As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x. The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_' API.
I think I just used /usr/include/openssl/des.h for reference
when implementing them, and had upgraded OpenSSL in the
meantime.
Following patch converts DES also to newer API and provides
compatibility functions for OpenSSL < 0.9.7.
I chose this route because:
- openssl.c uses few DES functions.
- compatibility for old 'des_' API is going away at some point
of time from OpenSSL.
- as seen from macros, new API is saner
- Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0
Tested with OpenSSL 0.9.6c and 0.9.7e.
--
marko
PS. It's nice to see that the 'autoconfiguration' already pays
back.
Index: contrib/pgcrypto/openssl.c
===
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.20
diff -u -c -r1.20 openssl.c
*** contrib/pgcrypto/openssl.c 5 Jul 2005 18:15:36 - 1.20
--- contrib/pgcrypto/openssl.c 7 Jul 2005 09:18:37 -
***
*** 48,53
--- 48,73
#endif
/*
+ * Compatibility with older OpenSSL API for DES.
+ */
+ #if OPENSSL_VERSION_NUMBER < 0x00907000L
+ #define DES_key_schedule des_key_schedule
+ #define DES_cblock des_cblock
+ #define DES_set_key(k, ks) \
+ des_set_key((k), *(ks))
+ #define DES_ecb_encrypt(i, o, k, e) \
+ des_ecb_encrypt((i), (o), *(k), (e))
+ #define DES_ncbc_encrypt(i, o, l, k, iv, e) \
+ des_ncbc_encrypt((i), (o), (l), *(k), (iv), (e))
+ #define DES_ecb3_encrypt(i, o, k1, k2, k3, e) \
+ des_ecb3_encrypt((des_cblock *)(i), (des_cblock *)(o), \
+ *(k1), *(k2), *(k3), (e))
+ #define DES_ede3_cbc_encrypt(i, o, l, k1, k2, k3, iv, e) \
+ des_ede3_cbc_encrypt((i), (o), \
+ (l), *(k1), *(k2), *(k3), (iv), (e))
+ #endif
+
+ /*
* Hashes
*/
static unsigned
***
*** 175,185
} bf;
struct
{
! des_key_schedule key_schedule;
} des;
struct
{
! des_key_schedule k1, k2, k3;
} des3;
CAST_KEYcast_key;
#ifdef GOT_AES
--- 195,205
} bf;
struct
{
! DES_key_schedule key_schedule;
} des;
struct
{
! DES_key_schedule k1, k2, k3;
} des3;
CAST_KEYcast_key;
#ifdef GOT_AES
***
*** 315,325
ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
{
ossldata *od = c->ptr;
! des_cblock xkey;
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
! des_set_key(&xkey, od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
if (iv)
--- 335,345
ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
{
ossldata *od = c->ptr;
! DES_cblock xkey;
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
! DES_set_key(&xkey, &od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
if (iv)
***
*** 338,346
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! des_ecb_encrypt((des_cblock *) (data + i * bs),
! (des_cblock *) (res + i * bs),
! od->u.des.key_schedule, 1);
return 0;
}
--- 358,366
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! DES_ecb_encrypt((DES_cblock *) (data + i * bs),
! (DES_cblock *) (res + i * bs),
! &od->u.des.key_schedule, 1);
return 0;
}
***
*** 353,361
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! des_ecb_encrypt((des_cblock *) (data + i * bs),
! (des_cblock *) (res + i * bs),
! od->u.des.key_schedule, 0);
return 0;
}
--- 373,381
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
! DES_ecb_encrypt((DES_cblock *) (data + i * bs),
! (DES_cblock *) (res + i * bs),
! &od->u.des.key_schedule, 0);
return