NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit87ae969

committed

Move SHA2 routines to a new generic API layer for crypto hashes

Two new routines to allocate a hash context and to free it are created,as these become necessary for the goal behind this refactoring: switchthe all cryptohash implementations for OpenSSL to use EVP (for FIPS andalso because upstream does not recommend the use of low-level cryptohashfunctions for 20 years). Note that OpenSSL hides the internals ofcryptohash contexts since 1.1.0, so it is necessary to leave theallocation to OpenSSL itself, explaining the need for those two newroutines. This part is going to require more work to properly trackhash contexts with resource owners, but this not introduced here.Still, this refactoring makes the move possible.This reduces the number of routines for all SHA2 implementations fromtwelve (SHA{224,256,386,512} with init, update and final calls) to five(create, free, init, update and final calls) by incorporating the hashtype directly into the hash context data.The new cryptohash routines are moved to a new file, called cryptohash.cfor the fallback implementations, with SHA2 specifics becoming a partinternal to src/common/. OpenSSL specifics are part ofcryptohash_openssl.c. This infrastructure is usable for more hashtypes, like MD5 or HMAC.Any code paths using the internal SHA2 routines are adapted to reportcorrectly errors, which are most of the changes of this commit. Thezones mostly impacted are checksum manifests, libpq and SCRAM.Note thate21cbb4 was a first attempt to switch SHA2 to EVP, but itlacked the refactoring needed for libpq, as done here.This patch has been tested on Linux and Windows, with and withoutOpenSSL, and down to 1.0.1, the oldest version supported on HEAD.Author: Michael PaquierReviewed-by: Daniel GustafssonDiscussion:https://postgr.es/m/20200924025314.GE7405@paquier.xyz

1 parent888671a commit87ae969Copy full SHA for 87ae969

File tree

23 files changed

+1039

-549

lines changed

contrib/pgcrypto
- internal-sha2.c
src
- backend
  - libpq
    - auth-scram.c
  - replication
    - backup_manifest.c
    - basebackup.c
  - utils/adt
    - cryptohashes.c
- bin/pg_verifybackup
  - parse_manifest.c
  - pg_verifybackup.c
- common
- include
  - common
  - replication
    - backup_manifest.h
- interfaces/libpq
  - fe-auth-scram.c
- tools
  - msvc
    - Mkvcbuild.pm
  - pgindent
    - typedefs.list

23 files changed

+1039

-549

lines changed

`‎contrib/pgcrypto/internal-sha2.c`

Lines changed: 41 additions & 147 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@`
`33`	`33`
`34`	`34`	`#include<time.h>`
`35`	`35`
	`36`	`+#include"common/cryptohash.h"`
`36`	`37`	`#include"common/sha2.h"`
`37`	`38`	`#include"px.h"`
`38`	`39`
`@@ -42,7 +43,6 @@ voidinit_sha384(PX_MD *h);`
`42`	`43`	`voidinit_sha512(PX_MD*h);`
`43`	`44`
`44`	`45`	`/* SHA224 */`
`45`		`-`
`46`	`46`	`staticunsigned`
`47`	`47`	`int_sha224_len(PX_MD*h)`
`48`	`48`	`{`
`@@ -55,42 +55,7 @@ int_sha224_block_len(PX_MD *h)`
`55`	`55`	`returnPG_SHA224_BLOCK_LENGTH;`
`56`	`56`	`}`
`57`	`57`
`58`		`-staticvoid`
`59`		`-int_sha224_update(PX_MDh,constuint8data,unsigneddlen)`
`60`		`-{`
`61`		`-pg_sha224_ctxctx= (pg_sha224_ctx)h->p.ptr;`
`62`		`-`
`63`		`-pg_sha224_update(ctx,data,dlen);`
`64`		`-}`
`65`		`-`
`66`		`-staticvoid`
`67`		`-int_sha224_reset(PX_MD*h)`
`68`		`-{`
`69`		`-pg_sha224_ctxctx= (pg_sha224_ctx)h->p.ptr;`
`70`		`-`
`71`		`-pg_sha224_init(ctx);`
`72`		`-}`
`73`		`-`
`74`		`-staticvoid`
`75`		`-int_sha224_finish(PX_MDh,uint8dst)`
`76`		`-{`
`77`		`-pg_sha224_ctxctx= (pg_sha224_ctx)h->p.ptr;`
`78`		`-`
`79`		`-pg_sha224_final(ctx,dst);`
`80`		`-}`
`81`		`-`
`82`		`-staticvoid`
`83`		`-int_sha224_free(PX_MD*h)`
`84`		`-{`
`85`		`-pg_sha224_ctxctx= (pg_sha224_ctx)h->p.ptr;`
`86`		`-`
`87`		`-px_memset(ctx,0,sizeof(*ctx));`
`88`		`-pfree(ctx);`
`89`		`-pfree(h);`
`90`		`-}`
`91`		`-`
`92`	`58`	`/* SHA256 */`
`93`		`-`
`94`	`59`	`staticunsigned`
`95`	`60`	`int_sha256_len(PX_MD*h)`
`96`	`61`	`{`
`@@ -103,42 +68,7 @@ int_sha256_block_len(PX_MD *h)`
`103`	`68`	`returnPG_SHA256_BLOCK_LENGTH;`
`104`	`69`	`}`
`105`	`70`
`106`		`-staticvoid`
`107`		`-int_sha256_update(PX_MDh,constuint8data,unsigneddlen)`
`108`		`-{`
`109`		`-pg_sha256_ctxctx= (pg_sha256_ctx)h->p.ptr;`
`110`		`-`
`111`		`-pg_sha256_update(ctx,data,dlen);`
`112`		`-}`
`113`		`-`
`114`		`-staticvoid`
`115`		`-int_sha256_reset(PX_MD*h)`
`116`		`-{`
`117`		`-pg_sha256_ctxctx= (pg_sha256_ctx)h->p.ptr;`
`118`		`-`
`119`		`-pg_sha256_init(ctx);`
`120`		`-}`
`121`		`-`
`122`		`-staticvoid`
`123`		`-int_sha256_finish(PX_MDh,uint8dst)`
`124`		`-{`
`125`		`-pg_sha256_ctxctx= (pg_sha256_ctx)h->p.ptr;`
`126`		`-`
`127`		`-pg_sha256_final(ctx,dst);`
`128`		`-}`
`129`		`-`
`130`		`-staticvoid`
`131`		`-int_sha256_free(PX_MD*h)`
`132`		`-{`
`133`		`-pg_sha256_ctxctx= (pg_sha256_ctx)h->p.ptr;`
`134`		`-`
`135`		`-px_memset(ctx,0,sizeof(*ctx));`
`136`		`-pfree(ctx);`
`137`		`-pfree(h);`
`138`		`-}`
`139`		`-`
`140`	`71`	`/* SHA384 */`
`141`		`-`
`142`	`72`	`staticunsigned`
`143`	`73`	`int_sha384_len(PX_MD*h)`
`144`	`74`	`{`
`@@ -151,42 +81,7 @@ int_sha384_block_len(PX_MD *h)`
`151`	`81`	`returnPG_SHA384_BLOCK_LENGTH;`
`152`	`82`	`}`
`153`	`83`
`154`		`-staticvoid`
`155`		`-int_sha384_update(PX_MDh,constuint8data,unsigneddlen)`
`156`		`-{`
`157`		`-pg_sha384_ctxctx= (pg_sha384_ctx)h->p.ptr;`
`158`		`-`
`159`		`-pg_sha384_update(ctx,data,dlen);`
`160`		`-}`
`161`		`-`
`162`		`-staticvoid`
`163`		`-int_sha384_reset(PX_MD*h)`
`164`		`-{`
`165`		`-pg_sha384_ctxctx= (pg_sha384_ctx)h->p.ptr;`
`166`		`-`
`167`		`-pg_sha384_init(ctx);`
`168`		`-}`
`169`		`-`
`170`		`-staticvoid`
`171`		`-int_sha384_finish(PX_MDh,uint8dst)`
`172`		`-{`
`173`		`-pg_sha384_ctxctx= (pg_sha384_ctx)h->p.ptr;`
`174`		`-`
`175`		`-pg_sha384_final(ctx,dst);`
`176`		`-}`
`177`		`-`
`178`		`-staticvoid`
`179`		`-int_sha384_free(PX_MD*h)`
`180`		`-{`
`181`		`-pg_sha384_ctxctx= (pg_sha384_ctx)h->p.ptr;`
`182`		`-`
`183`		`-px_memset(ctx,0,sizeof(*ctx));`
`184`		`-pfree(ctx);`
`185`		`-pfree(h);`
`186`		`-}`
`187`		`-`
`188`	`84`	`/* SHA512 */`
`189`		`-`
`190`	`85`	`staticunsigned`
`191`	`86`	`int_sha512_len(PX_MD*h)`
`192`	`87`	`{`
`@@ -199,37 +94,40 @@ int_sha512_block_len(PX_MD *h)`
`199`	`94`	`returnPG_SHA512_BLOCK_LENGTH;`
`200`	`95`	`}`
`201`	`96`
	`97`	`+/* Generic interface for all SHA2 methods */`
`202`	`98`	`staticvoid`
`203`		`-int_sha512_update(PX_MDh,constuint8data,unsigneddlen)`
	`99`	`+int_sha2_update(PX_MDh,constuint8data,unsigneddlen)`
`204`	`100`	`{`
`205`		`-pg_sha512_ctxctx= (pg_sha512_ctx)h->p.ptr;`
	`101`	`+pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`206`	`102`
`207`		`-pg_sha512_update(ctx,data,dlen);`
	`103`	`+if (pg_cryptohash_update(ctx,data,dlen)<0)`
	`104`	`+elog(ERROR,"could not update %s context","SHA2");`
`208`	`105`	`}`
`209`	`106`
`210`	`107`	`staticvoid`
`211`		`-int_sha512_reset(PX_MD*h)`
	`108`	`+int_sha2_reset(PX_MD*h)`
`212`	`109`	`{`
`213`		`-pg_sha512_ctxctx= (pg_sha512_ctx)h->p.ptr;`
	`110`	`+pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`214`	`111`
`215`		`-pg_sha512_init(ctx);`
	`112`	`+if (pg_cryptohash_init(ctx)<0)`
	`113`	`+elog(ERROR,"could not initialize %s context","SHA2");`
`216`	`114`	`}`
`217`	`115`
`218`	`116`	`staticvoid`
`219`		`-int_sha512_finish(PX_MDh,uint8dst)`
	`117`	`+int_sha2_finish(PX_MDh,uint8dst)`
`220`	`118`	`{`
`221`		`-pg_sha512_ctxctx= (pg_sha512_ctx)h->p.ptr;`
	`119`	`+pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`222`	`120`
`223`		`-pg_sha512_final(ctx,dst);`
	`121`	`+if (pg_cryptohash_final(ctx,dst)<0)`
	`122`	`+elog(ERROR,"could not finalize %s context","SHA2");`
`224`	`123`	`}`
`225`	`124`
`226`	`125`	`staticvoid`
`227`		`-int_sha512_free(PX_MD*h)`
	`126`	`+int_sha2_free(PX_MD*h)`
`228`	`127`	`{`
`229`		`-pg_sha512_ctxctx= (pg_sha512_ctx)h->p.ptr;`
	`128`	`+pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`230`	`129`
`231`		`-px_memset(ctx,0,sizeof(*ctx));`
`232`		`-pfree(ctx);`
	`130`	`+pg_cryptohash_free(ctx);`
`233`	`131`	`pfree(h);`
`234`	`132`	`}`
`235`	`133`
`@@ -238,75 +136,71 @@ int_sha512_free(PX_MD *h)`
`238`	`136`	`void`
`239`	`137`	`init_sha224(PX_MD*md)`
`240`	`138`	`{`
`241`		`-pg_sha224_ctx*ctx;`
`242`		`-`
`243`		`-ctx=palloc0(sizeof(*ctx));`
	`139`	`+pg_cryptohash_ctx*ctx;`
`244`	`140`
	`141`	`+ctx=pg_cryptohash_create(PG_SHA224);`
`245`	`142`	`md->p.ptr=ctx;`
`246`	`143`
`247`	`144`	`md->result_size=int_sha224_len;`
`248`	`145`	`md->block_size=int_sha224_block_len;`
`249`		`-md->reset=int_sha224_reset;`
`250`		`-md->update=int_sha224_update;`
`251`		`-md->finish=int_sha224_finish;`
`252`		`-md->free=int_sha224_free;`
	`146`	`+md->reset=int_sha2_reset;`
	`147`	`+md->update=int_sha2_update;`
	`148`	`+md->finish=int_sha2_finish;`
	`149`	`+md->free=int_sha2_free;`
`253`	`150`
`254`	`151`	`md->reset(md);`
`255`	`152`	`}`
`256`	`153`
`257`	`154`	`void`
`258`	`155`	`init_sha256(PX_MD*md)`
`259`	`156`	`{`
`260`		`-pg_sha256_ctx*ctx;`
`261`		`-`
`262`		`-ctx=palloc0(sizeof(*ctx));`
	`157`	`+pg_cryptohash_ctx*ctx;`
`263`	`158`
	`159`	`+ctx=pg_cryptohash_create(PG_SHA256);`
`264`	`160`	`md->p.ptr=ctx;`
`265`	`161`
`266`	`162`	`md->result_size=int_sha256_len;`
`267`	`163`	`md->block_size=int_sha256_block_len;`
`268`		`-md->reset=int_sha256_reset;`
`269`		`-md->update=int_sha256_update;`
`270`		`-md->finish=int_sha256_finish;`
`271`		`-md->free=int_sha256_free;`
	`164`	`+md->reset=int_sha2_reset;`
	`165`	`+md->update=int_sha2_update;`
	`166`	`+md->finish=int_sha2_finish;`
	`167`	`+md->free=int_sha2_free;`
`272`	`168`
`273`	`169`	`md->reset(md);`
`274`	`170`	`}`
`275`	`171`
`276`	`172`	`void`
`277`	`173`	`init_sha384(PX_MD*md)`
`278`	`174`	`{`
`279`		`-pg_sha384_ctx*ctx;`
`280`		`-`
`281`		`-ctx=palloc0(sizeof(*ctx));`
	`175`	`+pg_cryptohash_ctx*ctx;`
`282`	`176`
	`177`	`+ctx=pg_cryptohash_create(PG_SHA384);`
`283`	`178`	`md->p.ptr=ctx;`
`284`	`179`
`285`	`180`	`md->result_size=int_sha384_len;`
`286`	`181`	`md->block_size=int_sha384_block_len;`
`287`		`-md->reset=int_sha384_reset;`
`288`		`-md->update=int_sha384_update;`
`289`		`-md->finish=int_sha384_finish;`
`290`		`-md->free=int_sha384_free;`
	`182`	`+md->reset=int_sha2_reset;`
	`183`	`+md->update=int_sha2_update;`
	`184`	`+md->finish=int_sha2_finish;`
	`185`	`+md->free=int_sha2_free;`
`291`	`186`
`292`	`187`	`md->reset(md);`
`293`	`188`	`}`
`294`	`189`
`295`	`190`	`void`
`296`	`191`	`init_sha512(PX_MD*md)`
`297`	`192`	`{`
`298`		`-pg_sha512_ctx*ctx;`
`299`		`-`
`300`		`-ctx=palloc0(sizeof(*ctx));`
	`193`	`+pg_cryptohash_ctx*ctx;`
`301`	`194`
	`195`	`+ctx=pg_cryptohash_create(PG_SHA512);`
`302`	`196`	`md->p.ptr=ctx;`
`303`	`197`
`304`	`198`	`md->result_size=int_sha512_len;`
`305`	`199`	`md->block_size=int_sha512_block_len;`
`306`		`-md->reset=int_sha512_reset;`
`307`		`-md->update=int_sha512_update;`
`308`		`-md->finish=int_sha512_finish;`
`309`		`-md->free=int_sha512_free;`
	`200`	`+md->reset=int_sha2_reset;`
	`201`	`+md->update=int_sha2_update;`
	`202`	`+md->finish=int_sha2_finish;`
	`203`	`+md->free=int_sha2_free;`
`310`	`204`
`311`	`205`	`md->reset(md);`
`312`	`206`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit87ae969

File tree

23 files changed

23 files changed

`‎contrib/pgcrypto/internal-sha2.c`

0 commit comments