Introduce SHA1 implementations in the cryptohash infrastructure

With this commit, SHA1 goes through the implementation provided by OpenSSL via EVP when building the backend with it, and uses as fallback implementation KAME which was located in pgcrypto and already shaped for an integration with a set of init, update and final routines. Structures and routines have been renamed to make things consistent with the fallback implementations of MD5 and SHA2. uuid-ossp has used for ages a shortcut with pgcrypto to fetch a copy of SHA1 if needed. This was built depending on the build options within ./configure, so this cleans up some code and removes the build dependency between pgcrypto and uuid-ossp. Note that this will help with the refactoring of HMAC, as pgcrypto offers the option to use MD5, SHA1 or SHA2, so only the second option was missing to make that possible. Author: Michael Paquier Reviewed-by: Heikki Linnakangas Discussion: https://postgr.es/m/X9HXKTgrvJvYO7Oh@paquier.xyz
2025-07-30 11:03:19 +03:00 · 2021-01-23 11:33:04 +09:00
parent 3fc81ce459
commit a8ed6bb8f4
18 changed files with 479 additions and 424 deletions
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@ -15,6 +15,7 @@

 #include "fmgr.h"
 #include "common/cryptohash.h"
+#include "common/sha1.h"
 #include "port/pg_bswap.h"
 #include "utils/builtins.h"
 #include "utils/uuid.h"
@ -40,15 +41,6 @@

 #undef uuid_hash

-/*
- * Some BSD variants offer sha1 implementation but Linux does not, so we use
- * a copy from pgcrypto.  Not needed with OSSP, though.
- */
-#ifndef HAVE_UUID_OSSP
-#include "sha1.h"
-#endif
-
-
 /* Check our UUID length against OSSP's; better both be 16 */
 #if defined(HAVE_UUID_OSSP) && (UUID_LEN != UUID_LEN_BIN)
 #error UUID length mismatch
@ -338,13 +330,18 @@ uuid_generate_internal(int v, unsigned char *ns, const char *ptr, int len)
 				}
 				else
 				{
-					SHA1_CTX	ctx;
-					unsigned char sha1result[SHA1_RESULTLEN];
+					pg_cryptohash_ctx *ctx = pg_cryptohash_create(PG_SHA1);
+					unsigned char sha1result[SHA1_DIGEST_LENGTH];
+
+					if (pg_cryptohash_init(ctx) < 0)
+						elog(ERROR, "could not initialize %s context", "SHA1");
+					if (pg_cryptohash_update(ctx, ns, sizeof(uu)) < 0 ||
+						pg_cryptohash_update(ctx, (unsigned char *) ptr, len) < 0)
+						elog(ERROR, "could not update %s context", "SHA1");
+					if (pg_cryptohash_final(ctx, sha1result) < 0)
+						elog(ERROR, "could not finalize %s context", "SHA1");
+					pg_cryptohash_free(ctx);

-					SHA1Init(&ctx);
-					SHA1Update(&ctx, ns, sizeof(uu));
-					SHA1Update(&ctx, (unsigned char *) ptr, len);
-					SHA1Final(sha1result, &ctx);
 					memcpy(&uu, sha1result, sizeof(uu));
 				}