|
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* cryptohashfuncs.c
|
|
|
|
|
* Cryptographic hash functions
|
|
|
|
|
*
|
|
|
|
|
* Portions Copyright (c) 2018-2021, PostgreSQL Global Development Group
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
|
|
|
|
* src/backend/utils/adt/cryptohashfuncs.c
|
|
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
#include "postgres.h"
|
|
|
|
|
|
Move SHA2 routines to a new generic API layer for crypto hashes
Two new routines to allocate a hash context and to free it are created,
as these become necessary for the goal behind this refactoring: switch
the all cryptohash implementations for OpenSSL to use EVP (for FIPS and
also because upstream does not recommend the use of low-level cryptohash
functions for 20 years). Note that OpenSSL hides the internals of
cryptohash contexts since 1.1.0, so it is necessary to leave the
allocation to OpenSSL itself, explaining the need for those two new
routines. This part is going to require more work to properly track
hash contexts with resource owners, but this not introduced here.
Still, this refactoring makes the move possible.
This reduces the number of routines for all SHA2 implementations from
twelve (SHA{224,256,386,512} with init, update and final calls) to five
(create, free, init, update and final calls) by incorporating the hash
type directly into the hash context data.
The new cryptohash routines are moved to a new file, called cryptohash.c
for the fallback implementations, with SHA2 specifics becoming a part
internal to src/common/. OpenSSL specifics are part of
cryptohash_openssl.c. This infrastructure is usable for more hash
types, like MD5 or HMAC.
Any code paths using the internal SHA2 routines are adapted to report
correctly errors, which are most of the changes of this commit. The
zones mostly impacted are checksum manifests, libpq and SCRAM.
Note that e21cbb4 was a first attempt to switch SHA2 to EVP, but it
lacked the refactoring needed for libpq, as done here.
This patch has been tested on Linux and Windows, with and without
OpenSSL, and down to 1.0.1, the oldest version supported on HEAD.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
5 years ago
|
|
|
#include "common/cryptohash.h"
|
|
|
|
|
#include "common/md5.h"
|
|
|
|
|
#include "common/sha2.h"
|
|
|
|
|
#include "utils/builtins.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* MD5
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* MD5 produces a 16 byte (128 bit) hash; double it for hex */
|
|
|
|
|
#define MD5_HASH_LEN 32
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create an MD5 hash of a text value and return it as hex string.
|
|
|
|
|
*/
|
|
|
|
|
Datum
|
|
|
|
|
md5_text(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
text *in_text = PG_GETARG_TEXT_PP(0);
|
|
|
|
|
size_t len;
|
|
|
|
|
char hexsum[MD5_HASH_LEN + 1];
|
|
|
|
|
|
|
|
|
|
/* Calculate the length of the buffer using varlena metadata */
|
|
|
|
|
len = VARSIZE_ANY_EXHDR(in_text);
|
|
|
|
|
|
|
|
|
|
/* get the hash result */
|
|
|
|
|
if (pg_md5_hash(VARDATA_ANY(in_text), len, hexsum) == false)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OUT_OF_MEMORY),
|
|
|
|
|
errmsg("out of memory")));
|
|
|
|
|
|
|
|
|
|
/* convert to text and return it */
|
|
|
|
|
PG_RETURN_TEXT_P(cstring_to_text(hexsum));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create an MD5 hash of a bytea value and return it as a hex string.
|
|
|
|
|
*/
|
|
|
|
|
Datum
|
|
|
|
|
md5_bytea(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
bytea *in = PG_GETARG_BYTEA_PP(0);
|
|
|
|
|
size_t len;
|
|
|
|
|
char hexsum[MD5_HASH_LEN + 1];
|
|
|
|
|
|
|
|
|
|
len = VARSIZE_ANY_EXHDR(in);
|
|
|
|
|
if (pg_md5_hash(VARDATA_ANY(in), len, hexsum) == false)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OUT_OF_MEMORY),
|
|
|
|
|
errmsg("out of memory")));
|
|
|
|
|
|
|
|
|
|
PG_RETURN_TEXT_P(cstring_to_text(hexsum));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Internal routine to compute a cryptohash with the given bytea input.
|
|
|
|
|
*/
|
|
|
|
|
static inline bytea *
|
|
|
|
|
cryptohash_internal(pg_cryptohash_type type, bytea *input)
|
|
|
|
|
{
|
|
|
|
|
const uint8 *data;
|
|
|
|
|
const char *typestr = NULL;
|
|
|
|
|
int digest_len = 0;
|
|
|
|
|
size_t len;
|
Move SHA2 routines to a new generic API layer for crypto hashes
Two new routines to allocate a hash context and to free it are created,
as these become necessary for the goal behind this refactoring: switch
the all cryptohash implementations for OpenSSL to use EVP (for FIPS and
also because upstream does not recommend the use of low-level cryptohash
functions for 20 years). Note that OpenSSL hides the internals of
cryptohash contexts since 1.1.0, so it is necessary to leave the
allocation to OpenSSL itself, explaining the need for those two new
routines. This part is going to require more work to properly track
hash contexts with resource owners, but this not introduced here.
Still, this refactoring makes the move possible.
This reduces the number of routines for all SHA2 implementations from
twelve (SHA{224,256,386,512} with init, update and final calls) to five
(create, free, init, update and final calls) by incorporating the hash
type directly into the hash context data.
The new cryptohash routines are moved to a new file, called cryptohash.c
for the fallback implementations, with SHA2 specifics becoming a part
internal to src/common/. OpenSSL specifics are part of
cryptohash_openssl.c. This infrastructure is usable for more hash
types, like MD5 or HMAC.
Any code paths using the internal SHA2 routines are adapted to report
correctly errors, which are most of the changes of this commit. The
zones mostly impacted are checksum manifests, libpq and SCRAM.
Note that e21cbb4 was a first attempt to switch SHA2 to EVP, but it
lacked the refactoring needed for libpq, as done here.
This patch has been tested on Linux and Windows, with and without
OpenSSL, and down to 1.0.1, the oldest version supported on HEAD.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
5 years ago
|
|
|
pg_cryptohash_ctx *ctx;
|
|
|
|
|
bytea *result;
|
|
|
|
|
|
|
|
|
|
switch (type)
|
|
|
|
|
{
|
|
|
|
|
case PG_SHA224:
|
|
|
|
|
typestr = "SHA224";
|
|
|
|
|
digest_len = PG_SHA224_DIGEST_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case PG_SHA256:
|
|
|
|
|
typestr = "SHA256";
|
|
|
|
|
digest_len = PG_SHA256_DIGEST_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case PG_SHA384:
|
|
|
|
|
typestr = "SHA384";
|
|
|
|
|
digest_len = PG_SHA384_DIGEST_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case PG_SHA512:
|
|
|
|
|
typestr = "SHA512";
|
|
|
|
|
digest_len = PG_SHA512_DIGEST_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case PG_MD5:
|
|
|
|
|
case PG_SHA1:
|
|
|
|
|
elog(ERROR, "unsupported cryptohash type %d", type);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = palloc0(digest_len + VARHDRSZ);
|
|
|
|
|
len = VARSIZE_ANY_EXHDR(input);
|
|
|
|
|
data = (unsigned char *) VARDATA_ANY(input);
|
|
|
|
|
|
|
|
|
|
ctx = pg_cryptohash_create(type);
|
Move SHA2 routines to a new generic API layer for crypto hashes
Two new routines to allocate a hash context and to free it are created,
as these become necessary for the goal behind this refactoring: switch
the all cryptohash implementations for OpenSSL to use EVP (for FIPS and
also because upstream does not recommend the use of low-level cryptohash
functions for 20 years). Note that OpenSSL hides the internals of
cryptohash contexts since 1.1.0, so it is necessary to leave the
allocation to OpenSSL itself, explaining the need for those two new
routines. This part is going to require more work to properly track
hash contexts with resource owners, but this not introduced here.
Still, this refactoring makes the move possible.
This reduces the number of routines for all SHA2 implementations from
twelve (SHA{224,256,386,512} with init, update and final calls) to five
(create, free, init, update and final calls) by incorporating the hash
type directly into the hash context data.
The new cryptohash routines are moved to a new file, called cryptohash.c
for the fallback implementations, with SHA2 specifics becoming a part
internal to src/common/. OpenSSL specifics are part of
cryptohash_openssl.c. This infrastructure is usable for more hash
types, like MD5 or HMAC.
Any code paths using the internal SHA2 routines are adapted to report
correctly errors, which are most of the changes of this commit. The
zones mostly impacted are checksum manifests, libpq and SCRAM.
Note that e21cbb4 was a first attempt to switch SHA2 to EVP, but it
lacked the refactoring needed for libpq, as done here.
This patch has been tested on Linux and Windows, with and without
OpenSSL, and down to 1.0.1, the oldest version supported on HEAD.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
5 years ago
|
|
|
if (pg_cryptohash_init(ctx) < 0)
|
|
|
|
|
elog(ERROR, "could not initialize %s context", typestr);
|
Move SHA2 routines to a new generic API layer for crypto hashes
Two new routines to allocate a hash context and to free it are created,
as these become necessary for the goal behind this refactoring: switch
the all cryptohash implementations for OpenSSL to use EVP (for FIPS and
also because upstream does not recommend the use of low-level cryptohash
functions for 20 years). Note that OpenSSL hides the internals of
cryptohash contexts since 1.1.0, so it is necessary to leave the
allocation to OpenSSL itself, explaining the need for those two new
routines. This part is going to require more work to properly track
hash contexts with resource owners, but this not introduced here.
Still, this refactoring makes the move possible.
This reduces the number of routines for all SHA2 implementations from
twelve (SHA{224,256,386,512} with init, update and final calls) to five
(create, free, init, update and final calls) by incorporating the hash
type directly into the hash context data.
The new cryptohash routines are moved to a new file, called cryptohash.c
for the fallback implementations, with SHA2 specifics becoming a part
internal to src/common/. OpenSSL specifics are part of
cryptohash_openssl.c. This infrastructure is usable for more hash
types, like MD5 or HMAC.
Any code paths using the internal SHA2 routines are adapted to report
correctly errors, which are most of the changes of this commit. The
zones mostly impacted are checksum manifests, libpq and SCRAM.
Note that e21cbb4 was a first attempt to switch SHA2 to EVP, but it
lacked the refactoring needed for libpq, as done here.
This patch has been tested on Linux and Windows, with and without
OpenSSL, and down to 1.0.1, the oldest version supported on HEAD.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
5 years ago
|
|
|
if (pg_cryptohash_update(ctx, data, len) < 0)
|
|
|
|
|
elog(ERROR, "could not update %s context", typestr);
|
Add result size as argument of pg_cryptohash_final() for overflow checks
With its current design, a careless use of pg_cryptohash_final() could
would result in an out-of-bound write in memory as the size of the
destination buffer to store the result digest is not known to the
cryptohash internals, without the caller knowing about that. This
commit adds a new argument to pg_cryptohash_final() to allow such sanity
checks, and implements such defenses.
The internals of SCRAM for HMAC could be tightened a bit more, but as
everything is based on SCRAM_KEY_LEN with uses particular to this code
there is no need to complicate its interface more than necessary, and
this comes back to the refactoring of HMAC in core. Except that, this
minimizes the uses of the existing DIGEST_LENGTH variables, relying
instead on sizeof() for the result sizes. In ossp-uuid, this also makes
the code more defensive, as it already relied on dce_uuid_t being at
least the size of a MD5 digest.
This is in philosophy similar to cfc40d3 for base64.c and aef8948 for
hex.c.
Reported-by: Ranier Vilela
Author: Michael Paquier, Ranier Vilela
Reviewed-by: Kyotaro Horiguchi
Discussion: https://postgr.es/m/CAEudQAoqEGmcff3J4sTSV-R_16Monuz-UpJFbf_dnVH=APr02Q@mail.gmail.com
5 years ago
|
|
|
if (pg_cryptohash_final(ctx, (unsigned char *) VARDATA(result),
|
|
|
|
|
digest_len) < 0)
|
|
|
|
|
elog(ERROR, "could not finalize %s context", typestr);
|
Move SHA2 routines to a new generic API layer for crypto hashes
Two new routines to allocate a hash context and to free it are created,
as these become necessary for the goal behind this refactoring: switch
the all cryptohash implementations for OpenSSL to use EVP (for FIPS and
also because upstream does not recommend the use of low-level cryptohash
functions for 20 years). Note that OpenSSL hides the internals of
cryptohash contexts since 1.1.0, so it is necessary to leave the
allocation to OpenSSL itself, explaining the need for those two new
routines. This part is going to require more work to properly track
hash contexts with resource owners, but this not introduced here.
Still, this refactoring makes the move possible.
This reduces the number of routines for all SHA2 implementations from
twelve (SHA{224,256,386,512} with init, update and final calls) to five
(create, free, init, update and final calls) by incorporating the hash
type directly into the hash context data.
The new cryptohash routines are moved to a new file, called cryptohash.c
for the fallback implementations, with SHA2 specifics becoming a part
internal to src/common/. OpenSSL specifics are part of
cryptohash_openssl.c. This infrastructure is usable for more hash
types, like MD5 or HMAC.
Any code paths using the internal SHA2 routines are adapted to report
correctly errors, which are most of the changes of this commit. The
zones mostly impacted are checksum manifests, libpq and SCRAM.
Note that e21cbb4 was a first attempt to switch SHA2 to EVP, but it
lacked the refactoring needed for libpq, as done here.
This patch has been tested on Linux and Windows, with and without
OpenSSL, and down to 1.0.1, the oldest version supported on HEAD.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
5 years ago
|
|
|
pg_cryptohash_free(ctx);
|
|
|
|
|
|
|
|
|
|
SET_VARSIZE(result, digest_len + VARHDRSZ);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* SHA-2 variants
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
Datum
|
|
|
|
|
sha224_bytea(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
bytea *result = cryptohash_internal(PG_SHA224, PG_GETARG_BYTEA_PP(0));
|
|
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Datum
|
|
|
|
|
sha256_bytea(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
bytea *result = cryptohash_internal(PG_SHA256, PG_GETARG_BYTEA_PP(0));
|
|
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Datum
|
|
|
|
|
sha384_bytea(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
bytea *result = cryptohash_internal(PG_SHA384, PG_GETARG_BYTEA_PP(0));
|
|
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Datum
|
|
|
|
|
sha512_bytea(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
bytea *result = cryptohash_internal(PG_SHA512, PG_GETARG_BYTEA_PP(0));
|
|
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
|
}
|
