mirror of
https://github.com/pgbackrest/pgbackrest.git
synced 2024-12-12 10:04:14 +02:00
Remove allocations from common crypto module.
The allocations are better done with a struct and Buffer object.
This commit is contained in:
parent
84ca7b9b27
commit
047472144b
@ -35,8 +35,7 @@ typedef struct CipherBlock
|
||||
bool raw; // Omit header magic to save space
|
||||
bool saltDone; // Has the salt been read/generated?
|
||||
bool processDone; // Has any data been processed?
|
||||
size_t passSize; // Size of passphrase in bytes
|
||||
unsigned char *pass; // Passphrase used to generate encryption key
|
||||
const Buffer *pass; // Passphrase used to generate encryption key
|
||||
size_t headerSize; // Size of header read during decrypt
|
||||
unsigned char header[CIPHER_BLOCK_HEADER_SIZE]; // Buffer to hold partial header during decrypt
|
||||
const EVP_CIPHER *cipher; // Cipher object
|
||||
@ -185,8 +184,7 @@ cipherBlockProcessBlock(CipherBlock *this, const unsigned char *source, size_t s
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char initVector[EVP_MAX_IV_LENGTH];
|
||||
|
||||
EVP_BytesToKey(
|
||||
this->cipher, this->digest, salt, (unsigned char *)this->pass, (int)this->passSize, 1, key, initVector);
|
||||
EVP_BytesToKey(this->cipher, this->digest, salt, bufPtrConst(this->pass), (int)bufSize(this->pass), 1, key, initVector);
|
||||
|
||||
// Create context to track cipher
|
||||
cryptoError(!(this->cipherContext = EVP_CIPHER_CTX_new()), "unable to create context");
|
||||
@ -423,7 +421,7 @@ cipherBlockNew(const CipherMode mode, const CipherType cipherType, const Buffer
|
||||
if (!digest)
|
||||
THROW_FMT(AssertError, "unable to load digest '%s'", strZ(param.digest));
|
||||
|
||||
OBJ_NEW_BEGIN(CipherBlock, .childQty = MEM_CONTEXT_QTY_MAX, .allocQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
|
||||
OBJ_NEW_BEGIN(CipherBlock, .childQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
|
||||
{
|
||||
*this = (CipherBlock)
|
||||
{
|
||||
@ -431,12 +429,8 @@ cipherBlockNew(const CipherMode mode, const CipherType cipherType, const Buffer
|
||||
.raw = param.raw,
|
||||
.cipher = cipher,
|
||||
.digest = digest,
|
||||
.passSize = bufUsed(pass),
|
||||
.pass = bufDup(pass),
|
||||
};
|
||||
|
||||
// Store the passphrase
|
||||
this->pass = memNew(this->passSize);
|
||||
memcpy(this->pass, bufPtrConst(pass), this->passSize);
|
||||
}
|
||||
OBJ_NEW_END();
|
||||
|
||||
|
@ -39,7 +39,7 @@ typedef struct CryptoHash
|
||||
{
|
||||
const EVP_MD *hashType; // Hash type (sha1, md5, etc.)
|
||||
EVP_MD_CTX *hashContext; // Message hash context
|
||||
MD5_CTX *md5Context; // MD5 context (used to bypass FIPS restrictions)
|
||||
MD5_CTX md5Context; // MD5 context (used to bypass FIPS restrictions)
|
||||
Buffer *hash; // Hash in binary form
|
||||
} CryptoHash;
|
||||
|
||||
@ -94,7 +94,7 @@ cryptoHashProcess(THIS_VOID, const Buffer *message)
|
||||
}
|
||||
// Else local MD5 implementation
|
||||
else
|
||||
MD5_Update(this->md5Context, bufPtrConst(message), bufUsed(message));
|
||||
MD5_Update(&this->md5Context, bufPtrConst(message), bufUsed(message));
|
||||
|
||||
FUNCTION_LOG_RETURN_VOID();
|
||||
}
|
||||
@ -125,7 +125,7 @@ cryptoHash(CryptoHash *this)
|
||||
else
|
||||
{
|
||||
this->hash = bufNew(HASH_TYPE_M5_SIZE);
|
||||
MD5_Final(bufPtr(this->hash), this->md5Context);
|
||||
MD5_Final(bufPtr(this->hash), &this->md5Context);
|
||||
}
|
||||
|
||||
bufUsedSet(this->hash, bufSize(this->hash));
|
||||
@ -179,7 +179,7 @@ cryptoHashNew(const HashType type)
|
||||
// Init crypto subsystem
|
||||
cryptoInit();
|
||||
|
||||
OBJ_NEW_BEGIN(CryptoHash, .childQty = MEM_CONTEXT_QTY_MAX, .allocQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
|
||||
OBJ_NEW_BEGIN(CryptoHash, .childQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
|
||||
{
|
||||
*this = (CryptoHash){0};
|
||||
|
||||
@ -188,9 +188,7 @@ cryptoHashNew(const HashType type)
|
||||
// MD5 for verifying payload integrity we are simply forced to provide MD5 functionality.
|
||||
if (type == hashTypeMd5)
|
||||
{
|
||||
this->md5Context = memNew(sizeof(MD5_CTX));
|
||||
|
||||
MD5_Init(this->md5Context);
|
||||
MD5_Init(&this->md5Context);
|
||||
}
|
||||
// Else use the standard OpenSSL implementation
|
||||
else
|
||||
|
@ -85,8 +85,8 @@ testRun(void)
|
||||
CipherBlock *cipherBlock = (CipherBlock *)ioFilterDriver(
|
||||
cipherBlockNewP(cipherModeEncrypt, cipherTypeAes256Cbc, BUFSTRZ(TEST_PASS)));
|
||||
TEST_RESULT_INT(cipherBlock->mode, cipherModeEncrypt, "mode is valid");
|
||||
TEST_RESULT_UINT(cipherBlock->passSize, strlen(TEST_PASS), "passphrase size is valid");
|
||||
TEST_RESULT_BOOL(memcmp(cipherBlock->pass, TEST_PASS, strlen(TEST_PASS)) == 0, true, "passphrase is valid");
|
||||
TEST_RESULT_UINT(bufSize(cipherBlock->pass), strlen(TEST_PASS), "passphrase size is valid");
|
||||
TEST_RESULT_BOOL(memcmp(bufPtrConst(cipherBlock->pass), TEST_PASS, strlen(TEST_PASS)) == 0, true, "passphrase is valid");
|
||||
TEST_RESULT_BOOL(cipherBlock->saltDone, false, "salt done is false");
|
||||
TEST_RESULT_BOOL(cipherBlock->processDone, false, "process done is false");
|
||||
TEST_RESULT_UINT(cipherBlock->headerSize, 0, "header size is 0");
|
||||
@ -374,7 +374,7 @@ testRun(void)
|
||||
TEST_TITLE("md5 hash - > 0x1fffffff bytes");
|
||||
|
||||
TEST_ASSIGN(hash, cryptoHashNew(hashTypeMd5), "create md5 hash");
|
||||
((CryptoHash *)ioFilterDriver(hash))->md5Context->lo = 0x1fffffff;
|
||||
((CryptoHash *)ioFilterDriver(hash))->md5Context.lo = 0x1fffffff;
|
||||
|
||||
TEST_RESULT_VOID(ioFilterProcessIn(hash, BUFSTRZ("1")), "add 1");
|
||||
TEST_RESULT_STR_Z(
|
||||
|
Loading…
Reference in New Issue
Block a user