mirror of
https://github.com/postgres/postgres.git
synced 2025-06-10 09:21:54 +03:00
e6bdfd9700
Similarly to the cryptohash implementations, this refactors the existing
HMAC code into a single set of APIs that can be plugged with any crypto
libraries PostgreSQL is built with (only OpenSSL currently). If there
is no such libraries, a fallback implementation is available. Those new
APIs are designed similarly to the existing cryptohash layer, so there
is no real new design here, with the same logic around buffer bound
checks and memory handling.
HMAC has a dependency on cryptohashes, so all the cryptohash types
supported by cryptohash{_openssl}.c can be used with HMAC. This
refactoring is an advantage mainly for SCRAM, that included its own
implementation of HMAC with SHA256 without relying on the existing
crypto libraries even if PostgreSQL was built with their support.
This code has been tested on Windows and Linux, with and without
OpenSSL, across all the versions supported on HEAD from 1.1.1 down to
1.0.1. I have also checked that the implementations are working fine
using some sample results, a custom extension of my own, and doing
cross-checks across different major versions with SCRAM with the client
and the backend.
Author: Michael Paquier
Reviewed-by: Bruce Momjian
Discussion: https://postgr.es/m/X9m0nkEJEzIPXjeZ@paquier.xyz
35 lines
1.1 KiB
C
35 lines
1.1 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* md5.h
|
|
* Constants and common utilities related to MD5.
|
|
*
|
|
* These definitions are needed by both frontend and backend code to work
|
|
* with MD5-encrypted passwords.
|
|
*
|
|
* Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/include/common/md5.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef PG_MD5_H
|
|
#define PG_MD5_H
|
|
|
|
/* Size of result generated by MD5 computation */
|
|
#define MD5_DIGEST_LENGTH 16
|
|
/* Block size for MD5 */
|
|
#define MD5_BLOCK_SIZE 64
|
|
|
|
/* password-related data */
|
|
#define MD5_PASSWD_CHARSET "0123456789abcdef"
|
|
#define MD5_PASSWD_LEN 35
|
|
|
|
/* Utilities common to all the MD5 implementations, as of md5_common.c */
|
|
extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum);
|
|
extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf);
|
|
extern bool pg_md5_encrypt(const char *passwd, const char *salt,
|
|
size_t salt_len, char *buf);
|
|
|
|
#endif /* PG_MD5_H */
|