rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/contrib/pgcrypto/openssl.c

957 lines
21 KiB
C
Raw Normal View History

Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
/*
* openssl.c
* Wrapper for OpenSSL library.
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
*
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
* Copyright (c) 2001 Marko Kreen
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* notice, this list of conditions and the following disclaimer.
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
* 2. Redistributions in binary form must reproduce the above copyright
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
pgindent run for 9.4 This includes removing tabs after periods in C comments, which was applied to back branches, so this change should not effect backpatching.
2014-05-06 18:12:18 +02:00
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
Remove cvs keywords from all files.
2010-09-20 22:08:53 +02:00
* contrib/pgcrypto/openssl.c
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
*/
More pgcrypto fixes: avoid bogus alignment assumptions in sha2, be more wary about having a value for BYTE_ORDER, clean up randomly- chosen ways of including Postgres core headers. Marko Kreen and Tom Lane
2005-07-11 17:07:59 +02:00
#include "postgres.h"
Restructure the key include files per recent pghackers discussion: there are now separate files "postgres.h" and "postgres_fe.h", which are meant to be the primary include files for backend .c files and frontend .c files respectively. By default, only include files meant for frontend use are installed into the installation include directory. There is a new make target 'make install-all-headers' that adds the whole content of the src/include tree to the installed fileset, for use by people who want to develop server-side code without keeping the complete source tree on hand. Cleaned up a whole lot of crufty and inconsistent header inclusions.
2001-02-10 03:31:31 +01:00
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
#include "px.h"
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
#include <openssl/evp.h>
This patch allows contrib/pgcrypto to build with OpenSSL 0.9.8 (currently in beta) when cryptolib = openssl. According to the following checkin message from several years ago, OpenSSL application developers should no longer rely on <openssl/evp.h> to include everything they need: http://cvs.openssl.org/chngview?cn=9888 This patch adds the necessary header files. It doesn't appear to break anything when building against OpenSSL 0.9.7. BTW, core appears to build and work fine with OpenSSL 0.9.8. I've built 7.3 through HEAD against 0.9.8-beta6 without noticing any problems. Michael Fuhr
2005-07-03 04:32:56 +02:00
#include <openssl/blowfish.h>
#include <openssl/cast.h>
#include <openssl/des.h>
Remove support for OpenSSL versions older than 0.9.8. OpenSSL officially only supports 1.0.1 and newer. Some OS distributions still provide patches for 0.9.8, but anything older than that is not interesting anymore. Let's simplify things by removing compatibility code. Andreas Karlsson, with small changes by me.
2016-08-29 19:16:02 +02:00
#include <openssl/aes.h>
- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen
2005-07-10 05:55:28 +02:00
#include <openssl/rand.h>
#include <openssl/err.h>
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
#include "utils/memutils.h"
#include "utils/resowner.h"
More pgcrypto fixes: handle long messages correctly, suppress compiler warnings. Marko Kreen and Kris Jurka.
2005-07-12 22:27:45 +02:00
/*
* Max lengths we might want to handle.
*/
#define MAX_KEY (512/8)
#define MAX_IV (128/8)
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
/*
* Hashes
*/
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
/*
* To make sure we don't leak OpenSSL handles on abort, we keep OSSLDigest
* objects in a linked list, allocated in TopMemoryContext. We use the
* ResourceOwner mechanism to free them on abort.
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
typedef struct OSSLDigest
{
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
const EVP_MD *algo;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
EVP_MD_CTX *ctx;
ResourceOwner owner;
struct OSSLDigest *next;
struct OSSLDigest *prev;
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
} OSSLDigest;
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
static OSSLDigest *open_digests = NULL;
static bool resowner_callback_registered = false;
static void
free_openssldigest(OSSLDigest *digest)
{
EVP_MD_CTX_destroy(digest->ctx);
if (digest->prev)
digest->prev->next = digest->next;
else
open_digests = digest->next;
if (digest->next)
digest->next->prev = digest->prev;
pfree(digest);
}
/*
* Close any open OpenSSL handles on abort.
*/
static void
digest_free_callback(ResourceReleasePhase phase,
bool isCommit,
bool isTopLevel,
void *arg)
{
OSSLDigest *curr;
OSSLDigest *next;
if (phase != RESOURCE_RELEASE_AFTER_LOCKS)
return;
next = open_digests;
while (next)
{
curr = next;
next = curr->next;
if (curr->owner == CurrentResourceOwner)
{
if (isCommit)
elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr);
free_openssldigest(curr);
}
}
}
Duh, my regexp's missed bunch of them. Here's next batch, this should be all. Marko Kreen
2001-11-20 19:54:07 +01:00
static unsigned
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_result_size(PX_MD *h)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
return EVP_MD_CTX_size(digest->ctx);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
Duh, my regexp's missed bunch of them. Here's next batch, this should be all. Marko Kreen
2001-11-20 19:54:07 +01:00
static unsigned
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_block_size(PX_MD *h)
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
return EVP_MD_CTX_block_size(digest->ctx);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
static void
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_reset(PX_MD *h)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
EVP_DigestInit_ex(digest->ctx, digest->algo, NULL);
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static void
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
EVP_DigestUpdate(digest->ctx, data, dlen);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static void
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_finish(PX_MD *h, uint8 *dst)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
Some builds (depends on crypto engine support?) of OpenSSL 0.9.7x have EVP_DigestFinal function which which clears all of EVP_MD_CTX. This makes pgcrypto crash in functions which re-use one digest context several times: hmac() and crypt() with md5 algorithm. Following patch fixes it by carring the digest info around EVP_DigestFinal and re-initializing cipher. Marko Kreen.
2005-03-12 07:53:54 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
EVP_DigestFinal_ex(digest->ctx, dst, NULL);
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static void
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
digest_free(PX_MD *h)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
free_openssldigest(digest);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
px_free(h);
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
static int px_openssl_initialized = 0;
/* PUBLIC functions */
int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
px_find_digest(const char *name, PX_MD **res)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{
const EVP_MD *md;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
EVP_MD_CTX *ctx;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
PX_MD *h;
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
OSSLDigest *digest;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
if (!px_openssl_initialized)
{
px_openssl_initialized = 1;
OpenSSL_add_all_algorithms();
}
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
if (!resowner_callback_registered)
{
RegisterResourceReleaseCallback(digest_free_callback, NULL);
resowner_callback_registered = true;
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
md = EVP_get_digestbyname(name);
if (md == NULL)
Remove support for OpenSSL versions older than 0.9.8. OpenSSL officially only supports 1.0.1 and newer. Some OS distributions still provide patches for 0.9.8, but anything older than that is not interesting anymore. Let's simplify things by removing compatibility code. Andreas Karlsson, with small changes by me.
2016-08-29 19:16:02 +02:00
return PXE_NO_HASH;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
/*
* Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
* The order is crucial, to make sure we don't leak anything on
* out-of-memory or other error.
*/
digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
ctx = EVP_MD_CTX_create();
if (!ctx)
{
pfree(digest);
return -1;
}
if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
{
pfree(digest);
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
return -1;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
digest->algo = md;
digest->ctx = ctx;
digest->owner = CurrentResourceOwner;
digest->next = open_digests;
digest->prev = NULL;
open_digests = digest;
/* The PX_MD object is allocated in the current memory context. */
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
h = px_alloc(sizeof(*h));
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak memory when compiled against OpenSSL as openssl.c digest ->reset will do two DigestInit calls against a context. This happened to work with OpenSSL 0.9.6 but not with 0.9.7+. Reason for the messy code was that I tried to avoid creating wrapper structure to transport algorithm info and tried to use OpenSSL context for it. The fix is to create wrapper structure. It also uses newer digest API to avoid memory allocations on reset with newer OpenSSLs. Thanks to Daniel Blaisdell for reporting it.
2006-02-18 21:48:51 +01:00
h->p.ptr = (void *) digest;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
*res = h;
return 0;
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
/*
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
* Ciphers
*
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
* The problem with OpenSSL is that the EVP* family
* of functions does not allow enough flexibility
* and forces some of the parameters (keylen,
* padding) to SSL defaults.
pgindent run.
2003-08-04 02:43:34 +02:00
*
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
* So need to manage ciphers ourselves.
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
*/
pgindent run.
2003-08-04 02:43:34 +02:00
struct ossl_cipher
{
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
pgindent run.
2003-08-04 02:43:34 +02:00
int block_size;
int max_key_size;
int stream_cipher;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
typedef struct
{
union
{
struct
{
BF_KEY key;
int num;
} bf;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
struct
{
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_key_schedule key_schedule;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
} des;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
struct
{
Standard pgindent run for 8.1.
2005-10-15 04:49:52 +02:00
DES_key_schedule k1,
k2,
k3;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
} des3;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
CAST_KEY cast_key;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
AES_KEY aes_key;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
} u;
More pgcrypto fixes: handle long messages correctly, suppress compiler warnings. Marko Kreen and Kris Jurka.
2005-07-12 22:27:45 +02:00
uint8 key[MAX_KEY];
uint8 iv[MAX_IV];
pgcrypto uses non-standard type uint, which causes compile failures on FreeBSD. This patch replaces uint -> unsigned. This was reported by Daniel Holtzman against 0.4pre3 standalone package, but it needs fixing in contrib/pgcrypto too. Marko Kreen
2001-11-20 16:50:53 +01:00
unsigned klen;
unsigned init;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
const struct ossl_cipher *ciph;
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
} ossldata;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
/* generic */
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
Duh, my regexp's missed bunch of them. Here's next batch, this should be all. Marko Kreen
2001-11-20 19:54:07 +01:00
static unsigned
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
gen_ossl_block_size(PX_Cipher *c)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = (ossldata *) c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
return od->ciph->block_size;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
Duh, my regexp's missed bunch of them. Here's next batch, this should be all. Marko Kreen
2001-11-20 19:54:07 +01:00
static unsigned
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
gen_ossl_key_size(PX_Cipher *c)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = (ossldata *) c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
return od->ciph->max_key_size;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
Duh, my regexp's missed bunch of them. Here's next batch, this should be all. Marko Kreen
2001-11-20 19:54:07 +01:00
static unsigned
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
gen_ossl_iv_size(PX_Cipher *c)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgcrypto uses non-standard type uint, which causes compile failures on FreeBSD. This patch replaces uint -> unsigned. This was reported by Daniel Holtzman against 0.4pre3 standalone package, but it needs fixing in contrib/pgcrypto too. Marko Kreen
2001-11-20 16:50:53 +01:00
unsigned ivlen;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = (ossldata *) c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
ivlen = od->ciph->block_size;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return ivlen;
}
static void
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
gen_ossl_free(PX_Cipher *c)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = (ossldata *) c->ptr;
pgcrypto: fix memset() calls that might be optimized away Specifically, on-stack memset() might be removed, so: * Replace memset() with px_memset() * Add px_memset to copy_crlf() * Add px_memset to pgp-s2k.c Patch by Marko Kreen Report by PVS-Studio Backpatch through 8.4.
2014-04-17 18:37:53 +02:00
px_memset(od, 0, sizeof(*od));
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
px_free(od);
px_free(c);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
/* Blowfish */
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
/*
* Check if strong crypto is supported. Some openssl installations
* support only short keys and unfortunately BF_set_key does not return any
* error value. This function tests if is possible to use strong key.
*/
static int
bf_check_supported_key_len(void)
{
static const uint8 key[56] = {
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
};
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
static uint8 out[8];
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
BF_KEY bf_key;
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
/* encrypt with 448bits key and verify output */
BF_set_key(&bf_key, 56, key);
BF_ecb_encrypt(data, out, &bf_key, BF_ENCRYPT);
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
if (memcmp(out, res, 8) != 0)
return 0; /* Output does not match -> strong cipher is
* not supported */
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
return 1;
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
ossldata *od = c->ptr;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
static int bf_is_strong = -1;
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
/*
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
* Test if key len is supported. BF_set_key silently cut large keys and it
pgindent run for 9.4 This includes removing tabs after periods in C comments, which was applied to back branches, so this change should not effect backpatching.
2014-05-06 18:12:18 +02:00
* could be a problem when user transfer crypted data from one server to
* another.
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
*/
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
if (bf_is_strong == -1)
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
bf_is_strong = bf_check_supported_key_len();
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
if (!bf_is_strong && klen > 16)
return PXE_KEY_TOO_BIG;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
/* Key len is supported. We can use it. */
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
BF_set_key(&od->u.bf.key, klen, key);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
if (iv)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memcpy(od->iv, iv, BF_BLOCK);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
else
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memset(od->iv, 0, BF_BLOCK);
od->u.bf.num = 0;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run.
2003-08-04 02:43:34 +02:00
unsigned i;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
for (i = 0; i < dlen / bs; i++)
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_ENCRYPT);
return 0;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c),
i;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
for (i = 0; i < dlen / bs; i++)
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_DECRYPT);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_ENCRYPT);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{
ossldata *od = c->ptr;
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_DECRYPT);
return 0;
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_cfb64_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
&od->u.bf.num, BF_ENCRYPT);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
bf_cfb64_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{
ossldata *od = c->ptr;
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
&od->u.bf.num, BF_DECRYPT);
return 0;
}
/* DES */
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{
ossldata *od = c->ptr;
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_cblock xkey;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_set_key(&xkey, &od->u.des.key_schedule);
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memset(&xkey, 0, sizeof(xkey));
pgindent run.
2003-08-04 02:43:34 +02:00
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
if (iv)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memcpy(od->iv, iv, 8);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
else
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
memset(od->iv, 0, 8);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
Hashing functions from Marko Kreen <marko@l-t.ee>
2000-10-31 14:11:28 +01:00
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgindent run.
2003-08-04 02:43:34 +02:00
uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run.
2003-08-04 02:43:34 +02:00
unsigned i;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
for (i = 0; i < dlen / bs; i++)
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_ecb_encrypt((DES_cblock *) (data + i * bs),
(DES_cblock *) (res + i * bs),
&od->u.des.key_schedule, 1);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgindent run.
2003-08-04 02:43:34 +02:00
uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run.
2003-08-04 02:43:34 +02:00
unsigned i;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
for (i = 0; i < dlen / bs; i++)
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_ecb_encrypt((DES_cblock *) (data + i * bs),
(DES_cblock *) (res + i * bs),
&od->u.des.key_schedule, 0);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgindent run.
2003-08-04 02:43:34 +02:00
uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
(DES_cblock *) od->iv, 1);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgindent run.
2003-08-04 02:43:34 +02:00
uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
(DES_cblock *) od->iv, 0);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
/* DES3 */
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{
ossldata *od = c->ptr;
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
DES_cblock xkey1,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
xkey2,
xkey3;
memset(&xkey1, 0, sizeof(xkey1));
memset(&xkey2, 0, sizeof(xkey2));
Fix initialization bug in pgcrypto openssl code. Marko Kreen
2005-07-05 20:15:36 +02:00
memset(&xkey3, 0, sizeof(xkey3));
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
memcpy(&xkey1, key, klen > 8 ? 8 : klen);
if (klen > 8)
memcpy(&xkey2, key + 8, (klen - 8) > 8 ? 8 : (klen - 8));
if (klen > 16)
memcpy(&xkey3, key + 16, (klen - 16) > 8 ? 8 : (klen - 16));
DES_set_key(&xkey1, &od->u.des3.k1);
DES_set_key(&xkey2, &od->u.des3.k2);
DES_set_key(&xkey3, &od->u.des3.k3);
memset(&xkey1, 0, sizeof(xkey1));
memset(&xkey2, 0, sizeof(xkey2));
memset(&xkey3, 0, sizeof(xkey3));
if (iv)
memcpy(od->iv, iv, 8);
else
memset(od->iv, 0, 8);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des3_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
unsigned bs = gen_ossl_block_size(c);
unsigned i;
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 1);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des3_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
unsigned bs = gen_ossl_block_size(c);
unsigned i;
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 0);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des3_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
ossldata *od = c->ptr;
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
(DES_cblock *) od->iv, 1);
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_des3_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
ossldata *od = c->ptr;
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
As Kris Jurka found out, pgcrypto does not work with OpenSSL 0.9.6x. The DES functions use the older 'des_' API, but the newer 3DES functions use the 0.9.7x-only 'DES_' API. I think I just used /usr/include/openssl/des.h for reference when implementing them, and had upgraded OpenSSL in the meantime. Following patch converts DES also to newer API and provides compatibility functions for OpenSSL < 0.9.7. I chose this route because: - openssl.c uses few DES functions. - compatibility for old 'des_' API is going away at some point of time from OpenSSL. - as seen from macros, new API is saner - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0 Tested with OpenSSL 0.9.6c and 0.9.7e. Marko Kreen
2005-07-10 15:54:34 +02:00
(DES_cblock *) od->iv, 0);
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
return 0;
}
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
/* CAST5 */
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
CAST_set_key(&od->u.cast_key, klen, key);
if (iv)
memcpy(od->iv, iv, bs);
else
memset(od->iv, 0, bs);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_cast_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
pgindent run.
2003-08-04 02:43:34 +02:00
const uint8 *end = data + dlen - bs;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
for (; data <= end; data += bs, res += bs)
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_ENCRYPT);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_cast_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
unsigned bs = gen_ossl_block_size(c);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
pgindent run.
2003-08-04 02:43:34 +02:00
const uint8 *end = data + dlen - bs;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
for (; data <= end; data += bs, res += bs)
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_DECRYPT);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_cast_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od = c->ptr;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_ENCRYPT);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_cast_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{
ossldata *od = c->ptr;
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_DECRYPT);
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
return 0;
}
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
/* AES */
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{
ossldata *od = c->ptr;
unsigned bs = gen_ossl_block_size(c);
Standard pgindent run for 8.1.
2005-10-15 04:49:52 +02:00
if (klen <= 128 / 8)
od->klen = 128 / 8;
else if (klen <= 192 / 8)
od->klen = 192 / 8;
else if (klen <= 256 / 8)
od->klen = 256 / 8;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
else
return PXE_KEY_TOO_BIG;
memcpy(od->key, key, klen);
if (iv)
memcpy(od->iv, iv, bs);
else
memset(od->iv, 0, bs);
return 0;
}
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_key_init(ossldata *od, int type)
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
int err;
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
/*
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
* Strong key support could be missing on some openssl installations. We
* must check return value from set key function.
*/
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
if (type == AES_ENCRYPT)
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
err = AES_set_encrypt_key(od->key, od->klen * 8, &od->u.aes_key);
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
else
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
err = AES_set_decrypt_key(od->key, od->klen * 8, &od->u.aes_key);
if (err == 0)
{
od->init = 1;
return 0;
}
od->init = 0;
return PXE_KEY_TOO_BIG;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
unsigned bs = gen_ossl_block_size(c);
ossldata *od = c->ptr;
const uint8 *end = data + dlen - bs;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
int err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
if (!od->init)
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
return err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
for (; data <= end; data += bs, res += bs)
AES_ecb_encrypt(data, res, &od->u.aes_key, AES_ENCRYPT);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
unsigned bs = gen_ossl_block_size(c);
ossldata *od = c->ptr;
const uint8 *end = data + dlen - bs;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
int err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
if (!od->init)
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
return err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
for (; data <= end; data += bs, res += bs)
AES_ecb_encrypt(data, res, &od->u.aes_key, AES_DECRYPT);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
ossldata *od = c->ptr;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
int err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
if (!od->init)
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
return err;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_ENCRYPT);
return 0;
}
static int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
ossl_aes_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
uint8 *res)
{
ossldata *od = c->ptr;
pgindent run for 8.3.
2007-11-15 22:14:46 +01:00
int err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
if (!od->init)
Defend against openssl libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions. Marko Kreen
2007-09-29 04:18:15 +02:00
if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
return err;
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
return 0;
}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
/*
* aliases
*/
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
static PX_Alias ossl_aliases[] = {
{"bf", "bf-cbc"},
{"blowfish", "bf-cbc"},
{"blowfish-cbc", "bf-cbc"},
{"blowfish-ecb", "bf-ecb"},
{"blowfish-cfb", "bf-cfb"},
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{"des", "des-cbc"},
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{"3des", "des3-cbc"},
{"3des-ecb", "des3-ecb"},
{"3des-cbc", "des3-cbc"},
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
{"cast5", "cast5-cbc"},
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{"aes", "aes-cbc"},
{"rijndael", "aes-cbc"},
{"rijndael-cbc", "aes-cbc"},
{"rijndael-ecb", "aes-ecb"},
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
{NULL}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
};
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
static const struct ossl_cipher ossl_bf_cbc = {
bf_init, bf_cbc_encrypt, bf_cbc_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 448 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
static const struct ossl_cipher ossl_bf_ecb = {
bf_init, bf_ecb_encrypt, bf_ecb_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 448 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
static const struct ossl_cipher ossl_bf_cfb = {
bf_init, bf_cfb64_encrypt, bf_cfb64_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 448 / 8, 1
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
static const struct ossl_cipher ossl_des_ecb = {
ossl_des_init, ossl_des_ecb_encrypt, ossl_des_ecb_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 64 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
static const struct ossl_cipher ossl_des_cbc = {
ossl_des_init, ossl_des_cbc_encrypt, ossl_des_cbc_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 64 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
static const struct ossl_cipher ossl_des3_ecb = {
ossl_des3_init, ossl_des3_ecb_encrypt, ossl_des3_ecb_decrypt,
64 / 8, 192 / 8, 0
};
static const struct ossl_cipher ossl_des3_cbc = {
ossl_des3_init, ossl_des3_cbc_encrypt, ossl_des3_cbc_decrypt,
64 / 8, 192 / 8, 0
};
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
static const struct ossl_cipher ossl_cast_ecb = {
ossl_cast_init, ossl_cast_ecb_encrypt, ossl_cast_ecb_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 128 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
static const struct ossl_cipher ossl_cast_cbc = {
ossl_cast_init, ossl_cast_cbc_encrypt, ossl_cast_cbc_decrypt,
pgindent run.
2003-08-04 02:43:34 +02:00
64 / 8, 128 / 8, 0
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
};
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
static const struct ossl_cipher ossl_aes_ecb = {
ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
128 / 8, 256 / 8, 0
};
static const struct ossl_cipher ossl_aes_cbc = {
ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
128 / 8, 256 / 8, 0
};
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
/*
* Special handlers
*/
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
struct ossl_cipher_lookup
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
{
pgindent run.
2003-08-04 02:43:34 +02:00
const char *name;
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
const struct ossl_cipher *ciph;
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
};
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
static const struct ossl_cipher_lookup ossl_cipher_types[] = {
{"bf-cbc", &ossl_bf_cbc},
{"bf-ecb", &ossl_bf_ecb},
{"bf-cfb", &ossl_bf_cfb},
{"des-ecb", &ossl_des_ecb},
{"des-cbc", &ossl_des_cbc},
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{"des3-ecb", &ossl_des3_ecb},
{"des3-cbc", &ossl_des3_cbc},
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
{"cast5-ecb", &ossl_cast_ecb},
{"cast5-cbc", &ossl_cast_cbc},
pgcrypto update: * openssl.c: Add 3des and AES support * README.pgcrypto: list only supported ciphers for openssl OpenSSL has pre-processor symbol OPENSSL_NO_AES, which isn't that helpful for detecting if it _does_ exist. Thus the hack with AES_ENCRYPT. Marko Kreen
2005-03-21 06:21:04 +01:00
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
{NULL}
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
};
/* PUBLIC functions */
int
8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.
2009-06-11 16:49:15 +02:00
px_find_cipher(const char *name, PX_Cipher **res)
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
{
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
const struct ossl_cipher_lookup *i;
PX_Cipher *c = NULL;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
ossldata *od;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
name = px_resolve_alias(ossl_aliases, name);
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
for (i = ossl_cipher_types; i->name; i++)
Standardize treatment of strcmp() return value Always compare the return value to 0, don't use cute tricks like if (!strcmp(...)).
2011-12-27 20:19:09 +01:00
if (strcmp(i->name, name) == 0)
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
break;
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
if (i->name == NULL)
pgcrypto update: * Use error codes instead of -1 * px_strerror for new error codes * calling convention change for px_gen_salt - return error code * use px_strerror in pgcrypto.c Marko Kreen
2005-03-21 06:19:55 +01:00
return PXE_NO_CIPHER;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
od = px_alloc(sizeof(*od));
memset(od, 0, sizeof(*od));
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
od->ciph = i->ciph;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
c = px_alloc(sizeof(*c));
OpenSSL 0.9.6g in Debian/unstable stopped working with pgcrypto. This is pgcrypto bug as it assumed too much about inner workings of OpenSSL. Following patch stops pgcrypto using EVP* functions for ciphers and lets it manage ciphers itself. This patch supports Blowfish, DES and CAST5 algorithms. Marko Kreen
2002-11-15 03:54:44 +01:00
c->block_size = gen_ossl_block_size;
c->key_size = gen_ossl_key_size;
c->iv_size = gen_ossl_iv_size;
c->free = gen_ossl_free;
* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen
2005-03-21 06:18:46 +01:00
c->init = od->ciph->init;
c->encrypt = od->ciph->encrypt;
c->decrypt = od->ciph->decrypt;
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
c->ptr = od;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
/contrib/pgcrypto: * remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
2001-08-21 02:42:41 +02:00
*res = c;
return 0;
}
- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen
2005-07-10 05:55:28 +02:00
static int openssl_random_init = 0;
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define RAND_OpenSSL RAND_SSLeay
#endif
- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen
2005-07-10 05:55:28 +02:00
/*
* OpenSSL random should re-feeded occasionally. From /dev/urandom
* preferably.
*/
Standard pgindent run for 8.1.
2005-10-15 04:49:52 +02:00
static void
init_openssl_rand(void)
- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen
2005-07-10 05:55:28 +02:00
{
if (RAND_get_rand_method() == NULL)
Support OpenSSL 1.1.0. Changes needed to build at all: - Check for SSL_new in configure, now that SSL_library_init is a macro. - Do not access struct members directly. This includes some new code in pgcrypto, to use the resource owner mechanism to ensure that we don't leak OpenSSL handles, now that we can't embed them in other structs anymore. - RAND_SSLeay() -> RAND_OpenSSL() Changes that were needed to silence deprecation warnings, but were not strictly necessary: - RAND_pseudo_bytes() -> RAND_bytes(). - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl() - ASN1_STRING_data() -> ASN1_STRING_get0_data() - DH_generate_parameters() -> DH_generate_parameters() - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good riddance!) Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER, for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time immemorial. Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have the "CA:true" basic constraint extension now, or OpenSSL will refuse them. Regenerate the test certificates with that. The "openssl" binary, used to generate the certificates, is also now more picky, and throws an error if an X509 extension is specified in "req_extensions", but that section is empty. Backpatch to all supported branches, per popular demand. In back-branches, we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work too, but I didn't test it. In master, we only support 0.9.8 and above. Patch by Andreas Karlsson, with additional changes by me. Discussion: <20160627151604.GD1051@msg.df7cb.de>
2016-09-15 11:36:21 +02:00
RAND_set_rand_method(RAND_OpenSSL());
- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen
2005-07-10 05:55:28 +02:00
openssl_random_init = 1;
}
int
px_get_random_bytes(uint8 *dst, unsigned count)
{
int res;
if (!openssl_random_init)
init_openssl_rand();
res = RAND_bytes(dst, count);
if (res == 1)
return count;
return PXE_OSSL_RAND_ERROR;
}
int
px_add_entropy(const uint8 *data, unsigned count)
{
/*
* estimate 0 bits
*/
RAND_add(data, count, 0);
return 0;
}