diff options
| author | Peter Eisentraut | 2022-03-22 07:51:05 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2022-03-22 07:58:44 +0000 |
| commit | f5576a21b0778f275d7418f6f7a44d9400ee90aa (patch) | |
| tree | caa2d5c08c8d5f6cb8786119a6a86682078be076 /contrib/pgcrypto/px.h | |
| parent | 9ca234bae79358a24de2a8dc1ec8024656ca66a4 (diff) | |
pgcrypto: Remove internal padding implementation
Use the padding provided by OpenSSL instead of doing it ourselves.
The internal implementation was once applicable to the non-OpenSSL
code paths, but those have since been removed. The padding algorithm
is still the same.
The OpenSSL padding implementation is stricter than the previous
internal one: Bad padding during decryption is now an error, and
encryption without padding now requires the input size to be a
multiple of the block size, otherwise it is also an error.
Previously, these cases silently proceeded, in spite of the
documentation saying otherwise.
Add some test cases about this, too. (The test cases are in
rijndael.sql, but they apply to all encryption algorithms.)
Reviewed-by: Jacob Champion <pchampion@vmware.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/ba94c26b-0c58-c97e-7a44-f44e08b4cca2%40enterprisedb.com
Diffstat (limited to 'contrib/pgcrypto/px.h')
| -rw-r--r-- | contrib/pgcrypto/px.h | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h index eef49a8b766..f175862f8e0 100644 --- a/contrib/pgcrypto/px.h +++ b/contrib/pgcrypto/px.h @@ -47,7 +47,7 @@ #define PXE_ERR_GENERIC -1 #define PXE_NO_HASH -2 #define PXE_NO_CIPHER -3 -#define PXE_NOTBLOCKSIZE -4 +/* -4 is unused */ #define PXE_BAD_OPTION -5 #define PXE_BAD_FORMAT -6 #define PXE_KEY_TOO_BIG -7 @@ -144,8 +144,8 @@ struct px_cipher unsigned (*iv_size) (PX_Cipher *c); int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv); - int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res); - int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res); + int (*encrypt) (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen); + int (*decrypt) (PX_Cipher *c, int padding, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen); void (*free) (PX_Cipher *c); /* private */ void *ptr; @@ -208,10 +208,10 @@ void px_debug(const char *fmt,...) pg_attribute_printf(1, 2); #define px_cipher_block_size(c) (c)->block_size(c) #define px_cipher_iv_size(c) (c)->iv_size(c) #define px_cipher_init(c, k, klen, iv) (c)->init(c, k, klen, iv) -#define px_cipher_encrypt(c, data, dlen, res) \ - (c)->encrypt(c, data, dlen, res) -#define px_cipher_decrypt(c, data, dlen, res) \ - (c)->decrypt(c, data, dlen, res) +#define px_cipher_encrypt(c, padding, data, dlen, res, rlen) \ + (c)->encrypt(c, padding, data, dlen, res, rlen) +#define px_cipher_decrypt(c, padding, data, dlen, res, rlen) \ + (c)->decrypt(c, padding, data, dlen, res, rlen) #define px_cipher_free(c) (c)->free(c) |