NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4fcf8b1

committed

- Add Fortuna PRNG to pgcrypto.

- Move openssl random provider to openssl.c and builtin provider to internal.c- Make px_random_bytes use Fortuna, instead of giving error.- Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness.Marko Kreen

1 parent248eeb8 commit4fcf8b1Copy full SHA for 4fcf8b1

File tree

5 files changed

+284

-77

lines changed

contrib/pgcrypto

5 files changed

+284

-77

lines changed

`‎contrib/pgcrypto/Makefile`

Lines changed: 5 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,25 +1,21 @@`
`1`	`1`	`#`
`2`		`-# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.18 2005/07/10 03:52:56 momjian Exp $`
	`2`	`+# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.19 2005/07/10 03:55:28 momjian Exp $`
`3`	`3`	`#`
`4`	`4`
`5`		`-# if you don't have OpenSSL, you can use libc random() or /dev/urandom`
`6`		`-INT_CFLAGS = -DRAND_SILLY`
`7`		`-#INT_CFLAGS = -DRAND_DEV=\"/dev/urandom\"`
`8`		`-`
`9`		`-INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c`
	`5`	`+INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c\`
	`6`	`+fortuna.c random.c`
`10`	`7`	`INT_TESTS = sha2`
`11`	`8`
`12`		`-OSSL_CFLAGS = -DRAND_OPENSSL`
`13`	`9`	`OSSL_SRCS = openssl.c`
`14`	`10`	`OSSL_TESTS = des 3des cast5`
`15`	`11`
`16`	`12`	`CF_SRCS =$(if$(subst no,,$(with_openssl)),$(OSSL_SRCS),$(INT_SRCS))`
`17`	`13`	`CF_TESTS =$(if$(subst no,,$(with_openssl)),$(OSSL_TESTS),$(INT_TESTS))`
`18`		`-CF_CFLAGS =$(if$(subst no,,$(with_openssl)),$(OSSL_CFLAGS),$(INT_CFLAGS))`
	`14`	`+CF_CFLAGS =`
`19`	`15`
`20`	`16`	`PG_CPPFLAGS=$(CF_CFLAGS)`
`21`	`17`
`22`		`-SRCS= pgcrypto.c px.c px-hmac.c px-crypt.c misc.crandom.c\`
	`18`	`+SRCS= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c\`
`23`	`19`	`crypt-gensalt.c crypt-blowfish.c crypt-des.c\`
`24`	`20`	`crypt-md5.c$(CF_SRCS)`
`25`	`21`

`‎contrib/pgcrypto/internal.c`

Lines changed: 64 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,11 +26,12 @@`
`26`	`26`	`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
`27`	`27`	`* SUCH DAMAGE.`
`28`	`28`	`*`
`29`		`- * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.17 2005/07/10 03:52:56 momjian Exp $`
	`29`	`+ * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.18 2005/07/10 03:55:28 momjian Exp $`
`30`	`30`	`*/`
`31`	`31`
`32`	`32`
`33`	`33`	`#include<postgres.h>`
	`34`	`+#include<time.h>`
`34`	`35`
`35`	`36`	`#include"px.h"`
`36`	`37`
`@@ -39,6 +40,13 @@`
`39`	`40`	`#include"sha2.h"`
`40`	`41`	`#include"blf.h"`
`41`	`42`	`#include"rijndael.h"`
	`43`	`+#include"fortuna.h"`
	`44`	`+`
	`45`	`+/*`
	`46`	`+ * How often to try to acquire system entropy. (In seconds)`
	`47`	`+ */`
	`48`	`+#defineSYSTEM_RESEED_FREQ(36060)`
	`49`	`+`
`42`	`50`
`43`	`51`	`#ifndefMD5_DIGEST_LENGTH`
`44`	`52`	`#defineMD5_DIGEST_LENGTH 16`
`@@ -784,3 +792,58 @@ px_find_cipher(const char name, PX_Cipher * res)`
`784`	`792`	`*res=c;`
`785`	`793`	`return0;`
`786`	`794`	`}`
	`795`	`+`
	`796`	`+/*`
	`797`	`+ * Randomness provider`
	`798`	`+ */`
	`799`	`+`
	`800`	`+/*`
	`801`	`+ * Use libc for all 'public' bytes.`
	`802`	`+ *`
	`803`	`+ * That way we don't expose bytes from Fortuna`
	`804`	`+ * to the public, in case it has some bugs.`
	`805`	`+ */`
	`806`	`+int`
	`807`	`+px_get_pseudo_random_bytes(uint8*dst,unsignedcount)`
	`808`	`+{`
	`809`	`+inti;`
	`810`	`+`
	`811`	`+for (i=0;i<count;i++)`
	`812`	`+*dst++=random();`
	`813`	`+returni;`
	`814`	`+}`
	`815`	`+`
	`816`	`+statictime_tseed_time=0;`
	`817`	`+staticvoidsystem_reseed()`
	`818`	`+{`
	`819`	`+uint8buf[1024];`
	`820`	`+intn;`
	`821`	`+time_tt;`
	`822`	`+`
	`823`	`+t=time(NULL);`
	`824`	`+if (seed_time&& (t-seed_time)<SYSTEM_RESEED_FREQ)`
	`825`	`+return;`
	`826`	`+`
	`827`	`+n=px_acquire_system_randomness(buf);`
	`828`	`+if (n>0)`
	`829`	`+fortuna_add_entropy(SYSTEM_ENTROPY,buf,n);`
	`830`	`+`
	`831`	`+seed_time=t;`
	`832`	`+}`
	`833`	`+`
	`834`	`+int`
	`835`	`+px_get_random_bytes(uint8*dst,unsignedcount)`
	`836`	`+{`
	`837`	`+system_reseed();`
	`838`	`+fortuna_get_bytes(count,dst);`
	`839`	`+return0;`
	`840`	`+}`
	`841`	`+`
	`842`	`+int`
	`843`	`+px_add_entropy(constuint8*data,unsignedcount)`
	`844`	`+{`
	`845`	`+system_reseed();`
	`846`	`+fortuna_add_entropy(USER_ENTROPY,data,count);`
	`847`	`+return0;`
	`848`	`+}`
	`849`	`+`

`‎contrib/pgcrypto/openssl.c`

Lines changed: 59 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`	`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
`27`	`27`	`* SUCH DAMAGE.`
`28`	`28`	`*`
`29`		`- * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.20 2005/07/05 18:15:36 tgl Exp $`
	`29`	`+ * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.21 2005/07/10 03:55:28 momjian Exp $`
`30`	`30`	`*/`
`31`	`31`
`32`	`32`	`#include<postgres.h>`
`@@ -37,6 +37,9 @@`
`37`	`37`	`#include<openssl/blowfish.h>`
`38`	`38`	`#include<openssl/cast.h>`
`39`	`39`	`#include<openssl/des.h>`
	`40`	`+#include<openssl/rand.h>`
	`41`	`+#include<openssl/err.h>`
	`42`	`+`
`40`	`43`
`41`	`44`	`/*`
`42`	`45`	`* Does OpenSSL support AES?`
`@@ -759,3 +762,58 @@ px_find_cipher(const char name, PX_Cipher * res)`
`759`	`762`	`*res=c;`
`760`	`763`	`return0;`
`761`	`764`	`}`
	`765`	`+`
	`766`	`+`
	`767`	`+staticintopenssl_random_init=0;`
	`768`	`+`
	`769`	`+/*`
	`770`	`+ * OpenSSL random should re-feeded occasionally. From /dev/urandom`
	`771`	`+ * preferably.`
	`772`	`+ */`
	`773`	`+staticvoidinit_openssl_rand()`
	`774`	`+{`
	`775`	`+if (RAND_get_rand_method()==NULL)`
	`776`	`+RAND_set_rand_method(RAND_SSLeay());`
	`777`	`+openssl_random_init=1;`
	`778`	`+}`
	`779`	`+`
	`780`	`+int`
	`781`	`+px_get_random_bytes(uint8*dst,unsignedcount)`
	`782`	`+{`
	`783`	`+intres;`
	`784`	`+`
	`785`	`+if (!openssl_random_init)`
	`786`	`+init_openssl_rand();`
	`787`	`+`
	`788`	`+res=RAND_bytes(dst,count);`
	`789`	`+if (res==1)`
	`790`	`+returncount;`
	`791`	`+`
	`792`	`+returnPXE_OSSL_RAND_ERROR;`
	`793`	`+}`
	`794`	`+`
	`795`	`+int`
	`796`	`+px_get_pseudo_random_bytes(uint8*dst,unsignedcount)`
	`797`	`+{`
	`798`	`+intres;`
	`799`	`+`
	`800`	`+if (!openssl_random_init)`
	`801`	`+init_openssl_rand();`
	`802`	`+`
	`803`	`+res=RAND_pseudo_bytes(dst,count);`
	`804`	`+if (res==0\|\|res==1)`
	`805`	`+returncount;`
	`806`	`+`
	`807`	`+returnPXE_OSSL_RAND_ERROR;`
	`808`	`+}`
	`809`	`+`
	`810`	`+int`
	`811`	`+px_add_entropy(constuint8*data,unsignedcount)`
	`812`	`+{`
	`813`	`+/*`
	`814`	`+ * estimate 0 bits`
	`815`	`+ */`
	`816`	`+RAND_add(data,count,0);`
	`817`	`+return0;`
	`818`	`+}`
	`819`	`+`

`‎contrib/pgcrypto/px.h`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`	`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
`27`	`27`	`* SUCH DAMAGE.`
`28`	`28`	`*`
`29`		`- * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.12 2005/03/21 05:22:14 neilc Exp $`
	`29`	`+ * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.13 2005/07/10 03:55:28 momjian Exp $`
`30`	`30`	`*/`
`31`	`31`
`32`	`32`	`#ifndef__PX_H`
`@@ -170,6 +170,9 @@ intpx_find_combo(const char name, PX_Combo * res);`
`170`	`170`
`171`	`171`	`intpx_get_random_bytes(uint8*dst,unsignedcount);`
`172`	`172`	`intpx_get_pseudo_random_bytes(uint8*dst,unsignedcount);`
	`173`	`+intpx_add_entropy(constuint8*data,unsignedcount);`
	`174`	`+`
	`175`	`+unsignedpx_acquire_system_randomness(uint8*dst);`
`173`	`176`
`174`	`177`	`constchar*px_strerror(interr);`
`175`	`178`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4fcf8b1

File tree

5 files changed

5 files changed

`‎contrib/pgcrypto/Makefile`

`‎contrib/pgcrypto/internal.c`

`‎contrib/pgcrypto/openssl.c`

`‎contrib/pgcrypto/px.h`

0 commit comments