Re: [PATCHES] pgcrypto: OpenSSL/DES cleanup

2005-07-10 Thread Bruce Momjian 

Patch applied.  Thanks.

---


Marko Kreen wrote:
> As Kris Jurka found out, pgcrypto does not work with
> OpenSSL 0.9.6x.  The DES functions use the older 'des_'
> API, but the newer 3DES functions use the 0.9.7x-only
> 'DES_' API.
> 
> I think I just used /usr/include/openssl/des.h for reference
> when implementing them, and had upgraded OpenSSL in the
> meantime.
> 
> Following patch converts DES also to newer API and provides
> compatibility functions for OpenSSL < 0.9.7.
> 
> I chose this route because:
> 
> - openssl.c uses few DES functions.
> - compatibility for old 'des_' API is going away at some point
>   of time from OpenSSL.
> - as seen from macros, new API is saner
> - Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0
> 
> Tested with OpenSSL 0.9.6c and 0.9.7e.
> 
> -- 
> marko
> 
> PS. It's nice to see that the 'autoconfiguration' already pays
> back.
> 

[ Attachment, skipping... ]

> 
> ---(end of broadcast)---
> TIP 9: In versions below 8.0, the planner will ignore your desire to
>choose an index scan if your joining column's datatypes do not
>match

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  pgman@candle.pha.pa.us   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [PATCHES] pgcrypto: OpenSSL/DES cleanup

2005-07-07 Thread Michael Fuhr 
On Thu, Jul 07, 2005 at 12:25:53PM +0300, Marko Kreen wrote:
> 
> Tested with OpenSSL 0.9.6c and 0.9.7e.

I just applied this patch to my system running HEAD and OpenSSL 0.9.8;
all regression tests passed.

BTW, OpenSSL 0.9.8 has been released:

http://www.mail-archive.com/openssl-announce@openssl.org/msg00063.html

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq

[PATCHES] pgcrypto: OpenSSL/DES cleanup

2005-07-07 Thread Marko Kreen 
As Kris Jurka found out, pgcrypto does not work with
OpenSSL 0.9.6x.  The DES functions use the older 'des_'
API, but the newer 3DES functions use the 0.9.7x-only
'DES_' API.

I think I just used /usr/include/openssl/des.h for reference
when implementing them, and had upgraded OpenSSL in the
meantime.

Following patch converts DES also to newer API and provides
compatibility functions for OpenSSL < 0.9.7.

I chose this route because:

- openssl.c uses few DES functions.
- compatibility for old 'des_' API is going away at some point
  of time from OpenSSL.
- as seen from macros, new API is saner
- Thus pgcrypto supports any OpenSSL version from 0.9.5 to 1.0

Tested with OpenSSL 0.9.6c and 0.9.7e.

-- 
marko

PS. It's nice to see that the 'autoconfiguration' already pays
back.

Index: contrib/pgcrypto/openssl.c
===
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.20
diff -u -c -r1.20 openssl.c
*** contrib/pgcrypto/openssl.c  5 Jul 2005 18:15:36 -   1.20
--- contrib/pgcrypto/openssl.c  7 Jul 2005 09:18:37 -
***
*** 48,53 
--- 48,73 
  #endif
  
  /*
+  * Compatibility with older OpenSSL API for DES.
+  */
+ #if OPENSSL_VERSION_NUMBER < 0x00907000L
+ #define DES_key_schedule des_key_schedule
+ #define DES_cblock des_cblock
+ #define DES_set_key(k, ks) \
+   des_set_key((k), *(ks))
+ #define DES_ecb_encrypt(i, o, k, e) \
+   des_ecb_encrypt((i), (o), *(k), (e))
+ #define DES_ncbc_encrypt(i, o, l, k, iv, e) \
+   des_ncbc_encrypt((i), (o), (l), *(k), (iv), (e))
+ #define DES_ecb3_encrypt(i, o, k1, k2, k3, e) \
+   des_ecb3_encrypt((des_cblock *)(i), (des_cblock *)(o), \
+   *(k1), *(k2), *(k3), (e))
+ #define DES_ede3_cbc_encrypt(i, o, l, k1, k2, k3, iv, e) \
+   des_ede3_cbc_encrypt((i), (o), \
+   (l), *(k1), *(k2), *(k3), (iv), (e))
+ #endif
+ 
+ /*
   * Hashes
   */
  static unsigned
***
*** 175,185 
}   bf;
struct
{
!   des_key_schedule key_schedule;
}   des;
struct
{
!   des_key_schedule k1, k2, k3;
}   des3;
CAST_KEYcast_key;
  #ifdef GOT_AES
--- 195,205 
}   bf;
struct
{
!   DES_key_schedule key_schedule;
}   des;
struct
{
!   DES_key_schedule k1, k2, k3;
}   des3;
CAST_KEYcast_key;
  #ifdef GOT_AES
***
*** 315,325 
  ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
  {
ossldata   *od = c->ptr;
!   des_cblock  xkey;
  
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
!   des_set_key(&xkey, od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
  
if (iv)
--- 335,345 
  ossl_des_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
  {
ossldata   *od = c->ptr;
!   DES_cblock  xkey;
  
memset(&xkey, 0, sizeof(xkey));
memcpy(&xkey, key, klen > 8 ? 8 : klen);
!   DES_set_key(&xkey, &od->u.des.key_schedule);
memset(&xkey, 0, sizeof(xkey));
  
if (iv)
***
*** 338,346 
ossldata   *od = c->ptr;
  
for (i = 0; i < dlen / bs; i++)
!   des_ecb_encrypt((des_cblock *) (data + i * bs),
!   (des_cblock *) (res + i * bs),
!   od->u.des.key_schedule, 1);
return 0;
  }
  
--- 358,366 
ossldata   *od = c->ptr;
  
for (i = 0; i < dlen / bs; i++)
!   DES_ecb_encrypt((DES_cblock *) (data + i * bs),
!   (DES_cblock *) (res + i * bs),
!   &od->u.des.key_schedule, 1);
return 0;
  }
  
***
*** 353,361 
ossldata   *od = c->ptr;
  
for (i = 0; i < dlen / bs; i++)
!   des_ecb_encrypt((des_cblock *) (data + i * bs),
!   (des_cblock *) (res + i * bs),
!   od->u.des.key_schedule, 0);
return 0;
  }
  
--- 373,381 
ossldata   *od = c->ptr;
  
for (i = 0; i < dlen / bs; i++)
!   DES_ecb_encrypt((DES_cblock *) (data + i * bs),
!   (DES_cblock *) (res + i * bs),
!   &od->u.des.key_schedule, 0);
return