Add support for AES cipher with older OpenSSL libraries.

Marko Kreen

diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index 3c3c7bda70fe60004c1ec684ba5ab5671455f391..7381b800a4bb4ff9416f54e492b0ffbe803231bf 100644 (file)
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.22 2005/07/10 13:54:34 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.23 2005/07/11 14:38:05 tgl Exp $
  */
 
 #include <postgres.h>
@@ -44,11 +44,47 @@
 /*
  * Does OpenSSL support AES? 
  */
-#undef GOT_AES
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
-#define GOT_AES
+
+/* Yes, it does. */
 #include <openssl/aes.h>
-#endif
+
+#else  /* old OPENSSL */
+
+/*
+ * No, it does not.  So use included rijndael code to emulate it.
+ */
+#include "rijndael.c"
+
+#define AES_ENCRYPT 1
+#define AES_DECRYPT 0
+#define AES_KEY                rijndael_ctx
+
+#define AES_set_encrypt_key(key, kbits, ctx) \
+               aes_set_key((ctx), (key), (kbits), 1)
+
+#define AES_set_decrypt_key(key, kbits, ctx) \
+               aes_set_key((ctx), (key), (kbits), 0)
+
+#define AES_ecb_encrypt(src, dst, ctx, enc) \
+       do { \
+               memcpy((dst), (src), 16); \
+               if (enc) \
+                       aes_ecb_encrypt((ctx), (dst), 16); \
+               else \
+                       aes_ecb_decrypt((ctx), (dst), 16); \
+       } while (0)
+
+#define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
+       do { \
+               memcpy((dst), (src), (len)); \
+               if (enc) \
+                       aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
+               else \
+                       aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+       } while (0)
+
+#endif /* old OPENSSL */
 
 /*
  * Compatibility with older OpenSSL API for DES.
@@ -205,9 +241,7 @@ typedef struct
                        DES_key_schedule k1, k2, k3;
                }                       des3;
                CAST_KEY        cast_key;
-#ifdef GOT_AES
                AES_KEY         aes_key;
-#endif
        }                       u;
        uint8           key[EVP_MAX_KEY_LENGTH];
        uint8           iv[EVP_MAX_IV_LENGTH];
@@ -549,8 +583,6 @@ ossl_cast_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *re
 
 /* AES */
 
-#ifdef GOT_AES
-
 static int
 ossl_aes_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
 {
@@ -642,7 +674,6 @@ ossl_aes_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
        AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
        return 0;
 }
-#endif
 
 /*
  * aliases
@@ -711,7 +742,6 @@ static const struct ossl_cipher ossl_cast_cbc = {
        64 / 8, 128 / 8, 0
 };
 
-#ifdef GOT_AES
 static const struct ossl_cipher ossl_aes_ecb = {
        ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
        128 / 8, 256 / 8, 0
@@ -721,7 +751,6 @@ static const struct ossl_cipher ossl_aes_cbc = {
        ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
        128 / 8, 256 / 8, 0
 };
-#endif
 
 /*
  * Special handlers
@@ -742,10 +771,8 @@ static const struct ossl_cipher_lookup ossl_cipher_types[] = {
        {"des3-cbc", &ossl_des3_cbc},
        {"cast5-ecb", &ossl_cast_ecb},
        {"cast5-cbc", &ossl_cast_cbc},
-#ifdef GOT_AES
        {"aes-ecb", &ossl_aes_ecb},
        {"aes-cbc", &ossl_aes_cbc},
-#endif
        {NULL}
 };
 
@@ -790,7 +817,7 @@ static int  openssl_random_init = 0;
  * OpenSSL random should re-feeded occasionally. From /dev/urandom
  * preferably.
  */
-static void init_openssl_rand()
+static void init_openssl_rand(void)
 {
        if (RAND_get_rand_method() == NULL)
                RAND_set_rand_method(RAND_SSLeay());