Commit Graph

138 Commits

Author SHA1 Message Date
Tom Lane
6e7e0b5350 Defend against openssl libraries that fail on keys longer than 128 bits;
which is the case at least on some Solaris versions.  Marko Kreen
2007-09-29 02:18:15 +00:00
Tom Lane
b918bf86c6 Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
2007-08-23 16:15:51 +00:00
Tom Lane
37e347a7e0 Get rid of overly cute, unportable, probably not very efficient substitute
for 'bool'.  Per buildfarm warnings.
2007-07-15 23:57:13 +00:00
Tom Lane
10a91e0add Silence Solaris compiler warning, per buildfarm. 2007-07-15 22:43:40 +00:00
Tom Lane
b09c248bdd Fix PGXS conventions so that extensions can be built against Postgres
installations whose pg_config program does not appear first in the PATH.
Per gripe from Eddie Stanley and subsequent discussions with Fabien Coelho
and others.
2007-06-26 22:05:04 +00:00
Tom Lane
37a609b27f Now that core functionality is depending on autoconf's AC_C_BIGENDIAN to be
right, there seems precious little reason to have a pile of hand-maintained
endianness definitions in src/include/port/*.h.  Get rid of those, and make
the couple of places that used them depend on WORDS_BIGENDIAN instead.
2007-04-06 05:36:51 +00:00
Neil Conway
74b667ad42 Replace 4-clause licensed blf.[ch] with blowfish implementation
from PuTTY with is under minimal BSD/MIT license. Marko Kreen.
2007-03-28 22:48:58 +00:00
Tom Lane
234a02b2a8 Replace direct assignments to VARATT_SIZEP(x) with SET_VARSIZE(x, len).
Get rid of VARATT_SIZE and VARATT_DATA, which were simply redundant with
VARSIZE and VARDATA, and as a consequence almost no code was using the
longer names.  Rename the length fields of struct varlena and various
derived structures to catch anyplace that was accessing them directly;
and clean up various places so caught.  In itself this patch doesn't
change any behavior at all, but it is necessary infrastructure if we hope
to play any games with the representation of varlena headers.
Greg Stark and Tom Lane
2007-02-27 23:48:10 +00:00
Alvaro Herrera
a62e2c2b57 Replace unnecessary DISABLE_ZLIB define in pgcrypto with HAVE_LIBZ from core.
Patch from Marko Kreen.
2007-01-14 20:55:14 +00:00
Neil Conway
87a50169d2 Minor code cleanup for pgcrypto: for UDFs declared to be strict, checking
for NULL-ness of function arguments is wasted code.
2006-11-10 06:28:29 +00:00
Bruce Momjian
f99a569a2e pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
Tom Lane
beca984e5f Fix bugs in plpgsql and ecpg caused by assuming that isspace() would only
return true for exactly the characters treated as whitespace by their flex
scanners.  Per report from Victor Snezhko and subsequent investigation.

Also fix a passel of unsafe usages of <ctype.h> functions, that is, ye olde
char-vs-unsigned-char issue.  I won't miss <ctype.h> when we are finally
able to stop using it.
2006-09-22 21:39:58 +00:00
Tom Lane
6b41d642e3 Silence compiler warnings about incompatible function pointer types. 2006-09-05 23:02:28 +00:00
Tom Lane
7d4838dca8 Remove pgcrypto functions that were deprecated and slated for removal.
Marko Kreen
2006-09-05 21:26:48 +00:00
Neil Conway
63d3f5e593 Fix references to the Options section in the pgcrypto documentation.
Patch from Michael Fuhr.
2006-08-05 00:29:11 +00:00
Neil Conway
c28fbd4589 pgcrypto merge cleanup:
- Few README fixes
  - Keep imath Id string, put $PostgreSQL$ separately.

Patch from Marko Kreen.
2006-07-19 17:05:50 +00:00
Tom Lane
a420818d67 Fix a few places where $Id$ and $Header$ CVS tags had crept into the
source tree.  They should all be $PostgreSQL$ of course.
2006-07-16 02:44:01 +00:00
Tom Lane
89e2a95589 Fix some pgcrypto portability issues, per Marko Kreen. 2006-07-15 15:27:14 +00:00
Tom Lane
e2f7eb36d6 In PGP public key tests, encrypt the secret key with AES not CAST5,
so that the test passes with or without OpenSSL.  Marko Kreen
2006-07-14 17:47:40 +00:00
Neil Conway
d0b54441db Fix C++-style comment. 2006-07-13 04:52:51 +00:00
Neil Conway
1abf76e82c "Annual" pgcrypto update from Marko Kreen:
Few cleanups and couple of new things:

 - add SHA2 algorithm to older OpenSSL
 - add BIGNUM math to have public-key cryptography work on non-OpenSSL
   build.
 - gen_random_bytes() function

The status of SHA2 algoritms and public-key encryption can now be
changed to 'always available.'

That makes pgcrypto functionally complete and unless there will be new
editions of AES, SHA2 or OpenPGP standards, there is no major changes
planned.
2006-07-13 04:15:25 +00:00
Bruce Momjian
c5133e5920 Allow /contrib include files to compile on their own. 2006-07-10 22:06:11 +00:00
Bruce Momjian
12632d3c31 Add missing 3rd argument to open(). 2006-06-08 03:29:30 +00:00
Tom Lane
a0ffab351e Magic blocks don't do us any good unless we use 'em ... so install one
in every shared library.
2006-05-30 22:12:16 +00:00
Bruce Momjian
56f44784f6 Re-defines SHA2 symbols so that they would not conflict with certain
versions of OpenSSL.  If your OpenSSL does not contain SHA2, then there
should be no conflict.  But ofcourse, if someone upgrades OpenSSL,
server starts crashing.

Backpatched to 8.1.X.

Marko Kreen
2006-05-30 12:56:45 +00:00
Tom Lane
5cf07901c5 Fix errors in fortuna PRNG reseeding logic that could cause a predictable
session key to be selected by pgp_sym_encrypt() in some cases.  This only
affects non-OpenSSL-using builds.  Marko Kreen
2006-05-21 20:22:16 +00:00
Bruce Momjian
f3d99d160d Add CVS tag lines to files that were lacking them. 2006-03-11 04:38:42 +00:00
Bruce Momjian
daab4a101f Update /contrib regression tests for escape_string_warning. 2006-03-08 03:51:52 +00:00
Peter Eisentraut
7f4f42fa10 Clean up CREATE FUNCTION syntax usage in contrib and elsewhere, in
particular get rid of single quotes around language names and old WITH ()
construct.
2006-02-27 16:09:50 +00:00
Neil Conway
ce9b75db6b Patch from Marko Kreen:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest ->reset will do two DigestInit calls
against a context.  This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.

Reason for the messy code was that I tried to avoid creating
wrapper structure to transport algorithm info and tried to use
OpenSSL context for it.  The fix is to create wrapper structure.

It also uses newer digest API to avoid memory allocations
on reset with newer OpenSSLs.

Thanks to Daniel Blaisdell for reporting it.
2006-02-18 20:48:51 +00:00
Tom Lane
b2be41a710 Fix fallout from psql line-wrapping patch. 2006-02-10 15:47:44 +00:00
Tom Lane
507e07e277 There is a signedness bug in Openwall gen_salt code that pgcrypto uses.
This makes the salt space for md5 and xdes algorithms a lot smaller than
it should be.

Marko Kreen
2006-01-03 23:46:24 +00:00
Bruce Momjian
436a2956d8 Re-run pgindent, fixing a problem where comment lines after a blank
comment line where output as too long, and update typedefs for /lib
directory.  Also fix case where identifiers were used as variable names
in the backend, but as typedefs in ecpg (favor the backend for
indenting).

Backpatch to 8.1.X.
2005-11-22 18:17:34 +00:00
Tom Lane
da9fc25909 pgcrypto documentation polishing from Marko Kreen, and a small amount
of copy-editing from myself.
2005-11-03 02:54:07 +00:00
Bruce Momjian
1dc3498251 Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
Tom Lane
0b36cb83dc PGXS should be set with := not =, as specified in the documentation,
to avoid useless multiple executions of pg_config.
2005-09-27 17:13:14 +00:00
Tom Lane
8a65b820e2 Suppress signed-vs-unsigned-char warnings in contrib. 2005-09-24 19:14:05 +00:00
Bruce Momjian
f547909db7 Remove API file.
Marko Kreen
2005-08-13 15:27:41 +00:00
Bruce Momjian
87688ddf87 The large one adds support for RSA keys and reorganizes
the pubkey functions a bit.  The actual RSA-specific code
there is tiny, most of the patch consists of reorg of the
pubkey code, as lots of it was written as elgamal-only.

---------------------------------------------------------------------------

The SHLIB section was copy-pasted from somewhere and contains
several unnecessary libs.  This cleans it up a bit.

 -lcrypt
   we don't use system crypt()

 -lssl, -lssleay32
   no SSL here

 -lz in win32 section
   already added on previous line

 -ldes
   The chance anybody has it is pretty low.
   And the chance pgcrypto works with it is even lower.

Also trim the win32 section.

---------------------------------------------------------------------------

It is already disabled in Makefile, remove code too.

---------------------------------------------------------------------------

I was bit hasty making the random exponent 'k' a prime.  Further researh
shows that Elgamal encryption has no specific needs in respect to k,
any random number is fine.

It is bit different for signing, there it needs to be 'relatively prime'
to p - 1,  that means GCD(k, p-1) == 1, which is also a lot lighter than
full primality.  As we don't do signing, this can be ignored.

This brings major speedup to Elgamal encryption.

---------------------------------------------------------------------------

o  pgp_mpi_free: Accept NULLs
o  pgp_mpi_cksum: result should be 16bit
o  Remove function name from error messages - to be similar to other
   SQL functions, and it does not match anyway the called function
o  remove couple junk lines

---------------------------------------------------------------------------

o  Support for RSA encryption
o  Big reorg to better separate generic and algorithm-specific code.
o  Regression tests for RSA.

---------------------------------------------------------------------------

o  Tom stuck a CVS id into file.  I doubt the usefulness of it,
   but if it needs to be in the file then rather at the end.
   Also tag it as comment for asciidoc.
o  Mention bytea vs. text difference
o  Couple clarifications

---------------------------------------------------------------------------

There is a choice whether to update it with pgp functions or
remove it.  I decided to remove it, updating is pointless.

I've tried to keep the core of pgcrypto relatively independent
from main PostgreSQL, to make it easy to use externally if needed,
and that is good.  Eg. that made development of PGP functions much
nicer.

But I have no plans to release it as generic library, so keeping such
doc
up-to-date is waste of time.  If anyone is interested in using it in
other products, he can probably bother to read the source too.

Commented source is another thing - I'll try to make another pass
over code to see if there is anything non-obvious that would need
more comments.

---------------------------------------------------------------------------

Marko Kreen
2005-08-13 02:06:21 +00:00
Tom Lane
24ce1438c0 pgcrypto documentation update. Marko Kreen 2005-07-18 17:17:12 +00:00
Tom Lane
35c675a7fd Fortuna fixes. Marko Kreen 2005-07-18 17:12:54 +00:00
Tom Lane
2787db9b1d Small cleanups for pgcrypto. Marko Kreen 2005-07-18 17:09:01 +00:00
Tom Lane
dd4a190d18 Fix C++-style comments, per Rocco Altier. 2005-07-18 16:35:06 +00:00
Tom Lane
807bbe6051 More pgcrypto fixes: handle long messages correctly, suppress
compiler warnings.  Marko Kreen and Kris Jurka.
2005-07-12 20:27:45 +00:00
Tom Lane
a1a64bb7c3 Further tweaking of Win32-specific random code. Marko Kreen 2005-07-11 19:06:46 +00:00
Tom Lane
e82f7e9e7e I forgot to update win32 code when doing a renaming in random.c.
Marko Kreen
2005-07-11 17:00:03 +00:00
Tom Lane
067a5cdb35 Avoid bzero/bxopy in favor of more standard library routines.
Marko Kreen
2005-07-11 15:40:38 +00:00
Tom Lane
e997758cb6 More pgcrypto fixes: avoid bogus alignment assumptions in sha2,
be more wary about having a value for BYTE_ORDER, clean up randomly-
chosen ways of including Postgres core headers.
Marko Kreen and Tom Lane
2005-07-11 15:07:59 +00:00
Tom Lane
3c52d17fa6 Add support for AES cipher with older OpenSSL libraries.
Marko Kreen
2005-07-11 14:38:05 +00:00
Bruce Momjian
2e330699fa > One more failure:
>
> I think this is because we don't have -lz in SHLIB_LINK.
> Following patch fixes it.

Marko Kreen
2005-07-10 18:32:55 +00:00