mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
postgres/src/common/cryptohash.c
Michael Paquier b67b57a966 Refactor MD5 implementations according to new cryptohash infrastructure 
This commit heavily reorganizes the MD5 implementations that exist in
the tree in various aspects.

First, MD5 is added to the list of options available in cryptohash.c and
cryptohash_openssl.c.  This means that if building with OpenSSL, EVP is
used for MD5 instead of the fallback implementation that Postgres had
for ages.  With the recent refactoring work for cryptohash functions,
this change is straight-forward.  If not building with OpenSSL, a
fallback implementation internal to src/common/ is used.

Second, this reduces the number of MD5 implementations present in the
tree from two to one, by moving the KAME implementation from pgcrypto to
src/common/, and by removing the implementation that existed in
src/common/.  KAME was already structured with an init/update/final set
of routines by pgcrypto (see original pgcrypto/md5.h) for compatibility
with OpenSSL, so moving it to src/common/ has proved to be a
straight-forward move, requiring no actual manipulation of the internals
of each routine.  Some benchmarking has not shown any performance gap
between both implementations.

Similarly to the fallback implementation used for SHA2, the fallback
implementation of MD5 is moved to src/common/md5.c with an internal
header called md5_int.h for the init, update and final routines.  This
gets then consumed by cryptohash.c.

The original routines used for MD5-hashed passwords are moved to a
separate file called md5_common.c, also in src/common/, aimed at being
shared between all MD5 implementations as utility routines to keep
compatibility with any code relying on them.

Like the SHA2 changes, this commit had its round of tests on both Linux
and Windows, across all versions of OpenSSL supported on HEAD, with and
even without OpenSSL.

Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20201106073434.GA4961@paquier.xyz
2020-12-10 11:59:10 +09:00

204 lines
4.1 KiB
C
Raw Blame History

/*-------------------------------------------------------------------------
*
* cryptohash.c
* Fallback implementations for cryptographic hash functions.
*
* This is the set of in-core functions used when there are no other
* alternative options like OpenSSL.
*
* Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* src/common/cryptohash.c
*
*-------------------------------------------------------------------------
*/
#ifndef FRONTEND
#include "postgres.h"
#else
#include "postgres_fe.h"
#endif
#include <sys/param.h>
#include "common/cryptohash.h"
#include "md5_int.h"
#include "sha2_int.h"
/*
* In backend, use palloc/pfree to ease the error handling. In frontend,
* use malloc to be able to return a failure status back to the caller.
*/
#ifndef FRONTEND
#define ALLOC(size) palloc(size)
#define FREE(ptr) pfree(ptr)
#else
#define ALLOC(size) malloc(size)
#define FREE(ptr) free(ptr)
#endif
/*
* pg_cryptohash_create
*
* Allocate a hash context. Returns NULL on failure for an OOM. The
* backend issues an error, without returning.
*/
pg_cryptohash_ctx *
pg_cryptohash_create(pg_cryptohash_type type)
{
pg_cryptohash_ctx *ctx;
ctx = ALLOC(sizeof(pg_cryptohash_ctx));
if (ctx == NULL)
return NULL;
ctx->type = type;
switch (type)
{
case PG_MD5:
ctx->data = ALLOC(sizeof(pg_md5_ctx));
break;
case PG_SHA224:
ctx->data = ALLOC(sizeof(pg_sha224_ctx));
break;
case PG_SHA256:
ctx->data = ALLOC(sizeof(pg_sha256_ctx));
break;
case PG_SHA384:
ctx->data = ALLOC(sizeof(pg_sha384_ctx));
break;
case PG_SHA512:
ctx->data = ALLOC(sizeof(pg_sha512_ctx));
break;
}
if (ctx->data == NULL)
{
explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
FREE(ctx);
return NULL;
}
return ctx;
}
/*
* pg_cryptohash_init
*
* Initialize a hash context. Note that this implementation is designed
* to never fail, so this always returns 0.
*/
int
pg_cryptohash_init(pg_cryptohash_ctx *ctx)
{
if (ctx == NULL)
return 0;
switch (ctx->type)
{
case PG_MD5:
pg_md5_init((pg_md5_ctx *) ctx->data);
break;
case PG_SHA224:
pg_sha224_init((pg_sha224_ctx *) ctx->data);
break;
case PG_SHA256:
pg_sha256_init((pg_sha256_ctx *) ctx->data);
break;
case PG_SHA384:
pg_sha384_init((pg_sha384_ctx *) ctx->data);
break;
case PG_SHA512:
pg_sha512_init((pg_sha512_ctx *) ctx->data);
break;
}
return 0;
}
/*
* pg_cryptohash_update
*
* Update a hash context. Note that this implementation is designed
* to never fail, so this always returns 0.
*/
int
pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
{
if (ctx == NULL)
return 0;
switch (ctx->type)
{
case PG_MD5:
pg_md5_update((pg_md5_ctx *) ctx->data, data, len);
break;
case PG_SHA224:
pg_sha224_update((pg_sha224_ctx *) ctx->data, data, len);
break;
case PG_SHA256:
pg_sha256_update((pg_sha256_ctx *) ctx->data, data, len);
break;
case PG_SHA384:
pg_sha384_update((pg_sha384_ctx *) ctx->data, data, len);
break;
case PG_SHA512:
pg_sha512_update((pg_sha512_ctx *) ctx->data, data, len);
break;
}
return 0;
}
/*
* pg_cryptohash_final
*
* Finalize a hash context. Note that this implementation is designed
* to never fail, so this always returns 0.
*/
int
pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest)
{
if (ctx == NULL)
return 0;
switch (ctx->type)
{
case PG_MD5:
pg_md5_final((pg_md5_ctx *) ctx->data, dest);
break;
case PG_SHA224:
pg_sha224_final((pg_sha224_ctx *) ctx->data, dest);
break;
case PG_SHA256:
pg_sha256_final((pg_sha256_ctx *) ctx->data, dest);
break;
case PG_SHA384:
pg_sha384_final((pg_sha384_ctx *) ctx->data, dest);
break;
case PG_SHA512:
pg_sha512_final((pg_sha512_ctx *) ctx->data, dest);
break;
}
return 0;
}
/*
* pg_cryptohash_free
*
* Free a hash context.
*/
void
pg_cryptohash_free(pg_cryptohash_ctx *ctx)
{
if (ctx == NULL)
return;
FREE(ctx->data);
explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
FREE(ctx);
}
Reference in New Issue View Git Blame Copy Permalink