Remove support for libmhash/libmcrypt.
libmcrypt seems to dead, maintainer address bounces,
and cast-128 fails on 2 of the 3 test vectors from RFC2144.
So I see no reason to keep around stuff I don't trust
anymore.
Support for several crypto libraries is probably only
confusing to users, although it was good for initial
developing - it helped to find hidden assumptions and
forced me to create regression tests for all functionality.
I'll try to get libgcrypt working, although I'll submit
it only if I find a really good reason for it.
Index: pgsql/contrib/pgcrypto/Makefile
===================================================================
*** pgsql.orig/contrib/pgcrypto/Makefile
--- pgsql/contrib/pgcrypto/Makefile
***************
*** 2,8 ****
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.12 2004/09/14 03:39:48 tgl
Exp $
#
! # either 'builtin', 'mhash', 'openssl'
cryptolib = builtin
# either 'builtin', 'system'
--- 2,8 ----
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.12 2004/09/14 03:39:48 tgl
Exp $
#
! # either 'builtin', 'openssl'
cryptolib = builtin
# either 'builtin', 'system'
*************** CRYPTO_LDFLAGS = -lcrypto
*** 34,45 ****
SRCS = openssl.c
endif
- ifeq ($(cryptolib), mhash)
- CRYPTO_CFLAGS = -I/usr/local/include
- CRYPTO_LDFLAGS = -L/usr/local/lib -lmcrypt -lmhash -lltdl
- SRCS = mhash.c
- endif
-
ifeq ($(cryptsrc), builtin)
SRCS += crypt-blowfish.c crypt-des.c crypt-md5.c
else
--- 34,39 ----
Index: pgsql/contrib/pgcrypto/README.pgcrypto
===================================================================
*** pgsql.orig/contrib/pgcrypto/README.pgcrypto
--- pgsql/contrib/pgcrypto/README.pgcrypto
*************** OpenSSL (0.9.6):
*** 186,202 ****
Url: http://www.openssl.org/
- mhash (0.8.9) + mcrypt (2.4.16):
- Hashes: MD5, SHA1, CRC32, CRC32B, GOST, TIGER, RIPEMD160,
- HAVAL(256,224,192,160,128)
- Ciphers: DES, DES3, CAST-128(CAST5), CAST-256, xTEA, 3-way,
- SKIPJACK, Blowfish, Twofish, LOKI97, RC2, RC4, RC6,
- Rijndael-128/192/256, MARS, PANAMA, WAKE, Serpent, IDEA, GOST,
- SAFER, SAFER+, Enigma
- License: LGPL
- Url: http://mcrypt.sourceforge.org/
- Url: http://mhash.sourceforge.org/
-
CREDITS
=======
--- 186,191 ----
Index: pgsql/contrib/pgcrypto/mhash.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/mhash.c
--- /dev/null
***************
*** 1,356 ****
- /*
- * mhash.c
- * Wrapper for mhash and mcrypt libraries.
- *
- * Copyright (c) 2001 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/mhash.c,v 1.10 2004/05/07 00:24:57 tgl
Exp $
- */
-
- #include <postgres.h>
-
- #include "px.h"
-
- #include <mhash.h>
- #include <mcrypt.h>
-
- #define MAX_KEY_LENGTH 512
- #define MAX_IV_LENGTH 128
-
- #define DEF_KEY_LEN 16
-
-
- /* DIGEST */
-
- static unsigned
- digest_result_size(PX_MD * h)
- {
- MHASH mh = (MHASH) h->p.ptr;
- hashid id = mhash_get_mhash_algo(mh);
-
- return mhash_get_block_size(id);
- }
-
- static unsigned
- digest_block_size(PX_MD * h)
- {
- MHASH mh = (MHASH) h->p.ptr;
- hashid id = mhash_get_mhash_algo(mh);
-
- return mhash_get_hash_pblock(id);
- }
-
- static void
- digest_reset(PX_MD * h)
- {
- MHASH mh = (MHASH) h->p.ptr;
- hashid id = mhash_get_mhash_algo(mh);
- uint8 *res = mhash_end(mh);
-
- mhash_free(res);
- mh = mhash_init(id);
- h->p.ptr = mh;
- }
-
- static void
- digest_update(PX_MD * h, const uint8 *data, unsigned dlen)
- {
- MHASH mh = (MHASH) h->p.ptr;
-
- mhash(mh, data, dlen);
- }
-
- static void
- digest_finish(PX_MD * h, uint8 *dst)
- {
- MHASH mh = (MHASH) h->p.ptr;
- unsigned hlen = digest_result_size(h);
- hashid id = mhash_get_mhash_algo(mh);
- uint8 *buf = mhash_end(mh);
-
- memcpy(dst, buf, hlen);
- mhash_free(buf);
-
- mh = mhash_init(id);
- h->p.ptr = mh;
- }
-
- static void
- digest_free(PX_MD * h)
- {
- MHASH mh = (MHASH) h->p.ptr;
- uint8 *buf = mhash_end(mh);
-
- mhash_free(buf);
-
- px_free(h);
- }
-
- /* ENCRYPT / DECRYPT */
-
- static unsigned
- cipher_block_size(PX_Cipher * c)
- {
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- return mcrypt_enc_get_block_size(ctx);
- }
-
- static unsigned
- cipher_key_size(PX_Cipher * c)
- {
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- return mcrypt_enc_get_key_size(ctx);
- }
-
- static unsigned
- cipher_iv_size(PX_Cipher * c)
- {
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- return mcrypt_enc_mode_has_iv(ctx)
- ? mcrypt_enc_get_iv_size(ctx) : 0;
- }
-
- static int
- cipher_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
- {
- int err;
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- err = mcrypt_generic_init(ctx, (char *) key, klen, (char *) iv);
- if (err < 0)
- ereport(ERROR,
-
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("mcrypt_generic_init error"),
- errdetail("%s", mcrypt_strerror(err))));
-
- c->pstat = 1;
- return 0;
- }
-
- static int
- cipher_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
- {
- int err;
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- memcpy(res, data, dlen);
-
- err = mcrypt_generic(ctx, res, dlen);
- if (err < 0)
- ereport(ERROR,
-
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("mcrypt_generic error"),
- errdetail("%s", mcrypt_strerror(err))));
- return 0;
- }
-
- static int
- cipher_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
- {
- int err;
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- memcpy(res, data, dlen);
-
- err = mdecrypt_generic(ctx, res, dlen);
- if (err < 0)
- ereport(ERROR,
-
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("mdecrypt_generic error"),
- errdetail("%s", mcrypt_strerror(err))));
- return 0;
- }
-
-
- static void
- cipher_free(PX_Cipher * c)
- {
- MCRYPT ctx = (MCRYPT) c->ptr;
-
- if (c->pstat)
- mcrypt_generic_end(ctx);
- else
- mcrypt_module_close(ctx);
-
- px_free(c);
- }
-
- /* Helper functions */
-
- static int
- find_hashid(const char *name)
- {
- int res = -1;
- size_t hnum,
- b,
- i;
- char *mname;
-
- hnum = mhash_count();
- for (i = 0; i <= hnum; i++)
- {
- mname = mhash_get_hash_name(i);
- if (mname == NULL)
- continue;
- b = pg_strcasecmp(name, mname);
- free(mname);
- if (b == 0)
- {
- res = i;
- break;
- }
- }
-
- return res;
- }
-
- static char *modes[] = {
- "ecb", "cbc", "cfb", "ofb", "nofb", "stream",
- "ofb64", "cfb64", NULL
- };
-
- static PX_Alias aliases[] = {
- {"bf", "blowfish"},
- {"3des", "tripledes"},
- {"des3", "tripledes"},
- {"aes", "rijndael-128"},
- {"rijndael", "rijndael-128"},
- {"aes-128", "rijndael-128"},
- {"aes-192", "rijndael-192"},
- {"aes-256", "rijndael-256"},
- {NULL, NULL}
- };
-
- static PX_Alias mode_aliases[] = {
- #if 0 /* N/A */
- {"cfb", "ncfb"},
- {"ofb", "nofb"},
- {"cfb64", "ncfb"},
- #endif
- /* { "ofb64", "nofb" }, not sure it works */
- {"cfb8", "cfb"},
- {"ofb8", "ofb"},
- {NULL, NULL}
- };
-
- static int
- is_mode(char *s)
- {
- char **p;
-
- if (*s >= '0' && *s <= '9')
- return 0;
-
- for (p = modes; *p; p++)
- if (!strcmp(s, *p))
- return 1;
-
- return 0;
- }
-
- /* PUBLIC FUNCTIONS */
-
- int
- px_find_digest(const char *name, PX_MD ** res)
- {
- PX_MD *h;
- MHASH mh;
- int i;
-
- i = find_hashid(name);
- if (i < 0)
- return -1;
-
- mh = mhash_init(i);
- h = px_alloc(sizeof(*h));
- h->p.ptr = (void *) mh;
-
- h->result_size = digest_result_size;
- h->block_size = digest_block_size;
- h->reset = digest_reset;
- h->update = digest_update;
- h->finish = digest_finish;
- h->free = digest_free;
-
- *res = h;
- return 0;
- }
-
-
- int
- px_find_cipher(const char *name, PX_Cipher ** res)
- {
- char nbuf[PX_MAX_NAMELEN + 1];
- const char *mode = NULL;
- char *p;
- MCRYPT ctx;
-
- PX_Cipher *c;
-
- StrNCpy(nbuf, name, sizeof(nbuf));
-
- if ((p = strrchr(nbuf, '-')) != NULL)
- {
- if (is_mode(p + 1))
- {
- mode = p + 1;
- *p = 0;
- }
- }
-
- name = px_resolve_alias(aliases, nbuf);
-
- if (!mode)
- {
- mode = "cbc";
-
- /*
- * if (mcrypt_module_is_block_algorithm(name, NULL)) mode =
"cbc";
- * else mode = "stream";
- */
- }
- mode = px_resolve_alias(mode_aliases, mode);
-
- ctx = mcrypt_module_open((char *) name, NULL, (char *) mode, NULL);
- if (ctx == (void *) MCRYPT_FAILED)
- return -1;
-
- c = palloc(sizeof *c);
- c->iv_size = cipher_iv_size;
- c->key_size = cipher_key_size;
- c->block_size = cipher_block_size;
- c->init = cipher_init;
- c->encrypt = cipher_encrypt;
- c->decrypt = cipher_decrypt;
- c->free = cipher_free;
- c->ptr = ctx;
- c->pstat = 0;
-
- *res = c;
- return 0;
- }
--- 0 ----
--
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
