You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by hu...@apache.org on 2016/05/16 06:40:36 UTC
[05/11] incubator-hawq git commit: HAWQ-394. Remove pgcrypto from
code base
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-pgsql.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-pgsql.c b/contrib/pgcrypto/pgp-pgsql.c
deleted file mode 100644
index 530a3d3..0000000
--- a/contrib/pgcrypto/pgp-pgsql.c
+++ /dev/null
@@ -1,921 +0,0 @@
-/*
- * pgp-pgsql.c
- * PostgreSQL wrappers for pgp.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-pgsql.c,v 1.11 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "fmgr.h"
-#include "parser/scansup.h"
-#include "mb/pg_wchar.h"
-#include "utils/builtins.h"
-
-#include "mbuf.h"
-#include "px.h"
-#include "pgp.h"
-
-/*
- * public functions
- */
-Datum pgp_sym_encrypt_text(PG_FUNCTION_ARGS);
-Datum pgp_sym_encrypt_bytea(PG_FUNCTION_ARGS);
-Datum pgp_sym_decrypt_text(PG_FUNCTION_ARGS);
-Datum pgp_sym_decrypt_bytea(PG_FUNCTION_ARGS);
-
-Datum pgp_pub_encrypt_text(PG_FUNCTION_ARGS);
-Datum pgp_pub_encrypt_bytea(PG_FUNCTION_ARGS);
-Datum pgp_pub_decrypt_text(PG_FUNCTION_ARGS);
-Datum pgp_pub_decrypt_bytea(PG_FUNCTION_ARGS);
-
-Datum pgp_key_id_w(PG_FUNCTION_ARGS);
-
-Datum pg_armor(PG_FUNCTION_ARGS);
-Datum pg_dearmor(PG_FUNCTION_ARGS);
-
-/* function headers */
-
-PG_FUNCTION_INFO_V1(pgp_sym_encrypt_bytea);
-PG_FUNCTION_INFO_V1(pgp_sym_encrypt_text);
-PG_FUNCTION_INFO_V1(pgp_sym_decrypt_bytea);
-PG_FUNCTION_INFO_V1(pgp_sym_decrypt_text);
-
-PG_FUNCTION_INFO_V1(pgp_pub_encrypt_bytea);
-PG_FUNCTION_INFO_V1(pgp_pub_encrypt_text);
-PG_FUNCTION_INFO_V1(pgp_pub_decrypt_bytea);
-PG_FUNCTION_INFO_V1(pgp_pub_decrypt_text);
-
-PG_FUNCTION_INFO_V1(pgp_key_id_w);
-
-PG_FUNCTION_INFO_V1(pg_armor);
-PG_FUNCTION_INFO_V1(pg_dearmor);
-
-/*
- * Mix a block of data into RNG.
- */
-static void
-add_block_entropy(PX_MD *md, text *data)
-{
- uint8 sha1[20];
-
- px_md_reset(md);
- px_md_update(md, (uint8 *) VARDATA(data), VARSIZE(data) - VARHDRSZ);
- px_md_finish(md, sha1);
-
- px_add_entropy(sha1, 20);
-
- memset(sha1, 0, 20);
-}
-
-/*
- * Mix user data into RNG. It is for user own interests to have
- * RNG state shuffled.
- */
-static void
-add_entropy(text *data1, text *data2, text *data3)
-{
- PX_MD *md;
- uint8 rnd[3];
-
- if (!data1 && !data2 && !data3)
- return;
-
- if (px_get_random_bytes(rnd, 3) < 0)
- return;
-
- if (px_find_digest("sha1", &md) < 0)
- return;
-
- /*
- * Try to make the feeding unpredictable.
- *
- * Prefer data over keys, as it's rather likely that key is same in
- * several calls.
- */
-
- /* chance: 7/8 */
- if (data1 && rnd[0] >= 32)
- add_block_entropy(md, data1);
-
- /* chance: 5/8 */
- if (data2 && rnd[1] >= 160)
- add_block_entropy(md, data2);
-
- /* chance: 5/8 */
- if (data3 && rnd[2] >= 160)
- add_block_entropy(md, data3);
-
- px_md_free(md);
- memset(rnd, 0, sizeof(rnd));
-}
-
-/*
- * returns src in case of no conversion or error
- */
-static text *
-convert_charset(text *src, int cset_from, int cset_to)
-{
- int src_len = VARSIZE(src) - VARHDRSZ;
- unsigned char *dst;
- unsigned char *csrc = (unsigned char *) VARDATA(src);
- text *res;
-
- dst = pg_do_encoding_conversion(csrc, src_len, cset_from, cset_to);
- if (dst == csrc)
- return src;
-
- res = cstring_to_text((char *) dst);
- pfree(dst);
- return res;
-}
-
-static text *
-convert_from_utf8(text *src)
-{
- return convert_charset(src, PG_UTF8, GetDatabaseEncoding());
-}
-
-static text *
-convert_to_utf8(text *src)
-{
- return convert_charset(src, GetDatabaseEncoding(), PG_UTF8);
-}
-
-static void
-clear_and_pfree(text *p)
-{
- memset(p, 0, VARSIZE(p));
- pfree(p);
-}
-
-/*
- * expect-* arguments storage
- */
-struct debug_expect
-{
- int debug;
- int expect;
- int cipher_algo;
- int s2k_mode;
- int s2k_cipher_algo;
- int s2k_digest_algo;
- int compress_algo;
- int use_sess_key;
- int disable_mdc;
- int unicode_mode;
-};
-
-static void
-fill_expect(struct debug_expect * ex, int text_mode)
-{
- ex->debug = 0;
- ex->expect = 0;
- ex->cipher_algo = -1;
- ex->s2k_mode = -1;
- ex->s2k_cipher_algo = -1;
- ex->s2k_digest_algo = -1;
- ex->compress_algo = -1;
- ex->use_sess_key = -1;
- ex->disable_mdc = -1;
- ex->unicode_mode = -1;
-}
-
-#define EX_MSG(arg) \
- ereport(NOTICE, (errmsg( \
- "pgp_decrypt: unexpected %s: expected %d got %d", \
- CppAsString(arg), ex->arg, ctx->arg)))
-
-#define EX_CHECK(arg) do { \
- if (ex->arg >= 0 && ex->arg != ctx->arg) EX_MSG(arg); \
- } while (0)
-
-static void
-check_expect(PGP_Context *ctx, struct debug_expect * ex)
-{
- EX_CHECK(cipher_algo);
- EX_CHECK(s2k_mode);
- EX_CHECK(s2k_digest_algo);
- EX_CHECK(use_sess_key);
- if (ctx->use_sess_key)
- EX_CHECK(s2k_cipher_algo);
- EX_CHECK(disable_mdc);
- EX_CHECK(compress_algo);
- EX_CHECK(unicode_mode);
-}
-
-static void
-show_debug(const char *msg)
-{
- ereport(NOTICE, (errmsg("dbg: %s", msg)));
-}
-
-static int
-set_arg(PGP_Context *ctx, char *key, char *val,
- struct debug_expect * ex)
-{
- int res = 0;
-
- if (strcmp(key, "cipher-algo") == 0)
- res = pgp_set_cipher_algo(ctx, val);
- else if (strcmp(key, "disable-mdc") == 0)
- res = pgp_disable_mdc(ctx, atoi(val));
- else if (strcmp(key, "sess-key") == 0)
- res = pgp_set_sess_key(ctx, atoi(val));
- else if (strcmp(key, "s2k-mode") == 0)
- res = pgp_set_s2k_mode(ctx, atoi(val));
- else if (strcmp(key, "s2k-digest-algo") == 0)
- res = pgp_set_s2k_digest_algo(ctx, val);
- else if (strcmp(key, "s2k-cipher-algo") == 0)
- res = pgp_set_s2k_cipher_algo(ctx, val);
- else if (strcmp(key, "compress-algo") == 0)
- res = pgp_set_compress_algo(ctx, atoi(val));
- else if (strcmp(key, "compress-level") == 0)
- res = pgp_set_compress_level(ctx, atoi(val));
- else if (strcmp(key, "convert-crlf") == 0)
- res = pgp_set_convert_crlf(ctx, atoi(val));
- else if (strcmp(key, "unicode-mode") == 0)
- res = pgp_set_unicode_mode(ctx, atoi(val));
- /* decrypt debug */
- else if (ex != NULL && strcmp(key, "debug") == 0)
- ex->debug = atoi(val);
- else if (ex != NULL && strcmp(key, "expect-cipher-algo") == 0)
- {
- ex->expect = 1;
- ex->cipher_algo = pgp_get_cipher_code(val);
- }
- else if (ex != NULL && strcmp(key, "expect-disable-mdc") == 0)
- {
- ex->expect = 1;
- ex->disable_mdc = atoi(val);
- }
- else if (ex != NULL && strcmp(key, "expect-sess-key") == 0)
- {
- ex->expect = 1;
- ex->use_sess_key = atoi(val);
- }
- else if (ex != NULL && strcmp(key, "expect-s2k-mode") == 0)
- {
- ex->expect = 1;
- ex->s2k_mode = atoi(val);
- }
- else if (ex != NULL && strcmp(key, "expect-s2k-digest-algo") == 0)
- {
- ex->expect = 1;
- ex->s2k_digest_algo = pgp_get_digest_code(val);
- }
- else if (ex != NULL && strcmp(key, "expect-s2k-cipher-algo") == 0)
- {
- ex->expect = 1;
- ex->s2k_cipher_algo = pgp_get_cipher_code(val);
- }
- else if (ex != NULL && strcmp(key, "expect-compress-algo") == 0)
- {
- ex->expect = 1;
- ex->compress_algo = atoi(val);
- }
- else if (ex != NULL && strcmp(key, "expect-unicode-mode") == 0)
- {
- ex->expect = 1;
- ex->unicode_mode = atoi(val);
- }
- else
- res = PXE_ARGUMENT_ERROR;
-
- return res;
-}
-
-/*
- * Find next word. Handle ',' and '=' as words. Skip whitespace.
- * Put word info into res_p, res_len.
- * Returns ptr to next word.
- */
-static char *
-getword(char *p, char **res_p, int *res_len)
-{
- /* whitespace at start */
- while (*p && (*p == ' ' || *p == '\t' || *p == '\n'))
- p++;
-
- /* word data */
- *res_p = p;
- if (*p == '=' || *p == ',')
- p++;
- else
- while (*p && !(*p == ' ' || *p == '\t' || *p == '\n'
- || *p == '=' || *p == ','))
- p++;
-
- /* word end */
- *res_len = p - *res_p;
-
- /* whitespace at end */
- while (*p && (*p == ' ' || *p == '\t' || *p == '\n'))
- p++;
-
- return p;
-}
-
-/*
- * Convert to lowercase asciiz string.
- */
-static char *
-downcase_convert(const uint8 *s, int len)
-{
- int c,
- i;
- char *res = palloc(len + 1);
-
- for (i = 0; i < len; i++)
- {
- c = s[i];
- if (c >= 'A' && c <= 'Z')
- c += 'a' - 'A';
- res[i] = c;
- }
- res[len] = 0;
- return res;
-}
-
-static int
-parse_args(PGP_Context *ctx, uint8 *args, int arg_len,
- struct debug_expect * ex)
-{
- char *str = downcase_convert(args, arg_len);
- char *key,
- *val;
- int key_len,
- val_len;
- int res = 0;
- char *p = str;
-
- while (*p)
- {
- res = PXE_ARGUMENT_ERROR;
- p = getword(p, &key, &key_len);
- if (*p++ != '=')
- break;
- p = getword(p, &val, &val_len);
- if (*p == '\0')
- ;
- else if (*p++ != ',')
- break;
-
- if (*key == 0 || *val == 0 || val_len == 0)
- break;
-
- key[key_len] = 0;
- val[val_len] = 0;
-
- res = set_arg(ctx, key, val, ex);
- if (res < 0)
- break;
- }
- pfree(str);
- return res;
-}
-
-static MBuf *
-create_mbuf_from_vardata(text *data)
-{
- return mbuf_create_from_data((uint8 *) VARDATA(data),
- VARSIZE(data) - VARHDRSZ);
-}
-
-static void
-init_work(PGP_Context **ctx_p, int is_text,
- text *args, struct debug_expect * ex)
-{
- int err = pgp_init(ctx_p);
-
- fill_expect(ex, is_text);
-
- if (err == 0 && args != NULL)
- err = parse_args(*ctx_p, (uint8 *) VARDATA(args),
- VARSIZE(args) - VARHDRSZ, ex);
-
- if (err)
- {
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("%s", px_strerror(err))));
- }
-
- if (ex->debug)
- px_set_debug_handler(show_debug);
-
- pgp_set_text_mode(*ctx_p, is_text);
-}
-
-static bytea *
-encrypt_internal(int is_pubenc, int is_text,
- text *data, text *key, text *args)
-{
- MBuf *src,
- *dst;
- uint8 tmp[VARHDRSZ];
- uint8 *restmp;
- bytea *res;
- int res_len;
- PGP_Context *ctx;
- int err;
- struct debug_expect ex;
- text *tmp_data = NULL;
-
- /*
- * Add data and key info RNG.
- */
- add_entropy(data, key, NULL);
-
- init_work(&ctx, is_text, args, &ex);
-
- if (is_text && pgp_get_unicode_mode(ctx))
- {
- tmp_data = convert_to_utf8(data);
- if (tmp_data == data)
- tmp_data = NULL;
- else
- data = tmp_data;
- }
-
- src = create_mbuf_from_vardata(data);
- dst = mbuf_create(VARSIZE(data) + 128);
-
- /*
- * reserve room for header
- */
- mbuf_append(dst, tmp, VARHDRSZ);
-
- /*
- * set key
- */
- if (is_pubenc)
- {
- MBuf *kbuf = create_mbuf_from_vardata(key);
-
- err = pgp_set_pubkey(ctx, kbuf,
- NULL, 0, 0);
- mbuf_free(kbuf);
- }
- else
- err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
- VARSIZE(key) - VARHDRSZ);
-
- /*
- * encrypt
- */
- if (err >= 0)
- err = pgp_encrypt(ctx, src, dst);
-
- /*
- * check for error
- */
- if (err)
- {
- if (ex.debug)
- px_set_debug_handler(NULL);
- if (tmp_data)
- clear_and_pfree(tmp_data);
- pgp_free(ctx);
- mbuf_free(src);
- mbuf_free(dst);
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("%s", px_strerror(err))));
- }
-
- /* res_len includes VARHDRSZ */
- res_len = mbuf_steal_data(dst, &restmp);
- res = (bytea *) restmp;
- SET_VARSIZE(res, res_len);
-
- if (tmp_data)
- clear_and_pfree(tmp_data);
- pgp_free(ctx);
- mbuf_free(src);
- mbuf_free(dst);
-
- px_set_debug_handler(NULL);
-
- return res;
-}
-
-static bytea *
-decrypt_internal(int is_pubenc, int need_text, text *data,
- text *key, text *keypsw, text *args)
-{
- int err;
- MBuf *src = NULL,
- *dst = NULL;
- uint8 tmp[VARHDRSZ];
- uint8 *restmp;
- bytea *res;
- int res_len;
- PGP_Context *ctx = NULL;
- struct debug_expect ex;
- int got_unicode = 0;
-
-
- init_work(&ctx, need_text, args, &ex);
-
- src = mbuf_create_from_data((uint8 *) VARDATA(data),
- VARSIZE(data) - VARHDRSZ);
- dst = mbuf_create(VARSIZE(data) + 2048);
-
- /*
- * reserve room for header
- */
- mbuf_append(dst, tmp, VARHDRSZ);
-
- /*
- * set key
- */
- if (is_pubenc)
- {
- uint8 *psw = NULL;
- int psw_len = 0;
- MBuf *kbuf;
-
- if (keypsw)
- {
- psw = (uint8 *) VARDATA(keypsw);
- psw_len = VARSIZE(keypsw) - VARHDRSZ;
- }
- kbuf = create_mbuf_from_vardata(key);
- err = pgp_set_pubkey(ctx, kbuf, psw, psw_len, 1);
- mbuf_free(kbuf);
- }
- else
- err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
- VARSIZE(key) - VARHDRSZ);
-
- /*
- * decrypt
- */
- if (err >= 0)
- err = pgp_decrypt(ctx, src, dst);
-
- /*
- * failed?
- */
- if (err < 0)
- goto out;
-
- if (ex.expect)
- check_expect(ctx, &ex);
-
- /* remember the setting */
- got_unicode = pgp_get_unicode_mode(ctx);
-
-out:
- if (src)
- mbuf_free(src);
- if (ctx)
- pgp_free(ctx);
-
- if (err)
- {
- px_set_debug_handler(NULL);
- if (dst)
- mbuf_free(dst);
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("%s", px_strerror(err))));
- }
-
- res_len = mbuf_steal_data(dst, &restmp);
- mbuf_free(dst);
-
- /* res_len includes VARHDRSZ */
- res = (bytea *) restmp;
- SET_VARSIZE(res, res_len);
-
- if (need_text && got_unicode)
- {
- text *utf = convert_from_utf8(res);
-
- if (utf != res)
- {
- clear_and_pfree(res);
- res = utf;
- }
- }
- px_set_debug_handler(NULL);
-
- /*
- * add successfull decryptions also into RNG
- */
- add_entropy(res, key, keypsw);
-
- return res;
-}
-
-/*
- * Wrappers for symmetric-key functions
- */
-Datum
-pgp_sym_encrypt_bytea(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = encrypt_internal(0, 0, data, key, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-Datum
-pgp_sym_encrypt_text(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = encrypt_internal(0, 1, data, key, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-
-Datum
-pgp_sym_decrypt_bytea(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = decrypt_internal(0, 0, data, key, NULL, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-Datum
-pgp_sym_decrypt_text(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = decrypt_internal(0, 1, data, key, NULL, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-/*
- * Wrappers for public-key functions
- */
-
-Datum
-pgp_pub_encrypt_bytea(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = encrypt_internal(1, 0, data, key, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-Datum
-pgp_pub_encrypt_text(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- arg = PG_GETARG_BYTEA_P(2);
-
- res = encrypt_internal(1, 1, data, key, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(arg, 2);
- PG_RETURN_TEXT_P(res);
-}
-
-
-Datum
-pgp_pub_decrypt_bytea(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *psw = NULL,
- *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- psw = PG_GETARG_BYTEA_P(2);
- if (PG_NARGS() > 3)
- arg = PG_GETARG_BYTEA_P(3);
-
- res = decrypt_internal(1, 0, data, key, psw, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(psw, 2);
- if (PG_NARGS() > 3)
- PG_FREE_IF_COPY(arg, 3);
- PG_RETURN_TEXT_P(res);
-}
-
-Datum
-pgp_pub_decrypt_text(PG_FUNCTION_ARGS)
-{
- bytea *data,
- *key;
- text *psw = NULL,
- *arg = NULL;
- text *res;
-
- data = PG_GETARG_BYTEA_P(0);
- key = PG_GETARG_BYTEA_P(1);
- if (PG_NARGS() > 2)
- psw = PG_GETARG_BYTEA_P(2);
- if (PG_NARGS() > 3)
- arg = PG_GETARG_BYTEA_P(3);
-
- res = decrypt_internal(1, 1, data, key, psw, arg);
-
- PG_FREE_IF_COPY(data, 0);
- PG_FREE_IF_COPY(key, 1);
- if (PG_NARGS() > 2)
- PG_FREE_IF_COPY(psw, 2);
- if (PG_NARGS() > 3)
- PG_FREE_IF_COPY(arg, 3);
- PG_RETURN_TEXT_P(res);
-}
-
-
-/*
- * Wrappers for PGP ascii armor
- */
-
-Datum
-pg_armor(PG_FUNCTION_ARGS)
-{
- bytea *data;
- text *res;
- int data_len,
- res_len,
- guess_len;
-
- data = PG_GETARG_BYTEA_P(0);
- data_len = VARSIZE(data) - VARHDRSZ;
-
- guess_len = pgp_armor_enc_len(data_len);
- res = palloc(VARHDRSZ + guess_len);
-
- res_len = pgp_armor_encode((uint8 *) VARDATA(data), data_len,
- (uint8 *) VARDATA(res));
- if (res_len > guess_len)
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("Overflow - encode estimate too small")));
- SET_VARSIZE(res, VARHDRSZ + res_len);
-
- PG_FREE_IF_COPY(data, 0);
- PG_RETURN_TEXT_P(res);
-}
-
-Datum
-pg_dearmor(PG_FUNCTION_ARGS)
-{
- text *data;
- bytea *res;
- int data_len,
- res_len,
- guess_len;
-
- data = PG_GETARG_TEXT_P(0);
- data_len = VARSIZE(data) - VARHDRSZ;
-
- guess_len = pgp_armor_dec_len(data_len);
- res = palloc(VARHDRSZ + guess_len);
-
- res_len = pgp_armor_decode((uint8 *) VARDATA(data), data_len,
- (uint8 *) VARDATA(res));
- if (res_len < 0)
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("%s", px_strerror(res_len))));
- if (res_len > guess_len)
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("Overflow - decode estimate too small")));
- SET_VARSIZE(res, VARHDRSZ + res_len);
-
- PG_FREE_IF_COPY(data, 0);
- PG_RETURN_TEXT_P(res);
-}
-
-/*
- * Wrappers for PGP key id
- */
-
-Datum
-pgp_key_id_w(PG_FUNCTION_ARGS)
-{
- bytea *data;
- text *res;
- int res_len;
- MBuf *buf;
-
- data = PG_GETARG_BYTEA_P(0);
- buf = create_mbuf_from_vardata(data);
- res = palloc(VARHDRSZ + 17);
-
- res_len = pgp_get_keyid(buf, VARDATA(res));
- mbuf_free(buf);
- if (res_len < 0)
- ereport(ERROR,
- (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
- errmsg("%s", px_strerror(res_len))));
- SET_VARSIZE(res, VARHDRSZ + res_len);
-
- PG_FREE_IF_COPY(data, 0);
- PG_RETURN_TEXT_P(res);
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-pubdec.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-pubdec.c b/contrib/pgcrypto/pgp-pubdec.c
deleted file mode 100644
index cb32708..0000000
--- a/contrib/pgcrypto/pgp-pubdec.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * pgp-pubdec.c
- * Decrypt public-key encrypted session key.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-pubdec.c,v 1.6 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-/*
- * padded msg = 02 || PS || 00 || M
- * PS - pad bytes
- * M - msg
- */
-static uint8 *
-check_eme_pkcs1_v15(uint8 *data, int len)
-{
- uint8 *data_end = data + len;
- uint8 *p = data;
- int rnd = 0;
-
- if (len < 1 + 8 + 1)
- return NULL;
-
- if (*p++ != 2)
- return NULL;
-
- while (p < data_end && *p)
- {
- p++;
- rnd++;
- }
-
- if (p == data_end)
- return NULL;
- if (*p != 0)
- return NULL;
- if (rnd < 8)
- return NULL;
- return p + 1;
-}
-
-/*
- * secret message: 1 byte algo, sesskey, 2 byte cksum
- * ignore algo in cksum
- */
-static int
-control_cksum(uint8 *msg, int msglen)
-{
- int i;
- unsigned my_cksum,
- got_cksum;
-
- if (msglen < 3)
- return PXE_PGP_WRONG_KEY;
-
- my_cksum = 0;
- for (i = 1; i < msglen - 2; i++)
- my_cksum += msg[i];
- my_cksum &= 0xFFFF;
- got_cksum = ((unsigned) (msg[msglen - 2]) << 8) + msg[msglen - 1];
- if (my_cksum != got_cksum)
- {
- px_debug("pubenc cksum failed");
- return PXE_PGP_WRONG_KEY;
- }
- return 0;
-}
-
-static int
-decrypt_elgamal(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
-{
- int res;
- PGP_MPI *c1 = NULL;
- PGP_MPI *c2 = NULL;
-
- if (pk->algo != PGP_PUB_ELG_ENCRYPT)
- return PXE_PGP_WRONG_KEY;
-
- /* read elgamal encrypted data */
- res = pgp_mpi_read(pkt, &c1);
- if (res < 0)
- goto out;
- res = pgp_mpi_read(pkt, &c2);
- if (res < 0)
- goto out;
-
- /* decrypt */
- res = pgp_elgamal_decrypt(pk, c1, c2, m_p);
-
-out:
- pgp_mpi_free(c1);
- pgp_mpi_free(c2);
- return res;
-}
-
-static int
-decrypt_rsa(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
-{
- int res;
- PGP_MPI *c;
-
- if (pk->algo != PGP_PUB_RSA_ENCRYPT
- && pk->algo != PGP_PUB_RSA_ENCRYPT_SIGN)
- return PXE_PGP_WRONG_KEY;
-
- /* read rsa encrypted data */
- res = pgp_mpi_read(pkt, &c);
- if (res < 0)
- return res;
-
- /* decrypt */
- res = pgp_rsa_decrypt(pk, c, m_p);
-
- pgp_mpi_free(c);
- return res;
-}
-
-/* key id is missing - user is expected to try all keys */
-static const uint8
- any_key[] = {0, 0, 0, 0, 0, 0, 0, 0};
-
-int
-pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt)
-{
- int ver;
- int algo;
- int res;
- uint8 key_id[8];
- PGP_PubKey *pk;
- uint8 *msg;
- int msglen;
- PGP_MPI *m;
-
- pk = ctx->pub_key;
- if (pk == NULL)
- {
- px_debug("no pubkey?");
- return PXE_BUG;
- }
-
- GETBYTE(pkt, ver);
- if (ver != 3)
- {
- px_debug("unknown pubenc_sesskey pkt ver=%d", ver);
- return PXE_PGP_CORRUPT_DATA;
- }
-
- /*
- * check if keyid's match - user-friendly msg
- */
- res = pullf_read_fixed(pkt, 8, key_id);
- if (res < 0)
- return res;
- if (memcmp(key_id, any_key, 8) != 0
- && memcmp(key_id, pk->key_id, 8) != 0)
- {
- px_debug("key_id's does not match");
- return PXE_PGP_WRONG_KEY;
- }
-
- /*
- * Decrypt
- */
- GETBYTE(pkt, algo);
- switch (algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- res = decrypt_elgamal(pk, pkt, &m);
- break;
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- res = decrypt_rsa(pk, pkt, &m);
- break;
- default:
- res = PXE_PGP_UNKNOWN_PUBALGO;
- }
- if (res < 0)
- return res;
-
- /*
- * extract message
- */
- msg = check_eme_pkcs1_v15(m->data, m->bytes);
- if (msg == NULL)
- {
- px_debug("check_eme_pkcs1_v15 failed");
- res = PXE_PGP_WRONG_KEY;
- goto out;
- }
- msglen = m->bytes - (msg - m->data);
-
- res = control_cksum(msg, msglen);
- if (res < 0)
- goto out;
-
- /*
- * got sesskey
- */
- ctx->cipher_algo = *msg;
- ctx->sess_key_len = msglen - 3;
- memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len);
-
-out:
- pgp_mpi_free(m);
- if (res < 0)
- return res;
- return pgp_expect_packet_end(pkt);
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-pubenc.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c
deleted file mode 100644
index 9b44fbf..0000000
--- a/contrib/pgcrypto/pgp-pubenc.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*
- * pgp-pubenc.c
- * Encrypt session key with public key.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-pubenc.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-/*
- * padded msg: 02 || non-zero pad bytes || 00 || msg
- */
-static int
-pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
-{
- int res;
- uint8 *buf,
- *p;
- int pad_len = res_len - 2 - data_len;
-
- if (pad_len < 8)
- return PXE_BUG;
-
- buf = px_alloc(res_len);
- buf[0] = 0x02;
- res = px_get_random_bytes(buf + 1, pad_len);
- if (res < 0)
- {
- px_free(buf);
- return res;
- }
-
- /* pad must not contain zero bytes */
- p = buf + 1;
- while (p < buf + 1 + pad_len)
- {
- if (*p == 0)
- {
- res = px_get_random_bytes(p, 1);
- if (res < 0)
- break;
- }
- if (*p != 0)
- p++;
- }
-
- if (res < 0)
- {
- memset(buf, 0, res_len);
- px_free(buf);
- return res;
- }
-
- buf[pad_len + 1] = 0;
- memcpy(buf + pad_len + 2, data, data_len);
- *res_p = buf;
-
- return 0;
-}
-
-static int
-create_secmsg(PGP_Context *ctx, PGP_MPI **msg_p, int full_bytes)
-{
- uint8 *secmsg;
- int res,
- i;
- unsigned cksum = 0;
- int klen = ctx->sess_key_len;
- uint8 *padded = NULL;
- PGP_MPI *m = NULL;
-
- /* calc checksum */
- for (i = 0; i < klen; i++)
- cksum += ctx->sess_key[i];
-
- /*
- * create "secret message"
- */
- secmsg = px_alloc(klen + 3);
- secmsg[0] = ctx->cipher_algo;
- memcpy(secmsg + 1, ctx->sess_key, klen);
- secmsg[klen + 1] = (cksum >> 8) & 0xFF;
- secmsg[klen + 2] = cksum & 0xFF;
-
- /*
- * now create a large integer of it
- */
- res = pad_eme_pkcs1_v15(secmsg, klen + 3, full_bytes, &padded);
- if (res >= 0)
- {
- /* first byte will be 0x02 */
- int full_bits = full_bytes * 8 - 6;
-
- res = pgp_mpi_create(padded, full_bits, &m);
- }
-
- if (padded)
- {
- memset(padded, 0, full_bytes);
- px_free(padded);
- }
- memset(secmsg, 0, klen + 3);
- px_free(secmsg);
-
- if (res >= 0)
- *msg_p = m;
-
- return res;
-}
-
-static int
-encrypt_and_write_elgamal(PGP_Context *ctx, PGP_PubKey *pk, PushFilter *pkt)
-{
- int res;
- PGP_MPI *m = NULL,
- *c1 = NULL,
- *c2 = NULL;
-
- /* create padded msg */
- res = create_secmsg(ctx, &m, pk->pub.elg.p->bytes - 1);
- if (res < 0)
- goto err;
-
- /* encrypt it */
- res = pgp_elgamal_encrypt(pk, m, &c1, &c2);
- if (res < 0)
- goto err;
-
- /* write out */
- res = pgp_mpi_write(pkt, c1);
- if (res < 0)
- goto err;
- res = pgp_mpi_write(pkt, c2);
-
-err:
- pgp_mpi_free(m);
- pgp_mpi_free(c1);
- pgp_mpi_free(c2);
- return res;
-}
-
-static int
-encrypt_and_write_rsa(PGP_Context *ctx, PGP_PubKey *pk, PushFilter *pkt)
-{
- int res;
- PGP_MPI *m = NULL,
- *c = NULL;
-
- /* create padded msg */
- res = create_secmsg(ctx, &m, pk->pub.rsa.n->bytes - 1);
- if (res < 0)
- goto err;
-
- /* encrypt it */
- res = pgp_rsa_encrypt(pk, m, &c);
- if (res < 0)
- goto err;
-
- /* write out */
- res = pgp_mpi_write(pkt, c);
-
-err:
- pgp_mpi_free(m);
- pgp_mpi_free(c);
- return res;
-}
-
-int
-pgp_write_pubenc_sesskey(PGP_Context *ctx, PushFilter *dst)
-{
- int res;
- PGP_PubKey *pk = ctx->pub_key;
- uint8 ver = 3;
- PushFilter *pkt = NULL;
- uint8 algo;
-
- if (pk == NULL)
- {
- px_debug("no pubkey?\n");
- return PXE_BUG;
- }
-
- algo = pk->algo;
-
- /*
- * now write packet
- */
- res = pgp_create_pkt_writer(dst, PGP_PKT_PUBENCRYPTED_SESSKEY, &pkt);
- if (res < 0)
- goto err;
- res = pushf_write(pkt, &ver, 1);
- if (res < 0)
- goto err;
- res = pushf_write(pkt, pk->key_id, 8);
- if (res < 0)
- goto err;
- res = pushf_write(pkt, &algo, 1);
- if (res < 0)
- goto err;
-
- switch (algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- res = encrypt_and_write_elgamal(ctx, pk, pkt);
- break;
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- res = encrypt_and_write_rsa(ctx, pk, pkt);
- break;
- }
- if (res < 0)
- goto err;
-
- /*
- * done, signal packet end
- */
- res = pushf_flush(pkt);
-err:
- if (pkt)
- pushf_free(pkt);
-
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-pubkey.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-pubkey.c b/contrib/pgcrypto/pgp-pubkey.c
deleted file mode 100644
index 62b6e1a..0000000
--- a/contrib/pgcrypto/pgp-pubkey.c
+++ /dev/null
@@ -1,584 +0,0 @@
-/*
- * pgp-pubkey.c
- * Read public or secret key.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-pubkey.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-int
-pgp_key_alloc(PGP_PubKey **pk_p)
-{
- PGP_PubKey *pk;
-
- pk = px_alloc(sizeof(*pk));
- memset(pk, 0, sizeof(*pk));
- *pk_p = pk;
- return 0;
-}
-
-void
-pgp_key_free(PGP_PubKey *pk)
-{
- if (pk == NULL)
- return;
-
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- pgp_mpi_free(pk->pub.elg.p);
- pgp_mpi_free(pk->pub.elg.g);
- pgp_mpi_free(pk->pub.elg.y);
- pgp_mpi_free(pk->sec.elg.x);
- break;
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- pgp_mpi_free(pk->pub.rsa.n);
- pgp_mpi_free(pk->pub.rsa.e);
- pgp_mpi_free(pk->sec.rsa.d);
- pgp_mpi_free(pk->sec.rsa.p);
- pgp_mpi_free(pk->sec.rsa.q);
- pgp_mpi_free(pk->sec.rsa.u);
- break;
- case PGP_PUB_DSA_SIGN:
- pgp_mpi_free(pk->pub.dsa.p);
- pgp_mpi_free(pk->pub.dsa.q);
- pgp_mpi_free(pk->pub.dsa.g);
- pgp_mpi_free(pk->pub.dsa.y);
- pgp_mpi_free(pk->sec.dsa.x);
- break;
- }
- memset(pk, 0, sizeof(*pk));
- px_free(pk);
-}
-
-static int
-calc_key_id(PGP_PubKey *pk)
-{
- int res;
- PX_MD *md;
- int len;
- uint8 hdr[3];
- uint8 hash[20];
-
- res = pgp_load_digest(PGP_DIGEST_SHA1, &md);
- if (res < 0)
- return res;
-
- len = 1 + 4 + 1;
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- len += 2 + pk->pub.elg.p->bytes;
- len += 2 + pk->pub.elg.g->bytes;
- len += 2 + pk->pub.elg.y->bytes;
- break;
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- len += 2 + pk->pub.rsa.n->bytes;
- len += 2 + pk->pub.rsa.e->bytes;
- break;
- case PGP_PUB_DSA_SIGN:
- len += 2 + pk->pub.dsa.p->bytes;
- len += 2 + pk->pub.dsa.q->bytes;
- len += 2 + pk->pub.dsa.g->bytes;
- len += 2 + pk->pub.dsa.y->bytes;
- break;
- }
-
- hdr[0] = 0x99;
- hdr[1] = len >> 8;
- hdr[2] = len & 0xFF;
- px_md_update(md, hdr, 3);
-
- px_md_update(md, &pk->ver, 1);
- px_md_update(md, pk->time, 4);
- px_md_update(md, &pk->algo, 1);
-
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- pgp_mpi_hash(md, pk->pub.elg.p);
- pgp_mpi_hash(md, pk->pub.elg.g);
- pgp_mpi_hash(md, pk->pub.elg.y);
- break;
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- pgp_mpi_hash(md, pk->pub.rsa.n);
- pgp_mpi_hash(md, pk->pub.rsa.e);
- break;
- case PGP_PUB_DSA_SIGN:
- pgp_mpi_hash(md, pk->pub.dsa.p);
- pgp_mpi_hash(md, pk->pub.dsa.q);
- pgp_mpi_hash(md, pk->pub.dsa.g);
- pgp_mpi_hash(md, pk->pub.dsa.y);
- break;
- }
-
- px_md_finish(md, hash);
- px_md_free(md);
-
- memcpy(pk->key_id, hash + 12, 8);
- memset(hash, 0, 20);
-
- return 0;
-}
-
-int
-_pgp_read_public_key(PullFilter *pkt, PGP_PubKey **pk_p)
-{
- int res;
- PGP_PubKey *pk;
-
- res = pgp_key_alloc(&pk);
- if (res < 0)
- return res;
-
- /* get version */
- GETBYTE(pkt, pk->ver);
- if (pk->ver != 4)
- {
- res = PXE_PGP_NOT_V4_KEYPKT;
- goto out;
- }
-
- /* read time */
- res = pullf_read_fixed(pkt, 4, pk->time);
- if (res < 0)
- goto out;
-
- /* pubkey algorithm */
- GETBYTE(pkt, pk->algo);
-
- switch (pk->algo)
- {
- case PGP_PUB_DSA_SIGN:
- res = pgp_mpi_read(pkt, &pk->pub.dsa.p);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.dsa.q);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.dsa.g);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.dsa.y);
- if (res < 0)
- break;
-
- res = calc_key_id(pk);
- break;
-
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- res = pgp_mpi_read(pkt, &pk->pub.rsa.n);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.rsa.e);
- if (res < 0)
- break;
-
- res = calc_key_id(pk);
-
- if (pk->algo != PGP_PUB_RSA_SIGN)
- pk->can_encrypt = 1;
- break;
-
- case PGP_PUB_ELG_ENCRYPT:
- res = pgp_mpi_read(pkt, &pk->pub.elg.p);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.elg.g);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->pub.elg.y);
- if (res < 0)
- break;
-
- res = calc_key_id(pk);
-
- pk->can_encrypt = 1;
- break;
-
- default:
- px_debug("unknown public algo: %d", pk->algo);
- res = PXE_PGP_UNKNOWN_PUBALGO;
- }
-
-out:
- if (res < 0)
- pgp_key_free(pk);
- else
- *pk_p = pk;
-
- return res;
-}
-
-#define HIDE_CLEAR 0
-#define HIDE_CKSUM 255
-#define HIDE_SHA1 254
-
-static int
-check_key_sha1(PullFilter *src, PGP_PubKey *pk)
-{
- int res;
- uint8 got_sha1[20];
- uint8 my_sha1[20];
- PX_MD *md;
-
- res = pullf_read_fixed(src, 20, got_sha1);
- if (res < 0)
- return res;
-
- res = pgp_load_digest(PGP_DIGEST_SHA1, &md);
- if (res < 0)
- goto err;
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- pgp_mpi_hash(md, pk->sec.elg.x);
- break;
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- pgp_mpi_hash(md, pk->sec.rsa.d);
- pgp_mpi_hash(md, pk->sec.rsa.p);
- pgp_mpi_hash(md, pk->sec.rsa.q);
- pgp_mpi_hash(md, pk->sec.rsa.u);
- break;
- case PGP_PUB_DSA_SIGN:
- pgp_mpi_hash(md, pk->sec.dsa.x);
- break;
- }
- px_md_finish(md, my_sha1);
- px_md_free(md);
-
- if (memcmp(my_sha1, got_sha1, 20) != 0)
- {
- px_debug("key sha1 check failed");
- res = PXE_PGP_KEYPKT_CORRUPT;
- }
-err:
- memset(got_sha1, 0, 20);
- memset(my_sha1, 0, 20);
- return res;
-}
-
-static int
-check_key_cksum(PullFilter *src, PGP_PubKey *pk)
-{
- int res;
- unsigned got_cksum,
- my_cksum = 0;
- uint8 buf[2];
-
- res = pullf_read_fixed(src, 2, buf);
- if (res < 0)
- return res;
-
- got_cksum = ((unsigned) buf[0] << 8) + buf[1];
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- my_cksum = pgp_mpi_cksum(0, pk->sec.elg.x);
- break;
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- my_cksum = pgp_mpi_cksum(0, pk->sec.rsa.d);
- my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.p);
- my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.q);
- my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.u);
- break;
- case PGP_PUB_DSA_SIGN:
- my_cksum = pgp_mpi_cksum(0, pk->sec.dsa.x);
- break;
- }
- if (my_cksum != got_cksum)
- {
- px_debug("key cksum check failed");
- return PXE_PGP_KEYPKT_CORRUPT;
- }
- return 0;
-}
-
-static int
-process_secret_key(PullFilter *pkt, PGP_PubKey **pk_p,
- const uint8 *key, int key_len)
-{
- int res;
- int hide_type;
- int cipher_algo;
- int bs;
- uint8 iv[512];
- PullFilter *pf_decrypt = NULL,
- *pf_key;
- PGP_CFB *cfb = NULL;
- PGP_S2K s2k;
- PGP_PubKey *pk;
-
- /* first read public key part */
- res = _pgp_read_public_key(pkt, &pk);
- if (res < 0)
- return res;
-
- /*
- * is secret key encrypted?
- */
- GETBYTE(pkt, hide_type);
- if (hide_type == HIDE_SHA1 || hide_type == HIDE_CKSUM)
- {
- if (key == NULL)
- return PXE_PGP_NEED_SECRET_PSW;
- GETBYTE(pkt, cipher_algo);
- res = pgp_s2k_read(pkt, &s2k);
- if (res < 0)
- return res;
-
- res = pgp_s2k_process(&s2k, cipher_algo, key, key_len);
- if (res < 0)
- return res;
-
- bs = pgp_get_cipher_block_size(cipher_algo);
- if (bs == 0)
- {
- px_debug("unknown cipher algo=%d", cipher_algo);
- return PXE_PGP_UNSUPPORTED_CIPHER;
- }
- res = pullf_read_fixed(pkt, bs, iv);
- if (res < 0)
- return res;
-
- /*
- * create decrypt filter
- */
- res = pgp_cfb_create(&cfb, cipher_algo, s2k.key, s2k.key_len, 0, iv);
- if (res < 0)
- return res;
- res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt);
- if (res < 0)
- return res;
- pf_key = pf_decrypt;
- }
- else if (hide_type == HIDE_CLEAR)
- {
- pf_key = pkt;
- }
- else
- {
- px_debug("unknown hide type");
- return PXE_PGP_KEYPKT_CORRUPT;
- }
-
- /* read secret key */
- switch (pk->algo)
- {
- case PGP_PUB_RSA_SIGN:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- res = pgp_mpi_read(pkt, &pk->sec.rsa.d);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->sec.rsa.p);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->sec.rsa.q);
- if (res < 0)
- break;
- res = pgp_mpi_read(pkt, &pk->sec.rsa.u);
- if (res < 0)
- break;
- break;
- case PGP_PUB_ELG_ENCRYPT:
- res = pgp_mpi_read(pf_key, &pk->sec.elg.x);
- break;
- case PGP_PUB_DSA_SIGN:
- res = pgp_mpi_read(pf_key, &pk->sec.dsa.x);
- break;
- default:
- px_debug("unknown public algo: %d", pk->algo);
- res = PXE_PGP_KEYPKT_CORRUPT;
- }
- /* read checksum / sha1 */
- if (res >= 0)
- {
- if (hide_type == HIDE_SHA1)
- res = check_key_sha1(pf_key, pk);
- else
- res = check_key_cksum(pf_key, pk);
- }
- if (res >= 0)
- res = pgp_expect_packet_end(pf_key);
-
- if (pf_decrypt)
- pullf_free(pf_decrypt);
- if (cfb)
- pgp_cfb_free(cfb);
-
- if (res < 0)
- pgp_key_free(pk);
- else
- *pk_p = pk;
-
- return res;
-}
-
-static int
-internal_read_key(PullFilter *src, PGP_PubKey **pk_p,
- const uint8 *psw, int psw_len, int pubtype)
-{
- PullFilter *pkt = NULL;
- int res;
- uint8 tag;
- int len;
- PGP_PubKey *enc_key = NULL;
- PGP_PubKey *pk = NULL;
- int got_main_key = 0;
-
- /*
- * Search for encryption key.
- *
- * Error out on anything fancy.
- */
- while (1)
- {
- res = pgp_parse_pkt_hdr(src, &tag, &len, 0);
- if (res <= 0)
- break;
- res = pgp_create_pkt_reader(&pkt, src, len, res, NULL);
- if (res < 0)
- break;
-
- switch (tag)
- {
- case PGP_PKT_PUBLIC_KEY:
- case PGP_PKT_SECRET_KEY:
- if (got_main_key)
- {
- res = PXE_PGP_MULTIPLE_KEYS;
- break;
- }
- got_main_key = 1;
- res = pgp_skip_packet(pkt);
- break;
-
- case PGP_PKT_PUBLIC_SUBKEY:
- if (pubtype != 0)
- res = PXE_PGP_EXPECT_SECRET_KEY;
- else
- res = _pgp_read_public_key(pkt, &pk);
- break;
-
- case PGP_PKT_SECRET_SUBKEY:
- if (pubtype != 1)
- res = PXE_PGP_EXPECT_PUBLIC_KEY;
- else
- res = process_secret_key(pkt, &pk, psw, psw_len);
- break;
-
- case PGP_PKT_SIGNATURE:
- case PGP_PKT_MARKER:
- case PGP_PKT_TRUST:
- case PGP_PKT_USER_ID:
- case PGP_PKT_USER_ATTR:
- case PGP_PKT_PRIV_61:
- res = pgp_skip_packet(pkt);
- break;
- default:
- px_debug("unknown/unexpected packet: %d", tag);
- res = PXE_PGP_UNEXPECTED_PKT;
- }
- pullf_free(pkt);
- pkt = NULL;
-
- if (pk != NULL)
- {
- if (res >= 0 && pk->can_encrypt)
- {
- if (enc_key == NULL)
- {
- enc_key = pk;
- pk = NULL;
- }
- else
- res = PXE_PGP_MULTIPLE_SUBKEYS;
- }
-
- if (pk)
- pgp_key_free(pk);
- pk = NULL;
- }
-
- if (res < 0)
- break;
- }
-
- if (pkt)
- pullf_free(pkt);
-
- if (res < 0)
- {
- if (enc_key)
- pgp_key_free(enc_key);
- return res;
- }
-
- if (!enc_key)
- res = PXE_PGP_NO_USABLE_KEY;
- else
- *pk_p = enc_key;
- return res;
-}
-
-int
-pgp_set_pubkey(PGP_Context *ctx, MBuf *keypkt,
- const uint8 *key, int key_len, int pubtype)
-{
- int res;
- PullFilter *src;
- PGP_PubKey *pk = NULL;
-
- res = pullf_create_mbuf_reader(&src, keypkt);
- if (res < 0)
- return res;
-
- res = internal_read_key(src, &pk, key, key_len, pubtype);
- pullf_free(src);
-
- if (res >= 0)
- ctx->pub_key = pk;
-
- return res < 0 ? res : 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-s2k.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c
deleted file mode 100644
index 326b1bb..0000000
--- a/contrib/pgcrypto/pgp-s2k.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * pgp-s2k.c
- * OpenPGP string2key functions.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-s2k.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-static int
-calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
- unsigned key_len)
-{
- unsigned md_bs,
- md_rlen;
- uint8 buf[PGP_MAX_DIGEST];
- unsigned preload;
- unsigned remain;
- uint8 *dst = s2k->key;
-
- md_bs = px_md_block_size(md);
- md_rlen = px_md_result_size(md);
-
- remain = s2k->key_len;
- preload = 0;
- while (remain > 0)
- {
- px_md_reset(md);
-
- if (preload)
- {
- memset(buf, 0, preload);
- px_md_update(md, buf, preload);
- }
- preload++;
-
- px_md_update(md, key, key_len);
- px_md_finish(md, buf);
-
- if (remain > md_rlen)
- {
- memcpy(dst, buf, md_rlen);
- dst += md_rlen;
- remain -= md_rlen;
- }
- else
- {
- memcpy(dst, buf, remain);
- remain = 0;
- }
- }
- return 0;
-}
-
-static int
-calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
-{
- unsigned md_bs,
- md_rlen;
- uint8 buf[PGP_MAX_DIGEST];
- unsigned preload = 0;
- uint8 *dst;
- unsigned remain;
-
- md_bs = px_md_block_size(md);
- md_rlen = px_md_result_size(md);
-
- dst = s2k->key;
- remain = s2k->key_len;
- while (remain > 0)
- {
- px_md_reset(md);
-
- if (preload > 0)
- {
- memset(buf, 0, preload);
- px_md_update(md, buf, preload);
- }
- preload++;
-
- px_md_update(md, s2k->salt, PGP_S2K_SALT);
- px_md_update(md, key, key_len);
- px_md_finish(md, buf);
-
- if (remain > md_rlen)
- {
- memcpy(dst, buf, md_rlen);
- remain -= md_rlen;
- dst += md_rlen;
- }
- else
- {
- memcpy(dst, buf, remain);
- remain = 0;
- }
- }
- return 0;
-}
-
-static int
-calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
- unsigned key_len)
-{
- unsigned md_bs,
- md_rlen;
- uint8 buf[PGP_MAX_DIGEST];
- uint8 *dst;
- unsigned preload = 0;
- unsigned remain,
- c,
- cval,
- curcnt,
- count;
-
- cval = s2k->iter;
- count = ((unsigned) 16 + (cval & 15)) << ((cval >> 4) + 6);
-
- md_bs = px_md_block_size(md);
- md_rlen = px_md_result_size(md);
-
- remain = s2k->key_len;
- dst = s2k->key;
- while (remain > 0)
- {
- px_md_reset(md);
-
- if (preload)
- {
- memset(buf, 0, preload);
- px_md_update(md, buf, preload);
- }
- preload++;
-
- px_md_update(md, s2k->salt, PGP_S2K_SALT);
- px_md_update(md, key, key_len);
- curcnt = PGP_S2K_SALT + key_len;
-
- while (curcnt < count)
- {
- if (curcnt + PGP_S2K_SALT < count)
- c = PGP_S2K_SALT;
- else
- c = count - curcnt;
- px_md_update(md, s2k->salt, c);
- curcnt += c;
-
- if (curcnt + key_len < count)
- c = key_len;
- else if (curcnt < count)
- c = count - curcnt;
- else
- break;
- px_md_update(md, key, c);
- curcnt += c;
- }
- px_md_finish(md, buf);
-
- if (remain > md_rlen)
- {
- memcpy(dst, buf, md_rlen);
- remain -= md_rlen;
- dst += md_rlen;
- }
- else
- {
- memcpy(dst, buf, remain);
- remain = 0;
- }
- }
- return 0;
-}
-
-/*
- * Decide S2K_ISALTED iteration count
- *
- * Too small: weak
- * Too big: slow
- * gpg defaults to 96 => 65536 iters
- * let it float a bit: 96 + 32 => 262144 iters
- */
-static int
-decide_count(unsigned rand_byte)
-{
- return 96 + (rand_byte & 0x1F);
-}
-
-int
-pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo)
-{
- int res = 0;
- uint8 tmp;
-
- s2k->mode = mode;
- s2k->digest_algo = digest_algo;
-
- switch (s2k->mode)
- {
- case 0:
- break;
- case 1:
- res = px_get_pseudo_random_bytes(s2k->salt, PGP_S2K_SALT);
- break;
- case 3:
- res = px_get_pseudo_random_bytes(s2k->salt, PGP_S2K_SALT);
- if (res < 0)
- break;
- res = px_get_pseudo_random_bytes(&tmp, 1);
- if (res < 0)
- break;
- s2k->iter = decide_count(tmp);
- break;
- default:
- res = PXE_PGP_BAD_S2K_MODE;
- }
- return res;
-}
-
-int
-pgp_s2k_read(PullFilter *src, PGP_S2K *s2k)
-{
- int res = 0;
-
- GETBYTE(src, s2k->mode);
- GETBYTE(src, s2k->digest_algo);
- switch (s2k->mode)
- {
- case 0:
- break;
- case 1:
- res = pullf_read_fixed(src, 8, s2k->salt);
- break;
- case 3:
- res = pullf_read_fixed(src, 8, s2k->salt);
- if (res < 0)
- break;
- GETBYTE(src, s2k->iter);
- break;
- default:
- res = PXE_PGP_BAD_S2K_MODE;
- }
- return res;
-}
-
-int
-pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int key_len)
-{
- int res;
- PX_MD *md;
-
- s2k->key_len = pgp_get_cipher_key_size(cipher);
- if (s2k->key_len <= 0)
- return PXE_PGP_UNSUPPORTED_CIPHER;
-
- res = pgp_load_digest(s2k->digest_algo, &md);
- if (res < 0)
- return res;
-
- switch (s2k->mode)
- {
- case 0:
- res = calc_s2k_simple(s2k, md, key, key_len);
- break;
- case 1:
- res = calc_s2k_salted(s2k, md, key, key_len);
- break;
- case 3:
- res = calc_s2k_iter_salted(s2k, md, key, key_len);
- break;
- default:
- res = PXE_PGP_BAD_S2K_MODE;
- }
- px_md_free(md);
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp.c b/contrib/pgcrypto/pgp.c
deleted file mode 100644
index ce6f199..0000000
--- a/contrib/pgcrypto/pgp.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
- * pgp.c
- * Various utility stuff.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp.c,v 1.4 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-/*
- * Defaults.
- */
-static int def_cipher_algo = PGP_SYM_AES_128;
-static int def_s2k_cipher_algo = -1;
-static int def_s2k_mode = PGP_S2K_ISALTED;
-static int def_s2k_digest_algo = PGP_DIGEST_SHA1;
-static int def_compress_algo = PGP_COMPR_NONE;
-static int def_compress_level = 6;
-static int def_disable_mdc = 0;
-static int def_use_sess_key = 0;
-static int def_text_mode = 0;
-static int def_unicode_mode = 0;
-static int def_convert_crlf = 0;
-
-struct digest_info
-{
- const char *name;
- int code;
- const char *int_name;
-};
-
-struct cipher_info
-{
- const char *name;
- int code;
- const char *int_name;
- int key_len;
- int block_len;
-};
-
-static const struct digest_info digest_list[] = {
- {"md5", PGP_DIGEST_MD5},
- {"sha1", PGP_DIGEST_SHA1},
- {"sha-1", PGP_DIGEST_SHA1},
- {"ripemd160", PGP_DIGEST_RIPEMD160},
- {"sha256", PGP_DIGEST_SHA256},
- {"sha384", PGP_DIGEST_SHA384},
- {"sha512", PGP_DIGEST_SHA512},
- {NULL, 0}
-};
-
-static const struct cipher_info cipher_list[] = {
- {"3des", PGP_SYM_DES3, "3des-ecb", 192 / 8, 64 / 8},
- {"cast5", PGP_SYM_CAST5, "cast5-ecb", 128 / 8, 64 / 8},
- {"bf", PGP_SYM_BLOWFISH, "bf-ecb", 128 / 8, 64 / 8},
- {"blowfish", PGP_SYM_BLOWFISH, "bf-ecb", 128 / 8, 64 / 8},
- {"aes", PGP_SYM_AES_128, "aes-ecb", 128 / 8, 128 / 8},
- {"aes128", PGP_SYM_AES_128, "aes-ecb", 128 / 8, 128 / 8},
- {"aes192", PGP_SYM_AES_192, "aes-ecb", 192 / 8, 128 / 8},
- {"aes256", PGP_SYM_AES_256, "aes-ecb", 256 / 8, 128 / 8},
- {"twofish", PGP_SYM_TWOFISH, "twofish-ecb", 256 / 8, 128 / 8},
- {NULL, 0, NULL}
-};
-
-static const struct cipher_info *
-get_cipher_info(int code)
-{
- const struct cipher_info *i;
-
- for (i = cipher_list; i->name; i++)
- if (i->code == code)
- return i;
- return NULL;
-}
-
-int
-pgp_get_digest_code(const char *name)
-{
- const struct digest_info *i;
-
- for (i = digest_list; i->name; i++)
- if (pg_strcasecmp(i->name, name) == 0)
- return i->code;
- return PXE_PGP_UNSUPPORTED_HASH;
-}
-
-int
-pgp_get_cipher_code(const char *name)
-{
- const struct cipher_info *i;
-
- for (i = cipher_list; i->name; i++)
- if (pg_strcasecmp(i->name, name) == 0)
- return i->code;
- return PXE_PGP_UNSUPPORTED_CIPHER;
-}
-
-const char *
-pgp_get_digest_name(int code)
-{
- const struct digest_info *i;
-
- for (i = digest_list; i->name; i++)
- if (i->code == code)
- return i->name;
- return NULL;
-}
-
-const char *
-pgp_get_cipher_name(int code)
-{
- const struct cipher_info *i = get_cipher_info(code);
-
- if (i != NULL)
- return i->name;
- return NULL;
-}
-
-int
-pgp_get_cipher_key_size(int code)
-{
- const struct cipher_info *i = get_cipher_info(code);
-
- if (i != NULL)
- return i->key_len;
- return 0;
-}
-
-int
-pgp_get_cipher_block_size(int code)
-{
- const struct cipher_info *i = get_cipher_info(code);
-
- if (i != NULL)
- return i->block_len;
- return 0;
-}
-
-int
-pgp_load_cipher(int code, PX_Cipher **res)
-{
- int err;
- const struct cipher_info *i = get_cipher_info(code);
-
- if (i == NULL)
- return PXE_PGP_CORRUPT_DATA;
-
- err = px_find_cipher(i->int_name, res);
- if (err == 0)
- return 0;
-
- return PXE_PGP_UNSUPPORTED_CIPHER;
-}
-
-int
-pgp_load_digest(int code, PX_MD **res)
-{
- int err;
- const char *name = pgp_get_digest_name(code);
-
- if (name == NULL)
- return PXE_PGP_CORRUPT_DATA;
-
- err = px_find_digest(name, res);
- if (err == 0)
- return 0;
-
- return PXE_PGP_UNSUPPORTED_HASH;
-}
-
-int
-pgp_init(PGP_Context **ctx_p)
-{
- PGP_Context *ctx;
-
- ctx = px_alloc(sizeof *ctx);
- memset(ctx, 0, sizeof *ctx);
-
- ctx->cipher_algo = def_cipher_algo;
- ctx->s2k_cipher_algo = def_s2k_cipher_algo;
- ctx->s2k_mode = def_s2k_mode;
- ctx->s2k_digest_algo = def_s2k_digest_algo;
- ctx->compress_algo = def_compress_algo;
- ctx->compress_level = def_compress_level;
- ctx->disable_mdc = def_disable_mdc;
- ctx->use_sess_key = def_use_sess_key;
- ctx->unicode_mode = def_unicode_mode;
- ctx->convert_crlf = def_convert_crlf;
- ctx->text_mode = def_text_mode;
-
- *ctx_p = ctx;
- return 0;
-}
-
-int
-pgp_free(PGP_Context *ctx)
-{
- if (ctx->pub_key)
- pgp_key_free(ctx->pub_key);
- memset(ctx, 0, sizeof *ctx);
- px_free(ctx);
- return 0;
-}
-
-int
-pgp_disable_mdc(PGP_Context *ctx, int disable)
-{
- ctx->disable_mdc = disable ? 1 : 0;
- return 0;
-}
-
-int
-pgp_set_sess_key(PGP_Context *ctx, int use)
-{
- ctx->use_sess_key = use ? 1 : 0;
- return 0;
-}
-
-int
-pgp_set_convert_crlf(PGP_Context *ctx, int doit)
-{
- ctx->convert_crlf = doit ? 1 : 0;
- return 0;
-}
-
-int
-pgp_set_s2k_mode(PGP_Context *ctx, int mode)
-{
- int err = PXE_OK;
-
- switch (mode)
- {
- case PGP_S2K_SIMPLE:
- case PGP_S2K_SALTED:
- case PGP_S2K_ISALTED:
- ctx->s2k_mode = mode;
- break;
- default:
- err = PXE_ARGUMENT_ERROR;
- break;
- }
- return err;
-}
-
-int
-pgp_set_compress_algo(PGP_Context *ctx, int algo)
-{
- switch (algo)
- {
- case PGP_COMPR_NONE:
- case PGP_COMPR_ZIP:
- case PGP_COMPR_ZLIB:
- case PGP_COMPR_BZIP2:
- ctx->compress_algo = algo;
- return 0;
- }
- return PXE_ARGUMENT_ERROR;
-}
-
-int
-pgp_set_compress_level(PGP_Context *ctx, int level)
-{
- if (level >= 0 && level <= 9)
- {
- ctx->compress_level = level;
- return 0;
- }
- return PXE_ARGUMENT_ERROR;
-}
-
-int
-pgp_set_text_mode(PGP_Context *ctx, int mode)
-{
- ctx->text_mode = mode;
- return 0;
-}
-
-int
-pgp_set_cipher_algo(PGP_Context *ctx, const char *name)
-{
- int code = pgp_get_cipher_code(name);
-
- if (code < 0)
- return code;
- ctx->cipher_algo = code;
- return 0;
-}
-
-int
-pgp_set_s2k_cipher_algo(PGP_Context *ctx, const char *name)
-{
- int code = pgp_get_cipher_code(name);
-
- if (code < 0)
- return code;
- ctx->s2k_cipher_algo = code;
- return 0;
-}
-
-int
-pgp_set_s2k_digest_algo(PGP_Context *ctx, const char *name)
-{
- int code = pgp_get_digest_code(name);
-
- if (code < 0)
- return code;
- ctx->s2k_digest_algo = code;
- return 0;
-}
-
-int
-pgp_get_unicode_mode(PGP_Context *ctx)
-{
- return ctx->unicode_mode;
-}
-
-int
-pgp_set_unicode_mode(PGP_Context *ctx, int mode)
-{
- ctx->unicode_mode = mode ? 1 : 0;
- return 0;
-}
-
-int
-pgp_set_symkey(PGP_Context *ctx, const uint8 *key, int len)
-{
- if (key == NULL || len < 1)
- return PXE_ARGUMENT_ERROR;
- ctx->sym_key = key;
- ctx->sym_key_len = len;
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp.h b/contrib/pgcrypto/pgp.h
deleted file mode 100644
index 7860d83..0000000
--- a/contrib/pgcrypto/pgp.h
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- * pgp.h
- * OpenPGP implementation.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp.h,v 1.6 2009/06/11 14:48:52 momjian Exp $
- */
-
-enum PGP_S2K_TYPE
-{
- PGP_S2K_SIMPLE = 0,
- PGP_S2K_SALTED = 1,
- PGP_S2K_ISALTED = 3
-};
-
-enum PGP_PKT_TYPE
-{
- PGP_PKT_RESERVED = 0,
- PGP_PKT_PUBENCRYPTED_SESSKEY = 1,
- PGP_PKT_SIGNATURE = 2,
- PGP_PKT_SYMENCRYPTED_SESSKEY = 3,
- PGP_PKT_SECRET_KEY = 5,
- PGP_PKT_PUBLIC_KEY = 6,
- PGP_PKT_SECRET_SUBKEY = 7,
- PGP_PKT_COMPRESSED_DATA = 8,
- PGP_PKT_SYMENCRYPTED_DATA = 9,
- PGP_PKT_MARKER = 10,
- PGP_PKT_LITERAL_DATA = 11,
- PGP_PKT_TRUST = 12,
- PGP_PKT_USER_ID = 13,
- PGP_PKT_PUBLIC_SUBKEY = 14,
- PGP_PKT_USER_ATTR = 17,
- PGP_PKT_SYMENCRYPTED_DATA_MDC = 18,
- PGP_PKT_MDC = 19,
- PGP_PKT_PRIV_61 = 61 /* occurs in gpg secring */
-};
-
-enum PGP_PUB_ALGO_TYPE
-{
- PGP_PUB_RSA_ENCRYPT_SIGN = 1,
- PGP_PUB_RSA_ENCRYPT = 2,
- PGP_PUB_RSA_SIGN = 3,
- PGP_PUB_ELG_ENCRYPT = 16,
- PGP_PUB_DSA_SIGN = 17
-};
-
-enum PGP_SYMENC_TYPE
-{
- PGP_SYM_PLAIN = 0, /* ?? */
- PGP_SYM_IDEA = 1, /* obsolete, PGP 2.6 compat */
- PGP_SYM_DES3 = 2, /* must */
- PGP_SYM_CAST5 = 3, /* should */
- PGP_SYM_BLOWFISH = 4,
- PGP_SYM_SAFER_SK128 = 5, /* obsolete */
- PGP_SYM_DES_SK = 6, /* obsolete */
- PGP_SYM_AES_128 = 7, /* should */
- PGP_SYM_AES_192 = 8,
- PGP_SYM_AES_256 = 9,
- PGP_SYM_TWOFISH = 10
-};
-
-enum PGP_COMPR_TYPE
-{
- PGP_COMPR_NONE = 0, /* must */
- PGP_COMPR_ZIP = 1, /* should */
- PGP_COMPR_ZLIB = 2,
- PGP_COMPR_BZIP2 = 3
-};
-
-enum PGP_DIGEST_TYPE
-{
- PGP_DIGEST_MD5 = 1, /* should, deprecated */
- PGP_DIGEST_SHA1 = 2, /* must */
- PGP_DIGEST_RIPEMD160 = 3,
- PGP_DIGEST_XSHA = 4, /* obsolete */
- PGP_DIGEST_MD2 = 5, /* obsolete */
- PGP_DIGEST_TIGER192 = 6, /* obsolete */
- PGP_DIGEST_HAVAL5_160 = 7, /* obsolete */
- PGP_DIGEST_SHA256 = 8,
- PGP_DIGEST_SHA384 = 9,
- PGP_DIGEST_SHA512 = 10
-};
-
-#define PGP_MAX_KEY (256/8)
-#define PGP_MAX_BLOCK (256/8)
-#define PGP_MAX_DIGEST (512/8)
-#define PGP_S2K_SALT 8
-
-typedef struct PGP_MPI PGP_MPI;
-typedef struct PGP_PubKey PGP_PubKey;
-typedef struct PGP_Context PGP_Context;
-typedef struct PGP_S2K PGP_S2K;
-
-struct PGP_S2K
-{
- uint8 mode;
- uint8 digest_algo;
- uint8 salt[8];
- uint8 iter;
- /* calculated: */
- uint8 key[PGP_MAX_KEY];
- uint8 key_len;
-};
-
-
-struct PGP_Context
-{
- /*
- * parameters
- */
- PGP_S2K s2k;
- int s2k_mode;
- int s2k_digest_algo;
- int s2k_cipher_algo;
- int cipher_algo;
- int compress_algo;
- int compress_level;
- int disable_mdc;
- int use_sess_key;
- int text_mode;
- int convert_crlf;
- int unicode_mode;
-
- /*
- * internal variables
- */
- int mdc_checked;
- int corrupt_prefix;
- int in_mdc_pkt;
- int use_mdcbuf_filter;
- PX_MD *mdc_ctx;
-
- PGP_PubKey *pub_key; /* ctx owns it */
- const uint8 *sym_key; /* ctx does not own it */
- int sym_key_len;
-
- /*
- * read or generated data
- */
- uint8 sess_key[PGP_MAX_KEY];
- unsigned sess_key_len;
-};
-
-struct PGP_MPI
-{
- uint8 *data;
- int bits;
- int bytes;
-};
-
-struct PGP_PubKey
-{
- uint8 ver;
- uint8 time[4];
- uint8 algo;
-
- /* public part */
- union
- {
- struct
- {
- PGP_MPI *p;
- PGP_MPI *g;
- PGP_MPI *y;
- } elg;
- struct
- {
- PGP_MPI *n;
- PGP_MPI *e;
- } rsa;
- struct
- {
- PGP_MPI *p;
- PGP_MPI *q;
- PGP_MPI *g;
- PGP_MPI *y;
- } dsa;
- } pub;
-
- /* secret part */
- union
- {
- struct
- {
- PGP_MPI *x;
- } elg;
- struct
- {
- PGP_MPI *d;
- PGP_MPI *p;
- PGP_MPI *q;
- PGP_MPI *u;
- } rsa;
- struct
- {
- PGP_MPI *x;
- } dsa;
- } sec;
-
- uint8 key_id[8];
- int can_encrypt;
-};
-
-int pgp_init(PGP_Context **ctx);
-int pgp_encrypt(PGP_Context *ctx, MBuf *src, MBuf *dst);
-int pgp_decrypt(PGP_Context *ctx, MBuf *src, MBuf *dst);
-int pgp_free(PGP_Context *ctx);
-
-int pgp_get_digest_code(const char *name);
-int pgp_get_cipher_code(const char *name);
-const char *pgp_get_digest_name(int code);
-const char *pgp_get_cipher_name(int code);
-
-int pgp_set_cipher_algo(PGP_Context *ctx, const char *name);
-int pgp_set_s2k_mode(PGP_Context *ctx, int type);
-int pgp_set_s2k_cipher_algo(PGP_Context *ctx, const char *name);
-int pgp_set_s2k_digest_algo(PGP_Context *ctx, const char *name);
-int pgp_set_convert_crlf(PGP_Context *ctx, int doit);
-int pgp_disable_mdc(PGP_Context *ctx, int disable);
-int pgp_set_sess_key(PGP_Context *ctx, int use);
-int pgp_set_compress_algo(PGP_Context *ctx, int algo);
-int pgp_set_compress_level(PGP_Context *ctx, int level);
-int pgp_set_text_mode(PGP_Context *ctx, int mode);
-int pgp_set_unicode_mode(PGP_Context *ctx, int mode);
-int pgp_get_unicode_mode(PGP_Context *ctx);
-
-int pgp_set_symkey(PGP_Context *ctx, const uint8 *key, int klen);
-int pgp_set_pubkey(PGP_Context *ctx, MBuf *keypkt,
- const uint8 *key, int klen, int pubtype);
-
-int pgp_get_keyid(MBuf *pgp_data, char *dst);
-
-/* internal functions */
-
-int pgp_load_digest(int c, PX_MD **res);
-int pgp_load_cipher(int c, PX_Cipher **res);
-int pgp_get_cipher_key_size(int c);
-int pgp_get_cipher_block_size(int c);
-
-int pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo);
-int pgp_s2k_read(PullFilter *src, PGP_S2K *s2k);
-int pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int klen);
-
-typedef struct PGP_CFB PGP_CFB;
-int
-pgp_cfb_create(PGP_CFB **ctx_p, int algo,
- const uint8 *key, int key_len, int recync, uint8 *iv);
-void pgp_cfb_free(PGP_CFB *ctx);
-int pgp_cfb_encrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst);
-int pgp_cfb_decrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst);
-
-int pgp_armor_encode(const uint8 *src, unsigned len, uint8 *dst);
-int pgp_armor_decode(const uint8 *src, unsigned len, uint8 *dst);
-unsigned pgp_armor_enc_len(unsigned len);
-unsigned pgp_armor_dec_len(unsigned len);
-
-int pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst);
-int pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src);
-
-int pgp_key_alloc(PGP_PubKey **pk_p);
-void pgp_key_free(PGP_PubKey *pk);
-int _pgp_read_public_key(PullFilter *pkt, PGP_PubKey **pk_p);
-
-int pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt);
-int pgp_create_pkt_reader(PullFilter **pf_p, PullFilter *src, int len,
- int pkttype, PGP_Context *ctx);
-int pgp_parse_pkt_hdr(PullFilter *src, uint8 *tag, int *len_p,
- int allow_ctx);
-
-int pgp_skip_packet(PullFilter *pkt);
-int pgp_expect_packet_end(PullFilter *pkt);
-
-int pgp_write_pubenc_sesskey(PGP_Context *ctx, PushFilter *dst);
-int pgp_create_pkt_writer(PushFilter *dst, int tag, PushFilter **res_p);
-
-int pgp_mpi_alloc(int bits, PGP_MPI **mpi);
-int pgp_mpi_create(uint8 *data, int bits, PGP_MPI **mpi);
-int pgp_mpi_free(PGP_MPI *mpi);
-int pgp_mpi_read(PullFilter *src, PGP_MPI **mpi);
-int pgp_mpi_write(PushFilter *dst, PGP_MPI *n);
-int pgp_mpi_hash(PX_MD *md, PGP_MPI *n);
-unsigned pgp_mpi_cksum(unsigned cksum, PGP_MPI *n);
-
-int pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *m,
- PGP_MPI **c1, PGP_MPI **c2);
-int pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *c1, PGP_MPI *c2,
- PGP_MPI **m);
-int pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *m, PGP_MPI **c);
-int pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *c, PGP_MPI **m);
-
-extern struct PullFilterOps pgp_decrypt_filter;
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/px-crypt.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c
deleted file mode 100644
index d2e1682..0000000
--- a/contrib/pgcrypto/px-crypt.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * px-crypt.c
- * Wrapper for various crypt algorithms.
- *
- * Copyright (c) 2001 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * contrib/pgcrypto/px-crypt.c
- */
-
-#include "postgres.h"
-
-#include "px.h"
-#include "px-crypt.h"
-
-
-static char *
-run_crypt_des(const char *psw, const char *salt,
- char *buf, unsigned len)
-{
- char *res;
-
- res = px_crypt_des(psw, salt);
- if (strlen(res) > len - 1)
- return NULL;
- strcpy(buf, res);
- return buf;
-}
-
-static char *
-run_crypt_md5(const char *psw, const char *salt,
- char *buf, unsigned len)
-{
- char *res;
-
- res = px_crypt_md5(psw, salt, buf, len);
- return res;
-}
-
-static char *
-run_crypt_bf(const char *psw, const char *salt,
- char *buf, unsigned len)
-{
- char *res;
-
- res = _crypt_blowfish_rn(psw, salt, buf, len);
- return res;
-}
-
-struct px_crypt_algo
-{
- char *id;
- unsigned id_len;
- char *(*crypt) (const char *psw, const char *salt,
- char *buf, unsigned len);
-};
-
-static const struct px_crypt_algo
- px_crypt_list[] = {
- {"$2a$", 4, run_crypt_bf},
- {"$2x$", 4, run_crypt_bf},
- {"$2$", 3, NULL}, /* N/A */
- {"$1$", 3, run_crypt_md5},
- {"_", 1, run_crypt_des},
- {"", 0, run_crypt_des},
- {NULL, 0, NULL}
-};
-
-char *
-px_crypt(const char *psw, const char *salt, char *buf, unsigned len)
-{
- const struct px_crypt_algo *c;
-
- for (c = px_crypt_list; c->id; c++)
- {
- if (!c->id_len)
- break;
- if (!strncmp(salt, c->id, c->id_len))
- break;
- }
-
- if (c->crypt == NULL)
- return NULL;
-
- return c->crypt(psw, salt, buf, len);
-}
-
-/*
- * salt generators
- */
-
-struct generator
-{
- char *name;
- char *(*gen) (unsigned long count, const char *input, int size,
- char *output, int output_size);
- int input_len;
- int def_rounds;
- int min_rounds;
- int max_rounds;
-};
-
-static struct generator gen_list[] = {
- {"des", _crypt_gensalt_traditional_rn, 2, 0, 0, 0},
- {"md5", _crypt_gensalt_md5_rn, 6, 0, 0, 0},
- {"xdes", _crypt_gensalt_extended_rn, 3, PX_XDES_ROUNDS, 1, 0xFFFFFF},
- {"bf", _crypt_gensalt_blowfish_rn, 16, PX_BF_ROUNDS, 4, 31},
- {NULL, NULL, 0, 0, 0, 0}
-};
-
-int
-px_gen_salt(const char *salt_type, char *buf, int rounds)
-{
- int res;
- struct generator *g;
- char *p;
- char rbuf[16];
-
- for (g = gen_list; g->name; g++)
- if (pg_strcasecmp(g->name, salt_type) == 0)
- break;
-
- if (g->name == NULL)
- return PXE_UNKNOWN_SALT_ALGO;
-
- if (g->def_rounds)
- {
- if (rounds == 0)
- rounds = g->def_rounds;
-
- if (rounds < g->min_rounds || rounds > g->max_rounds)
- return PXE_BAD_SALT_ROUNDS;
- }
-
- res = px_get_pseudo_random_bytes((uint8 *) rbuf, g->input_len);
- if (res < 0)
- return res;
-
- p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
- memset(rbuf, 0, sizeof(rbuf));
-
- if (p == NULL)
- return PXE_BAD_SALT_ROUNDS;
-
- return strlen(p);
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/px-crypt.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px-crypt.h b/contrib/pgcrypto/px-crypt.h
deleted file mode 100644
index c2460cb..0000000
--- a/contrib/pgcrypto/px-crypt.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * px-crypt.h
- * Header file for px_crypt().
- *
- * Copyright (c) 2001 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/px-crypt.h,v 1.10 2006/07/13 04:15:25 neilc Exp $
- */
-
-#ifndef _PX_CRYPT_H
-#define _PX_CRYPT_H
-
-/* max room for result */
-#define PX_MAX_CRYPT 128
-
-/* max salt returned by gen_salt() */
-#define PX_MAX_SALT_LEN 128
-
-/* default rounds for xdes salt */
-/* NetBSD bin/passwd/local_passwd.c has (29 * 25)*/
-#define PX_XDES_ROUNDS (29 * 25)
-
-/* default for blowfish salt */
-#define PX_BF_ROUNDS 6
-
-/*
- * main interface
- */
-char *px_crypt(const char *psw, const char *salt, char *buf, unsigned buflen);
-int px_gen_salt(const char *salt_type, char *dst, int rounds);
-
-/*
- * internal functions
- */
-
-/* crypt-gensalt.c */
-char *_crypt_gensalt_traditional_rn(unsigned long count,
- const char *input, int size, char *output, int output_size);
-char *_crypt_gensalt_extended_rn(unsigned long count,
- const char *input, int size, char *output, int output_size);
-char *_crypt_gensalt_md5_rn(unsigned long count,
- const char *input, int size, char *output, int output_size);
-char *_crypt_gensalt_blowfish_rn(unsigned long count,
- const char *input, int size, char *output, int output_size);
-
-/* disable 'extended DES crypt' */
-/* #define DISABLE_XDES */
-
-/* crypt-blowfish.c */
-char *_crypt_blowfish_rn(const char *key, const char *setting,
- char *output, int size);
-
-/* crypt-des.c */
-char *px_crypt_des(const char *key, const char *setting);
-
-/* crypt-md5.c */
-char *px_crypt_md5(const char *pw, const char *salt,
- char *dst, unsigned dstlen);
-
-#endif /* _PX_CRYPT_H */
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/px-hmac.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px-hmac.c b/contrib/pgcrypto/px-hmac.c
deleted file mode 100644
index 3b20161..0000000
--- a/contrib/pgcrypto/px-hmac.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * px-hmac.c
- * HMAC implementation.
- *
- * Copyright (c) 2001 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/px-hmac.c,v 1.8 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "px.h"
-
-#define HMAC_IPAD 0x36
-#define HMAC_OPAD 0x5C
-
-static unsigned
-hmac_result_size(PX_HMAC *h)
-{
- return px_md_result_size(h->md);
-}
-
-static unsigned
-hmac_block_size(PX_HMAC *h)
-{
- return px_md_block_size(h->md);
-}
-
-static void
-hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen)
-{
- unsigned bs,
- hlen,
- i;
- uint8 *keybuf;
- PX_MD *md = h->md;
-
- bs = px_md_block_size(md);
- hlen = px_md_result_size(md);
- keybuf = px_alloc(bs);
- memset(keybuf, 0, bs);
-
- if (klen > bs)
- {
- px_md_update(md, key, klen);
- px_md_finish(md, keybuf);
- px_md_reset(md);
- }
- else
- memcpy(keybuf, key, klen);
-
- for (i = 0; i < bs; i++)
- {
- h->p.ipad[i] = keybuf[i] ^ HMAC_IPAD;
- h->p.opad[i] = keybuf[i] ^ HMAC_OPAD;
- }
-
- memset(keybuf, 0, bs);
- px_free(keybuf);
-
- px_md_update(md, h->p.ipad, bs);
-}
-
-static void
-hmac_reset(PX_HMAC *h)
-{
- PX_MD *md = h->md;
- unsigned bs = px_md_block_size(md);
-
- px_md_reset(md);
- px_md_update(md, h->p.ipad, bs);
-}
-
-static void
-hmac_update(PX_HMAC *h, const uint8 *data, unsigned dlen)
-{
- px_md_update(h->md, data, dlen);
-}
-
-static void
-hmac_finish(PX_HMAC *h, uint8 *dst)
-{
- PX_MD *md = h->md;
- unsigned bs,
- hlen;
- uint8 *buf;
-
- bs = px_md_block_size(md);
- hlen = px_md_result_size(md);
-
- buf = px_alloc(hlen);
-
- px_md_finish(md, buf);
-
- px_md_reset(md);
- px_md_update(md, h->p.opad, bs);
- px_md_update(md, buf, hlen);
- px_md_finish(md, dst);
-
- memset(buf, 0, hlen);
- px_free(buf);
-}
-
-static void
-hmac_free(PX_HMAC *h)
-{
- unsigned bs;
-
- bs = px_md_block_size(h->md);
- px_md_free(h->md);
-
- memset(h->p.ipad, 0, bs);
- memset(h->p.opad, 0, bs);
- px_free(h->p.ipad);
- px_free(h->p.opad);
- px_free(h);
-}
-
-
-/* PUBLIC FUNCTIONS */
-
-int
-px_find_hmac(const char *name, PX_HMAC **res)
-{
- int err;
- PX_MD *md;
- PX_HMAC *h;
- unsigned bs;
-
- err = px_find_digest(name, &md);
- if (err)
- return err;
-
- bs = px_md_block_size(md);
- if (bs < 2)
- {
- px_md_free(md);
- return PXE_HASH_UNUSABLE_FOR_HMAC;
- }
-
- h = px_alloc(sizeof(*h));
- h->p.ipad = px_alloc(bs);
- h->p.opad = px_alloc(bs);
- h->md = md;
-
- h->result_size = hmac_result_size;
- h->block_size = hmac_block_size;
- h->reset = hmac_reset;
- h->update = hmac_update;
- h->finish = hmac_finish;
- h->free = hmac_free;
- h->init = hmac_init;
-
- *res = h;
-
- return 0;
-}