As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x. The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_' API.
I think I just used /usr/include/openssl/des.h for reference
when implementing them, and had upgraded OpenSSL in the
meantime.
Following patch converts DES also to newer API and provides
compatibility functions for OpenSSL < 0.9.7.
I chose this route because:
- openssl.c uses few DES functions.
- compatibility for old 'des_' API is going away at some point
of time from OpenSSL.
- as seen from macros, new API is saner
- Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0
Tested with OpenSSL 0.9.6c and 0.9.7e.
--
marko
PS. It's nice to see that the 'autoconfiguration' already pays
back.
Index: contrib/pgcrypto/openssl.c
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.20
diff -u -c -r1.20 openssl.c
*** contrib/pgcrypto/openssl.c 5 Jul 2005 18:15:36 -0000 1.20
--- contrib/pgcrypto/openssl.c 7 Jul 2005 09:18:37 -0000
***************
*** 48,53 ****
--- 48,73 ----
#endif
/*
+ * Compatibility with older OpenSSL API for DES.
+ */
+ #if OPENSSL_VERSION_NUMBER < 0x00907000L
+ #define DES_key_schedule des_key_schedule
+ #define DES_cblock des_cblock
+ #define DES_set_key(k, ks) \
+ des_set_key((k), *(ks))
+ #define DES_ecb_encrypt(i, o, k, e) \
+ des_ecb_encrypt((i), (o), *(k), (e))
+ #define DES_ncbc_encrypt(i, o, l, k, iv, e) \
+ des_ncbc_encrypt((i), (o), (l), *(k), (iv), (e))
+ #define DES_ecb3_encrypt(i, o, k1, k2, k3, e) \
+ des_ecb3_encrypt((des_cblock *)(i), (des_cblock *)(o), \
+ *(k1), *(k2), *(k3), (e))
+ #define DES_ede3_cbc_encrypt(i, o, l, k1, k2, k3, iv, e) \
+ des_ede3_cbc_encrypt((i), (o), \
+ (l), *(k1), *(k2), *(k3), (iv), (e))
+ #endif
+
+ /*
* Hashes
*/
static unsigned
***************
*** 175,185 ****
} bf;
struct
{
! des_key_schedule key_schedule;
} des;
struct
{
! des_key_schedule k1, k2, k3;
} des3;
CAST_KEY cast_key;
#ifdef GOT_AES
--- 195,205 ----
} bf;
struct
{
! DES_key_schedule key_schedule;
} des;
struct
{
! DES_key_schedule k1, k2, k3;
} des3;
CAST_KEY cast_key;
#ifdef GOT_AES
***************
*** 315,325 ****
ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
{
ossldata *od = c->ptr;
! des_cblock xkey;
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
! des_set_key(&xkey, od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
if (iv)
--- 335,345 ----
ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
{
ossldata *od = c->ptr;
! DES_cblock xkey;
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
! DES_set_key(&xkey, &od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
if (iv)
***************
*** 338,346 ****
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! des_ecb_encrypt((des_cblock *) (data + i * bs),
! (des_cblock *) (res + i * bs),
! od->u.des.key_schedule, 1);
return 0;
}
--- 358,366 ----
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! DES_ecb_encrypt((DES_cblock *) (data + i * bs),
! (DES_cblock *) (res + i * bs),
! &od->u.des.key_schedule, 1);
return 0;
}
***************
*** 353,361 ****
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! des_ecb_encrypt((des_cblock *) (data + i * bs),
! (des_cblock *) (res + i * bs),
! od->u.des.key_schedule, 0);
return 0;
}
--- 373,381 ----
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! DES_ecb_encrypt((DES_cblock *) (data + i * bs),
! (DES_cblock *) (res + i * bs),
! &od->u.des.key_schedule, 0);
return 0;
}
***************
*** 365,372 ****
{
ossldata *od = c->ptr;
! des_ncbc_encrypt(data, res, dlen, od->u.des.key_schedule,
! (des_cblock *) od->iv, 1);
return 0;
}
--- 385,392 ----
{
ossldata *od = c->ptr;
! DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
! (DES_cblock *) od->iv, 1);
return 0;
}
***************
*** 376,383 ****
{
ossldata *od = c->ptr;
! des_ncbc_encrypt(data, res, dlen, od->u.des.key_schedule,
! (des_cblock *) od->iv, 0);
return 0;
}
--- 396,403 ----
{
ossldata *od = c->ptr;
! DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
! (DES_cblock *) od->iv, 0);
return 0;
}
***************
*** 387,393 ****
ossl_des3_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8
*iv)
{
ossldata *od = c->ptr;
! des_cblock xkey1,
xkey2,
xkey3;
--- 407,413 ----
ossl_des3_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8
*iv)
{
ossldata *od = c->ptr;
! DES_cblock xkey1,
xkey2,
xkey3;
***************
*** 450,456 ****
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1,
&od->u.des3.k2, &od->u.des3.k3,
! (des_cblock *) od->iv, 1);
return 0;
}
--- 470,476 ----
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1,
&od->u.des3.k2, &od->u.des3.k3,
! (DES_cblock *) od->iv, 1);
return 0;
}
***************
*** 462,468 ****
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1,
&od->u.des3.k2, &od->u.des3.k3,
! (des_cblock *) od->iv, 0);
return 0;
}
--- 482,488 ----
DES_ede3_cbc_encrypt(data, res, dlen,
&od->u.des3.k1,
&od->u.des3.k2, &od->u.des3.k3,
! (DES_cblock *) od->iv, 0);
return 0;
}
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
