1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-12 10:04:14 +02:00

Remove allocations from common crypto module.

The allocations are better done with a struct and Buffer object.
This commit is contained in:
David Steele 2023-03-30 14:42:20 +05:00
parent 84ca7b9b27
commit 047472144b
3 changed files with 12 additions and 20 deletions

View File

@ -35,8 +35,7 @@ typedef struct CipherBlock
bool raw; // Omit header magic to save space
bool saltDone; // Has the salt been read/generated?
bool processDone; // Has any data been processed?
size_t passSize; // Size of passphrase in bytes
unsigned char *pass; // Passphrase used to generate encryption key
const Buffer *pass; // Passphrase used to generate encryption key
size_t headerSize; // Size of header read during decrypt
unsigned char header[CIPHER_BLOCK_HEADER_SIZE]; // Buffer to hold partial header during decrypt
const EVP_CIPHER *cipher; // Cipher object
@ -185,8 +184,7 @@ cipherBlockProcessBlock(CipherBlock *this, const unsigned char *source, size_t s
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char initVector[EVP_MAX_IV_LENGTH];
EVP_BytesToKey(
this->cipher, this->digest, salt, (unsigned char *)this->pass, (int)this->passSize, 1, key, initVector);
EVP_BytesToKey(this->cipher, this->digest, salt, bufPtrConst(this->pass), (int)bufSize(this->pass), 1, key, initVector);
// Create context to track cipher
cryptoError(!(this->cipherContext = EVP_CIPHER_CTX_new()), "unable to create context");
@ -423,7 +421,7 @@ cipherBlockNew(const CipherMode mode, const CipherType cipherType, const Buffer
if (!digest)
THROW_FMT(AssertError, "unable to load digest '%s'", strZ(param.digest));
OBJ_NEW_BEGIN(CipherBlock, .childQty = MEM_CONTEXT_QTY_MAX, .allocQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
OBJ_NEW_BEGIN(CipherBlock, .childQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
{
*this = (CipherBlock)
{
@ -431,12 +429,8 @@ cipherBlockNew(const CipherMode mode, const CipherType cipherType, const Buffer
.raw = param.raw,
.cipher = cipher,
.digest = digest,
.passSize = bufUsed(pass),
.pass = bufDup(pass),
};
// Store the passphrase
this->pass = memNew(this->passSize);
memcpy(this->pass, bufPtrConst(pass), this->passSize);
}
OBJ_NEW_END();

View File

@ -39,7 +39,7 @@ typedef struct CryptoHash
{
const EVP_MD *hashType; // Hash type (sha1, md5, etc.)
EVP_MD_CTX *hashContext; // Message hash context
MD5_CTX *md5Context; // MD5 context (used to bypass FIPS restrictions)
MD5_CTX md5Context; // MD5 context (used to bypass FIPS restrictions)
Buffer *hash; // Hash in binary form
} CryptoHash;
@ -94,7 +94,7 @@ cryptoHashProcess(THIS_VOID, const Buffer *message)
}
// Else local MD5 implementation
else
MD5_Update(this->md5Context, bufPtrConst(message), bufUsed(message));
MD5_Update(&this->md5Context, bufPtrConst(message), bufUsed(message));
FUNCTION_LOG_RETURN_VOID();
}
@ -125,7 +125,7 @@ cryptoHash(CryptoHash *this)
else
{
this->hash = bufNew(HASH_TYPE_M5_SIZE);
MD5_Final(bufPtr(this->hash), this->md5Context);
MD5_Final(bufPtr(this->hash), &this->md5Context);
}
bufUsedSet(this->hash, bufSize(this->hash));
@ -179,7 +179,7 @@ cryptoHashNew(const HashType type)
// Init crypto subsystem
cryptoInit();
OBJ_NEW_BEGIN(CryptoHash, .childQty = MEM_CONTEXT_QTY_MAX, .allocQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
OBJ_NEW_BEGIN(CryptoHash, .childQty = MEM_CONTEXT_QTY_MAX, .callbackQty = 1)
{
*this = (CryptoHash){0};
@ -188,9 +188,7 @@ cryptoHashNew(const HashType type)
// MD5 for verifying payload integrity we are simply forced to provide MD5 functionality.
if (type == hashTypeMd5)
{
this->md5Context = memNew(sizeof(MD5_CTX));
MD5_Init(this->md5Context);
MD5_Init(&this->md5Context);
}
// Else use the standard OpenSSL implementation
else

View File

@ -85,8 +85,8 @@ testRun(void)
CipherBlock *cipherBlock = (CipherBlock *)ioFilterDriver(
cipherBlockNewP(cipherModeEncrypt, cipherTypeAes256Cbc, BUFSTRZ(TEST_PASS)));
TEST_RESULT_INT(cipherBlock->mode, cipherModeEncrypt, "mode is valid");
TEST_RESULT_UINT(cipherBlock->passSize, strlen(TEST_PASS), "passphrase size is valid");
TEST_RESULT_BOOL(memcmp(cipherBlock->pass, TEST_PASS, strlen(TEST_PASS)) == 0, true, "passphrase is valid");
TEST_RESULT_UINT(bufSize(cipherBlock->pass), strlen(TEST_PASS), "passphrase size is valid");
TEST_RESULT_BOOL(memcmp(bufPtrConst(cipherBlock->pass), TEST_PASS, strlen(TEST_PASS)) == 0, true, "passphrase is valid");
TEST_RESULT_BOOL(cipherBlock->saltDone, false, "salt done is false");
TEST_RESULT_BOOL(cipherBlock->processDone, false, "process done is false");
TEST_RESULT_UINT(cipherBlock->headerSize, 0, "header size is 0");
@ -374,7 +374,7 @@ testRun(void)
TEST_TITLE("md5 hash - > 0x1fffffff bytes");
TEST_ASSIGN(hash, cryptoHashNew(hashTypeMd5), "create md5 hash");
((CryptoHash *)ioFilterDriver(hash))->md5Context->lo = 0x1fffffff;
((CryptoHash *)ioFilterDriver(hash))->md5Context.lo = 0x1fffffff;
TEST_RESULT_VOID(ioFilterProcessIn(hash, BUFSTRZ("1")), "add 1");
TEST_RESULT_STR_Z(