3
* Wrapper for OpenSSL library.
5
* Copyright (c) 2001 Marko Kreen
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions
11
* 1. Redistributions of source code must retain the above copyright
12
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29
* $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.13.4.1 2005-03-12 06:54:31 neilc Exp $
36
#include <openssl/evp.h>
42
digest_result_size(PX_MD * h)
44
return EVP_MD_CTX_size((EVP_MD_CTX *) h->p.ptr);
48
digest_block_size(PX_MD * h)
50
return EVP_MD_CTX_block_size((EVP_MD_CTX *) h->p.ptr);
54
digest_reset(PX_MD * h)
56
EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
59
md = EVP_MD_CTX_md(ctx);
61
EVP_DigestInit(ctx, md);
65
digest_update(PX_MD * h, const uint8 *data, unsigned dlen)
67
EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
69
EVP_DigestUpdate(ctx, data, dlen);
73
digest_finish(PX_MD * h, uint8 *dst)
75
EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
76
const EVP_MD *md = EVP_MD_CTX_md(ctx);
78
EVP_DigestFinal(ctx, dst, NULL);
81
* Some builds of 0.9.7x clear all of ctx in EVP_DigestFinal.
82
* Fix it by reinitializing ctx.
84
EVP_DigestInit(ctx, md);
88
digest_free(PX_MD * h)
90
EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
96
static int px_openssl_initialized = 0;
98
/* PUBLIC functions */
101
px_find_digest(const char *name, PX_MD ** res)
107
if (!px_openssl_initialized)
109
px_openssl_initialized = 1;
110
OpenSSL_add_all_algorithms();
113
md = EVP_get_digestbyname(name);
117
ctx = px_alloc(sizeof(*ctx));
118
EVP_DigestInit(ctx, md);
120
h = px_alloc(sizeof(*h));
121
h->result_size = digest_result_size;
122
h->block_size = digest_block_size;
123
h->reset = digest_reset;
124
h->update = digest_update;
125
h->finish = digest_finish;
126
h->free = digest_free;
127
h->p.ptr = (void *) ctx;
136
* The problem with OpenSSL is that the EVP* family
137
* of functions does not allow enough flexibility
138
* and forces some of the parameters (keylen,
139
* padding) to SSL defaults.
141
* So need to manage ciphers ourselves.
146
int (*init) (PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv);
147
int (*encrypt) (PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res);
148
int (*decrypt) (PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res);
166
des_key_schedule key_schedule;
170
uint8 key[EVP_MAX_KEY_LENGTH];
171
uint8 iv[EVP_MAX_IV_LENGTH];
174
const struct ossl_cipher *ciph;
180
gen_ossl_block_size(PX_Cipher * c)
182
ossldata *od = (ossldata *) c->ptr;
184
return od->ciph->block_size;
188
gen_ossl_key_size(PX_Cipher * c)
190
ossldata *od = (ossldata *) c->ptr;
192
return od->ciph->max_key_size;
196
gen_ossl_iv_size(PX_Cipher * c)
199
ossldata *od = (ossldata *) c->ptr;
201
ivlen = od->ciph->block_size;
206
gen_ossl_free(PX_Cipher * c)
208
ossldata *od = (ossldata *) c->ptr;
210
memset(od, 0, sizeof(*od));
218
bf_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
220
ossldata *od = c->ptr;
222
BF_set_key(&od->u.bf.key, klen, key);
224
memcpy(od->iv, iv, BF_BLOCK);
226
memset(od->iv, 0, BF_BLOCK);
232
bf_ecb_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
234
unsigned bs = gen_ossl_block_size(c);
236
ossldata *od = c->ptr;
238
for (i = 0; i < dlen / bs; i++)
239
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_ENCRYPT);
244
bf_ecb_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
246
unsigned bs = gen_ossl_block_size(c),
248
ossldata *od = c->ptr;
250
for (i = 0; i < dlen / bs; i++)
251
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_DECRYPT);
256
bf_cbc_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
258
ossldata *od = c->ptr;
260
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_ENCRYPT);
265
bf_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
267
ossldata *od = c->ptr;
269
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_DECRYPT);
274
bf_cfb64_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
276
ossldata *od = c->ptr;
278
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
279
&od->u.bf.num, BF_ENCRYPT);
284
bf_cfb64_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
286
ossldata *od = c->ptr;
288
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
289
&od->u.bf.num, BF_DECRYPT);
296
ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
298
ossldata *od = c->ptr;
301
memset(&xkey, 0, sizeof(xkey));
302
memcpy(&xkey, key, klen > 8 ? 8 : klen);
303
des_set_key(&xkey, od->u.des.key_schedule);
304
memset(&xkey, 0, sizeof(xkey));
307
memcpy(od->iv, iv, 8);
309
memset(od->iv, 0, 8);
314
ossl_des_ecb_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
317
unsigned bs = gen_ossl_block_size(c);
319
ossldata *od = c->ptr;
321
for (i = 0; i < dlen / bs; i++)
322
des_ecb_encrypt((des_cblock *) (data + i * bs),
323
(des_cblock *) (res + i * bs),
324
od->u.des.key_schedule, 1);
329
ossl_des_ecb_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
332
unsigned bs = gen_ossl_block_size(c);
334
ossldata *od = c->ptr;
336
for (i = 0; i < dlen / bs; i++)
337
des_ecb_encrypt((des_cblock *) (data + i * bs),
338
(des_cblock *) (res + i * bs),
339
od->u.des.key_schedule, 0);
344
ossl_des_cbc_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
347
ossldata *od = c->ptr;
349
des_ncbc_encrypt(data, res, dlen, od->u.des.key_schedule,
350
(des_cblock *) od->iv, 1);
355
ossl_des_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
358
ossldata *od = c->ptr;
360
des_ncbc_encrypt(data, res, dlen, od->u.des.key_schedule,
361
(des_cblock *) od->iv, 0);
368
ossl_cast_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
370
ossldata *od = c->ptr;
371
unsigned bs = gen_ossl_block_size(c);
373
CAST_set_key(&od->u.cast_key, klen, key);
375
memcpy(od->iv, iv, bs);
377
memset(od->iv, 0, bs);
382
ossl_cast_ecb_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
384
unsigned bs = gen_ossl_block_size(c);
385
ossldata *od = c->ptr;
386
const uint8 *end = data + dlen - bs;
388
for (; data <= end; data += bs, res += bs)
389
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_ENCRYPT);
394
ossl_cast_ecb_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
396
unsigned bs = gen_ossl_block_size(c);
397
ossldata *od = c->ptr;
398
const uint8 *end = data + dlen - bs;
400
for (; data <= end; data += bs, res += bs)
401
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_DECRYPT);
406
ossl_cast_cbc_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
408
ossldata *od = c->ptr;
410
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_ENCRYPT);
415
ossl_cast_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
417
ossldata *od = c->ptr;
419
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_DECRYPT);
427
static PX_Alias ossl_aliases[] = {
429
{"blowfish", "bf-cbc"},
430
{"blowfish-cbc", "bf-cbc"},
431
{"blowfish-ecb", "bf-ecb"},
432
{"blowfish-cfb", "bf-cfb"},
434
{"cast5", "cast5-cbc"},
438
static const struct ossl_cipher ossl_bf_cbc = {
439
bf_init, bf_cbc_encrypt, bf_cbc_decrypt,
443
static const struct ossl_cipher ossl_bf_ecb = {
444
bf_init, bf_ecb_encrypt, bf_ecb_decrypt,
448
static const struct ossl_cipher ossl_bf_cfb = {
449
bf_init, bf_cfb64_encrypt, bf_cfb64_decrypt,
453
static const struct ossl_cipher ossl_des_ecb = {
454
ossl_des_init, ossl_des_ecb_encrypt, ossl_des_ecb_decrypt,
458
static const struct ossl_cipher ossl_des_cbc = {
459
ossl_des_init, ossl_des_cbc_encrypt, ossl_des_cbc_decrypt,
463
static const struct ossl_cipher ossl_cast_ecb = {
464
ossl_cast_init, ossl_cast_ecb_encrypt, ossl_cast_ecb_decrypt,
468
static const struct ossl_cipher ossl_cast_cbc = {
469
ossl_cast_init, ossl_cast_cbc_encrypt, ossl_cast_cbc_decrypt,
479
const struct ossl_cipher *ciph;
480
} ossl_cipher_types[] =
484
"bf-cbc", &ossl_bf_cbc
487
"bf-ecb", &ossl_bf_ecb
490
"bf-cfb", &ossl_bf_cfb
493
"des-ecb", &ossl_des_ecb
496
"des-cbc", &ossl_des_cbc
499
"cast5-ecb", &ossl_cast_ecb
502
"cast5-cbc", &ossl_cast_cbc
509
/* PUBLIC functions */
512
px_find_cipher(const char *name, PX_Cipher ** res)
518
const struct ossl_cipher *ossl_ciph = NULL;
520
name = px_resolve_alias(ossl_aliases, name);
521
for (i = 0; ossl_cipher_types[i].name; i++)
523
if (!strcmp(ossl_cipher_types[i].name, name))
525
ossl_ciph = ossl_cipher_types[i].ciph;
529
if (ossl_ciph == NULL)
532
od = px_alloc(sizeof(*od));
533
memset(od, 0, sizeof(*od));
534
od->ciph = ossl_ciph;
538
c = px_alloc(sizeof(*c));
539
c->block_size = gen_ossl_block_size;
540
c->key_size = gen_ossl_key_size;
541
c->iv_size = gen_ossl_iv_size;
542
c->free = gen_ossl_free;
543
c->init = ossl_ciph->init;
544
c->encrypt = ossl_ciph->encrypt;
545
c->decrypt = ossl_ciph->decrypt;