Remove support for libmhash/libmcrypt.

libmcrypt seems to dead, maintainer address bounces, and cast-128 fails on 2 of the 3 test vectors from RFC2144. So I see no reason to keep around stuff I don't trust anymore. Support for several crypto libraries is probably only confusing to users, although it was good for initial developing - it helped to find hidden assumptions and forced me to create regression tests for all functionality. Marko Kreen
2025-04-25 21:42:33 +03:00 · 2005-03-21 05:17:16 +00:00 · 2005-03-21 05:17:16 +00:00 · 3cc8661232
commit 3cc8661232
parent ee4ddac137
3 changed files with 2 additions and 375 deletions
--- a/contrib/pgcrypto/Makefile
+++ b/contrib/pgcrypto/Makefile
@ -1,8 +1,8 @@
 #
-# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.12 2004/09/14 03:39:48 tgl Exp $
+# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.13 2005/03/21 05:17:16 neilc Exp $
 #
-# either 'builtin', 'mhash', 'openssl'
+# either 'builtin', 'openssl'
 cryptolib = builtin
 # either 'builtin', 'system'
@ -34,12 +34,6 @@ CRYPTO_LDFLAGS = -lcrypto
 SRCS = openssl.c
 endif
 ifeq ($(cryptolib), mhash)
 CRYPTO_CFLAGS = -I/usr/local/include
 CRYPTO_LDFLAGS = -L/usr/local/lib -lmcrypt -lmhash -lltdl
 SRCS = mhash.c
 endif
 ifeq ($(cryptsrc), builtin)
 SRCS += crypt-blowfish.c crypt-des.c crypt-md5.c 
 else
--- a/contrib/pgcrypto/README.pgcrypto
+++ b/contrib/pgcrypto/README.pgcrypto
@ -186,17 +186,6 @@ OpenSSL (0.9.6):
    Url:	http://www.openssl.org/
 mhash (0.8.9) + mcrypt (2.4.16):
    Hashes:	MD5, SHA1, CRC32, CRC32B, GOST, TIGER, RIPEMD160,
 		HAVAL(256,224,192,160,128)
    Ciphers:	DES, DES3, CAST-128(CAST5), CAST-256, xTEA, 3-way,
    		SKIPJACK, Blowfish, Twofish, LOKI97, RC2, RC4, RC6,
 		Rijndael-128/192/256, MARS, PANAMA, WAKE, Serpent, IDEA, GOST,
 		SAFER, SAFER+, Enigma
    License:	LGPL
    Url:	http://mcrypt.sourceforge.org/
    Url:	http://mhash.sourceforge.org/
 CREDITS
 =======
--- a/contrib/pgcrypto/mhash.c
+++ b/contrib/pgcrypto/mhash.c
@ -1,356 +0,0 @@
 /*
 * mhash.c
 *		Wrapper for mhash and mcrypt libraries.
 *
 * Copyright (c) 2001 Marko Kreen
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *	  notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *	  notice, this list of conditions and the following disclaimer in the
 *	  documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $PostgreSQL: pgsql/contrib/pgcrypto/mhash.c,v 1.10 2004/05/07 00:24:57 tgl Exp $
 */
 #include <postgres.h>
 #include "px.h"
 #include <mhash.h>
 #include <mcrypt.h>
 #define MAX_KEY_LENGTH 512
 #define MAX_IV_LENGTH 128
 #define DEF_KEY_LEN 16
 /* DIGEST */
 static unsigned
 digest_result_size(PX_MD * h)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	hashid		id = mhash_get_mhash_algo(mh);
 	return mhash_get_block_size(id);
 }
 static unsigned
 digest_block_size(PX_MD * h)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	hashid		id = mhash_get_mhash_algo(mh);
 	return mhash_get_hash_pblock(id);
 }
 static void
 digest_reset(PX_MD * h)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	hashid		id = mhash_get_mhash_algo(mh);
 	uint8	   *res = mhash_end(mh);
 	mhash_free(res);
 	mh = mhash_init(id);
 	h->p.ptr = mh;
 }
 static void
 digest_update(PX_MD * h, const uint8 *data, unsigned dlen)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	mhash(mh, data, dlen);
 }
 static void
 digest_finish(PX_MD * h, uint8 *dst)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	unsigned	hlen = digest_result_size(h);
 	hashid		id = mhash_get_mhash_algo(mh);
 	uint8	   *buf = mhash_end(mh);
 	memcpy(dst, buf, hlen);
 	mhash_free(buf);
 	mh = mhash_init(id);
 	h->p.ptr = mh;
 }
 static void
 digest_free(PX_MD * h)
 {
 	MHASH		mh = (MHASH) h->p.ptr;
 	uint8	   *buf = mhash_end(mh);
 	mhash_free(buf);
 	px_free(h);
 }
 /* ENCRYPT / DECRYPT */
 static unsigned
 cipher_block_size(PX_Cipher * c)
 {
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	return mcrypt_enc_get_block_size(ctx);
 }
 static unsigned
 cipher_key_size(PX_Cipher * c)
 {
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	return mcrypt_enc_get_key_size(ctx);
 }
 static unsigned
 cipher_iv_size(PX_Cipher * c)
 {
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	return mcrypt_enc_mode_has_iv(ctx)
 		? mcrypt_enc_get_iv_size(ctx) : 0;
 }
 static int
 cipher_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
 {
 	int			err;
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	err = mcrypt_generic_init(ctx, (char *) key, klen, (char *) iv);
 	if (err < 0)
 		ereport(ERROR,
 				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
 				 errmsg("mcrypt_generic_init error"),
 				 errdetail("%s", mcrypt_strerror(err))));
 	c->pstat = 1;
 	return 0;
 }
 static int
 cipher_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
 {
 	int			err;
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	memcpy(res, data, dlen);
 	err = mcrypt_generic(ctx, res, dlen);
 	if (err < 0)
 		ereport(ERROR,
 				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
 				 errmsg("mcrypt_generic error"),
 				 errdetail("%s", mcrypt_strerror(err))));
 	return 0;
 }
 static int
 cipher_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
 {
 	int			err;
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	memcpy(res, data, dlen);
 	err = mdecrypt_generic(ctx, res, dlen);
 	if (err < 0)
 		ereport(ERROR,
 				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
 				 errmsg("mdecrypt_generic error"),
 				 errdetail("%s", mcrypt_strerror(err))));
 	return 0;
 }
 static void
 cipher_free(PX_Cipher * c)
 {
 	MCRYPT		ctx = (MCRYPT) c->ptr;
 	if (c->pstat)
 		mcrypt_generic_end(ctx);
 	else
 		mcrypt_module_close(ctx);
 	px_free(c);
 }
 /* Helper functions */
 static int
 find_hashid(const char *name)
 {
 	int			res = -1;
 	size_t		hnum,
 				b,
 				i;
 	char	   *mname;
 	hnum = mhash_count();
 	for (i = 0; i <= hnum; i++)
 	{
 		mname = mhash_get_hash_name(i);
 		if (mname == NULL)
 			continue;
 		b = pg_strcasecmp(name, mname);
 		free(mname);
 		if (b == 0)
 		{
 			res = i;
 			break;
 		}
 	}
 	return res;
 }
 static char *modes[] = {
 	"ecb", "cbc", "cfb", "ofb", "nofb", "stream",
 	"ofb64", "cfb64", NULL
 };
 static PX_Alias aliases[] = {
 	{"bf", "blowfish"},
 	{"3des", "tripledes"},
 	{"des3", "tripledes"},
 	{"aes", "rijndael-128"},
 	{"rijndael", "rijndael-128"},
 	{"aes-128", "rijndael-128"},
 	{"aes-192", "rijndael-192"},
 	{"aes-256", "rijndael-256"},
 	{NULL, NULL}
 };
 static PX_Alias mode_aliases[] = {
 #if 0							/* N/A */
 	{"cfb", "ncfb"},
 	{"ofb", "nofb"},
 	{"cfb64", "ncfb"},
 #endif
 	/* { "ofb64", "nofb" }, not sure it works */
 	{"cfb8", "cfb"},
 	{"ofb8", "ofb"},
 	{NULL, NULL}
 };
 static int
 is_mode(char *s)
 {
 	char	  **p;
 	if (*s >= '0' && *s <= '9')
 		return 0;
 	for (p = modes; *p; p++)
 		if (!strcmp(s, *p))
 			return 1;
 	return 0;
 }
 /* PUBLIC FUNCTIONS */
 int
 px_find_digest(const char *name, PX_MD ** res)
 {
 	PX_MD	   *h;
 	MHASH		mh;
 	int			i;
 	i = find_hashid(name);
 	if (i < 0)
 		return -1;
 	mh = mhash_init(i);
 	h = px_alloc(sizeof(*h));
 	h->p.ptr = (void *) mh;
 	h->result_size = digest_result_size;
 	h->block_size = digest_block_size;
 	h->reset = digest_reset;
 	h->update = digest_update;
 	h->finish = digest_finish;
 	h->free = digest_free;
 	*res = h;
 	return 0;
 }
 int
 px_find_cipher(const char *name, PX_Cipher ** res)
 {
 	char		nbuf[PX_MAX_NAMELEN + 1];
 	const char *mode = NULL;
 	char	   *p;
 	MCRYPT		ctx;
 	PX_Cipher  *c;
 	StrNCpy(nbuf, name, sizeof(nbuf));
 	if ((p = strrchr(nbuf, '-')) != NULL)
 	{
 		if (is_mode(p + 1))
 		{
 			mode = p + 1;
 			*p = 0;
 		}
 	}
 	name = px_resolve_alias(aliases, nbuf);
 	if (!mode)
 	{
 		mode = "cbc";
 		/*
 		 * if (mcrypt_module_is_block_algorithm(name, NULL)) mode = "cbc";
 		 * else mode = "stream";
 		 */
 	}
 	mode = px_resolve_alias(mode_aliases, mode);
 	ctx = mcrypt_module_open((char *) name, NULL, (char *) mode, NULL);
 	if (ctx == (void *) MCRYPT_FAILED)
 		return -1;
 	c = palloc(sizeof *c);
 	c->iv_size = cipher_iv_size;
 	c->key_size = cipher_key_size;
 	c->block_size = cipher_block_size;
 	c->init = cipher_init;
 	c->encrypt = cipher_encrypt;
 	c->decrypt = cipher_decrypt;
 	c->free = cipher_free;
 	c->ptr = ctx;
 	c->pstat = 0;
 	*res = c;
 	return 0;
 }