void DisposeSafeAlloc()
{
delete safeMutex;
pgpAssert(!safesAllocated);
memset(safeAllocs[0].data, 0, SAFEALLOCSIZE * NUMSAFEALLOCS);
pgp_free(safeAllocStorage);
#ifdef BETA
//DebugLog("Max Safes: %d", maxSafes);
#endif
}
static bytea *
decrypt_internal(int is_pubenc, int need_text, text *data,
text *key, text *keypsw, text *args)
{
int err;
MBuf *src = NULL,
*dst = NULL;
uint8 tmp[VARHDRSZ];
uint8 *restmp;
bytea *res;
int res_len;
PGP_Context *ctx = NULL;
struct debug_expect ex;
int got_unicode = 0;
init_work(&ctx, need_text, args, &ex);
src = mbuf_create_from_data((uint8 *) VARDATA(data),
VARSIZE(data) - VARHDRSZ);
dst = mbuf_create(VARSIZE(data) + 2048);
/*
* reserve room for header
*/
mbuf_append(dst, tmp, VARHDRSZ);
/*
* set key
*/
if (is_pubenc)
{
uint8 *psw = NULL;
int psw_len = 0;
MBuf *kbuf;
if (keypsw)
{
psw = (uint8 *) VARDATA(keypsw);
psw_len = VARSIZE(keypsw) - VARHDRSZ;
}
kbuf = create_mbuf_from_vardata(key);
err = pgp_set_pubkey(ctx, kbuf, psw, psw_len, 1);
mbuf_free(kbuf);
}
else
err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
VARSIZE(key) - VARHDRSZ);
/*
* decrypt
*/
if (err >= 0)
err = pgp_decrypt(ctx, src, dst);
/*
* failed?
*/
if (err < 0)
goto out;
if (ex.expect)
check_expect(ctx, &ex);
/* remember the setting */
got_unicode = pgp_get_unicode_mode(ctx);
out:
if (src)
mbuf_free(src);
if (ctx)
pgp_free(ctx);
if (err)
{
px_set_debug_handler(NULL);
if (dst)
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
errmsg("%s", px_strerror(err))));
}
res_len = mbuf_steal_data(dst, &restmp);
mbuf_free(dst);
/* res_len includes VARHDRSZ */
res = (bytea *) restmp;
SET_VARSIZE(res, res_len);
if (need_text && got_unicode)
{
text *utf = convert_from_utf8(res);
if (utf != res)
{
clear_and_pfree(res);
res = utf;
}
}
px_set_debug_handler(NULL);
/*
* add successfull decryptions also into RNG
*/
add_entropy(res, key, keypsw);
return res;
}
static bytea *
encrypt_internal(int is_pubenc, int is_text,
text *data, text *key, text *args)
{
MBuf *src,
*dst;
uint8 tmp[VARHDRSZ];
uint8 *restmp;
bytea *res;
int res_len;
PGP_Context *ctx;
int err;
struct debug_expect ex;
text *tmp_data = NULL;
/*
* Add data and key info RNG.
*/
add_entropy(data, key, NULL);
init_work(&ctx, is_text, args, &ex);
if (is_text && pgp_get_unicode_mode(ctx))
{
tmp_data = convert_to_utf8(data);
if (tmp_data == data)
tmp_data = NULL;
else
data = tmp_data;
}
src = create_mbuf_from_vardata(data);
dst = mbuf_create(VARSIZE(data) + 128);
/*
* reserve room for header
*/
mbuf_append(dst, tmp, VARHDRSZ);
/*
* set key
*/
if (is_pubenc)
{
MBuf *kbuf = create_mbuf_from_vardata(key);
err = pgp_set_pubkey(ctx, kbuf,
NULL, 0, 0);
mbuf_free(kbuf);
}
else
err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
VARSIZE(key) - VARHDRSZ);
/*
* encrypt
*/
if (err >= 0)
err = pgp_encrypt(ctx, src, dst);
/*
* check for error
*/
if (err)
{
if (ex.debug)
px_set_debug_handler(NULL);
if (tmp_data)
clear_and_pfree(tmp_data);
pgp_free(ctx);
mbuf_free(src);
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
errmsg("%s", px_strerror(err))));
}
/* res_len includes VARHDRSZ */
res_len = mbuf_steal_data(dst, &restmp);
res = (bytea *) restmp;
SET_VARSIZE(res, res_len);
if (tmp_data)
clear_and_pfree(tmp_data);
pgp_free(ctx);
mbuf_free(src);
mbuf_free(dst);
px_set_debug_handler(NULL);
return res;
}
CPriorityQueue::~CPriorityQueue()
{
delete mAvailable;
pgp_free(mQueues);
}
void DESDKeyDone(void *ksa)
{
memset(ksa, 0, 96 * sizeof(ulong));
pgp_free((ulong *)ksa);
}
void DESDKeyDone(void *ksa)
{
pgp_free((ulong *)ksa);
}
/* We have parsed a 'certif:' attribute from a 'key-cert' object.
* Now perform the check to make sure the hexid specified in the
* 'key-cert:' attribute matches the hexid from the 'certif:'
* attribute. We perform this check (and others) by adding the
* 'certif:' attribute/PGP key block to a temp ring and parsing
* the output from PGP. Additionally, we check the following:
*
* 1. make sure there is only 1 hexid in the key
* 2. make sure there is at least 1 owner/uid specified
* 3. make sure we get a 'Successful' return string from PGP
* 4. call get_fingerprint () to get the key fingerprint
* which checks to make sure there is only 1 fingerprint
*
* Return:
*
* file name of key certificate file if there were no errors found
* - the file can then be used to easily add the PGP key to the
* local ring
* - the key fingerprint and owner(s)/uid(s) are saved to be
* used for the corresponding 'key-cert' auto-generated fields
* NULL otherwise
*/
char *hexid_check (parse_info_t *o) {
#ifdef PGP
char pgpinfn[256], tmp_pgp_dir[256], ebuf[1024];
FILE *pgpin;
char_list_t *p;
pgp_data_t pdat;
int pgp_errors = 0, fd;
#endif
/* If we don't have PGP installed then there is nothing to do. */
#ifndef PGP
error_msg_queue (o, "PGP is not installed on the system. Cannot perform operation.", ERROR_MSG);
return NULL;
#else
/* make a tmp directory for the pgp rings */
umask (0022);
strcpy (tmp_pgp_dir, "/var/tmp/pgp.XXXXXX");
if (mkdtemp (tmp_pgp_dir) == NULL) {
error_msg_queue (o, "Internal error. Couldn't create temp directory for PGP\n", ERROR_MSG);
return NULL;
}
/* create a file and put the key certificate into it */
strcpy (pgpinfn, "/var/tmp/irrsyntax.XXXXXX");
fd = mkstemp (pgpinfn);
if ((pgpin = fdopen (fd, "w")) == NULL) {
error_msg_queue (o,
"Internal error. Could not check 'key-cert:' temp file creation error", ERROR_MSG);
goto pgp_errors_jump;
}
fwrite (o->u.kc.certif, sizeof (char), strlen (o->u.kc.certif), pgpin);
fclose (pgpin);
/* add the certificate to a temp ring */
if (!pgp_add (default_trace, tmp_pgp_dir, pgpinfn, &pdat)) {
error_msg_queue (o, "Couldn't add key-cert to ring. Didn't get successful reply from PGP", ERROR_MSG);
goto pgp_errors_jump;
}
/* certificate checks */
/* do we have more than 1 hex ID? */
if (pdat.hex_cnt > 1) {
error_msg_queue (o, "Too many public keys in certificate", ERROR_MSG);
pgp_errors = 1;
}
/* does the hex ID of the 'key-cert' attr match the certificate hex ID ? */
else if (strcmp (pdat.hex_first->key, o->u.kc.kchexid)) {
snprintf (ebuf, 1024, "Hex-ID mistmatch: 'key-cert:' (%s) 'certif:' (%s)\n",
o->u.kc.kchexid, pdat.hex_first->key);
error_msg_queue (o, ebuf, ERROR_MSG);
pgp_errors = 1;
}
/* owner check */
else if (pdat.owner_first == NULL) {
error_msg_queue (o, "No uid's/owners found in certificate", ERROR_MSG);
pgp_errors = 1;
}
/* grab all the owners */
else {
o->u.kc.owner_count = pdat.owner_cnt;
for (p = pdat.owner_first; p != NULL; p = p->next)
o->u.kc.owner = my_concat (o->u.kc.owner, p->key, 0);
}
/* get the key fingerprint */
if (!pgp_errors &&
!get_fingerprint (o, tmp_pgp_dir, &pdat))
pgp_errors = 1;
if (o->u.kc.owner != NULL)
if (verbose) fprintf (dfile,
"owner count (%d) owner (%s)\n", o->u.kc.owner_count, o->u.kc.owner);
if (o->u.kc.fingerpr != NULL)
if (verbose) fprintf (dfile, "fingerpr (%s)\n", o->u.kc.fingerpr);
/* end debug */
/* clean up */
pgp_free (&pdat);
/* if we have errors then we won't need the key file */
if (pgp_errors) {
pgp_errors_jump:
rm_tmpdir (tmp_pgp_dir); /* can get rid of temporary directory */
remove (pgpinfn);
return NULL;
}
rm_tmpdir (tmp_pgp_dir); /* can get rid of temporary directory */
/* leave pgp key for possible addition to local ring */
return strdup (pgpinfn);
#endif
}
