diff options
Diffstat (limited to 'contrib/pgcrypto')
53 files changed, 386 insertions, 213 deletions
diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index dadec953c2..1c85c982ff 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -26,7 +26,7 @@ MODULE_big = pgcrypto OBJS = $(SRCS:.c=.o) EXTENSION = pgcrypto -DATA = pgcrypto--1.0.sql pgcrypto--unpackaged--1.0.sql +DATA = pgcrypto--1.1.sql pgcrypto--1.0--1.1.sql pgcrypto--unpackaged--1.0.sql REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ $(CF_TESTS) \ diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c index b49747d926..fbaa3d776a 100644 --- a/contrib/pgcrypto/crypt-blowfish.c +++ b/contrib/pgcrypto/crypt-blowfish.c @@ -35,6 +35,7 @@ #include "postgres.h" #include "px-crypt.h" +#include "px.h" #ifdef __i386__ #define BF_ASM 0 /* 1 */ @@ -616,7 +617,7 @@ _crypt_blowfish_rn(const char *key, const char *setting, count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) { - memset(data.binary.salt, 0, sizeof(data.binary.salt)); + px_memset(data.binary.salt, 0, sizeof(data.binary.salt)); return NULL; } BF_swap(data.binary.salt, 4); @@ -729,7 +730,7 @@ _crypt_blowfish_rn(const char *key, const char *setting, /* Overwrite the most obvious sensitive data we have on the stack. Note * that this does not guarantee there's no sensitive data left on the * stack and/or in registers; I'm not aware of portable code that does. */ - memset(&data, 0, sizeof(data)); + px_memset(&data, 0, sizeof(data)); return output; } diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c index cc2e76a71f..4ed44beeff 100644 --- a/contrib/pgcrypto/crypt-des.c +++ b/contrib/pgcrypto/crypt-des.c @@ -29,7 +29,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/crypt-gensalt.c b/contrib/pgcrypto/crypt-gensalt.c index ec2e0fa025..6dc7cbdb3a 100644 --- a/contrib/pgcrypto/crypt-gensalt.c +++ b/contrib/pgcrypto/crypt-gensalt.c @@ -9,7 +9,7 @@ * entirely in crypt_blowfish.c. * * Put bcrypt generator also here as crypt-blowfish.c - * may not be compiled always. -- marko + * may not be compiled always. -- marko */ #include "postgres.h" diff --git a/contrib/pgcrypto/crypt-md5.c b/contrib/pgcrypto/crypt-md5.c index 2a5cd70208..6a09d76989 100644 --- a/contrib/pgcrypto/crypt-md5.c +++ b/contrib/pgcrypto/crypt-md5.c @@ -89,7 +89,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen) px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl); /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof final); + px_memset(final, 0, sizeof final); /* Then something really weird... */ for (i = strlen(pw); i; i >>= 1) @@ -154,7 +154,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen) *p = '\0'; /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof final); + px_memset(final, 0, sizeof final); px_md_free(ctx1); px_md_free(ctx); diff --git a/contrib/pgcrypto/expected/pgp-encrypt.out b/contrib/pgcrypto/expected/pgp-encrypt.out index 8ef3875fd6..b35de79afa 100644 --- a/contrib/pgcrypto/expected/pgp-encrypt.out +++ b/contrib/pgcrypto/expected/pgp-encrypt.out @@ -11,7 +11,7 @@ select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key'); -- check whether the defaults are ok select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=aes128, + 'key', 'expect-cipher-algo=aes128, expect-disable-mdc=0, expect-sess-key=0, expect-s2k-mode=3, @@ -25,7 +25,7 @@ select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), -- maybe the expect- stuff simply does not work select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=bf, + 'key', 'expect-cipher-algo=bf, expect-disable-mdc=1, expect-sess-key=1, expect-s2k-mode=0, @@ -56,7 +56,7 @@ select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz'); -- algorithm change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'), - 'key', 'expect-cipher-algo=bf'); + 'key', 'expect-cipher-algo=bf'); pgp_sym_decrypt ----------------- Secret. @@ -64,7 +64,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'), - 'key', 'expect-cipher-algo=aes128'); + 'key', 'expect-cipher-algo=aes128'); pgp_sym_decrypt ----------------- Secret. @@ -72,7 +72,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'), - 'key', 'expect-cipher-algo=aes192'); + 'key', 'expect-cipher-algo=aes192'); pgp_sym_decrypt ----------------- Secret. @@ -81,7 +81,7 @@ select pgp_sym_decrypt( -- s2k change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'), - 'key', 'expect-s2k-mode=0'); + 'key', 'expect-s2k-mode=0'); pgp_sym_decrypt ----------------- Secret. @@ -89,7 +89,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'), - 'key', 'expect-s2k-mode=1'); + 'key', 'expect-s2k-mode=1'); pgp_sym_decrypt ----------------- Secret. @@ -97,7 +97,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'), - 'key', 'expect-s2k-mode=3'); + 'key', 'expect-s2k-mode=3'); pgp_sym_decrypt ----------------- Secret. @@ -106,7 +106,7 @@ select pgp_sym_decrypt( -- s2k digest change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); + 'key', 'expect-s2k-digest-algo=md5'); pgp_sym_decrypt ----------------- Secret. @@ -114,7 +114,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), - 'key', 'expect-s2k-digest-algo=sha1'); + 'key', 'expect-s2k-digest-algo=sha1'); pgp_sym_decrypt ----------------- Secret. @@ -123,7 +123,7 @@ select pgp_sym_decrypt( -- sess key select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'), - 'key', 'expect-sess-key=0'); + 'key', 'expect-sess-key=0'); pgp_sym_decrypt ----------------- Secret. @@ -131,7 +131,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'), - 'key', 'expect-sess-key=1'); + 'key', 'expect-sess-key=1'); pgp_sym_decrypt ----------------- Secret. @@ -139,7 +139,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'), - 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); + 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); pgp_sym_decrypt ----------------- Secret. @@ -147,7 +147,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); + 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); pgp_sym_decrypt ----------------- Secret. @@ -155,7 +155,7 @@ select pgp_sym_decrypt( select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); + 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); pgp_sym_decrypt ----------------- Secret. @@ -164,7 +164,7 @@ select pgp_sym_decrypt( -- no mdc select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'), - 'key', 'expect-disable-mdc=1'); + 'key', 'expect-disable-mdc=1'); pgp_sym_decrypt ----------------- Secret. @@ -173,7 +173,7 @@ select pgp_sym_decrypt( -- crlf select encode(pgp_sym_decrypt_bytea( pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'), - 'key'), 'hex'); + 'key'), 'hex'); encode ---------------------- 310d0a320d0a330d0d0a @@ -182,7 +182,7 @@ select encode(pgp_sym_decrypt_bytea( -- conversion should be lossless select encode(digest(pgp_sym_decrypt( pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'), - 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, + 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect; result | expect ------------------------------------------+------------------------------------------ diff --git a/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out b/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out index 7fbbd839d9..61e09b9a86 100644 --- a/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out +++ b/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out @@ -417,6 +417,70 @@ hbt6LhKhCLUNdz/udIt0JAC6c/HdPLSW3HnmM3+iNj+Kug== =UKh3 -----END PGP PRIVATE KEY BLOCK----- '); +insert into keytbl (id, name, pubkey, seckey) +values (7, 'rsaenc2048-psw', ' +same key with password +', ' +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +lQPEBELr2m0BCADOrnknlnXI0EzRExf/TgoHvK7Xx/E0keWqV3KrOyC3/tY2KOrj +UVxaAX5pkFX9wdQObGPIJm06u6D16CH6CildX/vxG7YgvvKzK8JGAbwrXAfk7OIW +czO2zRaZGDynoK3mAxHRBReyTKtNv8rDQhuZs6AOozJNARdbyUO/yqUnqNNygWuT +4htFDEuLPIJwAbMSD0BvFW6YQaPdxzaAZm3EWVNbwDzjgbBUdBiUUwRdZIFUhsjJ +dirFdy5+uuZru6y6CNC1OERkJ7P8EyoFiZckAIE5gshVZzNuyLOZjc5DhWBvLbX4 +NZElAnfiv+4nA6y8wQLSIbmHA3nqJaBklj85AAYp/gcDCNnoEKwFo86JYCE1J92R +HRQ7DoyAZpW1O0dTXL8Epk0sKsKDrCJOrIkDymsjfyBexADIeqOkioy/50wD2Mku +CVHKWO2duAiJN5t/FoRgpR1/Q11K6QdfqOG0HxwfIXLcPv7eSIso8kWorj+I01BP +Fn/atGEbIjdWaz/q2XHbu0Q3x6Et2gIsbLRVMhiYz1UG9uzGJ0TYCdBa2SFhs184 +52akMpD+XVdM0Sq9/Cx40Seo8hzERB96+GXnQ48q2OhlvcEXiFyD6M6wYCWbEV+6 +XQVMymbl22FPP/bD9ReQX2kjrkQlFAtmhr+0y8reMCbcxwLuQfA3173lSPo7jrbH +oLrGhkRpqd2bYCelqdy/XMmRFso0+7uytHfTFrUNfDWfmHVrygoVrNnarCbxMMI0 +I8Q+tKHMThWgf0rIOSh0+w38kOXFCEqEWF8YkAqCrMZIlJIed78rOCFgG4aHajZR +D8rpXdUOIr/WeUddK25Tu8IuNJb0kFf12IMgNh0nS+mzlqWiofS5kA0TeB8wBV6t +RotaeyDNSsMoowfN8cf1yHMTxli+K1Tasg003WVUoWgUc+EsJ5+KTNwaX5uGv0Cs +j6dg6/FVeVRL9UsyF+2kt7euX3mABuUtcVGx/ZKTq/MNGEh6/r3B5U37qt+FDRbw +ppKPc2AP+yBUWsQskyrxFgv4eSpcLEg+lgdz/zLyG4qW4lrFUoO790Cm/J6C7/WQ +Z+E8kcS8aINJkg1skahH31d59ZkbW9PVeJMFGzNb0Z2LowngNP/BMrJ0LT2CQyLs +UxbT16S/gwAyUpJnbhWYr3nDdlwtC0rVopVTPD7khPRppcsq1f8D70rdIxI4Ouuw +vbjNZ1EWRJ9f2Ywb++k/xgSXwJkGodUlrUr+3i8cv8mPx+fWvif9q7Y5Ex1wCRa8 +8FAj/o+hEbQlUlNBIDIwNDggRW5jIDxyc2EyMDQ4ZW5jQGV4YW1wbGUub3JnPokB +NAQTAQIAHgUCQuvabQIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRDImeqTRBlV +WRzJCACbRhx2fYjPGKta69M5dS+kr5UD/CQmsR2t9cB9zyqhratjPnKW9q13+4AG +P3aByT14IH1c5Mha8rJkNYD2wxmC8jrrcPiJIYoRG+W1sUATY/t8wBbNWF+r9h11 +m0lEpsmNVff/jU7SpNN6JQ3P7MHd5V85LlDoXIH6QYCLd0PjKU+jNvjiBe5VX0m9 +a1nacE3xoWc1vbM0DnqEuID78Qgkcrmm0ESeg1h+tRfHxSAyYNc/gPzm8eH6l+hj +gOvUc4Gd6LpBQSF8TcFfT2TZwJh7WVWDvNIP6FWAW7rzmHnX3wwXkGq4REWeVtk5 +yBPp6mOtWDiwaqLJYsoHWU11C8zYnQPEBELr2roBCADrgiWXZMzkQOntZa/NS56+ +CczLFQRQPl/8iJAW1eql/wOJ1UiwGSjT189WCKzE7vtazCIstdCFmwOs4DE6cz4S +UX4HjzjYHZwmMiuSrIefwuZ7cysMBsMXypQFyMSbqwh102xGvmLz3Z++rydx7Fzl +1RC/ny2+FN5dzYPO2DNtNi4dR2tjHktsxBWXAKCmxagAIwyxGouuEqDhYdFtwrA9 +Qy+M5n6fmGa1Dx07WWnbIud4uCilv8LPVKx5aJamDYWM3v7kS8n51MfTzeK/xoRM +2rsgzFdLJqPdbgd2nsD37fngqZnlp7tDxSVSuMckZoSKtq1QsNemtaQSYq7xjPst +AAYp/gcDCNnoEKwFo86JYAsxoD+wQ0zBi5RBM5EphXTpM1qKxmigsKOvBSaMmr0y +VjHtGY3poyV3t6VboOGCsFcaKm0tIdDL7vrxxwyYESETpF29b7QrYcoaLKMG7fsy +t9SUI3UV2H9uUquHgqHtsqz0jYOgm9tYnpesgQ/kOAWI/tej1ZJXUIWEmZMH/W6d +ATNvZ3ivwApfC0qF5G3oPgBSoIuQ/8I+pN/kmuyNAnJWNgagFhA/2VFBvh5XgztV +NW7G//KpR1scsn140SO/wpGBM3Kr4m8ztl9w9U6a7NlQZ2ub3/pIUTpSzyLBxJZ/ +RfuZI7ROdgDMKmEgCYrN2kfp0LIxnYL6ZJu3FDcS4V098lyf5rHvB3PAEdL6Zyhd +qYp3Sx68r0F4vzk5iAIWf6pG2YdfoP2Z48Pmq9xW8qD9iwFcoz9oAzDEMENn6dfq +6MzfoaXEoYp8cR/o+aeEaGUtYBHiaxQcJYx35B9IhsXXA49yRORK8qdwhSHxB3NQ +H3pUWkfw368f/A207hQVs9yYXlEvMZikxl58gldCd3BAPqHm/XzgknRRNQZBPPKJ +BMZebZ22Dm0qDuIqW4GXLB4sLf0+UXydVINIUOlzg+S4jrwx7eZqb6UkRXTIWVo5 +psTsD14wzWBRdUQHZOZD33+M8ugmewvLY/0Uix+2RorkmB7/jqoZvx/MehDwmCZd +VH8sb2wpZ55sj7gCXxvrfieQD/VeH54OwjjbtK56iYq56RVD0h1az8xDY2GZXeT7 +J0c3BGpuoca5xOFWr1SylAr/miEPxOBfnfk8oZQJvZrjSBGjsTbALep2vDJk8ROD +sdQCJuU1RHDrwKHlbUL0NbGRO2juJGsatdWnuVKsFbaFW2pHHkezKuwOcaAJv7Xt +8LRF17czAJ1uaLKwV8Paqx6UIv+089GbWZi7HIkBHwQYAQIACQUCQuvaugIbDAAK +CRDImeqTRBlVWS7XCACDVstKM+SHD6V0bkfO6ampHzj4krKjN0lonN5+7b7WKpgT +QHRYvPY8lUiIrjXGISQqEG9M5Bi5ea1aoBZem0P3U/lKheg0lYtA7dM3BqsA2EfG +RaDD9M5TFCqhy2VFR6Pk0MP7h5bkb2VxLUUQa4oNa1fT3q7zS875NvImO/HZ5UzW +T5d2Z5iwY6I2AOKYKt4kZhzXgbt5j2O3biDDXSfWwwAojWqbqVygepn047KVr7Al +2ug9hkY7tHz7U71HbZasroFgNPmP/UnAxmps4RKM28MRVPTI4cKUIdE3gIKFu3ou +EqEItQ13P+50i3QkALpz8d08tJbceeYzf6I2P4q6 +=QFm5 +-----END PGP PRIVATE KEY BLOCK----- +'); -- elg1024 / aes128 insert into encdata (id, data) values (1, ' -----BEGIN PGP MESSAGE----- @@ -537,6 +601,18 @@ ERROR: Wrong key select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) from keytbl, encdata where keytbl.id=4 and encdata.id=1; ERROR: No encryption key found +-- rsa: password-protected secret key, wrong password +select pgp_pub_decrypt(dearmor(data), dearmor(seckey), '123') +from keytbl, encdata where keytbl.id=7 and encdata.id=4; +ERROR: Corrupt data +-- rsa: password-protected secret key, right password +select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'parool') +from keytbl, encdata where keytbl.id=7 and encdata.id=4; + pgp_pub_decrypt +----------------- + Secret message. +(1 row) + -- password-protected secret key, no password select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) from keytbl, encdata where keytbl.id=5 and encdata.id=1; diff --git a/contrib/pgcrypto/fortuna.c b/contrib/pgcrypto/fortuna.c index 1228fb4ad0..7ab888fb98 100644 --- a/contrib/pgcrypto/fortuna.c +++ b/contrib/pgcrypto/fortuna.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -34,6 +34,7 @@ #include <sys/time.h> #include <time.h> +#include "px.h" #include "rijndael.h" #include "sha2.h" #include "fortuna.h" @@ -52,7 +53,7 @@ /* * There is some confusion about whether and how to carry forward - * the state of the pools. Seems like original Fortuna does not + * the state of the pools. Seems like original Fortuna does not * do it, resetting hash after each request. I guess expecting * feeding to happen more often that requesting. This is absolutely * unsuitable for pgcrypto, as nothing asynchronous happens here. @@ -76,7 +77,7 @@ * How many pools. * * Original Fortuna uses 32 pools, that means 32'th pool is - * used not earlier than in 13th year. This is a waste in + * used not earlier than in 13th year. This is a waste in * pgcrypto, as we have very low-frequancy seeding. Here * is preferable to have all entropy usable in reasonable time. * @@ -169,7 +170,7 @@ md_result(MD_CTX * ctx, uint8 *dst) memcpy(&tmp, ctx, sizeof(*ctx)); SHA256_Final(dst, &tmp); - memset(&tmp, 0, sizeof(tmp)); + px_memset(&tmp, 0, sizeof(tmp)); } /* @@ -243,7 +244,7 @@ enough_time_passed(FState *st) if (ok) memcpy(last, &tv, sizeof(tv)); - memset(&tv, 0, sizeof(tv)); + px_memset(&tv, 0, sizeof(tv)); return ok; } @@ -290,12 +291,12 @@ reseed(FState *st) /* use new key */ ciph_init(&st->ciph, st->key, BLOCK); - memset(&key_md, 0, sizeof(key_md)); - memset(buf, 0, BLOCK); + px_memset(&key_md, 0, sizeof(key_md)); + px_memset(buf, 0, BLOCK); } /* - * Pick a random pool. This uses key bytes as random source. + * Pick a random pool. This uses key bytes as random source. */ static unsigned get_rand_pool(FState *st) @@ -341,8 +342,8 @@ add_entropy(FState *st, const uint8 *data, unsigned len) if (pos == 0) st->pool0_bytes += len; - memset(hash, 0, BLOCK); - memset(&md, 0, sizeof(md)); + px_memset(hash, 0, BLOCK); + px_memset(&md, 0, sizeof(md)); } /* @@ -378,7 +379,7 @@ startup_tricks(FState *st) encrypt_counter(st, buf + CIPH_BLOCK); md_update(&st->pool[i], buf, BLOCK); } - memset(buf, 0, BLOCK); + px_memset(buf, 0, BLOCK); /* Hide the key. */ rekey(st); diff --git a/contrib/pgcrypto/fortuna.h b/contrib/pgcrypto/fortuna.h index 2e49f8aab8..bf9f4768d1 100644 --- a/contrib/pgcrypto/fortuna.h +++ b/contrib/pgcrypto/fortuna.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/imath.c b/contrib/pgcrypto/imath.c index 3286cd9d80..5c6ebebfe2 100644 --- a/contrib/pgcrypto/imath.c +++ b/contrib/pgcrypto/imath.c @@ -21,7 +21,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE @@ -211,7 +211,7 @@ static int s_vcmp(mp_int a, int v); static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); -/* Unsigned magnitude subtraction. Assumes dc is big enough. */ +/* Unsigned magnitude subtraction. Assumes dc is big enough. */ static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); @@ -2275,7 +2275,7 @@ mp_error_string(mp_result res) /* }}} */ /*------------------------------------------------------------------------*/ -/* Private functions for internal use. These make assumptions. */ +/* Private functions for internal use. These make assumptions. */ /* {{{ s_alloc(num) */ diff --git a/contrib/pgcrypto/imath.h b/contrib/pgcrypto/imath.h index f2b02d0cd7..0a4f0f713f 100644 --- a/contrib/pgcrypto/imath.h +++ b/contrib/pgcrypto/imath.h @@ -20,7 +20,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE @@ -117,14 +117,11 @@ mp_result mp_int_mul_value(mp_int a, int value, mp_int c); mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ -mp_result -mp_int_div(mp_int a, mp_int b, /* q = a / b */ +mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ mp_int q, mp_int r); /* r = a % b */ -mp_result -mp_int_div_value(mp_int a, int value, /* q = a / value */ +mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ mp_int q, int *r); /* r = a % value */ -mp_result -mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ +mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ mp_int q, mp_int r); /* r = q % 2^p2 */ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ @@ -143,17 +140,13 @@ int mp_int_divisible_value(mp_int a, int v); /* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ int mp_int_is_pow2(mp_int z); -mp_result -mp_int_exptmod(mp_int a, mp_int b, mp_int m, +mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c); /* c = a^b (mod m) */ -mp_result -mp_int_exptmod_evalue(mp_int a, int value, +mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c); /* c = a^v (mod m) */ -mp_result -mp_int_exptmod_bvalue(int value, mp_int b, +mp_result mp_int_exptmod_bvalue(int value, mp_int b, mp_int m, mp_int c); /* c = v^b (mod m) */ -mp_result -mp_int_exptmod_known(mp_int a, mp_int b, +mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); /* c = a^b (mod m) */ mp_result mp_int_redux_const(mp_int m, mp_int c); @@ -162,8 +155,7 @@ mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ -mp_result -mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ mp_int x, mp_int y); /* c = ax + by */ mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ diff --git a/contrib/pgcrypto/internal-sha2.c b/contrib/pgcrypto/internal-sha2.c index f86b47816b..55ec7e16bd 100644 --- a/contrib/pgcrypto/internal-sha2.c +++ b/contrib/pgcrypto/internal-sha2.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -84,7 +84,7 @@ int_sha224_free(PX_MD *h) { SHA224_CTX *ctx = (SHA224_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } @@ -132,7 +132,7 @@ int_sha256_free(PX_MD *h) { SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } @@ -180,7 +180,7 @@ int_sha384_free(PX_MD *h) { SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } @@ -228,7 +228,7 @@ int_sha512_free(PX_MD *h) { SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c index a02c943e04..cb8ba2633d 100644 --- a/contrib/pgcrypto/internal.c +++ b/contrib/pgcrypto/internal.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -142,7 +142,7 @@ int_md5_free(PX_MD *h) { MD5_CTX *ctx = (MD5_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } @@ -190,7 +190,7 @@ int_sha1_free(PX_MD *h) { SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr; - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); px_free(h); } @@ -265,7 +265,7 @@ intctx_free(PX_Cipher *c) if (cx) { - memset(cx, 0, sizeof *cx); + px_memset(cx, 0, sizeof *cx); px_free(cx); } px_free(c); @@ -658,7 +658,7 @@ system_reseed(void) skip = buf[0] >= SYSTEM_RESEED_CHANCE; } /* clear 1 byte */ - memset(buf, 0, sizeof(buf)); + px_memset(buf, 0, sizeof(buf)); if (skip) return; @@ -668,7 +668,7 @@ system_reseed(void) fortuna_add_entropy(buf, n); seed_time = t; - memset(buf, 0, sizeof(buf)); + px_memset(buf, 0, sizeof(buf)); } int diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c index a2c5293efb..6124e4513c 100644 --- a/contrib/pgcrypto/mbuf.c +++ b/contrib/pgcrypto/mbuf.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -69,7 +69,7 @@ mbuf_free(MBuf *mbuf) { if (mbuf->own_data) { - memset(mbuf->data, 0, mbuf->buf_end - mbuf->data); + px_memset(mbuf->data, 0, mbuf->buf_end - mbuf->data); px_free(mbuf->data); } px_free(mbuf); @@ -249,11 +249,11 @@ pullf_free(PullFilter *pf) if (pf->buf) { - memset(pf->buf, 0, pf->buflen); + px_memset(pf->buf, 0, pf->buflen); px_free(pf->buf); } - memset(pf, 0, sizeof(*pf)); + px_memset(pf, 0, sizeof(*pf)); px_free(pf); } @@ -298,7 +298,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf) if (res < 0) { /* so the caller must clear only on success */ - memset(tmpbuf, 0, total); + px_memset(tmpbuf, 0, total); return res; } if (res == 0) @@ -415,11 +415,11 @@ pushf_free(PushFilter *mp) if (mp->buf) { - memset(mp->buf, 0, mp->block_size); + px_memset(mp->buf, 0, mp->block_size); px_free(mp->buf); } - memset(mp, 0, sizeof(*mp)); + px_memset(mp, 0, sizeof(*mp)); px_free(mp); } diff --git a/contrib/pgcrypto/mbuf.h b/contrib/pgcrypto/mbuf.h index da016c0a53..988293a729 100644 --- a/contrib/pgcrypto/mbuf.h +++ b/contrib/pgcrypto/mbuf.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/md5.c b/contrib/pgcrypto/md5.c index 08227a809c..cac4e408ab 100644 --- a/contrib/pgcrypto/md5.c +++ b/contrib/pgcrypto/md5.c @@ -19,7 +19,7 @@ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/md5.h b/contrib/pgcrypto/md5.h index 03b9ab58ba..07d08c134d 100644 --- a/contrib/pgcrypto/md5.h +++ b/contrib/pgcrypto/md5.h @@ -20,7 +20,7 @@ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c index ad7fb9ee0e..976af70591 100644 --- a/contrib/pgcrypto/openssl.c +++ b/contrib/pgcrypto/openssl.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -142,7 +142,7 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx) static int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); return 1; } @@ -381,7 +381,7 @@ gen_ossl_free(PX_Cipher *c) { ossldata *od = (ossldata *) c->ptr; - memset(od, 0, sizeof(*od)); + px_memset(od, 0, sizeof(*od)); px_free(od); px_free(c); } @@ -429,8 +429,8 @@ bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv) /* * Test if key len is supported. BF_set_key silently cut large keys and it - * could be be a problem when user transfer crypted data from one server - * to another. + * could be a problem when user transfer crypted data from one server to + * another. */ if (bf_is_strong == -1) diff --git a/contrib/pgcrypto/pgcrypto--1.0--1.1.sql b/contrib/pgcrypto/pgcrypto--1.0--1.1.sql new file mode 100644 index 0000000000..42e0c7fffc --- /dev/null +++ b/contrib/pgcrypto/pgcrypto--1.0--1.1.sql @@ -0,0 +1,9 @@ +/* contrib/pgcrypto/pgcrypto--1.0--1.1.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION pgcrypto UPDATE TO '1.1'" to load this file. \quit + +CREATE FUNCTION gen_random_uuid() +RETURNS uuid +AS 'MODULE_PATHNAME', 'pg_random_uuid' +LANGUAGE C VOLATILE; diff --git a/contrib/pgcrypto/pgcrypto--1.0.sql b/contrib/pgcrypto/pgcrypto--1.1.sql index 347825ea07..a260857d30 100644 --- a/contrib/pgcrypto/pgcrypto--1.0.sql +++ b/contrib/pgcrypto/pgcrypto--1.1.sql @@ -1,4 +1,4 @@ -/* contrib/pgcrypto/pgcrypto--1.0.sql */ +/* contrib/pgcrypto/pgcrypto--1.1.sql */ -- complain if script is sourced in psql, rather than via CREATE EXTENSION \echo Use "CREATE EXTENSION pgcrypto" to load this file. \quit @@ -63,6 +63,11 @@ RETURNS bytea AS 'MODULE_PATHNAME', 'pg_random_bytes' LANGUAGE C VOLATILE STRICT; +CREATE FUNCTION gen_random_uuid() +RETURNS uuid +AS 'MODULE_PATHNAME', 'pg_random_uuid' +LANGUAGE C VOLATILE; + -- -- pgp_sym_encrypt(data, key) -- diff --git a/contrib/pgcrypto/pgcrypto.c b/contrib/pgcrypto/pgcrypto.c index a441ca77f1..2d446d8cc9 100644 --- a/contrib/pgcrypto/pgcrypto.c +++ b/contrib/pgcrypto/pgcrypto.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -35,6 +35,7 @@ #include "parser/scansup.h" #include "utils/builtins.h" +#include "utils/uuid.h" #include "px.h" #include "px-crypt.h" @@ -443,6 +444,32 @@ pg_random_bytes(PG_FUNCTION_ARGS) PG_RETURN_BYTEA_P(res); } +/* SQL function: gen_random_uuid() returns uuid */ +PG_FUNCTION_INFO_V1(pg_random_uuid); + +Datum +pg_random_uuid(PG_FUNCTION_ARGS) +{ + uint8 *buf = (uint8 *) palloc(UUID_LEN); + int err; + + /* generate random bits */ + err = px_get_pseudo_random_bytes(buf, UUID_LEN); + if (err < 0) + ereport(ERROR, + (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION), + errmsg("Random generator error: %s", px_strerror(err)))); + + /* + * Set magic numbers for a "version 4" (pseudorandom) UUID, see + * http://tools.ietf.org/html/rfc4122#section-4.4 + */ + buf[6] = (buf[6] & 0x0f) | 0x40; /* "version" field */ + buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */ + + PG_RETURN_UUID_P((pg_uuid_t *) buf); +} + static void * find_provider(text *name, PFN provider_lookup, diff --git a/contrib/pgcrypto/pgcrypto.control b/contrib/pgcrypto/pgcrypto.control index 8375cf9e7b..7f79d044ab 100644 --- a/contrib/pgcrypto/pgcrypto.control +++ b/contrib/pgcrypto/pgcrypto.control @@ -1,5 +1,5 @@ # pgcrypto extension comment = 'cryptographic functions' -default_version = '1.0' +default_version = '1.1' module_pathname = '$libdir/pgcrypto' relocatable = true diff --git a/contrib/pgcrypto/pgcrypto.h b/contrib/pgcrypto/pgcrypto.h index 6284ba2406..dfc7a10590 100644 --- a/contrib/pgcrypto/pgcrypto.h +++ b/contrib/pgcrypto/pgcrypto.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -45,5 +45,6 @@ Datum pg_decrypt(PG_FUNCTION_ARGS); Datum pg_encrypt_iv(PG_FUNCTION_ARGS); Datum pg_decrypt_iv(PG_FUNCTION_ARGS); Datum pg_random_bytes(PG_FUNCTION_ARGS); +Datum pg_random_uuid(PG_FUNCTION_ARGS); #endif diff --git a/contrib/pgcrypto/pgp-armor.c b/contrib/pgcrypto/pgp-armor.c index 87adf91125..40f20550ea 100644 --- a/contrib/pgcrypto/pgp-armor.c +++ b/contrib/pgcrypto/pgp-armor.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -32,7 +32,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" /* diff --git a/contrib/pgcrypto/pgp-cfb.c b/contrib/pgcrypto/pgp-cfb.c index 7cf9bf0b8c..1d99915f9d 100644 --- a/contrib/pgcrypto/pgp-cfb.c +++ b/contrib/pgcrypto/pgp-cfb.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -31,7 +31,6 @@ #include "postgres.h" -#include "mbuf.h" #include "px.h" #include "pgp.h" @@ -85,12 +84,12 @@ void pgp_cfb_free(PGP_CFB *ctx) { px_cipher_free(ctx->ciph); - memset(ctx, 0, sizeof(*ctx)); + px_memset(ctx, 0, sizeof(*ctx)); px_free(ctx); } /* - * Data processing for normal CFB. (PGP_PKT_SYMENCRYPTED_DATA_MDC) + * Data processing for normal CFB. (PGP_PKT_SYMENCRYPTED_DATA_MDC) */ static int mix_encrypt_normal(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c index c592453402..57efe73338 100644 --- a/contrib/pgcrypto/pgp-compress.c +++ b/contrib/pgcrypto/pgp-compress.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -31,7 +31,6 @@ #include "postgres.h" -#include "mbuf.h" #include "px.h" #include "pgp.h" @@ -175,7 +174,7 @@ compress_free(void *priv) struct ZipStat *st = priv; deflateEnd(&st->stream); - memset(st, 0, sizeof(*st)); + px_memset(st, 0, sizeof(*st)); px_free(st); } @@ -298,7 +297,7 @@ decompress_free(void *priv) struct DecomprData *dec = priv; inflateEnd(&dec->stream); - memset(dec, 0, sizeof(*dec)); + px_memset(dec, 0, sizeof(*dec)); px_free(dec); } diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c index c9aa6cd66a..e03ee7f5f0 100644 --- a/contrib/pgcrypto/pgp-decrypt.c +++ b/contrib/pgcrypto/pgp-decrypt.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -210,7 +210,7 @@ pktreader_free(void *priv) { struct PktData *pkt = priv; - memset(pkt, 0, sizeof(*pkt)); + px_memset(pkt, 0, sizeof(*pkt)); px_free(pkt); } @@ -257,7 +257,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src) if (res != len + 2) { px_debug("prefix_init: short read"); - memset(tmpbuf, 0, sizeof(tmpbuf)); + px_memset(tmpbuf, 0, sizeof(tmpbuf)); return PXE_PGP_CORRUPT_DATA; } @@ -280,7 +280,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src) */ ctx->corrupt_prefix = 1; } - memset(tmpbuf, 0, sizeof(tmpbuf)); + px_memset(tmpbuf, 0, sizeof(tmpbuf)); return 0; } @@ -395,8 +395,8 @@ mdc_finish(PGP_Context *ctx, PullFilter *src, */ px_md_finish(ctx->mdc_ctx, hash); res = memcmp(hash, *data_p, 20); - memset(hash, 0, 20); - memset(tmpbuf, 0, sizeof(tmpbuf)); + px_memset(hash, 0, 20); + px_memset(tmpbuf, 0, sizeof(tmpbuf)); if (res != 0) { px_debug("mdc_finish: mdc failed"); @@ -493,7 +493,7 @@ mdcbuf_finish(struct MDCBufData * st) px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2); px_md_finish(st->ctx->mdc_ctx, hash); res = memcmp(hash, st->mdc_buf + 2, 20); - memset(hash, 0, 20); + px_memset(hash, 0, 20); if (res) { px_debug("mdcbuf_finish: MDC does not match"); @@ -593,7 +593,7 @@ mdcbuf_free(void *priv) px_md_free(st->ctx->mdc_ctx); st->ctx->mdc_ctx = NULL; - memset(st, 0, sizeof(*st)); + px_memset(st, 0, sizeof(*st)); px_free(st); } @@ -703,7 +703,7 @@ parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src) res = decrypt_key(ctx, p, res); } - memset(tmpbuf, 0, sizeof(tmpbuf)); + px_memset(tmpbuf, 0, sizeof(tmpbuf)); return res; } @@ -753,6 +753,7 @@ copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr) if (res < 0) return res; } + px_memset(tmpbuf, 0, sizeof(tmpbuf)); return 0; } @@ -792,7 +793,7 @@ parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt) px_debug("parse_literal_data: unexpected eof"); return PXE_PGP_CORRUPT_DATA; } - memset(tmpbuf, 0, 4); + px_memset(tmpbuf, 0, 4); /* check if text */ if (ctx->text_mode) diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c index 3b9b5d20ed..2320c7574b 100644 --- a/contrib/pgcrypto/pgp-encrypt.c +++ b/contrib/pgcrypto/pgp-encrypt.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -128,7 +128,7 @@ mdc_flush(PushFilter *dst, void *priv) px_md_finish(md, pkt + 2); res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN); - memset(pkt, 0, 2 + MDC_DIGEST_LEN); + px_memset(pkt, 0, 2 + MDC_DIGEST_LEN); return res; } @@ -217,7 +217,7 @@ encrypt_free(void *priv) { struct EncStat *st = priv; - memset(st, 0, sizeof(*st)); + px_memset(st, 0, sizeof(*st)); px_free(st); } @@ -299,7 +299,7 @@ pkt_stream_free(void *priv) { struct PktStreamStat *st = priv; - memset(st, 0, sizeof(*st)); + px_memset(st, 0, sizeof(*st)); px_free(st); } @@ -490,7 +490,7 @@ write_prefix(PGP_Context *ctx, PushFilter *dst) prefix[bs + 1] = prefix[bs - 1]; res = pushf_write(dst, prefix, bs + 2); - memset(prefix, 0, bs + 2); + px_memset(prefix, 0, bs + 2); return res < 0 ? res : 0; } @@ -552,7 +552,7 @@ write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst) if (res >= 0) res = pushf_write(dst, pkt, pktlen); - memset(pkt, 0, pktlen); + px_memset(pkt, 0, pktlen); return res; } diff --git a/contrib/pgcrypto/pgp-info.c b/contrib/pgcrypto/pgp-info.c index b75266f18c..9bfbbe6d0c 100644 --- a/contrib/pgcrypto/pgp-info.c +++ b/contrib/pgcrypto/pgp-info.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/pgp-mpi-internal.c b/contrib/pgcrypto/pgp-mpi-internal.c index d0e5830fe0..be95f2d092 100644 --- a/contrib/pgcrypto/pgp-mpi-internal.c +++ b/contrib/pgcrypto/pgp-mpi-internal.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -33,7 +33,6 @@ #include "imath.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" static mpz_t * @@ -147,7 +146,7 @@ bn_to_mpi(mpz_t *bn) * * Until I research it further, I just mimic gpg behaviour. * It has a special mapping table, for values <= 5120, - * above that it uses 'arbitrary high number'. Following + * above that it uses 'arbitrary high number'. Following * algorihm hovers 10-70 bits above gpg values. And for * larger p, it uses gpg's algorihm. * diff --git a/contrib/pgcrypto/pgp-mpi-openssl.c b/contrib/pgcrypto/pgp-mpi-openssl.c index ed41e1151c..24484a6c54 100644 --- a/contrib/pgcrypto/pgp-mpi-openssl.c +++ b/contrib/pgcrypto/pgp-mpi-openssl.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -33,7 +33,6 @@ #include <openssl/bn.h> #include "px.h" -#include "mbuf.h" #include "pgp.h" static BIGNUM * @@ -82,7 +81,7 @@ bn_to_mpi(BIGNUM *bn) * * Until I research it further, I just mimic gpg behaviour. * It has a special mapping table, for values <= 5120, - * above that it uses 'arbitrary high number'. Following + * above that it uses 'arbitrary high number'. Following * algorihm hovers 10-70 bits above gpg values. And for * larger p, it uses gpg's algorihm. * diff --git a/contrib/pgcrypto/pgp-mpi.c b/contrib/pgcrypto/pgp-mpi.c index c8765b6d14..1da52acc9a 100644 --- a/contrib/pgcrypto/pgp-mpi.c +++ b/contrib/pgcrypto/pgp-mpi.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -31,7 +31,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" int @@ -72,7 +71,7 @@ pgp_mpi_free(PGP_MPI *mpi) { if (mpi == NULL) return 0; - memset(mpi, 0, sizeof(*mpi) + mpi->bytes); + px_memset(mpi, 0, sizeof(*mpi) + mpi->bytes); px_free(mpi); return 0; } diff --git a/contrib/pgcrypto/pgp-pgsql.c b/contrib/pgcrypto/pgp-pgsql.c index d4eec03cc7..ad1fd08427 100644 --- a/contrib/pgcrypto/pgp-pgsql.c +++ b/contrib/pgcrypto/pgp-pgsql.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -41,23 +41,6 @@ /* * public functions */ -Datum pgp_sym_encrypt_text(PG_FUNCTION_ARGS); -Datum pgp_sym_encrypt_bytea(PG_FUNCTION_ARGS); -Datum pgp_sym_decrypt_text(PG_FUNCTION_ARGS); -Datum pgp_sym_decrypt_bytea(PG_FUNCTION_ARGS); - -Datum pgp_pub_encrypt_text(PG_FUNCTION_ARGS); -Datum pgp_pub_encrypt_bytea(PG_FUNCTION_ARGS); -Datum pgp_pub_decrypt_text(PG_FUNCTION_ARGS); -Datum pgp_pub_decrypt_bytea(PG_FUNCTION_ARGS); - -Datum pgp_key_id_w(PG_FUNCTION_ARGS); - -Datum pg_armor(PG_FUNCTION_ARGS); -Datum pg_dearmor(PG_FUNCTION_ARGS); - -/* function headers */ - PG_FUNCTION_INFO_V1(pgp_sym_encrypt_bytea); PG_FUNCTION_INFO_V1(pgp_sym_encrypt_text); PG_FUNCTION_INFO_V1(pgp_sym_decrypt_bytea); @@ -87,11 +70,11 @@ add_block_entropy(PX_MD *md, text *data) px_add_entropy(sha1, 20); - memset(sha1, 0, 20); + px_memset(sha1, 0, 20); } /* - * Mix user data into RNG. It is for user own interests to have + * Mix user data into RNG. It is for user own interests to have * RNG state shuffled. */ static void @@ -129,7 +112,7 @@ add_entropy(text *data1, text *data2, text *data3) add_block_entropy(md, data3); px_md_free(md); - memset(rnd, 0, sizeof(rnd)); + px_memset(rnd, 0, sizeof(rnd)); } /* @@ -167,7 +150,7 @@ convert_to_utf8(text *src) static void clear_and_pfree(text *p) { - memset(p, 0, VARSIZE(p)); + px_memset(p, 0, VARSIZE(p)); pfree(p); } @@ -308,7 +291,7 @@ set_arg(PGP_Context *ctx, char *key, char *val, } /* - * Find next word. Handle ',' and '=' as words. Skip whitespace. + * Find next word. Handle ',' and '=' as words. Skip whitespace. * Put word info into res_p, res_len. * Returns ptr to next word. */ diff --git a/contrib/pgcrypto/pgp-pubdec.c b/contrib/pgcrypto/pgp-pubdec.c index fe5fae0c42..b925ff8599 100644 --- a/contrib/pgcrypto/pgp-pubdec.c +++ b/contrib/pgcrypto/pgp-pubdec.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -31,7 +31,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" /* diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c index 943d2e49f5..3b43bb61c0 100644 --- a/contrib/pgcrypto/pgp-pubenc.c +++ b/contrib/pgcrypto/pgp-pubenc.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -31,7 +31,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" /* @@ -73,7 +72,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) if (res < 0) { - memset(buf, 0, res_len); + px_memset(buf, 0, res_len); px_free(buf); return res; } @@ -123,10 +122,10 @@ create_secmsg(PGP_Context *ctx, PGP_MPI **msg_p, int full_bytes) if (padded) { - memset(padded, 0, full_bytes); + px_memset(padded, 0, full_bytes); px_free(padded); } - memset(secmsg, 0, klen + 3); + px_memset(secmsg, 0, klen + 3); px_free(secmsg); if (res >= 0) diff --git a/contrib/pgcrypto/pgp-pubkey.c b/contrib/pgcrypto/pgp-pubkey.c index 283e0ec17e..f898d72ae9 100644 --- a/contrib/pgcrypto/pgp-pubkey.c +++ b/contrib/pgcrypto/pgp-pubkey.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -77,7 +77,7 @@ pgp_key_free(PGP_PubKey *pk) pgp_mpi_free(pk->sec.dsa.x); break; } - memset(pk, 0, sizeof(*pk)); + px_memset(pk, 0, sizeof(*pk)); px_free(pk); } @@ -150,7 +150,7 @@ calc_key_id(PGP_PubKey *pk) px_md_free(md); memcpy(pk->key_id, hash + 12, 8); - memset(hash, 0, 20); + px_memset(hash, 0, 20); return 0; } @@ -291,8 +291,8 @@ check_key_sha1(PullFilter *src, PGP_PubKey *pk) res = PXE_PGP_KEYPKT_CORRUPT; } err: - memset(got_sha1, 0, 20); - memset(my_sha1, 0, 20); + px_memset(got_sha1, 0, 20); + px_memset(my_sha1, 0, 20); return res; } @@ -408,16 +408,16 @@ process_secret_key(PullFilter *pkt, PGP_PubKey **pk_p, case PGP_PUB_RSA_SIGN: case PGP_PUB_RSA_ENCRYPT: case PGP_PUB_RSA_ENCRYPT_SIGN: - res = pgp_mpi_read(pkt, &pk->sec.rsa.d); + res = pgp_mpi_read(pf_key, &pk->sec.rsa.d); if (res < 0) break; - res = pgp_mpi_read(pkt, &pk->sec.rsa.p); + res = pgp_mpi_read(pf_key, &pk->sec.rsa.p); if (res < 0) break; - res = pgp_mpi_read(pkt, &pk->sec.rsa.q); + res = pgp_mpi_read(pf_key, &pk->sec.rsa.q); if (res < 0) break; - res = pgp_mpi_read(pkt, &pk->sec.rsa.u); + res = pgp_mpi_read(pf_key, &pk->sec.rsa.u); if (res < 0) break; break; diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c index 349234e243..193dd95173 100644 --- a/contrib/pgcrypto/pgp-s2k.c +++ b/contrib/pgcrypto/pgp-s2k.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -32,7 +32,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" static int @@ -75,6 +74,7 @@ calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key, remain = 0; } } + px_memset(buf, 0, sizeof(buf)); return 0; } @@ -118,6 +118,7 @@ calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len) remain = 0; } } + px_memset(buf, 0, sizeof(buf)); return 0; } @@ -189,6 +190,7 @@ calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, remain = 0; } } + px_memset(buf, 0, sizeof(buf)); return 0; } diff --git a/contrib/pgcrypto/pgp.c b/contrib/pgcrypto/pgp.c index b8a6bc49b4..03fe48fb64 100644 --- a/contrib/pgcrypto/pgp.c +++ b/contrib/pgcrypto/pgp.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -32,7 +32,6 @@ #include "postgres.h" #include "px.h" -#include "mbuf.h" #include "pgp.h" /* @@ -225,7 +224,7 @@ pgp_free(PGP_Context *ctx) { if (ctx->pub_key) pgp_key_free(ctx->pub_key); - memset(ctx, 0, sizeof *ctx); + px_memset(ctx, 0, sizeof *ctx); px_free(ctx); return 0; } diff --git a/contrib/pgcrypto/pgp.h b/contrib/pgcrypto/pgp.h index 7ae01ccc4d..8d4ab9862d 100644 --- a/contrib/pgcrypto/pgp.h +++ b/contrib/pgcrypto/pgp.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -29,6 +29,9 @@ * contrib/pgcrypto/pgp.h */ +#include "mbuf.h" +#include "px.h" + enum PGP_S2K_TYPE { PGP_S2K_SIMPLE = 0, @@ -265,8 +268,7 @@ int pgp_s2k_read(PullFilter *src, PGP_S2K *s2k); int pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int klen); typedef struct PGP_CFB PGP_CFB; -int -pgp_cfb_create(PGP_CFB **ctx_p, int algo, +int pgp_cfb_create(PGP_CFB **ctx_p, int algo, const uint8 *key, int key_len, int recync, uint8 *iv); void pgp_cfb_free(PGP_CFB *ctx); int pgp_cfb_encrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst); diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c index 63ec038dc5..7b003a76ca 100644 --- a/contrib/pgcrypto/px-crypt.c +++ b/contrib/pgcrypto/px-crypt.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -158,7 +158,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds) return res; p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN); - memset(rbuf, 0, sizeof(rbuf)); + px_memset(rbuf, 0, sizeof(rbuf)); if (p == NULL) return PXE_BAD_SALT_ROUNDS; diff --git a/contrib/pgcrypto/px-crypt.h b/contrib/pgcrypto/px-crypt.h index 7dde9ab77b..24daee743c 100644 --- a/contrib/pgcrypto/px-crypt.h +++ b/contrib/pgcrypto/px-crypt.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/px-hmac.c b/contrib/pgcrypto/px-hmac.c index 36efabd4a3..06e5148f1b 100644 --- a/contrib/pgcrypto/px-hmac.c +++ b/contrib/pgcrypto/px-hmac.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -75,7 +75,7 @@ hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen) h->p.opad[i] = keybuf[i] ^ HMAC_OPAD; } - memset(keybuf, 0, bs); + px_memset(keybuf, 0, bs); px_free(keybuf); px_md_update(md, h->p.ipad, bs); @@ -117,7 +117,7 @@ hmac_finish(PX_HMAC *h, uint8 *dst) px_md_update(md, buf, hlen); px_md_finish(md, dst); - memset(buf, 0, hlen); + px_memset(buf, 0, hlen); px_free(buf); } @@ -129,8 +129,8 @@ hmac_free(PX_HMAC *h) bs = px_md_block_size(h->md); px_md_free(h->md); - memset(h->p.ipad, 0, bs); - memset(h->p.opad, 0, bs); + px_memset(h->p.ipad, 0, bs); + px_memset(h->p.opad, 0, bs); px_free(h->p.ipad); px_free(h->p.opad); px_free(h); diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index f23d4de573..93c436daa0 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -104,6 +104,12 @@ px_strerror(int err) return "Bad error code"; } +/* memset that must not be optimized away */ +void +px_memset(void *ptr, int c, size_t len) +{ + memset(ptr, c, len); +} const char * px_resolve_alias(const PX_Alias *list, const char *name) @@ -327,7 +333,7 @@ combo_free(PX_Combo *cx) { if (cx->cipher) px_cipher_free(cx->cipher); - memset(cx, 0, sizeof(*cx)); + px_memset(cx, 0, sizeof(*cx)); px_free(cx); } diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h index 80e8624460..a01a58e29c 100644 --- a/contrib/pgcrypto/px.h +++ b/contrib/pgcrypto/px.h @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -203,6 +203,8 @@ const char *px_resolve_alias(const PX_Alias *aliases, const char *name); void px_set_debug_handler(void (*handler) (const char *)); +void px_memset(void *ptr, int c, size_t len); + #ifdef PX_DEBUG void px_debug(const char *fmt,...) diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c index 393a0be983..3f092ca346 100644 --- a/contrib/pgcrypto/random.c +++ b/contrib/pgcrypto/random.c @@ -17,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/rijndael.c b/contrib/pgcrypto/rijndael.c index 5651d03750..4adbcc1f91 100644 --- a/contrib/pgcrypto/rijndael.c +++ b/contrib/pgcrypto/rijndael.c @@ -7,12 +7,12 @@ /* RIJNDAEL by Joan Daemen and Vincent Rijmen */ /* */ /* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ +/* programme of the US National Institute of Standards and Technology. */ /* */ /* Copyright in this implementation is held by Dr B R Gladman but I */ /* hereby give permission for its free direct or derivative use subject */ /* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ +/* that the originators of the algorithm place on its exploitation. */ /* */ /* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ @@ -188,7 +188,7 @@ gen_tabs(void) /* rijndael specification is in big endian format with */ /* bit 0 as the most significant bit. In the remainder */ /* of the specification the bits are numbered from the */ - /* least significant end of a byte. */ + /* least significant end of a byte. */ for (i = 0; i < 256; ++i) { diff --git a/contrib/pgcrypto/rijndael.h b/contrib/pgcrypto/rijndael.h index fb30e46c14..e536c61a6f 100644 --- a/contrib/pgcrypto/rijndael.h +++ b/contrib/pgcrypto/rijndael.h @@ -8,12 +8,12 @@ /* RIJNDAEL by Joan Daemen and Vincent Rijmen */ /* */ /* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ +/* programme of the US National Institute of Standards and Technology. */ /* */ /* Copyright in this implementation is held by Dr B R Gladman but I */ /* hereby give permission for its free direct or derivative use subject */ /* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ +/* that the originators of the algorithm place on its exploitation. */ /* */ /* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ diff --git a/contrib/pgcrypto/sha1.c b/contrib/pgcrypto/sha1.c index ac406faf7e..0e753ce63a 100644 --- a/contrib/pgcrypto/sha1.c +++ b/contrib/pgcrypto/sha1.c @@ -19,7 +19,7 @@ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/sha1.h b/contrib/pgcrypto/sha1.h index 3e0931efbc..5532ca160d 100644 --- a/contrib/pgcrypto/sha1.h +++ b/contrib/pgcrypto/sha1.h @@ -20,7 +20,7 @@ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/sha2.c b/contrib/pgcrypto/sha2.c index 5de94b2fcd..231f9dfbb0 100644 --- a/contrib/pgcrypto/sha2.c +++ b/contrib/pgcrypto/sha2.c @@ -22,7 +22,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -40,6 +40,7 @@ #include <sys/param.h> +#include "px.h" #include "sha2.h" /* @@ -570,7 +571,7 @@ SHA256_Final(uint8 digest[], SHA256_CTX *context) } /* Clean up state data: */ - memset(context, 0, sizeof(*context)); + px_memset(context, 0, sizeof(*context)); } @@ -899,7 +900,7 @@ SHA512_Final(uint8 digest[], SHA512_CTX *context) } /* Zero out state data */ - memset(context, 0, sizeof(*context)); + px_memset(context, 0, sizeof(*context)); } @@ -944,7 +945,7 @@ SHA384_Final(uint8 digest[], SHA384_CTX *context) } /* Zero out state data */ - memset(context, 0, sizeof(*context)); + px_memset(context, 0, sizeof(*context)); } /*** SHA-224: *********************************************************/ @@ -987,5 +988,5 @@ SHA224_Final(uint8 digest[], SHA224_CTX *context) } /* Clean up state data: */ - memset(context, 0, sizeof(*context)); + px_memset(context, 0, sizeof(*context)); } diff --git a/contrib/pgcrypto/sha2.h b/contrib/pgcrypto/sha2.h index df77a7a659..501f0e0446 100644 --- a/contrib/pgcrypto/sha2.h +++ b/contrib/pgcrypto/sha2.h @@ -23,7 +23,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) diff --git a/contrib/pgcrypto/sql/pgp-encrypt.sql b/contrib/pgcrypto/sql/pgp-encrypt.sql index cac37c8442..a9ac0b924b 100644 --- a/contrib/pgcrypto/sql/pgp-encrypt.sql +++ b/contrib/pgcrypto/sql/pgp-encrypt.sql @@ -8,7 +8,7 @@ select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key'); -- check whether the defaults are ok select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=aes128, + 'key', 'expect-cipher-algo=aes128, expect-disable-mdc=0, expect-sess-key=0, expect-s2k-mode=3, @@ -18,7 +18,7 @@ select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), -- maybe the expect- stuff simply does not work select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), - 'key', 'expect-cipher-algo=bf, + 'key', 'expect-cipher-algo=bf, expect-disable-mdc=1, expect-sess-key=1, expect-s2k-mode=0, @@ -36,62 +36,62 @@ select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz'); -- algorithm change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'), - 'key', 'expect-cipher-algo=bf'); + 'key', 'expect-cipher-algo=bf'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'), - 'key', 'expect-cipher-algo=aes128'); + 'key', 'expect-cipher-algo=aes128'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'), - 'key', 'expect-cipher-algo=aes192'); + 'key', 'expect-cipher-algo=aes192'); -- s2k change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'), - 'key', 'expect-s2k-mode=0'); + 'key', 'expect-s2k-mode=0'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'), - 'key', 'expect-s2k-mode=1'); + 'key', 'expect-s2k-mode=1'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'), - 'key', 'expect-s2k-mode=3'); + 'key', 'expect-s2k-mode=3'); -- s2k digest change select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); + 'key', 'expect-s2k-digest-algo=md5'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), - 'key', 'expect-s2k-digest-algo=sha1'); + 'key', 'expect-s2k-digest-algo=sha1'); -- sess key select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'), - 'key', 'expect-sess-key=0'); + 'key', 'expect-sess-key=0'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'), - 'key', 'expect-sess-key=1'); + 'key', 'expect-sess-key=1'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'), - 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); + 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); + 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'), - 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); + 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); -- no mdc select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'), - 'key', 'expect-disable-mdc=1'); + 'key', 'expect-disable-mdc=1'); -- crlf select encode(pgp_sym_decrypt_bytea( pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'), - 'key'), 'hex'); + 'key'), 'hex'); -- conversion should be lossless select encode(digest(pgp_sym_decrypt( pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'), - 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, + 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect; diff --git a/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql b/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql index cc82420084..f8495d1e54 100644 --- a/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql +++ b/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql @@ -426,6 +426,71 @@ hbt6LhKhCLUNdz/udIt0JAC6c/HdPLSW3HnmM3+iNj+Kug== -----END PGP PRIVATE KEY BLOCK----- '); +insert into keytbl (id, name, pubkey, seckey) +values (7, 'rsaenc2048-psw', ' +same key with password +', ' +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +lQPEBELr2m0BCADOrnknlnXI0EzRExf/TgoHvK7Xx/E0keWqV3KrOyC3/tY2KOrj +UVxaAX5pkFX9wdQObGPIJm06u6D16CH6CildX/vxG7YgvvKzK8JGAbwrXAfk7OIW +czO2zRaZGDynoK3mAxHRBReyTKtNv8rDQhuZs6AOozJNARdbyUO/yqUnqNNygWuT +4htFDEuLPIJwAbMSD0BvFW6YQaPdxzaAZm3EWVNbwDzjgbBUdBiUUwRdZIFUhsjJ +dirFdy5+uuZru6y6CNC1OERkJ7P8EyoFiZckAIE5gshVZzNuyLOZjc5DhWBvLbX4 +NZElAnfiv+4nA6y8wQLSIbmHA3nqJaBklj85AAYp/gcDCNnoEKwFo86JYCE1J92R +HRQ7DoyAZpW1O0dTXL8Epk0sKsKDrCJOrIkDymsjfyBexADIeqOkioy/50wD2Mku +CVHKWO2duAiJN5t/FoRgpR1/Q11K6QdfqOG0HxwfIXLcPv7eSIso8kWorj+I01BP +Fn/atGEbIjdWaz/q2XHbu0Q3x6Et2gIsbLRVMhiYz1UG9uzGJ0TYCdBa2SFhs184 +52akMpD+XVdM0Sq9/Cx40Seo8hzERB96+GXnQ48q2OhlvcEXiFyD6M6wYCWbEV+6 +XQVMymbl22FPP/bD9ReQX2kjrkQlFAtmhr+0y8reMCbcxwLuQfA3173lSPo7jrbH +oLrGhkRpqd2bYCelqdy/XMmRFso0+7uytHfTFrUNfDWfmHVrygoVrNnarCbxMMI0 +I8Q+tKHMThWgf0rIOSh0+w38kOXFCEqEWF8YkAqCrMZIlJIed78rOCFgG4aHajZR +D8rpXdUOIr/WeUddK25Tu8IuNJb0kFf12IMgNh0nS+mzlqWiofS5kA0TeB8wBV6t +RotaeyDNSsMoowfN8cf1yHMTxli+K1Tasg003WVUoWgUc+EsJ5+KTNwaX5uGv0Cs +j6dg6/FVeVRL9UsyF+2kt7euX3mABuUtcVGx/ZKTq/MNGEh6/r3B5U37qt+FDRbw +ppKPc2AP+yBUWsQskyrxFgv4eSpcLEg+lgdz/zLyG4qW4lrFUoO790Cm/J6C7/WQ +Z+E8kcS8aINJkg1skahH31d59ZkbW9PVeJMFGzNb0Z2LowngNP/BMrJ0LT2CQyLs +UxbT16S/gwAyUpJnbhWYr3nDdlwtC0rVopVTPD7khPRppcsq1f8D70rdIxI4Ouuw +vbjNZ1EWRJ9f2Ywb++k/xgSXwJkGodUlrUr+3i8cv8mPx+fWvif9q7Y5Ex1wCRa8 +8FAj/o+hEbQlUlNBIDIwNDggRW5jIDxyc2EyMDQ4ZW5jQGV4YW1wbGUub3JnPokB +NAQTAQIAHgUCQuvabQIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRDImeqTRBlV +WRzJCACbRhx2fYjPGKta69M5dS+kr5UD/CQmsR2t9cB9zyqhratjPnKW9q13+4AG +P3aByT14IH1c5Mha8rJkNYD2wxmC8jrrcPiJIYoRG+W1sUATY/t8wBbNWF+r9h11 +m0lEpsmNVff/jU7SpNN6JQ3P7MHd5V85LlDoXIH6QYCLd0PjKU+jNvjiBe5VX0m9 +a1nacE3xoWc1vbM0DnqEuID78Qgkcrmm0ESeg1h+tRfHxSAyYNc/gPzm8eH6l+hj +gOvUc4Gd6LpBQSF8TcFfT2TZwJh7WVWDvNIP6FWAW7rzmHnX3wwXkGq4REWeVtk5 +yBPp6mOtWDiwaqLJYsoHWU11C8zYnQPEBELr2roBCADrgiWXZMzkQOntZa/NS56+ +CczLFQRQPl/8iJAW1eql/wOJ1UiwGSjT189WCKzE7vtazCIstdCFmwOs4DE6cz4S +UX4HjzjYHZwmMiuSrIefwuZ7cysMBsMXypQFyMSbqwh102xGvmLz3Z++rydx7Fzl +1RC/ny2+FN5dzYPO2DNtNi4dR2tjHktsxBWXAKCmxagAIwyxGouuEqDhYdFtwrA9 +Qy+M5n6fmGa1Dx07WWnbIud4uCilv8LPVKx5aJamDYWM3v7kS8n51MfTzeK/xoRM +2rsgzFdLJqPdbgd2nsD37fngqZnlp7tDxSVSuMckZoSKtq1QsNemtaQSYq7xjPst +AAYp/gcDCNnoEKwFo86JYAsxoD+wQ0zBi5RBM5EphXTpM1qKxmigsKOvBSaMmr0y +VjHtGY3poyV3t6VboOGCsFcaKm0tIdDL7vrxxwyYESETpF29b7QrYcoaLKMG7fsy +t9SUI3UV2H9uUquHgqHtsqz0jYOgm9tYnpesgQ/kOAWI/tej1ZJXUIWEmZMH/W6d +ATNvZ3ivwApfC0qF5G3oPgBSoIuQ/8I+pN/kmuyNAnJWNgagFhA/2VFBvh5XgztV +NW7G//KpR1scsn140SO/wpGBM3Kr4m8ztl9w9U6a7NlQZ2ub3/pIUTpSzyLBxJZ/ +RfuZI7ROdgDMKmEgCYrN2kfp0LIxnYL6ZJu3FDcS4V098lyf5rHvB3PAEdL6Zyhd +qYp3Sx68r0F4vzk5iAIWf6pG2YdfoP2Z48Pmq9xW8qD9iwFcoz9oAzDEMENn6dfq +6MzfoaXEoYp8cR/o+aeEaGUtYBHiaxQcJYx35B9IhsXXA49yRORK8qdwhSHxB3NQ +H3pUWkfw368f/A207hQVs9yYXlEvMZikxl58gldCd3BAPqHm/XzgknRRNQZBPPKJ +BMZebZ22Dm0qDuIqW4GXLB4sLf0+UXydVINIUOlzg+S4jrwx7eZqb6UkRXTIWVo5 +psTsD14wzWBRdUQHZOZD33+M8ugmewvLY/0Uix+2RorkmB7/jqoZvx/MehDwmCZd +VH8sb2wpZ55sj7gCXxvrfieQD/VeH54OwjjbtK56iYq56RVD0h1az8xDY2GZXeT7 +J0c3BGpuoca5xOFWr1SylAr/miEPxOBfnfk8oZQJvZrjSBGjsTbALep2vDJk8ROD +sdQCJuU1RHDrwKHlbUL0NbGRO2juJGsatdWnuVKsFbaFW2pHHkezKuwOcaAJv7Xt +8LRF17czAJ1uaLKwV8Paqx6UIv+089GbWZi7HIkBHwQYAQIACQUCQuvaugIbDAAK +CRDImeqTRBlVWS7XCACDVstKM+SHD6V0bkfO6ampHzj4krKjN0lonN5+7b7WKpgT +QHRYvPY8lUiIrjXGISQqEG9M5Bi5ea1aoBZem0P3U/lKheg0lYtA7dM3BqsA2EfG +RaDD9M5TFCqhy2VFR6Pk0MP7h5bkb2VxLUUQa4oNa1fT3q7zS875NvImO/HZ5UzW +T5d2Z5iwY6I2AOKYKt4kZhzXgbt5j2O3biDDXSfWwwAojWqbqVygepn047KVr7Al +2ug9hkY7tHz7U71HbZasroFgNPmP/UnAxmps4RKM28MRVPTI4cKUIdE3gIKFu3ou +EqEItQ13P+50i3QkALpz8d08tJbceeYzf6I2P4q6 +=QFm5 +-----END PGP PRIVATE KEY BLOCK----- +'); + -- elg1024 / aes128 insert into encdata (id, data) values (1, ' @@ -535,6 +600,14 @@ from keytbl, encdata where keytbl.id=2 and encdata.id=1; select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) from keytbl, encdata where keytbl.id=4 and encdata.id=1; +-- rsa: password-protected secret key, wrong password +select pgp_pub_decrypt(dearmor(data), dearmor(seckey), '123') +from keytbl, encdata where keytbl.id=7 and encdata.id=4; + +-- rsa: password-protected secret key, right password +select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'parool') +from keytbl, encdata where keytbl.id=7 and encdata.id=4; + -- password-protected secret key, no password select pgp_pub_decrypt(dearmor(data), dearmor(seckey)) from keytbl, encdata where keytbl.id=5 and encdata.id=1; |