From 807bbe6051de32dab969d0ed33807747af5a2b45 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 12 Jul 2005 20:27:45 +0000 Subject: [PATCH] More pgcrypto fixes: handle long messages correctly, suppress compiler warnings. Marko Kreen and Kris Jurka. --- contrib/pgcrypto/expected/3des.out | 13 +++++++++++++ contrib/pgcrypto/expected/blowfish.out | 13 +++++++++++++ contrib/pgcrypto/expected/cast5.out | 13 +++++++++++++ contrib/pgcrypto/expected/des.out | 13 +++++++++++++ contrib/pgcrypto/expected/rijndael.out | 13 +++++++++++++ contrib/pgcrypto/openssl.c | 18 +++++++++++++----- contrib/pgcrypto/sha2.c | 12 ++++++------ contrib/pgcrypto/sql/3des.sql | 4 ++++ contrib/pgcrypto/sql/blowfish.sql | 4 ++++ contrib/pgcrypto/sql/cast5.sql | 4 ++++ contrib/pgcrypto/sql/des.sql | 4 ++++ contrib/pgcrypto/sql/rijndael.sql | 4 ++++ 12 files changed, 104 insertions(+), 11 deletions(-) diff --git a/contrib/pgcrypto/expected/3des.out b/contrib/pgcrypto/expected/3des.out index 7b6e3dcfdf5..3e6a88e8bf4 100644 --- a/contrib/pgcrypto/expected/3des.out +++ b/contrib/pgcrypto/expected/3des.out @@ -54,3 +54,16 @@ select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', '3des'); foo (1 row) +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), 'hex'); + encode +------------------------------------------------------------------ + b71e3422269d0ded19468f33d65cd663c28e0871984792a7b3ba0ddcecec8d2c +(1 row) + +select decrypt(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), '0123456789012345678901', '3des'); + decrypt +---------------------------- + Lets try a longer message. +(1 row) + diff --git a/contrib/pgcrypto/expected/blowfish.out b/contrib/pgcrypto/expected/blowfish.out index 7558aa937a5..5c09cf5cd94 100644 --- a/contrib/pgcrypto/expected/blowfish.out +++ b/contrib/pgcrypto/expected/blowfish.out @@ -158,3 +158,16 @@ select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf'); foo (1 row) +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 'hex'); + encode +------------------------------------------------------------------ + a76059f7a1b627b5b84080d9beb337714c7a7f8b70300023e5feb6dfa6813536 +(1 row) + +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), '0123456789', 'bf'); + decrypt +---------------------------- + Lets try a longer message. +(1 row) + diff --git a/contrib/pgcrypto/expected/cast5.out b/contrib/pgcrypto/expected/cast5.out index f5b3cf67503..4ca824e2f87 100644 --- a/contrib/pgcrypto/expected/cast5.out +++ b/contrib/pgcrypto/expected/cast5.out @@ -71,3 +71,16 @@ select decrypt_iv(decode('384a970695ce016a', 'hex'), foo (1 row) +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 'hex'); + encode +------------------------------------------------------------------ + 04fcffc91533e1505dadcb10766d9fed0937818e663e402384e049942ba60fff +(1 row) + +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), '0123456789', 'cast5'); + decrypt +---------------------------- + Lets try a longer message. +(1 row) + diff --git a/contrib/pgcrypto/expected/des.out b/contrib/pgcrypto/expected/des.out index 333b30d8cce..00513c4e6ac 100644 --- a/contrib/pgcrypto/expected/des.out +++ b/contrib/pgcrypto/expected/des.out @@ -46,3 +46,16 @@ select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des'); foo (1 row) +-- long message +select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 'hex'); + encode +------------------------------------------------------------------ + 5ad146043e5f30967e06a0fcbae602daf4ff2a5fd0ed12d6c5913cf85f1e36ca +(1 row) + +select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), '01234567', 'des'); + decrypt +---------------------------- + Lets try a longer message. +(1 row) + diff --git a/contrib/pgcrypto/expected/rijndael.out b/contrib/pgcrypto/expected/rijndael.out index fbbbc871894..cb336e335d4 100644 --- a/contrib/pgcrypto/expected/rijndael.out +++ b/contrib/pgcrypto/expected/rijndael.out @@ -109,3 +109,16 @@ select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'), foo (1 row) +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 'hex'); + encode +------------------------------------------------------------------ + d9beb785dd5403ed02f66b755bb191b93ed93ca54930153f2c3b9ec7785056ad +(1 row) + +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), '0123456789', 'aes'); + decrypt +---------------------------- + Lets try a longer message. +(1 row) + diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c index eb7cbbf0c60..67358c941f3 100644 --- a/contrib/pgcrypto/openssl.c +++ b/contrib/pgcrypto/openssl.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.24 2005/07/11 15:07:59 tgl Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.25 2005/07/12 20:27:42 tgl Exp $ */ #include "postgres.h" @@ -40,6 +40,11 @@ #include #include +/* + * Max lengths we might want to handle. + */ +#define MAX_KEY (512/8) +#define MAX_IV (128/8) /* * Does OpenSSL support AES? @@ -78,10 +83,13 @@ #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \ do { \ memcpy((dst), (src), (len)); \ - if (enc) \ + if (enc) { \ aes_cbc_encrypt((ctx), (iv), (dst), (len)); \ - else \ + memcpy((iv), (dst) + (len) - 16, 16); \ + } else { \ aes_cbc_decrypt((ctx), (iv), (dst), (len)); \ + memcpy(iv, (src) + (len) - 16, 16); \ + } \ } while (0) #endif /* old OPENSSL */ @@ -243,8 +251,8 @@ typedef struct CAST_KEY cast_key; AES_KEY aes_key; } u; - uint8 key[EVP_MAX_KEY_LENGTH]; - uint8 iv[EVP_MAX_IV_LENGTH]; + uint8 key[MAX_KEY]; + uint8 iv[MAX_IV]; unsigned klen; unsigned init; const struct ossl_cipher *ciph; diff --git a/contrib/pgcrypto/sha2.c b/contrib/pgcrypto/sha2.c index cb5e5944313..adabdea1396 100644 --- a/contrib/pgcrypto/sha2.c +++ b/contrib/pgcrypto/sha2.c @@ -33,7 +33,7 @@ * * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ * - * $PostgreSQL: pgsql/contrib/pgcrypto/sha2.c,v 1.3 2005/07/11 15:40:38 tgl Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/sha2.c,v 1.4 2005/07/12 20:27:42 tgl Exp $ */ #include "postgres.h" @@ -170,7 +170,7 @@ void SHA512_Transform(SHA512_CTX *, const uint8 *); /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ /* Hash constant words K for SHA-256: */ -const static uint32 K256[64] = { +static const uint32 K256[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, @@ -190,7 +190,7 @@ const static uint32 K256[64] = { }; /* Initial hash value H for SHA-256: */ -const static uint32 sha256_initial_hash_value[8] = { +static const uint32 sha256_initial_hash_value[8] = { 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, @@ -202,7 +202,7 @@ const static uint32 sha256_initial_hash_value[8] = { }; /* Hash constant words K for SHA-384 and SHA-512: */ -const static uint64 K512[80] = { +static const uint64 K512[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, @@ -246,7 +246,7 @@ const static uint64 K512[80] = { }; /* Initial hash value H for SHA-384 */ -const static uint64 sha384_initial_hash_value[8] = { +static const uint64 sha384_initial_hash_value[8] = { 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, @@ -258,7 +258,7 @@ const static uint64 sha384_initial_hash_value[8] = { }; /* Initial hash value H for SHA-512 */ -const static uint64 sha512_initial_hash_value[8] = { +static const uint64 sha512_initial_hash_value[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, diff --git a/contrib/pgcrypto/sql/3des.sql b/contrib/pgcrypto/sql/3des.sql index 7e20aff5c07..99b936fa145 100644 --- a/contrib/pgcrypto/sql/3des.sql +++ b/contrib/pgcrypto/sql/3des.sql @@ -24,3 +24,7 @@ select decrypt(encrypt('foo', '0123456', '3des'), '0123456', '3des'); select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex'); select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', '3des'); +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), 'hex'); +select decrypt(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), '0123456789012345678901', '3des'); + diff --git a/contrib/pgcrypto/sql/blowfish.sql b/contrib/pgcrypto/sql/blowfish.sql index 565282cb0f3..c0383f54218 100644 --- a/contrib/pgcrypto/sql/blowfish.sql +++ b/contrib/pgcrypto/sql/blowfish.sql @@ -85,3 +85,7 @@ select decrypt(encrypt('foo', '0123456', 'bf'), '0123456', 'bf'); select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex'); select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf'); +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 'hex'); +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), '0123456789', 'bf'); + diff --git a/contrib/pgcrypto/sql/cast5.sql b/contrib/pgcrypto/sql/cast5.sql index 553ae4f0f2a..0761f34e758 100644 --- a/contrib/pgcrypto/sql/cast5.sql +++ b/contrib/pgcrypto/sql/cast5.sql @@ -40,3 +40,7 @@ select encode(encrypt_iv('foo', '0123456', 'abcd', 'cast5'), 'hex'); select decrypt_iv(decode('384a970695ce016a', 'hex'), '0123456', 'abcd', 'cast5'); +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 'hex'); +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), '0123456789', 'cast5'); + diff --git a/contrib/pgcrypto/sql/des.sql b/contrib/pgcrypto/sql/des.sql index 3b55ca5e3a6..179bd83ba91 100644 --- a/contrib/pgcrypto/sql/des.sql +++ b/contrib/pgcrypto/sql/des.sql @@ -22,3 +22,7 @@ select decrypt(encrypt('foo', '0123456', 'des'), '0123456', 'des'); select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex'); select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des'); +-- long message +select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 'hex'); +select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), '01234567', 'des'); + diff --git a/contrib/pgcrypto/sql/rijndael.sql b/contrib/pgcrypto/sql/rijndael.sql index c609a635df5..4d6af0ffaa2 100644 --- a/contrib/pgcrypto/sql/rijndael.sql +++ b/contrib/pgcrypto/sql/rijndael.sql @@ -56,3 +56,7 @@ select encode(encrypt_iv('foo', '0123456', 'abcd', 'aes'), 'hex'); select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'), '0123456', 'abcd', 'aes'); +-- long message +select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 'hex'); +select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), '0123456789', 'aes'); +