
199 /* The PX_MD object is allocated in the current memory context. */
200 h = palloc(sizeof(*h));
203 h->reset = digest_reset;
206 h->free = digest_free;
207 h->p.ptr = digest;
208
209 *res = h;
210 return 0;
211}
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:1181
static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: openssl.c:132
static unsigned digest_result_size(PX_MD *h)
Definition: openssl.c:99
static void ResourceOwnerRememberOSSLDigest(ResourceOwner owner, OSSLDigest *digest)
Definition: openssl.c:79
static void digest_finish(PX_MD *h, uint8 *dst)
Definition: openssl.c:141
static void digest_reset(PX_MD *h)
Definition: openssl.c:123
static unsigned digest_block_size(PX_MD *h)
Definition: openssl.c:111
static void digest_free(PX_MD *h)
Definition: openssl.c:150
#define PXE_NO_HASH
Definition: px.h:48
EVP_MD_CTX * ctx
Definition: openssl.c:60
const EVP_MD * algo
Definition: openssl.c:59
ResourceOwner owner
Definition: openssl.c:62
Definition: px.h:108
void(* free)(PX_MD *h)
Definition: px.h:114
void(* update)(PX_MD *h, const uint8 *data, unsigned dlen)
Definition: px.h:112
unsigned(* result_size)(PX_MD *h)
Definition: px.h:109
union px_digest::@8 p
void(* reset)(PX_MD *h)
Definition: px.h:111
unsigned(* block_size)(PX_MD *h)
Definition: px.h:110
void * ptr
Definition: px.h:119
void(* finish)(PX_MD *h, uint8 *dst)
Definition: px.h:113

References OSSLDigest::algo, px_digest::block_size, OSSLDigest::ctx, CurrentResourceOwner, digest_block_size(), digest_finish(), digest_free(), digest_reset(), digest_result_size(), digest_update(), px_digest::finish, px_digest::free, MemoryContextAlloc(), name, OSSLDigest::owner, px_digest::p, palloc(), pfree(), px_digest::ptr, PXE_CIPHER_INIT, PXE_NO_HASH, px_digest::reset, ResourceOwnerEnlarge(), ResourceOwnerRememberOSSLDigest(), px_digest::result_size, TopMemoryContext, and px_digest::update.

Referenced by pg_digest(), pgp_load_digest(), px_crypt_md5(), and px_find_hmac().

◆ px_find_hmac()

int px_find_hmac ( const char *  name,
PX_HMAC **  res 
)

Definition at line 142 of file px-hmac.c.

143{
144 int err;
145 PX_MD *md;
146 PX_HMAC *h;
147 unsigned bs;
148
149 err = px_find_digest(name, &md);
150 if (err)
151 return err;
152
153 bs = px_md_block_size(md);
154 if (bs < 2)
155 {
156 px_md_free(md);
158 }
159
160 h = palloc(sizeof(*h));
161 h->p.ipad = palloc(bs);
162 h->p.opad = palloc(bs);
163 h->md = md;
164
167 h->reset = hmac_reset;
168 h->update = hmac_update;
169 h->finish = hmac_finish;
170 h->free = hmac_free;
171 h->init = hmac_init;
172
173 *res = h;
174
175 return 0;
176}
int px_find_digest(const char *name, PX_MD **res)
Definition: openssl.c:161
static unsigned hmac_result_size(PX_HMAC *h)
Definition: px-hmac.c:40
static void hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen)
Definition: px-hmac.c:52
static void hmac_finish(PX_HMAC *h, uint8 *dst)
Definition: px-hmac.c:100
static void hmac_update(PX_HMAC *h, const uint8 *data, unsigned dlen)
Definition: px-hmac.c:94
static void hmac_free(PX_HMAC *h)
Definition: px-hmac.c:124
static unsigned hmac_block_size(PX_HMAC *h)
Definition: px-hmac.c:46
static void hmac_reset(PX_HMAC *h)
Definition: px-hmac.c:84
#define px_md_free(md)
Definition: px.h:207
#define PXE_HASH_UNUSABLE_FOR_HMAC
Definition: px.h:55
#define px_md_block_size(md)
Definition: px.h:203
Definition: px.h:130
PX_MD * md
Definition: px.h:139
unsigned(* block_size)(PX_HMAC *h)
Definition: px.h:132
void(* finish)(PX_HMAC *h, uint8 *dst)
Definition: px.h:135
uint8 * ipad
Definition: px.h:143
struct px_hmac::@9 p
void(* init)(PX_HMAC *h, const uint8 *key, unsigned klen)
Definition: px.h:137
uint8 * opad
Definition: px.h:144
unsigned(* result_size)(PX_HMAC *h)
Definition: px.h:131
void(* update)(PX_HMAC *h, const uint8 *data, unsigned dlen)
Definition: px.h:134
void(* free)(PX_HMAC *h)
Definition: px.h:136
void(* reset)(PX_HMAC *h)
Definition: px.h:133

References px_hmac::block_size, err(), px_hmac::finish, px_hmac::free, hmac_block_size(), hmac_finish(), hmac_free(), hmac_init(), hmac_reset(), hmac_result_size(), hmac_update(), px_hmac::init, px_hmac::ipad, px_hmac::md, name, px_hmac::opad, px_hmac::p, palloc(), px_find_digest(), px_md_block_size, px_md_free, PXE_HASH_UNUSABLE_FOR_HMAC, px_hmac::reset, px_hmac::result_size, and px_hmac::update.

Referenced by pg_hmac().

◆ px_memset()

◆ px_resolve_alias()

const char * px_resolve_alias ( const PX_Alias list,
const char *  name 
)

Definition at line 129 of file px.c.

130{
131 while (list->name)
132 {
133 if (pg_strcasecmp(list->alias, name) == 0)
134 return list->name;
135 list++;
136 }
137 return name;
138}
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36

References sort-test::list, name, and pg_strcasecmp().

Referenced by px_find_cipher().

◆ px_set_debug_handler()

void px_set_debug_handler ( void(*)(const char *)  handler)

Definition at line 143 of file px.c.

144{
145 debug_handler = handler;
146}
static void(* debug_handler)(const char *)
Definition: px.c:140

References debug_handler.

Referenced by decrypt_internal(), encrypt_internal(), and init_work().

◆ px_strerror()

const char * px_strerror ( int  err)

Definition at line 111 of file px.c.

112{
113 const struct error_desc *e;
114
115 for (e = px_err_list; e->desc; e++)
116 if (e->err == err)
117 return e->desc;
118 return "Bad error code";
119}
e
Definition: preproc-init.c:82
static const struct error_desc px_err_list[]
Definition: px.c:42
Definition: px.c:37
const char * desc
Definition: px.c:39

References error_desc::desc, err(), and px_err_list.

Referenced by find_provider(), pg_decrypt(), pg_decrypt_iv(), pg_encrypt(), pg_encrypt_iv(), pg_gen_salt(), pg_gen_salt_rounds(), and px_THROW_ERROR().

◆ px_THROW_ERROR()

pg_noreturn void px_THROW_ERROR ( int  err)

Definition at line 93 of file px.c.

94{
95 if (err == PXE_NO_RANDOM)
96 {
98 (errcode(ERRCODE_INTERNAL_ERROR),
99 errmsg("could not generate a random number")));
100 }
101 else
102 {
103 /* For other errors, use the message from the above list. */
105 (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
106 errmsg("%s", px_strerror(err))));
107 }
108}
int errcode(int sqlerrcode)
Definition: elog.c:853
const char * px_strerror(int err)
Definition: px.c:111
#define PXE_NO_RANDOM
Definition: px.h:63

References ereport, err(), errcode(), errmsg(), ERROR, px_strerror(), and PXE_NO_RANDOM.

Referenced by decrypt_internal(), encrypt_internal(), init_work(), pg_dearmor(), pg_random_bytes(), pgp_armor_headers(), and pgp_key_id_w().

Variable Documentation

◆ builtin_crypto_enabled

int builtin_crypto_enabled
extern

Definition at line 59 of file pgcrypto.c.

Referenced by _PG_init(), and CheckBuiltinCryptoMode().