Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite21cbb4

Browse files
committed
Change SHA2 implementation based on OpenSSL to use EVP digest routines
The use of low-level hash routines is not recommended by upstreamOpenSSL since 2000, and pgcrypto already switched to EVP as of5ff4a67.Note that this also fixes a failure with SCRAM authentication when usingFIPS in OpenSSL, but as there have been few complaints about thisproblem and as this causes an ABI breakage, no backpatch is done.Author: Michael Paquier, Alessandro GherardiReviewed-by: Daniel GustafssonDiscussion:https://postgr.es/m/20200924025314.GE7405@paquier.xyzDiscussion:https://postgr.es/m/20180911030250.GA27115@paquier.xyz
1 parent9d299a4 commite21cbb4

File tree

2 files changed

+54
-19
lines changed

2 files changed

+54
-19
lines changed

‎src/common/sha2_openssl.c

Lines changed: 49 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -20,83 +20,118 @@
2020
#include"postgres_fe.h"
2121
#endif
2222

23-
#include<openssl/sha.h>
24-
2523
#include"common/sha2.h"
2624

25+
#ifdefFRONTEND
26+
#include"common/logging.h"
27+
#else
28+
#include"miscadmin.h"
29+
#endif
30+
31+
#ifdefFRONTEND
32+
#definesha2_log_and_abort(...) \
33+
do { pg_log_fatal(__VA_ARGS__); exit(1); } while(0)
34+
#else
35+
#definesha2_log_and_abort(...) elog(ERROR, __VA_ARGS__)
36+
#endif
37+
38+
staticvoid
39+
digest_init(EVP_MD_CTX**ctx,constEVP_MD*type)
40+
{
41+
*ctx=EVP_MD_CTX_create();
42+
if (*ctx==NULL)
43+
sha2_log_and_abort("could not create EVP digest context");
44+
if (EVP_DigestInit_ex(*ctx,type,NULL) <=0)
45+
sha2_log_and_abort("could not initialize EVP digest context");
46+
}
47+
48+
staticvoid
49+
digest_update(EVP_MD_CTX**ctx,constuint8*data,size_tlen)
50+
{
51+
if (EVP_DigestUpdate(*ctx,data,len) <=0)
52+
sha2_log_and_abort("could not update EVP digest context");
53+
}
54+
55+
staticvoid
56+
digest_final(EVP_MD_CTX**ctx,uint8*dest)
57+
{
58+
if (EVP_DigestFinal_ex(*ctx,dest,0) <=0)
59+
sha2_log_and_abort("could not finalize EVP digest context");
60+
EVP_MD_CTX_destroy(*ctx);
61+
}
2762

2863
/* Interface routines for SHA-256 */
2964
void
3065
pg_sha256_init(pg_sha256_ctx*ctx)
3166
{
32-
SHA256_Init((SHA256_CTX*)ctx);
67+
digest_init(ctx,EVP_sha256());
3368
}
3469

3570
void
3671
pg_sha256_update(pg_sha256_ctx*ctx,constuint8*data,size_tlen)
3772
{
38-
SHA256_Update((SHA256_CTX*)ctx,data,len);
73+
digest_update(ctx,data,len);
3974
}
4075

4176
void
4277
pg_sha256_final(pg_sha256_ctx*ctx,uint8*dest)
4378
{
44-
SHA256_Final(dest, (SHA256_CTX*)ctx);
79+
digest_final(ctx,dest);
4580
}
4681

4782
/* Interface routines for SHA-512 */
4883
void
4984
pg_sha512_init(pg_sha512_ctx*ctx)
5085
{
51-
SHA512_Init((SHA512_CTX*)ctx);
86+
digest_init(ctx,EVP_sha512());
5287
}
5388

5489
void
5590
pg_sha512_update(pg_sha512_ctx*ctx,constuint8*data,size_tlen)
5691
{
57-
SHA512_Update((SHA512_CTX*)ctx,data,len);
92+
digest_update(ctx,data,len);
5893
}
5994

6095
void
6196
pg_sha512_final(pg_sha512_ctx*ctx,uint8*dest)
6297
{
63-
SHA512_Final(dest, (SHA512_CTX*)ctx);
98+
digest_final(ctx,dest);
6499
}
65100

66101
/* Interface routines for SHA-384 */
67102
void
68103
pg_sha384_init(pg_sha384_ctx*ctx)
69104
{
70-
SHA384_Init((SHA512_CTX*)ctx);
105+
digest_init(ctx,EVP_sha384());
71106
}
72107

73108
void
74109
pg_sha384_update(pg_sha384_ctx*ctx,constuint8*data,size_tlen)
75110
{
76-
SHA384_Update((SHA512_CTX*)ctx,data,len);
111+
digest_update(ctx,data,len);
77112
}
78113

79114
void
80115
pg_sha384_final(pg_sha384_ctx*ctx,uint8*dest)
81116
{
82-
SHA384_Final(dest, (SHA512_CTX*)ctx);
117+
digest_final(ctx,dest);
83118
}
84119

85120
/* Interface routines for SHA-224 */
86121
void
87122
pg_sha224_init(pg_sha224_ctx*ctx)
88123
{
89-
SHA224_Init((SHA256_CTX*)ctx);
124+
digest_init(ctx,EVP_sha224());
90125
}
91126

92127
void
93128
pg_sha224_update(pg_sha224_ctx*ctx,constuint8*data,size_tlen)
94129
{
95-
SHA224_Update((SHA256_CTX*)ctx,data,len);
130+
digest_update(ctx,data,len);
96131
}
97132

98133
void
99134
pg_sha224_final(pg_sha224_ctx*ctx,uint8*dest)
100135
{
101-
SHA224_Final(dest, (SHA256_CTX*)ctx);
136+
digest_final(ctx,dest);
102137
}

‎src/include/common/sha2.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
#define_PG_SHA2_H_
5252

5353
#ifdefUSE_OPENSSL
54-
#include<openssl/sha.h>
54+
#include<openssl/evp.h>
5555
#endif
5656

5757
/*** SHA224/256/384/512 Various Length Definitions ***********************/
@@ -70,10 +70,10 @@
7070

7171
/* Context Structures for SHA224/256/384/512 */
7272
#ifdefUSE_OPENSSL
73-
typedefSHA256_CTXpg_sha256_ctx;
74-
typedefSHA512_CTXpg_sha512_ctx;
75-
typedefSHA256_CTXpg_sha224_ctx;
76-
typedefSHA512_CTXpg_sha384_ctx;
73+
typedefEVP_MD_CTX*pg_sha256_ctx;
74+
typedefEVP_MD_CTX*pg_sha512_ctx;
75+
typedefEVP_MD_CTX*pg_sha224_ctx;
76+
typedefEVP_MD_CTX*pg_sha384_ctx;
7777
#else
7878
typedefstructpg_sha256_ctx
7979
{

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp