Add support for AES cipher with older OpenSSL libraries.

Marko Kreen

diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index 3c3c7bda70fe60004c1ec684ba5ab5671455f391..7381b800a4bb4ff9416f54e492b0ffbe803231bf 100644 (file)
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.22 2005/07/10 13:54:34 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/openssl.c,v 1.23 2005/07/11 14:38:05 tgl Exp $
  */
 
 #include 
@@ -44,11 +44,47 @@
 /*
  * Does OpenSSL support AES? 
  */
-#undef GOT_AES
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
-#define GOT_AES
+
+/* Yes, it does. */
 #include 
-#endif
+
+#else  /* old OPENSSL */
+
+/*
+ * No, it does not.  So use included rijndael code to emulate it.
+ */
+#include "rijndael.c"
+
+#define AES_ENCRYPT 1
+#define AES_DECRYPT 0
+#define AES_KEY        rijndael_ctx
+
+#define AES_set_encrypt_key(key, kbits, ctx) \
+       aes_set_key((ctx), (key), (kbits), 1)
+
+#define AES_set_decrypt_key(key, kbits, ctx) \
+       aes_set_key((ctx), (key), (kbits), 0)
+
+#define AES_ecb_encrypt(src, dst, ctx, enc) \
+   do { \
+       memcpy((dst), (src), 16); \
+       if (enc) \
+           aes_ecb_encrypt((ctx), (dst), 16); \
+       else \
+           aes_ecb_decrypt((ctx), (dst), 16); \
+   } while (0)
+
+#define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
+   do { \
+       memcpy((dst), (src), (len)); \
+       if (enc) \
+           aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
+       else \
+           aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+   } while (0)
+
+#endif /* old OPENSSL */
 
 /*
  * Compatibility with older OpenSSL API for DES.
@@ -205,9 +241,7 @@ typedef struct
            DES_key_schedule k1, k2, k3;
        }           des3;
        CAST_KEY    cast_key;
-#ifdef GOT_AES
        AES_KEY     aes_key;
-#endif
    }           u;
    uint8       key[EVP_MAX_KEY_LENGTH];
    uint8       iv[EVP_MAX_IV_LENGTH];
@@ -549,8 +583,6 @@ ossl_cast_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *re
 
 /* AES */
 
-#ifdef GOT_AES
-
 static int
 ossl_aes_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
 {
@@ -642,7 +674,6 @@ ossl_aes_cbc_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen,
    AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
    return 0;
 }
-#endif
 
 /*
  * aliases
@@ -711,7 +742,6 @@ static const struct ossl_cipher ossl_cast_cbc = {
    64 / 8, 128 / 8, 0
 };
 
-#ifdef GOT_AES
 static const struct ossl_cipher ossl_aes_ecb = {
    ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
    128 / 8, 256 / 8, 0
@@ -721,7 +751,6 @@ static const struct ossl_cipher ossl_aes_cbc = {
    ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
    128 / 8, 256 / 8, 0
 };
-#endif
 
 /*
  * Special handlers
@@ -742,10 +771,8 @@ static const struct ossl_cipher_lookup ossl_cipher_types[] = {
    {"des3-cbc", &ossl_des3_cbc},
    {"cast5-ecb", &ossl_cast_ecb},
    {"cast5-cbc", &ossl_cast_cbc},
-#ifdef GOT_AES
    {"aes-ecb", &ossl_aes_ecb},
    {"aes-cbc", &ossl_aes_cbc},
-#endif
    {NULL}
 };
 
@@ -790,7 +817,7 @@ static int  openssl_random_init = 0;
  * OpenSSL random should re-feeded occasionally. From /dev/urandom
  * preferably.
  */
-static void init_openssl_rand()
+static void init_openssl_rand(void)
 {
    if (RAND_get_rand_method() == NULL)
        RAND_set_rand_method(RAND_SSLeay());