/* * openssl.c * Wrapper for OpenSSL library. * * Copyright (c) 2001 Marko Kreen * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * contrib/pgcrypto/openssl.c */ #include "postgres.h" #include #include #include #include "px.h" #include "utils/memutils.h" #include "utils/resowner.h" /* * Max lengths we might want to handle. */ #define MAX_KEY (512/8) #define MAX_IV (128/8) /* * Hashes */ /* * To make sure we don't leak OpenSSL handles on abort, we keep OSSLDigest * objects in a linked list, allocated in TopMemoryContext. We use the * ResourceOwner mechanism to free them on abort. */ typedef struct OSSLDigest { const EVP_MD *algo; EVP_MD_CTX *ctx; ResourceOwner owner; struct OSSLDigest *next; struct OSSLDigest *prev; } OSSLDigest; static OSSLDigest *open_digests = NULL; static bool digest_resowner_callback_registered = false; static void free_openssl_digest(OSSLDigest *digest) { EVP_MD_CTX_destroy(digest->ctx); if (digest->prev) digest->prev->next = digest->next; else open_digests = digest->next; if (digest->next) digest->next->prev = digest->prev; pfree(digest); } /* * Close any open OpenSSL handles on abort. */ static void digest_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg) { OSSLDigest *curr; OSSLDigest *next; if (phase != RESOURCE_RELEASE_AFTER_LOCKS) return; next = open_digests; while (next) { curr = next; next = curr->next; if (curr->owner == CurrentResourceOwner) { if (isCommit) elog(WARNING, "pgcrypto digest reference leak: digest %p still referenced", curr); free_openssl_digest(curr); } } } static unsigned digest_result_size(PX_MD *h) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; return EVP_MD_CTX_size(digest->ctx); } static unsigned digest_block_size(PX_MD *h) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; return EVP_MD_CTX_block_size(digest->ctx); } static void digest_reset(PX_MD *h) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; EVP_DigestInit_ex(digest->ctx, digest->algo, NULL); } static void digest_update(PX_MD *h, const uint8 *data, unsigned dlen) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; EVP_DigestUpdate(digest->ctx, data, dlen); } static void digest_finish(PX_MD *h, uint8 *dst) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; EVP_DigestFinal_ex(digest->ctx, dst, NULL); } static void digest_free(PX_MD *h) { OSSLDigest *digest = (OSSLDigest *) h->p.ptr; free_openssl_digest(digest); px_free(h); } static int px_openssl_initialized = 0; /* PUBLIC functions */ int px_find_digest(const char *name, PX_MD **res) { const EVP_MD *md; EVP_MD_CTX *ctx; PX_MD *h; OSSLDigest *digest; if (!px_openssl_initialized) { px_openssl_initialized = 1; OpenSSL_add_all_algorithms(); } if (!digest_resowner_callback_registered) { RegisterResourceReleaseCallback(digest_free_callback, NULL); digest_resowner_callback_registered = true; } md = EVP_get_digestbyname(name); if (md == NULL) return PXE_NO_HASH; /* * Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object. * The order is crucial, to make sure we don't leak anything on * out-of-memory or other error. */ digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest)); ctx = EVP_MD_CTX_create(); if (!ctx) { pfree(digest); return -1; } if (EVP_DigestInit_ex(ctx, md, NULL) == 0) { pfree(digest); return -1; } digest->algo = md; digest->ctx = ctx; digest->owner = CurrentResourceOwner; digest->next = open_digests; digest->prev = NULL; open_digests = digest; /* The PX_MD object is allocated in the current memory context. */ h = px_alloc(sizeof(*h)); h->result_size = digest_result_size; h->block_size = digest_block_size; h->reset = digest_reset; h->update = digest_update; h->finish = digest_finish; h->free = digest_free; h->p.ptr = (void *) digest; *res = h; return 0; } /* * Ciphers * * We use OpenSSL's EVP* family of functions for these. */ /* * prototype for the EVP functions that return an algorithm, e.g. * EVP_aes_128_cbc(). */ typedef const EVP_CIPHER *(*ossl_EVP_cipher_func) (void); /* * ossl_cipher contains the static information about each cipher. */ struct ossl_cipher { int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv); ossl_EVP_cipher_func cipher_func; int block_size; int max_key_size; }; /* * OSSLCipher contains the state for using a cipher. A separate OSSLCipher * object is allocated in each px_find_cipher() call. * * To make sure we don't leak OpenSSL handles on abort, we keep OSSLCipher * objects in a linked list, allocated in TopMemoryContext. We use the * ResourceOwner mechanism to free them on abort. */ typedef struct OSSLCipher { EVP_CIPHER_CTX *evp_ctx; const EVP_CIPHER *evp_ciph; uint8 key[MAX_KEY]; uint8 iv[MAX_IV]; unsigned klen; unsigned init; const struct ossl_cipher *ciph; ResourceOwner owner; struct OSSLCipher *next; struct OSSLCipher *prev; } OSSLCipher; static OSSLCipher *open_ciphers = NULL; static bool cipher_resowner_callback_registered = false; static void free_openssl_cipher(OSSLCipher *od) { EVP_CIPHER_CTX_free(od->evp_ctx); if (od->prev) od->prev->next = od->next; else open_ciphers = od->next; if (od->next) od->next->prev = od->prev; pfree(od); } /* * Close any open OpenSSL cipher handles on abort. */ static void cipher_free_callback(ResourceReleasePhase phase, bool isCommit, bool isTopLevel, void *arg) { OSSLCipher *curr; OSSLCipher *next; if (phase != RESOURCE_RELEASE_AFTER_LOCKS) return; next = open_ciphers; while (next) { curr = next; next = curr->next; if (curr->owner == CurrentResourceOwner) { if (isCommit) elog(WARNING, "pgcrypto cipher reference leak: cipher %p still referenced", curr); free_openssl_cipher(curr); } } } /* Common routines for all algorithms */ static unsigned gen_ossl_block_size(PX_Cipher *c) { OSSLCipher *od = (OSSLCipher *) c->ptr; return od->ciph->block_size; } static unsigned gen_ossl_key_size(PX_Cipher *c) { OSSLCipher *od = (OSSLCipher *) c->ptr; return od->ciph->max_key_size; } static unsigned gen_ossl_iv_size(PX_Cipher *c) { unsigned ivlen; OSSLCipher *od = (OSSLCipher *) c->ptr; ivlen = od->ciph->block_size; return ivlen; } static void gen_ossl_free(PX_Cipher *c) { OSSLCipher *od = (OSSLCipher *) c->ptr; free_openssl_cipher(od); px_free(c); } static int gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res) { OSSLCipher *od = c->ptr; int outlen; if (!od->init) { if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) return PXE_CIPHER_INIT; if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) return PXE_CIPHER_INIT; if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) return PXE_CIPHER_INIT; od->init = true; } if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen)) return PXE_DECRYPT_FAILED; return 0; } static int gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res) { OSSLCipher *od = c->ptr; int outlen; if (!od->init) { if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) return PXE_CIPHER_INIT; if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) return PXE_CIPHER_INIT; if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) return PXE_CIPHER_INIT; od->init = true; } if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen)) return PXE_ERR_GENERIC; return 0; } /* Blowfish */ /* * Check if strong crypto is supported. Some OpenSSL installations * support only short keys and unfortunately BF_set_key does not return any * error value. This function tests if is possible to use strong key. */ static int bf_check_supported_key_len(void) { static const uint8 key[56] = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd, 0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76, 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}; static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53}; uint8 out[8]; EVP_CIPHER_CTX *evp_ctx; int outlen; int status = 0; /* encrypt with 448bits key and verify output */ evp_ctx = EVP_CIPHER_CTX_new(); if (!evp_ctx) return 0; if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL)) goto leave; if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56)) goto leave; if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL)) goto leave; if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8)) goto leave; if (memcmp(out, res, 8) != 0) goto leave; /* Output does not match -> strong cipher is * not supported */ status = 1; leave: EVP_CIPHER_CTX_free(evp_ctx); return status; } static int bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; unsigned bs = gen_ossl_block_size(c); static int bf_is_strong = -1; /* * Test if key len is supported. BF_set_key silently cut large keys and it * could be a problem when user transfer crypted data from one server to * another. */ if (bf_is_strong == -1) bf_is_strong = bf_check_supported_key_len(); if (!bf_is_strong && klen > 16) return PXE_KEY_TOO_BIG; /* Key len is supported. We can use it. */ od->klen = klen; memcpy(od->key, key, klen); if (iv) memcpy(od->iv, iv, bs); else memset(od->iv, 0, bs); return 0; } /* DES */ static int ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; unsigned bs = gen_ossl_block_size(c); od->klen = 8; memset(od->key, 0, 8); memcpy(od->key, key, klen > 8 ? 8 : klen); if (iv) memcpy(od->iv, iv, bs); else memset(od->iv, 0, bs); return 0; } /* DES3 */ static int ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; unsigned bs = gen_ossl_block_size(c); od->klen = 24; memset(od->key, 0, 24); memcpy(od->key, key, klen > 24 ? 24 : klen); if (iv) memcpy(od->iv, iv, bs); else memset(od->iv, 0, bs); return 0; } /* CAST5 */ static int ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; unsigned bs = gen_ossl_block_size(c); od->klen = klen; memcpy(od->key, key, klen); if (iv) memcpy(od->iv, iv, bs); else memset(od->iv, 0, bs); return 0; } /* AES */ static int ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; unsigned bs = gen_ossl_block_size(c); if (klen <= 128 / 8) od->klen = 128 / 8; else if (klen <= 192 / 8) od->klen = 192 / 8; else if (klen <= 256 / 8) od->klen = 256 / 8; else return PXE_KEY_TOO_BIG; memcpy(od->key, key, klen); if (iv) memcpy(od->iv, iv, bs); else memset(od->iv, 0, bs); return 0; } static int ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; int err; err = ossl_aes_init(c, key, klen, iv); if (err) return err; switch (od->klen) { case 128 / 8: od->evp_ciph = EVP_aes_128_ecb(); break; case 192 / 8: od->evp_ciph = EVP_aes_192_ecb(); break; case 256 / 8: od->evp_ciph = EVP_aes_256_ecb(); break; default: /* shouldn't happen */ err = PXE_CIPHER_INIT; break; } return err; } static int ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) { OSSLCipher *od = c->ptr; int err; err = ossl_aes_init(c, key, klen, iv); if (err) return err; switch (od->klen) { case 128 / 8: od->evp_ciph = EVP_aes_128_cbc(); break; case 192 / 8: od->evp_ciph = EVP_aes_192_cbc(); break; case 256 / 8: od->evp_ciph = EVP_aes_256_cbc(); break; default: /* shouldn't happen */ err = PXE_CIPHER_INIT; break; } return err; } /* * aliases */ static PX_Alias ossl_aliases[] = { {"bf", "bf-cbc"}, {"blowfish", "bf-cbc"}, {"blowfish-cbc", "bf-cbc"}, {"blowfish-ecb", "bf-ecb"}, {"blowfish-cfb", "bf-cfb"}, {"des", "des-cbc"}, {"3des", "des3-cbc"}, {"3des-ecb", "des3-ecb"}, {"3des-cbc", "des3-cbc"}, {"cast5", "cast5-cbc"}, {"aes", "aes-cbc"}, {"rijndael", "aes-cbc"}, {"rijndael-cbc", "aes-cbc"}, {"rijndael-ecb", "aes-ecb"}, {NULL} }; static const struct ossl_cipher ossl_bf_cbc = { bf_init, EVP_bf_cbc, 64 / 8, 448 / 8 }; static const struct ossl_cipher ossl_bf_ecb = { bf_init, EVP_bf_ecb, 64 / 8, 448 / 8 }; static const struct ossl_cipher ossl_bf_cfb = { bf_init, EVP_bf_cfb, 64 / 8, 448 / 8 }; static const struct ossl_cipher ossl_des_ecb = { ossl_des_init, EVP_des_ecb, 64 / 8, 64 / 8 }; static const struct ossl_cipher ossl_des_cbc = { ossl_des_init, EVP_des_cbc, 64 / 8, 64 / 8 }; static const struct ossl_cipher ossl_des3_ecb = { ossl_des3_init, EVP_des_ede3_ecb, 64 / 8, 192 / 8 }; static const struct ossl_cipher ossl_des3_cbc = { ossl_des3_init, EVP_des_ede3_cbc, 64 / 8, 192 / 8 }; static const struct ossl_cipher ossl_cast_ecb = { ossl_cast_init, EVP_cast5_ecb, 64 / 8, 128 / 8 }; static const struct ossl_cipher ossl_cast_cbc = { ossl_cast_init, EVP_cast5_cbc, 64 / 8, 128 / 8 }; static const struct ossl_cipher ossl_aes_ecb = { ossl_aes_ecb_init, NULL, /* EVP_aes_XXX_ecb(), determined in init * function */ 128 / 8, 256 / 8 }; static const struct ossl_cipher ossl_aes_cbc = { ossl_aes_cbc_init, NULL, /* EVP_aes_XXX_cbc(), determined in init * function */ 128 / 8, 256 / 8 }; /* * Special handlers */ struct ossl_cipher_lookup { const char *name; const struct ossl_cipher *ciph; }; static const struct ossl_cipher_lookup ossl_cipher_types[] = { {"bf-cbc", &ossl_bf_cbc}, {"bf-ecb", &ossl_bf_ecb}, {"bf-cfb", &ossl_bf_cfb}, {"des-ecb", &ossl_des_ecb}, {"des-cbc", &ossl_des_cbc}, {"des3-ecb", &ossl_des3_ecb}, {"des3-cbc", &ossl_des3_cbc}, {"cast5-ecb", &ossl_cast_ecb}, {"cast5-cbc", &ossl_cast_cbc}, {"aes-ecb", &ossl_aes_ecb}, {"aes-cbc", &ossl_aes_cbc}, {NULL} }; /* PUBLIC functions */ int px_find_cipher(const char *name, PX_Cipher **res) { const struct ossl_cipher_lookup *i; PX_Cipher *c = NULL; EVP_CIPHER_CTX *ctx; OSSLCipher *od; name = px_resolve_alias(ossl_aliases, name); for (i = ossl_cipher_types; i->name; i++) if (strcmp(i->name, name) == 0) break; if (i->name == NULL) return PXE_NO_CIPHER; if (!cipher_resowner_callback_registered) { RegisterResourceReleaseCallback(cipher_free_callback, NULL); cipher_resowner_callback_registered = true; } /* * Create an OSSLCipher object, an EVP_CIPHER_CTX object and a PX_Cipher. * The order is crucial, to make sure we don't leak anything on * out-of-memory or other error. */ od = MemoryContextAllocZero(TopMemoryContext, sizeof(*od)); od->ciph = i->ciph; /* Allocate an EVP_CIPHER_CTX object. */ ctx = EVP_CIPHER_CTX_new(); if (!ctx) { pfree(od); return PXE_CIPHER_INIT; } od->evp_ctx = ctx; od->owner = CurrentResourceOwner; od->next = open_ciphers; od->prev = NULL; open_ciphers = od; if (i->ciph->cipher_func) od->evp_ciph = i->ciph->cipher_func(); /* The PX_Cipher is allocated in current memory context */ c = px_alloc(sizeof(*c)); c->block_size = gen_ossl_block_size; c->key_size = gen_ossl_key_size; c->iv_size = gen_ossl_iv_size; c->free = gen_ossl_free; c->init = od->ciph->init; c->encrypt = gen_ossl_encrypt; c->decrypt = gen_ossl_decrypt; c->ptr = od; *res = c; return 0; }