You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by hu...@apache.org on 2016/05/16 06:40:37 UTC
[06/11] incubator-hawq git commit: HAWQ-394. Remove pgcrypto from
code base
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-armor.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-armor.c b/contrib/pgcrypto/pgp-armor.c
deleted file mode 100644
index 7963ccc..0000000
--- a/contrib/pgcrypto/pgp-armor.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/*
- * pgp-armor.c
- * PGP ascii-armor.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-armor.c,v 1.3 2005/10/15 02:49:06 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-/*
- * BASE64 - duplicated :(
- */
-
-static const unsigned char _base64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static int
-b64_encode(const uint8 *src, unsigned len, uint8 *dst)
-{
- uint8 *p,
- *lend = dst + 76;
- const uint8 *s,
- *end = src + len;
- int pos = 2;
- unsigned long buf = 0;
-
- s = src;
- p = dst;
-
- while (s < end)
- {
- buf |= *s << (pos << 3);
- pos--;
- s++;
-
- /*
- * write it out
- */
- if (pos < 0)
- {
- *p++ = _base64[(buf >> 18) & 0x3f];
- *p++ = _base64[(buf >> 12) & 0x3f];
- *p++ = _base64[(buf >> 6) & 0x3f];
- *p++ = _base64[buf & 0x3f];
-
- pos = 2;
- buf = 0;
- }
- if (p >= lend)
- {
- *p++ = '\n';
- lend = p + 76;
- }
- }
- if (pos != 2)
- {
- *p++ = _base64[(buf >> 18) & 0x3f];
- *p++ = _base64[(buf >> 12) & 0x3f];
- *p++ = (pos == 0) ? _base64[(buf >> 6) & 0x3f] : '=';
- *p++ = '=';
- }
-
- return p - dst;
-}
-
-/* probably should use lookup table */
-static int
-b64_decode(const uint8 *src, unsigned len, uint8 *dst)
-{
- const uint8 *srcend = src + len,
- *s = src;
- uint8 *p = dst;
- char c;
- unsigned b = 0;
- unsigned long buf = 0;
- int pos = 0,
- end = 0;
-
- while (s < srcend)
- {
- c = *s++;
- if (c >= 'A' && c <= 'Z')
- b = c - 'A';
- else if (c >= 'a' && c <= 'z')
- b = c - 'a' + 26;
- else if (c >= '0' && c <= '9')
- b = c - '0' + 52;
- else if (c == '+')
- b = 62;
- else if (c == '/')
- b = 63;
- else if (c == '=')
- {
- /*
- * end sequence
- */
- if (!end)
- {
- if (pos == 2)
- end = 1;
- else if (pos == 3)
- end = 2;
- else
- return PXE_PGP_CORRUPT_ARMOR;
- }
- b = 0;
- }
- else if (c == ' ' || c == '\t' || c == '\n' || c == '\r')
- continue;
- else
- return PXE_PGP_CORRUPT_ARMOR;
-
- /*
- * add it to buffer
- */
- buf = (buf << 6) + b;
- pos++;
- if (pos == 4)
- {
- *p++ = (buf >> 16) & 255;
- if (end == 0 || end > 1)
- *p++ = (buf >> 8) & 255;
- if (end == 0 || end > 2)
- *p++ = buf & 255;
- buf = 0;
- pos = 0;
- }
- }
-
- if (pos != 0)
- return PXE_PGP_CORRUPT_ARMOR;
- return p - dst;
-}
-
-static unsigned
-b64_enc_len(unsigned srclen)
-{
- /*
- * 3 bytes will be converted to 4, linefeed after 76 chars
- */
- return (srclen + 2) * 4 / 3 + srclen / (76 * 3 / 4);
-}
-
-static unsigned
-b64_dec_len(unsigned srclen)
-{
- return (srclen * 3) >> 2;
-}
-
-/*
- * PGP armor
- */
-
-static const char *armor_header = "-----BEGIN PGP MESSAGE-----\n\n";
-static const char *armor_footer = "\n-----END PGP MESSAGE-----\n";
-
-/* CRC24 implementation from rfc2440 */
-#define CRC24_INIT 0x00b704ceL
-#define CRC24_POLY 0x01864cfbL
-static long
-crc24(const uint8 *data, unsigned len)
-{
- unsigned crc = CRC24_INIT;
- int i;
-
- while (len--)
- {
- crc ^= (*data++) << 16;
- for (i = 0; i < 8; i++)
- {
- crc <<= 1;
- if (crc & 0x1000000)
- crc ^= CRC24_POLY;
- }
- }
- return crc & 0xffffffL;
-}
-
-int
-pgp_armor_encode(const uint8 *src, unsigned len, uint8 *dst)
-{
- int n;
- uint8 *pos = dst;
- unsigned crc = crc24(src, len);
-
- n = strlen(armor_header);
- memcpy(pos, armor_header, n);
- pos += n;
-
- n = b64_encode(src, len, pos);
- pos += n;
-
- if (*(pos - 1) != '\n')
- *pos++ = '\n';
-
- *pos++ = '=';
- pos[3] = _base64[crc & 0x3f];
- crc >>= 6;
- pos[2] = _base64[crc & 0x3f];
- crc >>= 6;
- pos[1] = _base64[crc & 0x3f];
- crc >>= 6;
- pos[0] = _base64[crc & 0x3f];
- pos += 4;
-
- n = strlen(armor_footer);
- memcpy(pos, armor_footer, n);
- pos += n;
-
- return pos - dst;
-}
-
-static const uint8 *
-find_str(const uint8 *data, const uint8 *data_end, const char *str, int strlen)
-{
- const uint8 *p = data;
-
- if (!strlen)
- return NULL;
- if (data_end - data < strlen)
- return NULL;
- while (p < data_end)
- {
- p = memchr(p, str[0], data_end - p);
- if (p == NULL)
- return NULL;
- if (p + strlen > data_end)
- return NULL;
- if (memcmp(p, str, strlen) == 0)
- return p;
- p++;
- }
- return NULL;
-}
-
-static int
-find_header(const uint8 *data, const uint8 *datend,
- const uint8 **start_p, int is_end)
-{
- const uint8 *p = data;
- static const char *start_sep = "-----BEGIN";
- static const char *end_sep = "-----END";
- const char *sep = is_end ? end_sep : start_sep;
-
- /* find header line */
- while (1)
- {
- p = find_str(p, datend, sep, strlen(sep));
- if (p == NULL)
- return PXE_PGP_CORRUPT_ARMOR;
- /* it must start at beginning of line */
- if (p == data || *(p - 1) == '\n')
- break;
- p += strlen(sep);
- }
- *start_p = p;
- p += strlen(sep);
-
- /* check if header text ok */
- for (; p < datend && *p != '-'; p++)
- {
- /* various junk can be there, but definitely not line-feed */
- if (*p >= ' ')
- continue;
- return PXE_PGP_CORRUPT_ARMOR;
- }
- if (datend - p < 5 || memcmp(p, sep, 5) != 0)
- return PXE_PGP_CORRUPT_ARMOR;
- p += 5;
-
- /* check if at end of line */
- if (p < datend)
- {
- if (*p != '\n' && *p != '\r')
- return PXE_PGP_CORRUPT_ARMOR;
- if (*p == '\r')
- p++;
- if (p < datend && *p == '\n')
- p++;
- }
- return p - *start_p;
-}
-
-int
-pgp_armor_decode(const uint8 *src, unsigned len, uint8 *dst)
-{
- const uint8 *p = src;
- const uint8 *data_end = src + len;
- long crc;
- const uint8 *base64_start,
- *armor_end;
- const uint8 *base64_end = NULL;
- uint8 buf[4];
- int hlen;
- int res = PXE_PGP_CORRUPT_ARMOR;
-
- /* armor start */
- hlen = find_header(src, data_end, &p, 0);
- if (hlen <= 0)
- goto out;
- p += hlen;
-
- /* armor end */
- hlen = find_header(p, data_end, &armor_end, 1);
- if (hlen <= 0)
- goto out;
-
- /* skip comments - find empty line */
- while (p < armor_end && *p != '\n' && *p != '\r')
- {
- p = memchr(p, '\n', armor_end - p);
- if (!p)
- goto out;
-
- /* step to start of next line */
- p++;
- }
- base64_start = p;
-
- /* find crc pos */
- for (p = armor_end; p >= base64_start; p--)
- if (*p == '=')
- {
- base64_end = p - 1;
- break;
- }
- if (base64_end == NULL)
- goto out;
-
- /* decode crc */
- if (b64_decode(p + 1, 4, buf) != 3)
- goto out;
- crc = (((long) buf[0]) << 16) + (((long) buf[1]) << 8) + (long) buf[2];
-
- /* decode data */
- res = b64_decode(base64_start, base64_end - base64_start, dst);
-
- /* check crc */
- if (res >= 0 && crc24(dst, res) != crc)
- res = PXE_PGP_CORRUPT_ARMOR;
-out:
- return res;
-}
-
-unsigned
-pgp_armor_enc_len(unsigned len)
-{
- return b64_enc_len(len) + strlen(armor_header) + strlen(armor_footer) + 16;
-}
-
-unsigned
-pgp_armor_dec_len(unsigned len)
-{
- return b64_dec_len(len);
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-cfb.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-cfb.c b/contrib/pgcrypto/pgp-cfb.c
deleted file mode 100644
index bd05ccc..0000000
--- a/contrib/pgcrypto/pgp-cfb.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * pgp-cfb.c
- * Implements both normal and PGP-specific CFB mode.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-cfb.c,v 1.4 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "mbuf.h"
-#include "px.h"
-#include "pgp.h"
-
-typedef int (*mix_data_t) (PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst);
-
-struct PGP_CFB
-{
- PX_Cipher *ciph;
- int block_size;
- int pos;
- int block_no;
- int resync;
- uint8 fr[PGP_MAX_BLOCK];
- uint8 fre[PGP_MAX_BLOCK];
- uint8 encbuf[PGP_MAX_BLOCK];
-};
-
-int
-pgp_cfb_create(PGP_CFB **ctx_p, int algo, const uint8 *key, int key_len,
- int resync, uint8 *iv)
-{
- int res;
- PX_Cipher *ciph;
- PGP_CFB *ctx;
-
- res = pgp_load_cipher(algo, &ciph);
- if (res < 0)
- return res;
-
- res = px_cipher_init(ciph, key, key_len, NULL);
- if (res < 0)
- {
- px_cipher_free(ciph);
- return res;
- }
-
- ctx = px_alloc(sizeof(*ctx));
- memset(ctx, 0, sizeof(*ctx));
- ctx->ciph = ciph;
- ctx->block_size = px_cipher_block_size(ciph);
- ctx->resync = resync;
-
- if (iv)
- memcpy(ctx->fr, iv, ctx->block_size);
-
- *ctx_p = ctx;
- return 0;
-}
-
-void
-pgp_cfb_free(PGP_CFB *ctx)
-{
- px_cipher_free(ctx->ciph);
- memset(ctx, 0, sizeof(*ctx));
- px_free(ctx);
-}
-
-/*
- * Data processing for normal CFB. (PGP_PKT_SYMENCRYPTED_DATA_MDC)
- */
-static int
-mix_encrypt_normal(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- int i;
-
- for (i = ctx->pos; i < ctx->pos + len; i++)
- *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++);
- ctx->pos += len;
- return len;
-}
-
-static int
-mix_decrypt_normal(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- int i;
-
- for (i = ctx->pos; i < ctx->pos + len; i++)
- {
- ctx->encbuf[i] = *data++;
- *dst++ = ctx->fre[i] ^ ctx->encbuf[i];
- }
- ctx->pos += len;
- return len;
-}
-
-/*
- * Data processing for old PGP CFB mode. (PGP_PKT_SYMENCRYPTED_DATA)
- *
- * The goal is to hide the horror from the rest of the code,
- * thus its all concentrated here.
- */
-static int
-mix_encrypt_resync(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- int i,
- n;
-
- /* block #2 is 2 bytes long */
- if (ctx->block_no == 2)
- {
- n = 2 - ctx->pos;
- if (len < n)
- n = len;
- for (i = ctx->pos; i < ctx->pos + n; i++)
- *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++);
-
- ctx->pos += n;
- len -= n;
-
- if (ctx->pos == 2)
- {
- memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2);
- memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2);
- ctx->pos = 0;
- return n;
- }
- }
- for (i = ctx->pos; i < ctx->pos + len; i++)
- *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++);
- ctx->pos += len;
- return len;
-}
-
-static int
-mix_decrypt_resync(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- int i,
- n;
-
- /* block #2 is 2 bytes long */
- if (ctx->block_no == 2)
- {
- n = 2 - ctx->pos;
- if (len < n)
- n = len;
- for (i = ctx->pos; i < ctx->pos + n; i++)
- {
- ctx->encbuf[i] = *data++;
- *dst++ = ctx->fre[i] ^ ctx->encbuf[i];
- }
- ctx->pos += n;
- len -= n;
-
- if (ctx->pos == 2)
- {
- memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2);
- memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2);
- ctx->pos = 0;
- return n;
- }
- }
- for (i = ctx->pos; i < ctx->pos + len; i++)
- {
- ctx->encbuf[i] = *data++;
- *dst++ = ctx->fre[i] ^ ctx->encbuf[i];
- }
- ctx->pos += len;
- return len;
-}
-
-/*
- * common code for both encrypt and decrypt.
- */
-static int
-cfb_process(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst,
- mix_data_t mix_data)
-{
- int n;
- int res;
-
- while (len > 0 && ctx->pos > 0)
- {
- n = ctx->block_size - ctx->pos;
- if (len < n)
- n = len;
-
- n = mix_data(ctx, data, n, dst);
- data += n;
- dst += n;
- len -= n;
-
- if (ctx->pos == ctx->block_size)
- {
- memcpy(ctx->fr, ctx->encbuf, ctx->block_size);
- ctx->pos = 0;
- }
- }
-
- while (len > 0)
- {
- px_cipher_encrypt(ctx->ciph, ctx->fr, ctx->block_size, ctx->fre);
- if (ctx->block_no < 5)
- ctx->block_no++;
-
- n = ctx->block_size;
- if (len < n)
- n = len;
-
- res = mix_data(ctx, data, n, dst);
- data += res;
- dst += res;
- len -= res;
-
- if (ctx->pos == ctx->block_size)
- {
- memcpy(ctx->fr, ctx->encbuf, ctx->block_size);
- ctx->pos = 0;
- }
- }
- return 0;
-}
-
-/*
- * public interface
- */
-
-int
-pgp_cfb_encrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- mix_data_t mix = ctx->resync ? mix_encrypt_resync : mix_encrypt_normal;
-
- return cfb_process(ctx, data, len, dst, mix);
-}
-
-int
-pgp_cfb_decrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst)
-{
- mix_data_t mix = ctx->resync ? mix_decrypt_resync : mix_decrypt_normal;
-
- return cfb_process(ctx, data, len, dst, mix);
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-compress.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c
deleted file mode 100644
index 41f5855..0000000
--- a/contrib/pgcrypto/pgp-compress.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * pgp-compress.c
- * ZIP and ZLIB compression via zlib.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-compress.c,v 1.8 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "mbuf.h"
-#include "px.h"
-#include "pgp.h"
-
-
-/*
- * Compressed pkt writer
- */
-
-#ifdef HAVE_LIBZ
-
-#include <zlib.h>
-
-#define ZIP_OUT_BUF 8192
-#define ZIP_IN_BLOCK 8192
-
-struct ZipStat
-{
- uint8 type;
- int buf_len;
- int hdr_done;
- z_stream stream;
- uint8 buf[ZIP_OUT_BUF];
-};
-
-static void *
-z_alloc(void *priv, unsigned n_items, unsigned item_len)
-{
- return px_alloc(n_items * item_len);
-}
-
-static void
-z_free(void *priv, void *addr)
-{
- px_free(addr);
-}
-
-static int
-compress_init(PushFilter *next, void *init_arg, void **priv_p)
-{
- int res;
- struct ZipStat *st;
- PGP_Context *ctx = init_arg;
- uint8 type = ctx->compress_algo;
-
- if (type != PGP_COMPR_ZLIB && type != PGP_COMPR_ZIP)
- return PXE_PGP_UNSUPPORTED_COMPR;
-
- /*
- * init
- */
- st = px_alloc(sizeof(*st));
- memset(st, 0, sizeof(*st));
- st->buf_len = ZIP_OUT_BUF;
- st->stream.zalloc = z_alloc;
- st->stream.zfree = z_free;
-
- if (type == PGP_COMPR_ZIP)
- res = deflateInit2(&st->stream, ctx->compress_level,
- Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY);
- else
- res = deflateInit(&st->stream, ctx->compress_level);
- if (res != Z_OK)
- {
- px_free(st);
- return PXE_PGP_COMPRESSION_ERROR;
- }
- *priv_p = st;
-
- return ZIP_IN_BLOCK;
-}
-
-/* writes compressed data packet */
-
-/* cant handle zero-len incoming data, but shouldnt */
-static int
-compress_process(PushFilter *next, void *priv, const uint8 *data, int len)
-{
- int res,
- n_out;
- struct ZipStat *st = priv;
-
- /*
- * process data
- */
- while (len > 0)
- {
- st->stream.next_in = (void *) data;
- st->stream.avail_in = len;
- st->stream.next_out = st->buf;
- st->stream.avail_out = st->buf_len;
- res = deflate(&st->stream, 0);
- if (res != Z_OK)
- return PXE_PGP_COMPRESSION_ERROR;
-
- n_out = st->buf_len - st->stream.avail_out;
- if (n_out > 0)
- {
- res = pushf_write(next, st->buf, n_out);
- if (res < 0)
- return res;
- }
- len = st->stream.avail_in;
- }
-
- return 0;
-}
-
-static int
-compress_flush(PushFilter *next, void *priv)
-{
- int res,
- zres,
- n_out;
- struct ZipStat *st = priv;
-
- st->stream.next_in = NULL;
- st->stream.avail_in = 0;
- while (1)
- {
- st->stream.next_out = st->buf;
- st->stream.avail_out = st->buf_len;
- zres = deflate(&st->stream, Z_FINISH);
- if (zres != Z_STREAM_END && zres != Z_OK)
- return PXE_PGP_COMPRESSION_ERROR;
- n_out = st->buf_len - st->stream.avail_out;
- if (n_out > 0)
- {
- res = pushf_write(next, st->buf, n_out);
- if (res < 0)
- return res;
- }
- if (zres == Z_STREAM_END)
- break;
- }
- return 0;
-}
-
-static void
-compress_free(void *priv)
-{
- struct ZipStat *st = priv;
-
- deflateEnd(&st->stream);
- memset(st, 0, sizeof(*st));
- px_free(st);
-}
-
-static const PushFilterOps
- compress_filter = {
- compress_init, compress_process, compress_flush, compress_free
-};
-
-int
-pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst)
-{
- return pushf_create(res, &compress_filter, ctx, dst);
-}
-
-/*
- * Decompress
- */
-struct DecomprData
-{
- int buf_len; /* = ZIP_OUT_BUF */
- int buf_data; /* available data */
- uint8 *pos;
- z_stream stream;
- int eof;
- uint8 buf[ZIP_OUT_BUF];
-};
-
-static int
-decompress_init(void **priv_p, void *arg, PullFilter *src)
-{
- PGP_Context *ctx = arg;
- struct DecomprData *dec;
- int res;
-
- if (ctx->compress_algo != PGP_COMPR_ZLIB
- && ctx->compress_algo != PGP_COMPR_ZIP)
- return PXE_PGP_UNSUPPORTED_COMPR;
-
- dec = px_alloc(sizeof(*dec));
- memset(dec, 0, sizeof(*dec));
- dec->buf_len = ZIP_OUT_BUF;
- *priv_p = dec;
-
- dec->stream.zalloc = z_alloc;
- dec->stream.zfree = z_free;
-
- if (ctx->compress_algo == PGP_COMPR_ZIP)
- res = inflateInit2(&dec->stream, -15);
- else
- res = inflateInit(&dec->stream);
- if (res != Z_OK)
- {
- px_free(dec);
- px_debug("decompress_init: inflateInit error");
- return PXE_PGP_COMPRESSION_ERROR;
- }
-
- return 0;
-}
-
-static int
-decompress_read(void *priv, PullFilter *src, int len,
- uint8 **data_p, uint8 *buf, int buflen)
-{
- int res;
- int flush;
- struct DecomprData *dec = priv;
-
-restart:
- if (dec->buf_data > 0)
- {
- if (len > dec->buf_data)
- len = dec->buf_data;
- *data_p = dec->pos;
- dec->pos += len;
- dec->buf_data -= len;
- return len;
- }
-
- if (dec->eof)
- return 0;
-
- if (dec->stream.avail_in == 0)
- {
- uint8 *tmp;
-
- res = pullf_read(src, 8192, &tmp);
- if (res < 0)
- return res;
- dec->stream.next_in = tmp;
- dec->stream.avail_in = res;
- }
-
- dec->stream.next_out = dec->buf;
- dec->stream.avail_out = dec->buf_len;
- dec->pos = dec->buf;
-
- /*
- * Z_SYNC_FLUSH is tell zlib to output as much as possible. It should do
- * it anyway (Z_NO_FLUSH), but seems to reserve the right not to. So lets
- * follow the API.
- */
- flush = dec->stream.avail_in ? Z_SYNC_FLUSH : Z_FINISH;
- res = inflate(&dec->stream, flush);
- if (res != Z_OK && res != Z_STREAM_END)
- {
- px_debug("decompress_read: inflate error: %d", res);
- return PXE_PGP_CORRUPT_DATA;
- }
-
- dec->buf_data = dec->buf_len - dec->stream.avail_out;
- if (res == Z_STREAM_END)
- dec->eof = 1;
- goto restart;
-}
-
-static void
-decompress_free(void *priv)
-{
- struct DecomprData *dec = priv;
-
- inflateEnd(&dec->stream);
- memset(dec, 0, sizeof(*dec));
- px_free(dec);
-}
-
-static const PullFilterOps
- decompress_filter = {
- decompress_init, decompress_read, decompress_free
-};
-
-int
-pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src)
-{
- return pullf_create(res, &decompress_filter, ctx, src);
-}
-#else /* !HAVE_ZLIB */
-
-int
-pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst)
-{
- return PXE_PGP_UNSUPPORTED_COMPR;
-}
-
-int
-pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src)
-{
- return PXE_PGP_UNSUPPORTED_COMPR;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-decrypt.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
deleted file mode 100644
index 8888dc9..0000000
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ /dev/null
@@ -1,1188 +0,0 @@
-/*
- * pgp-decrypt.c
- * OpenPGP decrypt.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-decrypt.c,v 1.8 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-#define NO_CTX_SIZE 0
-#define ALLOW_CTX_SIZE 1
-#define NO_COMPR 0
-#define ALLOW_COMPR 1
-#define NO_MDC 0
-#define NEED_MDC 1
-
-#define PKT_NORMAL 1
-#define PKT_STREAM 2
-#define PKT_CONTEXT 3
-
-#define MAX_CHUNK (16*1024*1024)
-
-static int
-parse_new_len(PullFilter *src, int *len_p)
-{
- uint8 b;
- int len;
- int pkttype = PKT_NORMAL;
-
- GETBYTE(src, b);
- if (b <= 191)
- len = b;
- else if (b >= 192 && b <= 223)
- {
- len = ((unsigned) (b) - 192) << 8;
- GETBYTE(src, b);
- len += 192 + b;
- }
- else if (b == 255)
- {
- GETBYTE(src, b);
- len = b;
- GETBYTE(src, b);
- len = (len << 8) | b;
- GETBYTE(src, b);
- len = (len << 8) | b;
- GETBYTE(src, b);
- len = (len << 8) | b;
- }
- else
- {
- len = 1 << (b & 0x1F);
- pkttype = PKT_STREAM;
- }
-
- if (len < 0 || len > MAX_CHUNK)
- {
- px_debug("parse_new_len: weird length");
- return PXE_PGP_CORRUPT_DATA;
- }
-
- *len_p = len;
- return pkttype;
-}
-
-static int
-parse_old_len(PullFilter *src, int *len_p, int lentype)
-{
- uint8 b;
- int len;
-
- GETBYTE(src, b);
- len = b;
-
- if (lentype == 1)
- {
- GETBYTE(src, b);
- len = (len << 8) | b;
- }
- else if (lentype == 2)
- {
- GETBYTE(src, b);
- len = (len << 8) | b;
- GETBYTE(src, b);
- len = (len << 8) | b;
- GETBYTE(src, b);
- len = (len << 8) | b;
- }
-
- if (len < 0 || len > MAX_CHUNK)
- {
- px_debug("parse_old_len: weird length");
- return PXE_PGP_CORRUPT_DATA;
- }
- *len_p = len;
- return PKT_NORMAL;
-}
-
-/* returns pkttype or 0 on eof */
-int
-pgp_parse_pkt_hdr(PullFilter *src, uint8 *tag, int *len_p, int allow_ctx)
-{
- int lentype;
- int res;
- uint8 *p;
-
- /* EOF is normal here, thus we dont use GETBYTE */
- res = pullf_read(src, 1, &p);
- if (res < 0)
- return res;
- if (res == 0)
- return 0;
-
- if ((*p & 0x80) == 0)
- {
- px_debug("pgp_parse_pkt_hdr: not pkt hdr");
- return PXE_PGP_CORRUPT_DATA;
- }
-
- if (*p & 0x40)
- {
- *tag = *p & 0x3f;
- res = parse_new_len(src, len_p);
- }
- else
- {
- lentype = *p & 3;
- *tag = (*p >> 2) & 0x0F;
- if (lentype == 3)
- res = allow_ctx ? PKT_CONTEXT : PXE_PGP_CORRUPT_DATA;
- else
- res = parse_old_len(src, len_p, lentype);
- }
- return res;
-}
-
-/*
- * Packet reader
- */
-struct PktData
-{
- int type;
- int len;
-};
-
-static int
-pktreader_pull(void *priv, PullFilter *src, int len,
- uint8 **data_p, uint8 *buf, int buflen)
-{
- int res;
- struct PktData *pkt = priv;
-
- /* PKT_CONTEXT means: whatever there is */
- if (pkt->type == PKT_CONTEXT)
- return pullf_read(src, len, data_p);
-
- if (pkt->len == 0)
- {
- /* this was last chunk in stream */
- if (pkt->type == PKT_NORMAL)
- return 0;
-
- /* next chunk in stream */
- res = parse_new_len(src, &pkt->len);
- if (res < 0)
- return res;
- pkt->type = res;
- }
-
- if (len > pkt->len)
- len = pkt->len;
-
- res = pullf_read(src, len, data_p);
- if (res > 0)
- pkt->len -= res;
-
- return res;
-}
-
-static void
-pktreader_free(void *priv)
-{
- struct PktData *pkt = priv;
-
- memset(pkt, 0, sizeof(*pkt));
- px_free(pkt);
-}
-
-static struct PullFilterOps pktreader_filter = {
- NULL, pktreader_pull, pktreader_free
-};
-
-/* needs helper function to pass several parameters */
-int
-pgp_create_pkt_reader(PullFilter **pf_p, PullFilter *src, int len,
- int pkttype, PGP_Context *ctx)
-{
- int res;
- struct PktData *pkt = px_alloc(sizeof(*pkt));
-
- pkt->type = pkttype;
- pkt->len = len;
- res = pullf_create(pf_p, &pktreader_filter, pkt, src);
- if (res < 0)
- px_free(pkt);
- return res;
-}
-
-/*
- * Prefix check filter
- */
-
-static int
-prefix_init(void **priv_p, void *arg, PullFilter *src)
-{
- PGP_Context *ctx = arg;
- int len;
- int res;
- uint8 *buf;
- uint8 tmpbuf[PGP_MAX_BLOCK + 2];
-
- len = pgp_get_cipher_block_size(ctx->cipher_algo);
- if (len > sizeof(tmpbuf))
- return PXE_BUG;
-
- res = pullf_read_max(src, len + 2, &buf, tmpbuf);
- if (res < 0)
- return res;
- if (res != len + 2)
- {
- px_debug("prefix_init: short read");
- memset(tmpbuf, 0, sizeof(tmpbuf));
- return PXE_PGP_CORRUPT_DATA;
- }
-
- if (buf[len - 2] != buf[len] || buf[len - 1] != buf[len + 1])
- {
- px_debug("prefix_init: corrupt prefix");
-
- /*
- * The original purpose of the 2-byte check was to show user a
- * friendly "wrong key" message. This made following possible:
- *
- * "An Attack on CFB Mode Encryption As Used By OpenPGP" by Serge
- * Mister and Robert Zuccherato
- *
- * To avoid being 'oracle', we delay reporting, which basically means
- * we prefer to run into corrupt packet header.
- *
- * We _could_ throw PXE_PGP_CORRUPT_DATA here, but there is
- * possibility of attack via timing, so we don't.
- */
- ctx->corrupt_prefix = 1;
- }
- memset(tmpbuf, 0, sizeof(tmpbuf));
- return 0;
-}
-
-static struct PullFilterOps prefix_filter = {
- prefix_init, NULL, NULL
-};
-
-
-/*
- * Decrypt filter
- */
-
-static int
-decrypt_init(void **priv_p, void *arg, PullFilter *src)
-{
- PGP_CFB *cfb = arg;
-
- *priv_p = cfb;
-
- /* we need to write somewhere, so ask for a buffer */
- return 4096;
-}
-
-static int
-decrypt_read(void *priv, PullFilter *src, int len,
- uint8 **data_p, uint8 *buf, int buflen)
-{
- PGP_CFB *cfb = priv;
- uint8 *tmp;
- int res;
-
- res = pullf_read(src, len, &tmp);
- if (res > 0)
- {
- pgp_cfb_decrypt(cfb, tmp, res, buf);
- *data_p = buf;
- }
- return res;
-}
-
-struct PullFilterOps pgp_decrypt_filter = {
- decrypt_init, decrypt_read, NULL
-};
-
-
-/*
- * MDC hasher filter
- */
-
-static int
-mdc_init(void **priv_p, void *arg, PullFilter *src)
-{
- PGP_Context *ctx = arg;
-
- *priv_p = ctx;
- return pgp_load_digest(PGP_DIGEST_SHA1, &ctx->mdc_ctx);
-}
-
-static void
-mdc_free(void *priv)
-{
- PGP_Context *ctx = priv;
-
- if (ctx->use_mdcbuf_filter)
- return;
- px_md_free(ctx->mdc_ctx);
- ctx->mdc_ctx = NULL;
-}
-
-static int
-mdc_finish(PGP_Context *ctx, PullFilter *src,
- int len, uint8 **data_p)
-{
- int res;
- uint8 hash[20];
- uint8 tmpbuf[22];
-
- if (len + 1 > sizeof(tmpbuf))
- return PXE_BUG;
-
- /* read data */
- res = pullf_read_max(src, len + 1, data_p, tmpbuf);
- if (res < 0)
- return res;
- if (res == 0)
- {
- if (ctx->mdc_checked == 0)
- {
- px_debug("no mdc");
- return PXE_PGP_CORRUPT_DATA;
- }
- return 0;
- }
-
- /* safety check */
- if (ctx->in_mdc_pkt > 1)
- {
- px_debug("mdc_finish: several times here?");
- return PXE_PGP_CORRUPT_DATA;
- }
- ctx->in_mdc_pkt++;
-
- /* is the packet sane? */
- if (res != 20)
- {
- px_debug("mdc_finish: read failed, res=%d", res);
- return PXE_PGP_CORRUPT_DATA;
- }
-
- /*
- * ok, we got the hash, now check
- */
- px_md_finish(ctx->mdc_ctx, hash);
- res = memcmp(hash, *data_p, 20);
- memset(hash, 0, 20);
- memset(tmpbuf, 0, sizeof(tmpbuf));
- if (res != 0)
- {
- px_debug("mdc_finish: mdc failed");
- return PXE_PGP_CORRUPT_DATA;
- }
- ctx->mdc_checked = 1;
- return len;
-}
-
-static int
-mdc_read(void *priv, PullFilter *src, int len,
- uint8 **data_p, uint8 *buf, int buflen)
-{
- int res;
- PGP_Context *ctx = priv;
-
- /* skip this filter? */
- if (ctx->use_mdcbuf_filter)
- return pullf_read(src, len, data_p);
-
- if (ctx->in_mdc_pkt)
- return mdc_finish(ctx, src, len, data_p);
-
- res = pullf_read(src, len, data_p);
- if (res < 0)
- return res;
- if (res == 0)
- {
- px_debug("mdc_read: unexpected eof");
- return PXE_PGP_CORRUPT_DATA;
- }
- px_md_update(ctx->mdc_ctx, *data_p, res);
-
- return res;
-}
-
-static struct PullFilterOps mdc_filter = {
- mdc_init, mdc_read, mdc_free
-};
-
-
-/*
- * Combined Pkt reader and MDC hasher.
- *
- * For the case of SYMENCRYPTED_MDC packet, where
- * the data part has 'context length', which means
- * that data packet ends 22 bytes before end of parent
- * packet, which is silly.
- */
-#define MDCBUF_LEN 8192
-struct MDCBufData
-{
- PGP_Context *ctx;
- int eof;
- int buflen;
- int avail;
- uint8 *pos;
- int mdc_avail;
- uint8 mdc_buf[22];
- uint8 buf[MDCBUF_LEN];
-};
-
-static int
-mdcbuf_init(void **priv_p, void *arg, PullFilter *src)
-{
- PGP_Context *ctx = arg;
- struct MDCBufData *st;
-
- st = px_alloc(sizeof(*st));
- memset(st, 0, sizeof(*st));
- st->buflen = sizeof(st->buf);
- st->ctx = ctx;
- *priv_p = st;
-
- /* take over the work of mdc_filter */
- ctx->use_mdcbuf_filter = 1;
-
- return 0;
-}
-
-static int
-mdcbuf_finish(struct MDCBufData * st)
-{
- uint8 hash[20];
- int res;
-
- st->eof = 1;
-
- if (st->mdc_buf[0] != 0xD3 || st->mdc_buf[1] != 0x14)
- {
- px_debug("mdcbuf_finish: bad MDC pkt hdr");
- return PXE_PGP_CORRUPT_DATA;
- }
- px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2);
- px_md_finish(st->ctx->mdc_ctx, hash);
- res = memcmp(hash, st->mdc_buf + 2, 20);
- memset(hash, 0, 20);
- if (res)
- {
- px_debug("mdcbuf_finish: MDC does not match");
- res = PXE_PGP_CORRUPT_DATA;
- }
- return res;
-}
-
-static void
-mdcbuf_load_data(struct MDCBufData * st, uint8 *src, int len)
-{
- uint8 *dst = st->pos + st->avail;
-
- memcpy(dst, src, len);
- px_md_update(st->ctx->mdc_ctx, src, len);
- st->avail += len;
-}
-
-static void
-mdcbuf_load_mdc(struct MDCBufData * st, uint8 *src, int len)
-{
- memmove(st->mdc_buf + st->mdc_avail, src, len);
- st->mdc_avail += len;
-}
-
-static int
-mdcbuf_refill(struct MDCBufData * st, PullFilter *src)
-{
- uint8 *data;
- int res;
- int need;
-
- /* put avail data in start */
- if (st->avail > 0 && st->pos != st->buf)
- memmove(st->buf, st->pos, st->avail);
- st->pos = st->buf;
-
- /* read new data */
- need = st->buflen + 22 - st->avail - st->mdc_avail;
- res = pullf_read(src, need, &data);
- if (res < 0)
- return res;
- if (res == 0)
- return mdcbuf_finish(st);
-
- /* add to buffer */
- if (res >= 22)
- {
- mdcbuf_load_data(st, st->mdc_buf, st->mdc_avail);
- st->mdc_avail = 0;
-
- mdcbuf_load_data(st, data, res - 22);
- mdcbuf_load_mdc(st, data + res - 22, 22);
- }
- else
- {
- int canmove = st->mdc_avail + res - 22;
-
- if (canmove > 0)
- {
- mdcbuf_load_data(st, st->mdc_buf, canmove);
- st->mdc_avail -= canmove;
- memmove(st->mdc_buf, st->mdc_buf + canmove, st->mdc_avail);
- }
- mdcbuf_load_mdc(st, data, res);
- }
- return 0;
-}
-
-static int
-mdcbuf_read(void *priv, PullFilter *src, int len,
- uint8 **data_p, uint8 *buf, int buflen)
-{
- struct MDCBufData *st = priv;
- int res;
-
- if (!st->eof && len > st->avail)
- {
- res = mdcbuf_refill(st, src);
- if (res < 0)
- return res;
- }
-
- if (len > st->avail)
- len = st->avail;
-
- *data_p = st->pos;
- st->pos += len;
- st->avail -= len;
- return len;
-}
-
-static void
-mdcbuf_free(void *priv)
-{
- struct MDCBufData *st = priv;
-
- px_md_free(st->ctx->mdc_ctx);
- st->ctx->mdc_ctx = NULL;
- memset(st, 0, sizeof(*st));
- px_free(st);
-}
-
-static struct PullFilterOps mdcbuf_filter = {
- mdcbuf_init, mdcbuf_read, mdcbuf_free
-};
-
-
-/*
- * Decrypt separate session key
- */
-static int
-decrypt_key(PGP_Context *ctx, const uint8 *src, int len)
-{
- int res;
- uint8 algo;
- PGP_CFB *cfb;
-
- res = pgp_cfb_create(&cfb, ctx->s2k_cipher_algo,
- ctx->s2k.key, ctx->s2k.key_len, 0, NULL);
- if (res < 0)
- return res;
-
- pgp_cfb_decrypt(cfb, src, 1, &algo);
- src++;
- len--;
-
- pgp_cfb_decrypt(cfb, src, len, ctx->sess_key);
- pgp_cfb_free(cfb);
- ctx->sess_key_len = len;
- ctx->cipher_algo = algo;
-
- if (pgp_get_cipher_key_size(algo) != len)
- {
- px_debug("sesskey bad len: algo=%d, expected=%d, got=%d",
- algo, pgp_get_cipher_key_size(algo), len);
- return PXE_PGP_CORRUPT_DATA;
- }
- return 0;
-}
-
-/*
- * Handle key packet
- */
-static int
-parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src)
-{
- uint8 *p;
- int res;
- uint8 tmpbuf[PGP_MAX_KEY + 2];
- uint8 ver;
-
- GETBYTE(src, ver);
- GETBYTE(src, ctx->s2k_cipher_algo);
- if (ver != 4)
- {
- px_debug("bad key pkt ver");
- return PXE_PGP_CORRUPT_DATA;
- }
-
- /*
- * read S2K info
- */
- res = pgp_s2k_read(src, &ctx->s2k);
- if (res < 0)
- return res;
- ctx->s2k_mode = ctx->s2k.mode;
- ctx->s2k_digest_algo = ctx->s2k.digest_algo;
-
- /*
- * generate key from password
- */
- res = pgp_s2k_process(&ctx->s2k, ctx->s2k_cipher_algo,
- ctx->sym_key, ctx->sym_key_len);
- if (res < 0)
- return res;
-
- /*
- * do we have separate session key?
- */
- res = pullf_read_max(src, PGP_MAX_KEY + 2, &p, tmpbuf);
- if (res < 0)
- return res;
-
- if (res == 0)
- {
- /*
- * no, s2k key is session key
- */
- memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len);
- ctx->sess_key_len = ctx->s2k.key_len;
- ctx->cipher_algo = ctx->s2k_cipher_algo;
- res = 0;
- ctx->use_sess_key = 0;
- }
- else
- {
- /*
- * yes, decrypt it
- */
- if (res < 17 || res > PGP_MAX_KEY + 1)
- {
- px_debug("expect key, but bad data");
- return PXE_PGP_CORRUPT_DATA;
- }
- ctx->use_sess_key = 1;
- res = decrypt_key(ctx, p, res);
- }
-
- memset(tmpbuf, 0, sizeof(tmpbuf));
- return res;
-}
-
-static int
-copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr)
-{
- uint8 *data_end = data + len;
- uint8 tmpbuf[1024];
- uint8 *tmp_end = tmpbuf + sizeof(tmpbuf);
- uint8 *p;
- int res;
-
- p = tmpbuf;
- if (*got_cr)
- {
- if (*data != '\n')
- *p++ = '\r';
- *got_cr = 0;
- }
- while (data < data_end)
- {
- if (*data == '\r')
- {
- if (data + 1 < data_end)
- {
- if (*(data + 1) == '\n')
- data++;
- }
- else
- {
- *got_cr = 1;
- break;
- }
- }
- *p++ = *data++;
- if (p >= tmp_end)
- {
- res = mbuf_append(dst, tmpbuf, p - tmpbuf);
- if (res < 0)
- return res;
- p = tmpbuf;
- }
- }
- if (p - tmpbuf > 0)
- {
- res = mbuf_append(dst, tmpbuf, p - tmpbuf);
- if (res < 0)
- return res;
- }
- return 0;
-}
-
-static int
-parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt)
-{
- int type;
- int name_len;
- int res;
- uint8 *buf;
- uint8 tmpbuf[4];
- int got_cr = 0;
-
- GETBYTE(pkt, type);
- GETBYTE(pkt, name_len);
-
- /* skip name */
- while (name_len > 0)
- {
- res = pullf_read(pkt, name_len, &buf);
- if (res < 0)
- return res;
- if (res == 0)
- break;
- name_len -= res;
- }
- if (name_len > 0)
- {
- px_debug("parse_literal_data: unexpected eof");
- return PXE_PGP_CORRUPT_DATA;
- }
-
- /* skip date */
- res = pullf_read_max(pkt, 4, &buf, tmpbuf);
- if (res != 4)
- {
- px_debug("parse_literal_data: unexpected eof");
- return PXE_PGP_CORRUPT_DATA;
- }
- memset(tmpbuf, 0, 4);
-
- /* check if text */
- if (ctx->text_mode)
- if (type != 't' && type != 'u')
- {
- px_debug("parse_literal_data: data type=%c", type);
- return PXE_PGP_NOT_TEXT;
- }
-
- ctx->unicode_mode = (type == 'u') ? 1 : 0;
-
- /* read data */
- while (1)
- {
- res = pullf_read(pkt, 32 * 1024, &buf);
- if (res <= 0)
- break;
-
- if (ctx->text_mode && ctx->convert_crlf)
- res = copy_crlf(dst, buf, res, &got_cr);
- else
- res = mbuf_append(dst, buf, res);
- if (res < 0)
- break;
- }
- if (res >= 0 && got_cr)
- res = mbuf_append(dst, (const uint8 *) "\r", 1);
- return res;
-}
-
-/* process_data_packets and parse_compressed_data call each other */
-static int process_data_packets(PGP_Context *ctx, MBuf *dst,
- PullFilter *src, int allow_compr, int need_mdc);
-
-static int
-parse_compressed_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt)
-{
- int res;
- uint8 type;
- PullFilter *pf_decompr;
-
- GETBYTE(pkt, type);
-
- ctx->compress_algo = type;
- switch (type)
- {
- case PGP_COMPR_NONE:
- res = process_data_packets(ctx, dst, pkt, NO_COMPR, NO_MDC);
- break;
-
- case PGP_COMPR_ZIP:
- case PGP_COMPR_ZLIB:
- res = pgp_decompress_filter(&pf_decompr, ctx, pkt);
- if (res >= 0)
- {
- res = process_data_packets(ctx, dst, pf_decompr,
- NO_COMPR, NO_MDC);
- pullf_free(pf_decompr);
- }
- break;
-
- case PGP_COMPR_BZIP2:
- px_debug("parse_compressed_data: bzip2 unsupported");
- res = PXE_PGP_UNSUPPORTED_COMPR;
- break;
-
- default:
- px_debug("parse_compressed_data: unknown compr type");
- res = PXE_PGP_CORRUPT_DATA;
- }
-
- return res;
-}
-
-static int
-process_data_packets(PGP_Context *ctx, MBuf *dst, PullFilter *src,
- int allow_compr, int need_mdc)
-{
- uint8 tag = 0;
- int len = 0,
- res;
- int got_data = 0;
- int got_mdc = 0;
- PullFilter *pkt = NULL;
- uint8 *tmp;
-
- while (1)
- {
- res = pgp_parse_pkt_hdr(src, &tag, &len, ALLOW_CTX_SIZE);
- if (res <= 0)
- break;
-
-
- /* mdc packet should be last */
- if (got_mdc)
- {
- px_debug("process_data_packets: data after mdc");
- res = PXE_PGP_CORRUPT_DATA;
- break;
- }
-
- /* context length inside SYMENC_MDC needs special handling */
- if (need_mdc && res == PKT_CONTEXT)
- res = pullf_create(&pkt, &mdcbuf_filter, ctx, src);
- else
- res = pgp_create_pkt_reader(&pkt, src, len, res, ctx);
- if (res < 0)
- break;
-
- switch (tag)
- {
- case PGP_PKT_LITERAL_DATA:
- got_data = 1;
- res = parse_literal_data(ctx, dst, pkt);
- break;
- case PGP_PKT_COMPRESSED_DATA:
- if (allow_compr == 0)
- {
- px_debug("process_data_packets: unexpected compression");
- res = PXE_PGP_CORRUPT_DATA;
- }
- else if (got_data)
- {
- /*
- * compr data must be alone
- */
- px_debug("process_data_packets: only one cmpr pkt allowed");
- res = PXE_PGP_CORRUPT_DATA;
- }
- else
- {
- got_data = 1;
- res = parse_compressed_data(ctx, dst, pkt);
- }
- break;
- case PGP_PKT_MDC:
- if (need_mdc == NO_MDC)
- {
- px_debug("process_data_packets: unexpected MDC");
- res = PXE_PGP_CORRUPT_DATA;
- break;
- }
-
- /* notify mdc_filter */
- ctx->in_mdc_pkt = 1;
-
- res = pullf_read(pkt, 8192, &tmp);
- if (res > 0)
- got_mdc = 1;
- break;
- default:
- px_debug("process_data_packets: unexpected pkt tag=%d", tag);
- res = PXE_PGP_CORRUPT_DATA;
- }
-
- pullf_free(pkt);
- pkt = NULL;
-
- if (res < 0)
- break;
- }
-
- if (pkt)
- pullf_free(pkt);
-
- if (res < 0)
- return res;
-
- if (!got_data)
- {
- px_debug("process_data_packets: no data");
- res = PXE_PGP_CORRUPT_DATA;
- }
- if (need_mdc && !got_mdc && !ctx->use_mdcbuf_filter)
- {
- px_debug("process_data_packets: got no mdc");
- res = PXE_PGP_CORRUPT_DATA;
- }
- return res;
-}
-
-static int
-parse_symenc_data(PGP_Context *ctx, PullFilter *pkt, MBuf *dst)
-{
- int res;
- PGP_CFB *cfb = NULL;
- PullFilter *pf_decrypt = NULL;
- PullFilter *pf_prefix = NULL;
-
- res = pgp_cfb_create(&cfb, ctx->cipher_algo,
- ctx->sess_key, ctx->sess_key_len, 1, NULL);
- if (res < 0)
- goto out;
-
- res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt);
- if (res < 0)
- goto out;
-
- res = pullf_create(&pf_prefix, &prefix_filter, ctx, pf_decrypt);
- if (res < 0)
- goto out;
-
- res = process_data_packets(ctx, dst, pf_prefix, ALLOW_COMPR, NO_MDC);
-
-out:
- if (pf_prefix)
- pullf_free(pf_prefix);
- if (pf_decrypt)
- pullf_free(pf_decrypt);
- if (cfb)
- pgp_cfb_free(cfb);
-
- return res;
-}
-
-static int
-parse_symenc_mdc_data(PGP_Context *ctx, PullFilter *pkt, MBuf *dst)
-{
- int res;
- PGP_CFB *cfb = NULL;
- PullFilter *pf_decrypt = NULL;
- PullFilter *pf_prefix = NULL;
- PullFilter *pf_mdc = NULL;
- uint8 ver;
-
- GETBYTE(pkt, ver);
- if (ver != 1)
- {
- px_debug("parse_symenc_mdc_data: pkt ver != 1");
- return PXE_PGP_CORRUPT_DATA;
- }
-
- res = pgp_cfb_create(&cfb, ctx->cipher_algo,
- ctx->sess_key, ctx->sess_key_len, 0, NULL);
- if (res < 0)
- goto out;
-
- res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt);
- if (res < 0)
- goto out;
-
- res = pullf_create(&pf_mdc, &mdc_filter, ctx, pf_decrypt);
- if (res < 0)
- goto out;
-
- res = pullf_create(&pf_prefix, &prefix_filter, ctx, pf_mdc);
- if (res < 0)
- goto out;
-
- res = process_data_packets(ctx, dst, pf_prefix, ALLOW_COMPR, NEED_MDC);
-
-out:
- if (pf_prefix)
- pullf_free(pf_prefix);
- if (pf_mdc)
- pullf_free(pf_mdc);
- if (pf_decrypt)
- pullf_free(pf_decrypt);
- if (cfb)
- pgp_cfb_free(cfb);
-
- return res;
-}
-
-/*
- * skip over packet contents
- */
-int
-pgp_skip_packet(PullFilter *pkt)
-{
- int res = 1;
- uint8 *tmp;
-
- while (res > 0)
- res = pullf_read(pkt, 32 * 1024, &tmp);
- return res < 0 ? res : 0;
-}
-
-/*
- * expect to be at packet end, any data is error
- */
-int
-pgp_expect_packet_end(PullFilter *pkt)
-{
- int res = 1;
- uint8 *tmp;
-
- while (res > 0)
- {
- res = pullf_read(pkt, 32 * 1024, &tmp);
- if (res > 0)
- {
- px_debug("pgp_expect_packet_end: got data");
- return PXE_PGP_CORRUPT_DATA;
- }
- }
- return res < 0 ? res : 0;
-}
-
-int
-pgp_decrypt(PGP_Context *ctx, MBuf *msrc, MBuf *mdst)
-{
- int res;
- PullFilter *src = NULL;
- PullFilter *pkt = NULL;
- uint8 tag = 0;
- int len = 0;
- int got_key = 0;
- int got_data = 0;
-
- res = pullf_create_mbuf_reader(&src, msrc);
-
- while (res >= 0)
- {
- res = pgp_parse_pkt_hdr(src, &tag, &len, NO_CTX_SIZE);
- if (res <= 0)
- break;
-
- res = pgp_create_pkt_reader(&pkt, src, len, res, ctx);
- if (res < 0)
- break;
-
- res = PXE_PGP_CORRUPT_DATA;
- switch (tag)
- {
- case PGP_PKT_MARKER:
- res = pgp_skip_packet(pkt);
- break;
- case PGP_PKT_PUBENCRYPTED_SESSKEY:
- /* fixme: skip those */
- res = pgp_parse_pubenc_sesskey(ctx, pkt);
- got_key = 1;
- break;
- case PGP_PKT_SYMENCRYPTED_SESSKEY:
- if (got_key)
-
- /*
- * Theoretically, there could be several keys, both public
- * and symmetric, all of which encrypt same session key.
- * Decrypt should try with each one, before failing.
- */
- px_debug("pgp_decrypt: using first of several keys");
- else
- {
- got_key = 1;
- res = parse_symenc_sesskey(ctx, pkt);
- }
- break;
- case PGP_PKT_SYMENCRYPTED_DATA:
- if (!got_key)
- px_debug("pgp_decrypt: have data but no key");
- else if (got_data)
- px_debug("pgp_decrypt: got second data packet");
- else
- {
- got_data = 1;
- ctx->disable_mdc = 1;
- res = parse_symenc_data(ctx, pkt, mdst);
- }
- break;
- case PGP_PKT_SYMENCRYPTED_DATA_MDC:
- if (!got_key)
- px_debug("pgp_decrypt: have data but no key");
- else if (got_data)
- px_debug("pgp_decrypt: several data pkts not supported");
- else
- {
- got_data = 1;
- ctx->disable_mdc = 0;
- res = parse_symenc_mdc_data(ctx, pkt, mdst);
- }
- break;
- default:
- px_debug("pgp_decrypt: unknown tag: 0x%02x", tag);
- }
- pullf_free(pkt);
- pkt = NULL;
- }
-
- if (pkt)
- pullf_free(pkt);
-
- if (src)
- pullf_free(src);
-
- if (res < 0)
- return res;
-
- if (!got_data || ctx->corrupt_prefix)
- res = PXE_PGP_CORRUPT_DATA;
-
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-encrypt.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c
deleted file mode 100644
index 48f2f01..0000000
--- a/contrib/pgcrypto/pgp-encrypt.c
+++ /dev/null
@@ -1,708 +0,0 @@
-/*
- * pgp-encrypt.c
- * OpenPGP encrypt.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-encrypt.c,v 1.4 2009/06/11 14:48:52 momjian Exp $
- */
-
-#include "postgres.h"
-
-#include <time.h>
-
-#include "mbuf.h"
-#include "px.h"
-#include "pgp.h"
-
-
-#define MDC_DIGEST_LEN 20
-#define STREAM_ID 0xE0
-#define STREAM_BLOCK_SHIFT 14
-
-static uint8 *
-render_newlen(uint8 *h, int len)
-{
- if (len <= 191)
- {
- *h++ = len & 255;
- }
- else if (len > 191 && len <= 8383)
- {
- *h++ = ((len - 192) >> 8) + 192;
- *h++ = (len - 192) & 255;
- }
- else
- {
- *h++ = 255;
- *h++ = (len >> 24) & 255;
- *h++ = (len >> 16) & 255;
- *h++ = (len >> 8) & 255;
- *h++ = len & 255;
- }
- return h;
-}
-
-static int
-write_tag_only(PushFilter *dst, int tag)
-{
- uint8 hdr = 0xC0 | tag;
-
- return pushf_write(dst, &hdr, 1);
-}
-
-static int
-write_normal_header(PushFilter *dst, int tag, int len)
-{
- uint8 hdr[8];
- uint8 *h = hdr;
-
- *h++ = 0xC0 | tag;
- h = render_newlen(h, len);
- return pushf_write(dst, hdr, h - hdr);
-}
-
-
-/*
- * MAC writer
- */
-
-static int
-mdc_init(PushFilter *dst, void *init_arg, void **priv_p)
-{
- int res;
- PX_MD *md;
-
- res = pgp_load_digest(PGP_DIGEST_SHA1, &md);
- if (res < 0)
- return res;
-
- *priv_p = md;
- return 0;
-}
-
-static int
-mdc_write(PushFilter *dst, void *priv, const uint8 *data, int len)
-{
- PX_MD *md = priv;
-
- px_md_update(md, data, len);
- return pushf_write(dst, data, len);
-}
-
-static int
-mdc_flush(PushFilter *dst, void *priv)
-{
- int res;
- uint8 pkt[2 + MDC_DIGEST_LEN];
- PX_MD *md = priv;
-
- /*
- * create mdc pkt
- */
- pkt[0] = 0xD3;
- pkt[1] = 0x14; /* MDC_DIGEST_LEN */
- px_md_update(md, pkt, 2);
- px_md_finish(md, pkt + 2);
-
- res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN);
- memset(pkt, 0, 2 + MDC_DIGEST_LEN);
- return res;
-}
-
-static void
-mdc_free(void *priv)
-{
- PX_MD *md = priv;
-
- px_md_free(md);
-}
-
-static const PushFilterOps mdc_filter = {
- mdc_init, mdc_write, mdc_flush, mdc_free
-};
-
-
-/*
- * Encrypted pkt writer
- */
-#define ENCBUF 8192
-struct EncStat
-{
- PGP_CFB *ciph;
- uint8 buf[ENCBUF];
-};
-
-static int
-encrypt_init(PushFilter *next, void *init_arg, void **priv_p)
-{
- struct EncStat *st;
- PGP_Context *ctx = init_arg;
- PGP_CFB *ciph;
- int resync = 1;
- int res;
-
- /* should we use newer packet format? */
- if (ctx->disable_mdc == 0)
- {
- uint8 ver = 1;
-
- resync = 0;
- res = pushf_write(next, &ver, 1);
- if (res < 0)
- return res;
- }
- res = pgp_cfb_create(&ciph, ctx->cipher_algo,
- ctx->sess_key, ctx->sess_key_len, resync, NULL);
- if (res < 0)
- return res;
-
- st = px_alloc(sizeof(*st));
- memset(st, 0, sizeof(*st));
- st->ciph = ciph;
-
- *priv_p = st;
- return ENCBUF;
-}
-
-static int
-encrypt_process(PushFilter *next, void *priv, const uint8 *data, int len)
-{
- int res;
- struct EncStat *st = priv;
- int avail = len;
-
- while (avail > 0)
- {
- int tmplen = avail > ENCBUF ? ENCBUF : avail;
-
- res = pgp_cfb_encrypt(st->ciph, data, tmplen, st->buf);
- if (res < 0)
- return res;
-
- res = pushf_write(next, st->buf, tmplen);
- if (res < 0)
- return res;
-
- data += tmplen;
- avail -= tmplen;
- }
- return 0;
-}
-
-static void
-encrypt_free(void *priv)
-{
- struct EncStat *st = priv;
-
- memset(st, 0, sizeof(*st));
- px_free(st);
-}
-
-static const PushFilterOps encrypt_filter = {
- encrypt_init, encrypt_process, NULL, encrypt_free
-};
-
-/*
- * Write Streamable pkts
- */
-
-struct PktStreamStat
-{
- int final_done;
- int pkt_block;
-};
-
-static int
-pkt_stream_init(PushFilter *next, void *init_arg, void **priv_p)
-{
- struct PktStreamStat *st;
-
- st = px_alloc(sizeof(*st));
- st->final_done = 0;
- st->pkt_block = 1 << STREAM_BLOCK_SHIFT;
- *priv_p = st;
-
- return st->pkt_block;
-}
-
-static int
-pkt_stream_process(PushFilter *next, void *priv, const uint8 *data, int len)
-{
- int res;
- uint8 hdr[8];
- uint8 *h = hdr;
- struct PktStreamStat *st = priv;
-
- if (st->final_done)
- return PXE_BUG;
-
- if (len == st->pkt_block)
- *h++ = STREAM_ID | STREAM_BLOCK_SHIFT;
- else
- {
- h = render_newlen(h, len);
- st->final_done = 1;
- }
-
- res = pushf_write(next, hdr, h - hdr);
- if (res < 0)
- return res;
-
- return pushf_write(next, data, len);
-}
-
-static int
-pkt_stream_flush(PushFilter *next, void *priv)
-{
- int res;
- uint8 hdr[8];
- uint8 *h = hdr;
- struct PktStreamStat *st = priv;
-
- /* stream MUST end with normal packet. */
- if (!st->final_done)
- {
- h = render_newlen(h, 0);
- res = pushf_write(next, hdr, h - hdr);
- if (res < 0)
- return res;
- st->final_done = 1;
- }
- return 0;
-}
-
-static void
-pkt_stream_free(void *priv)
-{
- struct PktStreamStat *st = priv;
-
- memset(st, 0, sizeof(*st));
- px_free(st);
-}
-
-static const PushFilterOps pkt_stream_filter = {
- pkt_stream_init, pkt_stream_process, pkt_stream_flush, pkt_stream_free
-};
-
-int
-pgp_create_pkt_writer(PushFilter *dst, int tag, PushFilter **res_p)
-{
- int res;
-
- res = write_tag_only(dst, tag);
- if (res < 0)
- return res;
-
- return pushf_create(res_p, &pkt_stream_filter, NULL, dst);
-}
-
-/*
- * Text conversion filter
- */
-
-static int
-crlf_process(PushFilter *dst, void *priv, const uint8 *data, int len)
-{
- const uint8 *data_end = data + len;
- const uint8 *p2,
- *p1 = data;
- int line_len;
- static const uint8 crlf[] = {'\r', '\n'};
- int res = 0;
-
- while (p1 < data_end)
- {
- p2 = memchr(p1, '\n', data_end - p1);
- if (p2 == NULL)
- p2 = data_end;
-
- line_len = p2 - p1;
-
- /* write data */
- res = 0;
- if (line_len > 0)
- {
- res = pushf_write(dst, p1, line_len);
- if (res < 0)
- break;
- p1 += line_len;
- }
-
- /* write crlf */
- while (p1 < data_end && *p1 == '\n')
- {
- res = pushf_write(dst, crlf, 2);
- if (res < 0)
- break;
- p1++;
- }
- }
- return res;
-}
-
-static const PushFilterOps crlf_filter = {
- NULL, crlf_process, NULL, NULL
-};
-
-/*
- * Initialize literal data packet
- */
-static int
-init_litdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
-{
- int res;
- int hdrlen;
- uint8 hdr[6];
- uint32 t;
- PushFilter *pkt;
- int type;
-
- /*
- * Create header
- */
-
- if (ctx->text_mode)
- type = ctx->unicode_mode ? 'u' : 't';
- else
- type = 'b';
-
- /*
- * Store the creation time into packet. The goal is to have as few known
- * bytes as possible.
- */
- t = (uint32) time(NULL);
-
- hdr[0] = type;
- hdr[1] = 0;
- hdr[2] = (t >> 24) & 255;
- hdr[3] = (t >> 16) & 255;
- hdr[4] = (t >> 8) & 255;
- hdr[5] = t & 255;
- hdrlen = 6;
-
- res = write_tag_only(dst, PGP_PKT_LITERAL_DATA);
- if (res < 0)
- return res;
-
- res = pushf_create(&pkt, &pkt_stream_filter, ctx, dst);
- if (res < 0)
- return res;
-
- res = pushf_write(pkt, hdr, hdrlen);
- if (res < 0)
- {
- pushf_free(pkt);
- return res;
- }
-
- *pf_res = pkt;
- return 0;
-}
-
-/*
- * Initialize compression filter
- */
-static int
-init_compress(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
-{
- int res;
- uint8 type = ctx->compress_algo;
- PushFilter *pkt;
-
- res = write_tag_only(dst, PGP_PKT_COMPRESSED_DATA);
- if (res < 0)
- return res;
-
- res = pushf_create(&pkt, &pkt_stream_filter, ctx, dst);
- if (res < 0)
- return res;
-
- res = pushf_write(pkt, &type, 1);
- if (res >= 0)
- res = pgp_compress_filter(pf_res, ctx, pkt);
-
- if (res < 0)
- pushf_free(pkt);
-
- return res;
-}
-
-/*
- * Initialize encdata packet
- */
-static int
-init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
-{
- int res;
- int tag;
-
- if (ctx->disable_mdc)
- tag = PGP_PKT_SYMENCRYPTED_DATA;
- else
- tag = PGP_PKT_SYMENCRYPTED_DATA_MDC;
-
- res = write_tag_only(dst, tag);
- if (res < 0)
- return res;
-
- return pushf_create(pf_res, &pkt_stream_filter, ctx, dst);
-}
-
-/*
- * write prefix
- */
-static int
-write_prefix(PGP_Context *ctx, PushFilter *dst)
-{
- uint8 prefix[PGP_MAX_BLOCK + 2];
- int res,
- bs;
-
- bs = pgp_get_cipher_block_size(ctx->cipher_algo);
- res = px_get_random_bytes(prefix, bs);
- if (res < 0)
- return res;
-
- prefix[bs + 0] = prefix[bs - 2];
- prefix[bs + 1] = prefix[bs - 1];
-
- res = pushf_write(dst, prefix, bs + 2);
- memset(prefix, 0, bs + 2);
- return res < 0 ? res : 0;
-}
-
-/*
- * write symmetrically encrypted session key packet
- */
-
-static int
-symencrypt_sesskey(PGP_Context *ctx, uint8 *dst)
-{
- int res;
- PGP_CFB *cfb;
- uint8 algo = ctx->cipher_algo;
-
- res = pgp_cfb_create(&cfb, ctx->s2k_cipher_algo,
- ctx->s2k.key, ctx->s2k.key_len, 0, NULL);
- if (res < 0)
- return res;
-
- pgp_cfb_encrypt(cfb, &algo, 1, dst);
- pgp_cfb_encrypt(cfb, ctx->sess_key, ctx->sess_key_len, dst + 1);
-
- pgp_cfb_free(cfb);
- return ctx->sess_key_len + 1;
-}
-
-/* 5.3: Symmetric-Key Encrypted Session-Key */
-static int
-write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst)
-{
- uint8 pkt[256];
- int pktlen;
- int res;
- uint8 *p = pkt;
-
- *p++ = 4; /* 5.3 - version number */
- *p++ = ctx->s2k_cipher_algo;
-
- *p++ = ctx->s2k.mode;
- *p++ = ctx->s2k.digest_algo;
- if (ctx->s2k.mode > 0)
- {
- memcpy(p, ctx->s2k.salt, 8);
- p += 8;
- }
- if (ctx->s2k.mode == 3)
- *p++ = ctx->s2k.iter;
-
- if (ctx->use_sess_key)
- {
- res = symencrypt_sesskey(ctx, p);
- if (res < 0)
- return res;
- p += res;
- }
-
- pktlen = p - pkt;
- res = write_normal_header(dst, PGP_PKT_SYMENCRYPTED_SESSKEY, pktlen);
- if (res >= 0)
- res = pushf_write(dst, pkt, pktlen);
-
- memset(pkt, 0, pktlen);
- return res;
-}
-
-/*
- * key setup
- */
-static int
-init_s2k_key(PGP_Context *ctx)
-{
- int res;
-
- if (ctx->s2k_cipher_algo < 0)
- ctx->s2k_cipher_algo = ctx->cipher_algo;
-
- res = pgp_s2k_fill(&ctx->s2k, ctx->s2k_mode, ctx->s2k_digest_algo);
- if (res < 0)
- return res;
-
- return pgp_s2k_process(&ctx->s2k, ctx->s2k_cipher_algo,
- ctx->sym_key, ctx->sym_key_len);
-}
-
-static int
-init_sess_key(PGP_Context *ctx)
-{
- int res;
-
- if (ctx->use_sess_key || ctx->pub_key)
- {
- ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
- res = px_get_random_bytes(ctx->sess_key, ctx->sess_key_len);
- if (res < 0)
- return res;
- }
- else
- {
- ctx->sess_key_len = ctx->s2k.key_len;
- memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len);
- }
-
- return 0;
-}
-
-/*
- * combine
- */
-int
-pgp_encrypt(PGP_Context *ctx, MBuf *src, MBuf *dst)
-{
- int res;
- int len;
- uint8 *buf;
- PushFilter *pf,
- *pf_tmp;
-
- /*
- * do we have any key
- */
- if (!ctx->sym_key && !ctx->pub_key)
- return PXE_ARGUMENT_ERROR;
-
- /* MBuf writer */
- res = pushf_create_mbuf_writer(&pf, dst);
- if (res < 0)
- goto out;
-
- /*
- * initialize symkey
- */
- if (ctx->sym_key)
- {
- res = init_s2k_key(ctx);
- if (res < 0)
- goto out;
- }
-
- res = init_sess_key(ctx);
- if (res < 0)
- goto out;
-
- /*
- * write keypkt
- */
- if (ctx->pub_key)
- res = pgp_write_pubenc_sesskey(ctx, pf);
- else
- res = write_symenc_sesskey(ctx, pf);
- if (res < 0)
- goto out;
-
- /* encrypted data pkt */
- res = init_encdata_packet(&pf_tmp, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
-
- /* encrypter */
- res = pushf_create(&pf_tmp, &encrypt_filter, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
-
- /* hasher */
- if (ctx->disable_mdc == 0)
- {
- res = pushf_create(&pf_tmp, &mdc_filter, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
- }
-
- /* prefix */
- res = write_prefix(ctx, pf);
- if (res < 0)
- goto out;
-
- /* compressor */
- if (ctx->compress_algo > 0 && ctx->compress_level > 0)
- {
- res = init_compress(&pf_tmp, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
- }
-
- /* data streamer */
- res = init_litdata_packet(&pf_tmp, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
-
-
- /* text conversion? */
- if (ctx->text_mode && ctx->convert_crlf)
- {
- res = pushf_create(&pf_tmp, &crlf_filter, ctx, pf);
- if (res < 0)
- goto out;
- pf = pf_tmp;
- }
-
- /*
- * chain complete
- */
-
- len = mbuf_grab(src, mbuf_avail(src), &buf);
- res = pushf_write(pf, buf, len);
- if (res >= 0)
- res = pushf_flush(pf);
-out:
- pushf_free_all(pf);
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-info.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-info.c b/contrib/pgcrypto/pgp-info.c
deleted file mode 100644
index a51a553..0000000
--- a/contrib/pgcrypto/pgp-info.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * pgp-info.c
- * Provide info about PGP data.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-info.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-static int
-read_pubkey_keyid(PullFilter *pkt, uint8 *keyid_buf)
-{
- int res;
- PGP_PubKey *pk = NULL;
-
- res = _pgp_read_public_key(pkt, &pk);
- if (res < 0)
- goto err;
-
- /* skip secret key part, if it exists */
- res = pgp_skip_packet(pkt);
- if (res < 0)
- goto err;
-
- /* is it encryption key */
- switch (pk->algo)
- {
- case PGP_PUB_ELG_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT:
- case PGP_PUB_RSA_ENCRYPT_SIGN:
- memcpy(keyid_buf, pk->key_id, 8);
- res = 1;
- break;
- default:
- res = 0;
- }
-
-err:
- pgp_key_free(pk);
- return res;
-}
-
-static int
-read_pubenc_keyid(PullFilter *pkt, uint8 *keyid_buf)
-{
- uint8 ver;
- int res;
-
- GETBYTE(pkt, ver);
- if (ver != 3)
- return -1;
-
- res = pullf_read_fixed(pkt, 8, keyid_buf);
- if (res < 0)
- return res;
-
- return pgp_skip_packet(pkt);
-}
-
-static const char hextbl[] = "0123456789ABCDEF";
-
-static int
-print_key(uint8 *keyid, char *dst)
-{
- int i;
- unsigned c;
-
- for (i = 0; i < 8; i++)
- {
- c = keyid[i];
- *dst++ = hextbl[(c >> 4) & 0x0F];
- *dst++ = hextbl[c & 0x0F];
- }
- *dst = 0;
- return 8 * 2;
-}
-
-static const uint8 any_key[] =
-{0, 0, 0, 0, 0, 0, 0, 0};
-
-/*
- * dst should have room for 17 bytes
- */
-int
-pgp_get_keyid(MBuf *pgp_data, char *dst)
-{
- int res;
- PullFilter *src;
- PullFilter *pkt = NULL;
- int len;
- uint8 tag;
- int got_pub_key = 0,
- got_symenc_key = 0,
- got_pubenc_key = 0;
- int got_data = 0;
- uint8 keyid_buf[8];
- int got_main_key = 0;
-
-
- res = pullf_create_mbuf_reader(&src, pgp_data);
- if (res < 0)
- return res;
-
- while (1)
- {
- res = pgp_parse_pkt_hdr(src, &tag, &len, 0);
- if (res <= 0)
- break;
- res = pgp_create_pkt_reader(&pkt, src, len, res, NULL);
- if (res < 0)
- break;
-
- switch (tag)
- {
- case PGP_PKT_SECRET_KEY:
- case PGP_PKT_PUBLIC_KEY:
- /* main key is for signing, so ignore it */
- if (!got_main_key)
- {
- got_main_key = 1;
- res = pgp_skip_packet(pkt);
- }
- else
- res = PXE_PGP_MULTIPLE_KEYS;
- break;
- case PGP_PKT_SECRET_SUBKEY:
- case PGP_PKT_PUBLIC_SUBKEY:
- res = read_pubkey_keyid(pkt, keyid_buf);
- if (res < 0)
- break;
- if (res > 0)
- got_pub_key++;
- break;
- case PGP_PKT_PUBENCRYPTED_SESSKEY:
- got_pubenc_key++;
- res = read_pubenc_keyid(pkt, keyid_buf);
- break;
- case PGP_PKT_SYMENCRYPTED_DATA:
- case PGP_PKT_SYMENCRYPTED_DATA_MDC:
- /* don't skip it, just stop */
- got_data = 1;
- break;
- case PGP_PKT_SYMENCRYPTED_SESSKEY:
- got_symenc_key++;
- /* fallthru */
- case PGP_PKT_SIGNATURE:
- case PGP_PKT_MARKER:
- case PGP_PKT_TRUST:
- case PGP_PKT_USER_ID:
- case PGP_PKT_USER_ATTR:
- case PGP_PKT_PRIV_61:
- res = pgp_skip_packet(pkt);
- break;
- default:
- res = PXE_PGP_CORRUPT_DATA;
- }
-
- if (pkt)
- pullf_free(pkt);
- pkt = NULL;
-
- if (res < 0 || got_data)
- break;
- }
-
- pullf_free(src);
- if (pkt)
- pullf_free(pkt);
-
- if (res < 0)
- return res;
-
- /* now check sanity */
- if (got_pub_key && got_pubenc_key)
- res = PXE_PGP_CORRUPT_DATA;
-
- if (got_pub_key > 1)
- res = PXE_PGP_MULTIPLE_KEYS;
-
- if (got_pubenc_key > 1)
- res = PXE_PGP_MULTIPLE_KEYS;
-
- /*
- * if still ok, look what we got
- */
- if (res >= 0)
- {
- if (got_pubenc_key || got_pub_key)
- {
- if (memcmp(keyid_buf, any_key, 8) == 0)
- {
- memcpy(dst, "ANYKEY", 7);
- res = 6;
- }
- else
- res = print_key(keyid_buf, dst);
- }
- else if (got_symenc_key)
- {
- memcpy(dst, "SYMKEY", 7);
- res = 6;
- }
- else
- res = PXE_PGP_NO_USABLE_KEY;
- }
-
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi-internal.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-mpi-internal.c b/contrib/pgcrypto/pgp-mpi-internal.c
deleted file mode 100644
index 283946b..0000000
--- a/contrib/pgcrypto/pgp-mpi-internal.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * pgp-mpi-internal.c
- * OpenPGP MPI functions.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi-internal.c,v 1.8 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "imath.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-static mpz_t *
-mp_new()
-{
- mpz_t *mp = mp_int_alloc();
-
- mp_int_init_size(mp, 256);
- return mp;
-}
-
-static void
-mp_clear_free(mpz_t *a)
-{
- if (!a)
- return;
- /* fixme: no clear? */
- mp_int_free(a);
-}
-
-
-static int
-mp_px_rand(uint32 bits, mpz_t *res)
-{
- int err;
- unsigned bytes = (bits + 7) / 8;
- int last_bits = bits & 7;
- uint8 *buf;
-
- buf = px_alloc(bytes);
- err = px_get_random_bytes(buf, bytes);
- if (err < 0)
- {
- px_free(buf);
- return err;
- }
-
- /* clear unnecessary bits and set last bit to one */
- if (last_bits)
- {
- buf[0] >>= 8 - last_bits;
- buf[0] |= 1 << (last_bits - 1);
- }
- else
- buf[0] |= 1 << 7;
-
- mp_int_read_unsigned(res, buf, bytes);
-
- px_free(buf);
-
- return 0;
-}
-
-static void
-mp_modmul(mpz_t *a, mpz_t *b, mpz_t *p, mpz_t *res)
-{
- mpz_t *tmp = mp_new();
-
- mp_int_mul(a, b, tmp);
- mp_int_mod(tmp, p, res);
- mp_clear_free(tmp);
-}
-
-static mpz_t *
-mpi_to_bn(PGP_MPI *n)
-{
- mpz_t *bn = mp_new();
-
- mp_int_read_unsigned(bn, n->data, n->bytes);
-
- if (!bn)
- return NULL;
- if (mp_int_count_bits(bn) != n->bits)
- {
- px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d",
- n->bits, mp_int_count_bits(bn));
- mp_clear_free(bn);
- return NULL;
- }
- return bn;
-}
-
-static PGP_MPI *
-bn_to_mpi(mpz_t *bn)
-{
- int res;
- PGP_MPI *n;
- int bytes;
-
- res = pgp_mpi_alloc(mp_int_count_bits(bn), &n);
- if (res < 0)
- return NULL;
-
- bytes = (mp_int_count_bits(bn) + 7) / 8;
- if (bytes != n->bytes)
- {
- px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d",
- bytes, n->bytes);
- pgp_mpi_free(n);
- return NULL;
- }
- mp_int_to_unsigned(bn, n->data, n->bytes);
- return n;
-}
-
-/*
- * Decide the number of bits in the random componont k
- *
- * It should be in the same range as p for signing (which
- * is deprecated), but can be much smaller for encrypting.
- *
- * Until I research it further, I just mimic gpg behaviour.
- * It has a special mapping table, for values <= 5120,
- * above that it uses 'arbitrary high number'. Following
- * algorihm hovers 10-70 bits above gpg values. And for
- * larger p, it uses gpg's algorihm.
- *
- * The point is - if k gets large, encryption will be
- * really slow. It does not matter for decryption.
- */
-static int
-decide_k_bits(int p_bits)
-{
- if (p_bits <= 5120)
- return p_bits / 10 + 160;
- else
- return (p_bits / 8 + 200) * 3 / 2;
-}
-
-int
-pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m,
- PGP_MPI **c1_p, PGP_MPI **c2_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- int k_bits;
- mpz_t *m = mpi_to_bn(_m);
- mpz_t *p = mpi_to_bn(pk->pub.elg.p);
- mpz_t *g = mpi_to_bn(pk->pub.elg.g);
- mpz_t *y = mpi_to_bn(pk->pub.elg.y);
- mpz_t *k = mp_new();
- mpz_t *yk = mp_new();
- mpz_t *c1 = mp_new();
- mpz_t *c2 = mp_new();
-
- if (!m || !p || !g || !y || !k || !yk || !c1 || !c2)
- goto err;
-
- /*
- * generate k
- */
- k_bits = decide_k_bits(mp_int_count_bits(p));
- res = mp_px_rand(k_bits, k);
- if (res < 0)
- return res;
-
- /*
- * c1 = g^k c2 = m * y^k
- */
- mp_int_exptmod(g, k, p, c1);
- mp_int_exptmod(y, k, p, yk);
- mp_modmul(m, yk, p, c2);
-
- /* result */
- *c1_p = bn_to_mpi(c1);
- *c2_p = bn_to_mpi(c2);
- if (*c1_p && *c2_p)
- res = 0;
-err:
- mp_clear_free(c2);
- mp_clear_free(c1);
- mp_clear_free(yk);
- mp_clear_free(k);
- mp_clear_free(y);
- mp_clear_free(g);
- mp_clear_free(p);
- mp_clear_free(m);
- return res;
-}
-
-int
-pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2,
- PGP_MPI **msg_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- mpz_t *c1 = mpi_to_bn(_c1);
- mpz_t *c2 = mpi_to_bn(_c2);
- mpz_t *p = mpi_to_bn(pk->pub.elg.p);
- mpz_t *x = mpi_to_bn(pk->sec.elg.x);
- mpz_t *c1x = mp_new();
- mpz_t *div = mp_new();
- mpz_t *m = mp_new();
-
- if (!c1 || !c2 || !p || !x || !c1x || !div || !m)
- goto err;
-
- /*
- * m = c2 / (c1^x)
- */
- mp_int_exptmod(c1, x, p, c1x);
- mp_int_invmod(c1x, p, div);
- mp_modmul(c2, div, p, m);
-
- /* result */
- *msg_p = bn_to_mpi(m);
- if (*msg_p)
- res = 0;
-err:
- mp_clear_free(m);
- mp_clear_free(div);
- mp_clear_free(c1x);
- mp_clear_free(x);
- mp_clear_free(p);
- mp_clear_free(c2);
- mp_clear_free(c1);
- return res;
-}
-
-int
-pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- mpz_t *m = mpi_to_bn(_m);
- mpz_t *e = mpi_to_bn(pk->pub.rsa.e);
- mpz_t *n = mpi_to_bn(pk->pub.rsa.n);
- mpz_t *c = mp_new();
-
- if (!m || !e || !n || !c)
- goto err;
-
- /*
- * c = m ^ e
- */
- mp_int_exptmod(m, e, n, c);
-
- *c_p = bn_to_mpi(c);
- if (*c_p)
- res = 0;
-err:
- mp_clear_free(c);
- mp_clear_free(n);
- mp_clear_free(e);
- mp_clear_free(m);
- return res;
-}
-
-int
-pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- mpz_t *c = mpi_to_bn(_c);
- mpz_t *d = mpi_to_bn(pk->sec.rsa.d);
- mpz_t *n = mpi_to_bn(pk->pub.rsa.n);
- mpz_t *m = mp_new();
-
- if (!m || !d || !n || !c)
- goto err;
-
- /*
- * m = c ^ d
- */
- mp_int_exptmod(c, d, n, m);
-
- *m_p = bn_to_mpi(m);
- if (*m_p)
- res = 0;
-err:
- mp_clear_free(m);
- mp_clear_free(n);
- mp_clear_free(d);
- mp_clear_free(c);
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi-openssl.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-mpi-openssl.c b/contrib/pgcrypto/pgp-mpi-openssl.c
deleted file mode 100644
index f2b25de..0000000
--- a/contrib/pgcrypto/pgp-mpi-openssl.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * pgp-mpi-openssl.c
- * OpenPGP MPI functions using OpenSSL BIGNUM code.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi-openssl.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include <openssl/bn.h>
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-static BIGNUM *
-mpi_to_bn(PGP_MPI *n)
-{
- BIGNUM *bn = BN_bin2bn(n->data, n->bytes, NULL);
-
- if (!bn)
- return NULL;
- if (BN_num_bits(bn) != n->bits)
- {
- px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d",
- n->bits, BN_num_bits(bn));
- BN_clear_free(bn);
- return NULL;
- }
- return bn;
-}
-
-static PGP_MPI *
-bn_to_mpi(BIGNUM *bn)
-{
- int res;
- PGP_MPI *n;
-
- res = pgp_mpi_alloc(BN_num_bits(bn), &n);
- if (res < 0)
- return NULL;
-
- if (BN_num_bytes(bn) != n->bytes)
- {
- px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d",
- BN_num_bytes(bn), n->bytes);
- pgp_mpi_free(n);
- return NULL;
- }
- BN_bn2bin(bn, n->data);
- return n;
-}
-
-/*
- * Decide the number of bits in the random componont k
- *
- * It should be in the same range as p for signing (which
- * is deprecated), but can be much smaller for encrypting.
- *
- * Until I research it further, I just mimic gpg behaviour.
- * It has a special mapping table, for values <= 5120,
- * above that it uses 'arbitrary high number'. Following
- * algorihm hovers 10-70 bits above gpg values. And for
- * larger p, it uses gpg's algorihm.
- *
- * The point is - if k gets large, encryption will be
- * really slow. It does not matter for decryption.
- */
-static int
-decide_k_bits(int p_bits)
-{
- if (p_bits <= 5120)
- return p_bits / 10 + 160;
- else
- return (p_bits / 8 + 200) * 3 / 2;
-}
-
-int
-pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m,
- PGP_MPI **c1_p, PGP_MPI **c2_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- int k_bits;
- BIGNUM *m = mpi_to_bn(_m);
- BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
- BIGNUM *g = mpi_to_bn(pk->pub.elg.g);
- BIGNUM *y = mpi_to_bn(pk->pub.elg.y);
- BIGNUM *k = BN_new();
- BIGNUM *yk = BN_new();
- BIGNUM *c1 = BN_new();
- BIGNUM *c2 = BN_new();
- BN_CTX *tmp = BN_CTX_new();
-
- if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp)
- goto err;
-
- /*
- * generate k
- */
- k_bits = decide_k_bits(BN_num_bits(p));
- if (!BN_rand(k, k_bits, 0, 0))
- goto err;
-
- /*
- * c1 = g^k c2 = m * y^k
- */
- if (!BN_mod_exp(c1, g, k, p, tmp))
- goto err;
- if (!BN_mod_exp(yk, y, k, p, tmp))
- goto err;
- if (!BN_mod_mul(c2, m, yk, p, tmp))
- goto err;
-
- /* result */
- *c1_p = bn_to_mpi(c1);
- *c2_p = bn_to_mpi(c2);
- if (*c1_p && *c2_p)
- res = 0;
-err:
- if (tmp)
- BN_CTX_free(tmp);
- if (c2)
- BN_clear_free(c2);
- if (c1)
- BN_clear_free(c1);
- if (yk)
- BN_clear_free(yk);
- if (k)
- BN_clear_free(k);
- if (y)
- BN_clear_free(y);
- if (g)
- BN_clear_free(g);
- if (p)
- BN_clear_free(p);
- if (m)
- BN_clear_free(m);
- return res;
-}
-
-int
-pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2,
- PGP_MPI **msg_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- BIGNUM *c1 = mpi_to_bn(_c1);
- BIGNUM *c2 = mpi_to_bn(_c2);
- BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
- BIGNUM *x = mpi_to_bn(pk->sec.elg.x);
- BIGNUM *c1x = BN_new();
- BIGNUM *div = BN_new();
- BIGNUM *m = BN_new();
- BN_CTX *tmp = BN_CTX_new();
-
- if (!c1 || !c2 || !p || !x || !c1x || !div || !m || !tmp)
- goto err;
-
- /*
- * m = c2 / (c1^x)
- */
- if (!BN_mod_exp(c1x, c1, x, p, tmp))
- goto err;
- if (!BN_mod_inverse(div, c1x, p, tmp))
- goto err;
- if (!BN_mod_mul(m, c2, div, p, tmp))
- goto err;
-
- /* result */
- *msg_p = bn_to_mpi(m);
- if (*msg_p)
- res = 0;
-err:
- if (tmp)
- BN_CTX_free(tmp);
- if (m)
- BN_clear_free(m);
- if (div)
- BN_clear_free(div);
- if (c1x)
- BN_clear_free(c1x);
- if (x)
- BN_clear_free(x);
- if (p)
- BN_clear_free(p);
- if (c2)
- BN_clear_free(c2);
- if (c1)
- BN_clear_free(c1);
- return res;
-}
-
-int
-pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- BIGNUM *m = mpi_to_bn(_m);
- BIGNUM *e = mpi_to_bn(pk->pub.rsa.e);
- BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
- BIGNUM *c = BN_new();
- BN_CTX *tmp = BN_CTX_new();
-
- if (!m || !e || !n || !c || !tmp)
- goto err;
-
- /*
- * c = m ^ e
- */
- if (!BN_mod_exp(c, m, e, n, tmp))
- goto err;
-
- *c_p = bn_to_mpi(c);
- if (*c_p)
- res = 0;
-err:
- if (tmp)
- BN_CTX_free(tmp);
- if (c)
- BN_clear_free(c);
- if (n)
- BN_clear_free(n);
- if (e)
- BN_clear_free(e);
- if (m)
- BN_clear_free(m);
- return res;
-}
-
-int
-pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
-{
- int res = PXE_PGP_MATH_FAILED;
- BIGNUM *c = mpi_to_bn(_c);
- BIGNUM *d = mpi_to_bn(pk->sec.rsa.d);
- BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
- BIGNUM *m = BN_new();
- BN_CTX *tmp = BN_CTX_new();
-
- if (!m || !d || !n || !c || !tmp)
- goto err;
-
- /*
- * m = c ^ d
- */
- if (!BN_mod_exp(m, c, d, n, tmp))
- goto err;
-
- *m_p = bn_to_mpi(m);
- if (*m_p)
- res = 0;
-err:
- if (tmp)
- BN_CTX_free(tmp);
- if (m)
- BN_clear_free(m);
- if (n)
- BN_clear_free(n);
- if (d)
- BN_clear_free(d);
- if (c)
- BN_clear_free(c);
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/pgp-mpi.c b/contrib/pgcrypto/pgp-mpi.c
deleted file mode 100644
index 3f2ec0f..0000000
--- a/contrib/pgcrypto/pgp-mpi.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * pgp-mpi.c
- * OpenPGP MPI helper functions.
- *
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
- */
-#include "postgres.h"
-
-#include "px.h"
-#include "mbuf.h"
-#include "pgp.h"
-
-int
-pgp_mpi_alloc(int bits, PGP_MPI **mpi)
-{
- PGP_MPI *n;
- int len = (bits + 7) / 8;
-
- if (bits < 0 || bits > 0xFFFF)
- {
- px_debug("pgp_mpi_alloc: unreasonable request: bits=%d", bits);
- return PXE_PGP_CORRUPT_DATA;
- }
- n = px_alloc(sizeof(*n) + len);
- n->bits = bits;
- n->bytes = len;
- n->data = (uint8 *) (n) + sizeof(*n);
- *mpi = n;
- return 0;
-}
-
-int
-pgp_mpi_create(uint8 *data, int bits, PGP_MPI **mpi)
-{
- int res;
- PGP_MPI *n;
-
- res = pgp_mpi_alloc(bits, &n);
- if (res < 0)
- return res;
- memcpy(n->data, data, n->bytes);
- *mpi = n;
- return 0;
-}
-
-int
-pgp_mpi_free(PGP_MPI *mpi)
-{
- if (mpi == NULL)
- return 0;
- memset(mpi, 0, sizeof(*mpi) + mpi->bytes);
- px_free(mpi);
- return 0;
-}
-
-int
-pgp_mpi_read(PullFilter *src, PGP_MPI **mpi)
-{
- int res;
- uint8 hdr[2];
- int bits;
- PGP_MPI *n;
-
- res = pullf_read_fixed(src, 2, hdr);
- if (res < 0)
- return res;
- bits = ((unsigned) hdr[0] << 8) + hdr[1];
-
- res = pgp_mpi_alloc(bits, &n);
- if (res < 0)
- return res;
-
- res = pullf_read_fixed(src, n->bytes, n->data);
- if (res < 0)
- pgp_mpi_free(n);
- else
- *mpi = n;
- return res;
-}
-
-int
-pgp_mpi_write(PushFilter *dst, PGP_MPI *n)
-{
- int res;
- uint8 buf[2];
-
- buf[0] = n->bits >> 8;
- buf[1] = n->bits & 0xFF;
- res = pushf_write(dst, buf, 2);
- if (res >= 0)
- res = pushf_write(dst, n->data, n->bytes);
- return res;
-}
-
-int
-pgp_mpi_hash(PX_MD *md, PGP_MPI *n)
-{
- uint8 buf[2];
-
- buf[0] = n->bits >> 8;
- buf[1] = n->bits & 0xFF;
- px_md_update(md, buf, 2);
- px_md_update(md, n->data, n->bytes);
-
- return 0;
-}
-
-unsigned
-pgp_mpi_cksum(unsigned cksum, PGP_MPI *n)
-{
- int i;
-
- cksum += n->bits >> 8;
- cksum += n->bits & 0xFF;
- for (i = 0; i < n->bytes; i++)
- cksum += n->data[i];
-
- return cksum & 0xFFFF;
-}