Merge pull request #112 from Tmonster/bump_submodule_and_apply_patch

Bump submodule and apply patch

Author: carlopi

duckdb

@@ -7,6 +7,10 @@
 
 #define CPPHTTPLIB_OPENSSL_SUPPORT
 
+#include "include/crypto.hpp"
+
+#include "re2/re2.h"
+
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
@@ -19,7 +23,7 @@
 
 namespace duckdb {
 
-AESStateSSL::AESStateSSL(const std::string *key) : context(EVP_CIPHER_CTX_new()) {
+AESStateSSL::AESStateSSL(EncryptionTypes::CipherType  cipher_p, const std::string *key) : EncryptionState(cipher_p), context(EVP_CIPHER_CTX_new()), cipher(cipher_p) {
 	if (!(context)) {
 		throw InternalException("AES GCM failed with initializing context");
 	}
@@ -33,7 +37,7 @@ AESStateSSL::~AESStateSSL() {
 const EVP_CIPHER *AESStateSSL::GetCipher(idx_t key_len) {
 
 	switch (cipher) {
-	case GCM:
+	case EncryptionTypes::GCM: {
 		switch (key_len) {
 		case 16:
 			return EVP_aes_128_gcm();
@@ -44,7 +48,8 @@ const EVP_CIPHER *AESStateSSL::GetCipher(idx_t key_len) {
 		default:
 			throw InternalException("Invalid AES key length");
 		}
-	case CTR:
+	}
+	case EncryptionTypes::CTR: {
 		switch (key_len) {
 		case 16:
 			return EVP_aes_128_ctr();
@@ -55,7 +60,19 @@ const EVP_CIPHER *AESStateSSL::GetCipher(idx_t key_len) {
 		default:
 			throw InternalException("Invalid AES key length");
 		}
-
+	}
+	case EncryptionTypes::CBC: {
+		switch (key_len) {
+		case 16:
+			return EVP_aes_128_cbc();
+		case 24:
+			return EVP_aes_192_cbc();
+		case 32:
+			return EVP_aes_256_cbc();
+		default:
+			throw InternalException("Invalid AES key length");
+		}
+	}
 	default:
 		throw duckdb::InternalException("Invalid Encryption/Decryption Cipher: %d", static_cast<int>(cipher));
 	}
@@ -67,7 +84,7 @@ void AESStateSSL::GenerateRandomData(data_ptr_t data, idx_t len) {
 }
 
 void AESStateSSL::InitializeEncryption(const_data_ptr_t iv, idx_t iv_len, const_data_ptr_t key, idx_t key_len, const_data_ptr_t aad, idx_t aad_len) {
-	mode = ENCRYPT;
+	mode = EncryptionTypes::ENCRYPT;
 
 	if (1 != EVP_EncryptInit_ex(context, GetCipher(key_len), NULL, key, iv)) {
 		throw InternalException("EncryptInit failed");
@@ -82,7 +99,7 @@ void AESStateSSL::InitializeEncryption(const_data_ptr_t iv, idx_t iv_len, const_
 }
 
 void AESStateSSL::InitializeDecryption(const_data_ptr_t iv, idx_t iv_len, const_data_ptr_t key, idx_t key_len, const_data_ptr_t aad, idx_t aad_len) {
-	mode = DECRYPT;
+	mode = EncryptionTypes::DECRYPT;
 
 	if (1 != EVP_DecryptInit_ex(context, GetCipher(key_len), NULL, key, iv)) {
 		throw InternalException("DecryptInit failed");
@@ -99,14 +116,14 @@ void AESStateSSL::InitializeDecryption(const_data_ptr_t iv, idx_t iv_len, const_
 size_t AESStateSSL::Process(const_data_ptr_t in, idx_t in_len, data_ptr_t out, idx_t out_len) {
 
 	switch (mode) {
-	case ENCRYPT:
+	case EncryptionTypes::ENCRYPT:
 		if (1 != EVP_EncryptUpdate(context, data_ptr_cast(out), reinterpret_cast<int *>(&out_len),
 		                           const_data_ptr_cast(in), (int)in_len)) {
 			throw InternalException("EncryptUpdate failed");
 		}
 		break;
 
-	case DECRYPT:
+	case EncryptionTypes::DECRYPT:
 		if (1 != EVP_DecryptUpdate(context, data_ptr_cast(out), reinterpret_cast<int *>(&out_len),
 		                           const_data_ptr_cast(in), (int)in_len)) {
 
@@ -126,7 +143,7 @@ size_t AESStateSSL::FinalizeGCM(data_ptr_t out, idx_t out_len, data_ptr_t tag, i
 	auto text_len = out_len;
 
 	switch (mode) {
-	case ENCRYPT: {
+	case EncryptionTypes::ENCRYPT: {
 		if (1 != EVP_EncryptFinal_ex(context, data_ptr_cast(out) + out_len, reinterpret_cast<int *>(&out_len))) {
 			throw InternalException("EncryptFinal failed");
 		}
@@ -138,7 +155,7 @@ size_t AESStateSSL::FinalizeGCM(data_ptr_t out, idx_t out_len, data_ptr_t tag, i
 		}
 		return text_len;
 	}
-	case DECRYPT: {
+	case EncryptionTypes::DECRYPT: {
 		// Set expected tag value
 		if (!EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, tag_len, tag)) {
 			throw InternalException("Finalizing tag failed");
@@ -161,22 +178,22 @@ size_t AESStateSSL::FinalizeGCM(data_ptr_t out, idx_t out_len, data_ptr_t tag, i
 
 size_t AESStateSSL::Finalize(data_ptr_t out, idx_t out_len, data_ptr_t tag, idx_t tag_len) {
 
-	if (cipher == GCM) {
+	if (cipher == EncryptionTypes::GCM) {
 		return FinalizeGCM(out, out_len, tag, tag_len);
 	}
 
 	auto text_len = out_len;
 	switch (mode) {
 
-	case ENCRYPT: {
+	case EncryptionTypes::ENCRYPT: {
 		if (1 != EVP_EncryptFinal_ex(context, data_ptr_cast(out) + out_len, reinterpret_cast<int *>(&out_len))) {
 			throw InternalException("EncryptFinal failed");
 		}
 
 		return text_len += out_len;
 	}
 
-	case DECRYPT: {
+	case EncryptionTypes::DECRYPT: {
 		// EVP_DecryptFinal() will return an error code if final block is not correctly formatted.
 		int ret = EVP_DecryptFinal_ex(context, data_ptr_cast(out) + out_len, reinterpret_cast<int *>(&out_len));
 		text_len += out_len;

extension/httpfs/crypto.cpp

@@ -25,7 +25,7 @@ void hex256(hash_bytes &in, hash_str &out);
 class DUCKDB_EXTENSION_API AESStateSSL : public duckdb::EncryptionState {
 
 public:
-	explicit AESStateSSL(const std::string *key = nullptr);
+	explicit AESStateSSL(duckdb::EncryptionTypes::CipherType cipher_p, const std::string *key = nullptr);
 	~AESStateSSL() override;
 
 public:
@@ -40,8 +40,8 @@ class DUCKDB_EXTENSION_API AESStateSSL : public duckdb::EncryptionState {
 
 private:
 	EVP_CIPHER_CTX *context;
-	Mode mode;
-	Cipher cipher = GCM;
+	duckdb::EncryptionTypes::Mode mode;
+	duckdb::EncryptionTypes::CipherType cipher;
 };
 
 } // namespace duckdb
@@ -53,8 +53,8 @@ class DUCKDB_EXTENSION_API AESStateSSLFactory : public duckdb::EncryptionUtil {
 	explicit AESStateSSLFactory() {
 	}
 
-	duckdb::shared_ptr<duckdb::EncryptionState> CreateEncryptionState(duckdb::const_data_ptr_t key = nullptr, duckdb::idx_t key_len = 0) const override {
-		return duckdb::make_shared_ptr<duckdb::AESStateSSL>();
+	duckdb::shared_ptr<duckdb::EncryptionState> CreateEncryptionState(duckdb::EncryptionTypes::CipherType cipher_p, duckdb::const_data_ptr_t key = nullptr, duckdb::idx_t key_len = 0) const override {
+		return duckdb::make_shared_ptr<duckdb::AESStateSSL>(cipher_p);
 	}
 
 	~AESStateSSLFactory() override {