Remove support for libmhash/libmcrypt.

libmcrypt seems to dead, maintainer address bounces, and cast-128 fails on 2 of the 3 test vectors from RFC2144. So I see no reason to keep around stuff I don't trust anymore. Support for several crypto libraries is probably only confusing to users, although it was good for initial developing - it helped to find hidden assumptions and forced me to create regression tests for all functionality. Marko Kreen
2005-03-21 05:17:16 +00:00 · 2005-03-21 05:17:16 +00:00 · 3cc8661232
parent ee4ddac137
commit 3cc8661232
3 changed files with 2 additions and 375 deletions
--- a/contrib/pgcrypto/Makefile
+++ b/contrib/pgcrypto/Makefile
@ -1,8 +1,8 @@
 #
-# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.12 2004/09/14 03:39:48 tgl Exp $
+# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.13 2005/03/21 05:17:16 neilc Exp $
 #

-# either 'builtin', 'mhash', 'openssl'
+# either 'builtin', 'openssl'
 cryptolib = builtin

 # either 'builtin', 'system'
@ -34,12 +34,6 @@ CRYPTO_LDFLAGS = -lcrypto
 SRCS = openssl.c
 endif

-ifeq ($(cryptolib), mhash)
-CRYPTO_CFLAGS = -I/usr/local/include
-CRYPTO_LDFLAGS = -L/usr/local/lib -lmcrypt -lmhash -lltdl
-SRCS = mhash.c
-endif
-
 ifeq ($(cryptsrc), builtin)
 SRCS += crypt-blowfish.c crypt-des.c crypt-md5.c 
 else
--- a/contrib/pgcrypto/README.pgcrypto
+++ b/contrib/pgcrypto/README.pgcrypto
@ -186,17 +186,6 @@ OpenSSL (0.9.6):
    Url:	http://www.openssl.org/


-mhash (0.8.9) + mcrypt (2.4.16):
-    Hashes:	MD5, SHA1, CRC32, CRC32B, GOST, TIGER, RIPEMD160,
-		HAVAL(256,224,192,160,128)
-    Ciphers:	DES, DES3, CAST-128(CAST5), CAST-256, xTEA, 3-way,
-    		SKIPJACK, Blowfish, Twofish, LOKI97, RC2, RC4, RC6,
-		Rijndael-128/192/256, MARS, PANAMA, WAKE, Serpent, IDEA, GOST,
-		SAFER, SAFER+, Enigma
-    License:	LGPL
-    Url:	http://mcrypt.sourceforge.org/
-    Url:	http://mhash.sourceforge.org/
-
 CREDITS
 =======

--- a/contrib/pgcrypto/mhash.c
+++ b/contrib/pgcrypto/mhash.c
@ -1,356 +0,0 @@
-/*
- * mhash.c
- *		Wrapper for mhash and mcrypt libraries.
- *
- * Copyright (c) 2001 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *	  notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *	  notice, this list of conditions and the following disclaimer in the
- *	  documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $PostgreSQL: pgsql/contrib/pgcrypto/mhash.c,v 1.10 2004/05/07 00:24:57 tgl Exp $
- */
-
-#include <postgres.h>
-
-#include "px.h"
-
-#include <mhash.h>
-#include <mcrypt.h>
-
-#define MAX_KEY_LENGTH 512
-#define MAX_IV_LENGTH 128
-
-#define DEF_KEY_LEN 16
-
-
-/* DIGEST */
-
-static unsigned
-digest_result_size(PX_MD * h)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-	hashid		id = mhash_get_mhash_algo(mh);
-
-	return mhash_get_block_size(id);
-}
-
-static unsigned
-digest_block_size(PX_MD * h)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-	hashid		id = mhash_get_mhash_algo(mh);
-
-	return mhash_get_hash_pblock(id);
-}
-
-static void
-digest_reset(PX_MD * h)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-	hashid		id = mhash_get_mhash_algo(mh);
-	uint8	   *res = mhash_end(mh);
-
-	mhash_free(res);
-	mh = mhash_init(id);
-	h->p.ptr = mh;
-}
-
-static void
-digest_update(PX_MD * h, const uint8 *data, unsigned dlen)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-
-	mhash(mh, data, dlen);
-}
-
-static void
-digest_finish(PX_MD * h, uint8 *dst)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-	unsigned	hlen = digest_result_size(h);
-	hashid		id = mhash_get_mhash_algo(mh);
-	uint8	   *buf = mhash_end(mh);
-
-	memcpy(dst, buf, hlen);
-	mhash_free(buf);
-
-	mh = mhash_init(id);
-	h->p.ptr = mh;
-}
-
-static void
-digest_free(PX_MD * h)
-{
-	MHASH		mh = (MHASH) h->p.ptr;
-	uint8	   *buf = mhash_end(mh);
-
-	mhash_free(buf);
-
-	px_free(h);
-}
-
-/* ENCRYPT / DECRYPT */
-
-static unsigned
-cipher_block_size(PX_Cipher * c)
-{
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	return mcrypt_enc_get_block_size(ctx);
-}
-
-static unsigned
-cipher_key_size(PX_Cipher * c)
-{
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	return mcrypt_enc_get_key_size(ctx);
-}
-
-static unsigned
-cipher_iv_size(PX_Cipher * c)
-{
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	return mcrypt_enc_mode_has_iv(ctx)
-		? mcrypt_enc_get_iv_size(ctx) : 0;
-}
-
-static int
-cipher_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
-{
-	int			err;
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	err = mcrypt_generic_init(ctx, (char *) key, klen, (char *) iv);
-	if (err < 0)
-		ereport(ERROR,
-				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
-				 errmsg("mcrypt_generic_init error"),
-				 errdetail("%s", mcrypt_strerror(err))));
-
-	c->pstat = 1;
-	return 0;
-}
-
-static int
-cipher_encrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
-{
-	int			err;
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	memcpy(res, data, dlen);
-
-	err = mcrypt_generic(ctx, res, dlen);
-	if (err < 0)
-		ereport(ERROR,
-				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
-				 errmsg("mcrypt_generic error"),
-				 errdetail("%s", mcrypt_strerror(err))));
-	return 0;
-}
-
-static int
-cipher_decrypt(PX_Cipher * c, const uint8 *data, unsigned dlen, uint8 *res)
-{
-	int			err;
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	memcpy(res, data, dlen);
-
-	err = mdecrypt_generic(ctx, res, dlen);
-	if (err < 0)
-		ereport(ERROR,
-				(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
-				 errmsg("mdecrypt_generic error"),
-				 errdetail("%s", mcrypt_strerror(err))));
-	return 0;
-}
-
-
-static void
-cipher_free(PX_Cipher * c)
-{
-	MCRYPT		ctx = (MCRYPT) c->ptr;
-
-	if (c->pstat)
-		mcrypt_generic_end(ctx);
-	else
-		mcrypt_module_close(ctx);
-
-	px_free(c);
-}
-
-/* Helper functions */
-
-static int
-find_hashid(const char *name)
-{
-	int			res = -1;
-	size_t		hnum,
-				b,
-				i;
-	char	   *mname;
-
-	hnum = mhash_count();
-	for (i = 0; i <= hnum; i++)
-	{
-		mname = mhash_get_hash_name(i);
-		if (mname == NULL)
-			continue;
-		b = pg_strcasecmp(name, mname);
-		free(mname);
-		if (b == 0)
-		{
-			res = i;
-			break;
-		}
-	}
-
-	return res;
-}
-
-static char *modes[] = {
-	"ecb", "cbc", "cfb", "ofb", "nofb", "stream",
-	"ofb64", "cfb64", NULL
-};
-
-static PX_Alias aliases[] = {
-	{"bf", "blowfish"},
-	{"3des", "tripledes"},
-	{"des3", "tripledes"},
-	{"aes", "rijndael-128"},
-	{"rijndael", "rijndael-128"},
-	{"aes-128", "rijndael-128"},
-	{"aes-192", "rijndael-192"},
-	{"aes-256", "rijndael-256"},
-	{NULL, NULL}
-};
-
-static PX_Alias mode_aliases[] = {
-#if 0							/* N/A */
-	{"cfb", "ncfb"},
-	{"ofb", "nofb"},
-	{"cfb64", "ncfb"},
-#endif
-	/* { "ofb64", "nofb" }, not sure it works */
-	{"cfb8", "cfb"},
-	{"ofb8", "ofb"},
-	{NULL, NULL}
-};
-
-static int
-is_mode(char *s)
-{
-	char	  **p;
-
-	if (*s >= '0' && *s <= '9')
-		return 0;
-
-	for (p = modes; *p; p++)
-		if (!strcmp(s, *p))
-			return 1;
-
-	return 0;
-}
-
-/* PUBLIC FUNCTIONS */
-
-int
-px_find_digest(const char *name, PX_MD ** res)
-{
-	PX_MD	   *h;
-	MHASH		mh;
-	int			i;
-
-	i = find_hashid(name);
-	if (i < 0)
-		return -1;
-
-	mh = mhash_init(i);
-	h = px_alloc(sizeof(*h));
-	h->p.ptr = (void *) mh;
-
-	h->result_size = digest_result_size;
-	h->block_size = digest_block_size;
-	h->reset = digest_reset;
-	h->update = digest_update;
-	h->finish = digest_finish;
-	h->free = digest_free;
-
-	*res = h;
-	return 0;
-}
-
-
-int
-px_find_cipher(const char *name, PX_Cipher ** res)
-{
-	char		nbuf[PX_MAX_NAMELEN + 1];
-	const char *mode = NULL;
-	char	   *p;
-	MCRYPT		ctx;
-
-	PX_Cipher  *c;
-
-	StrNCpy(nbuf, name, sizeof(nbuf));
-
-	if ((p = strrchr(nbuf, '-')) != NULL)
-	{
-		if (is_mode(p + 1))
-		{
-			mode = p + 1;
-			*p = 0;
-		}
-	}
-
-	name = px_resolve_alias(aliases, nbuf);
-
-	if (!mode)
-	{
-		mode = "cbc";
-
-		/*
-		 * if (mcrypt_module_is_block_algorithm(name, NULL)) mode = "cbc";
-		 * else mode = "stream";
-		 */
-	}
-	mode = px_resolve_alias(mode_aliases, mode);
-
-	ctx = mcrypt_module_open((char *) name, NULL, (char *) mode, NULL);
-	if (ctx == (void *) MCRYPT_FAILED)
-		return -1;
-
-	c = palloc(sizeof *c);
-	c->iv_size = cipher_iv_size;
-	c->key_size = cipher_key_size;
-	c->block_size = cipher_block_size;
-	c->init = cipher_init;
-	c->encrypt = cipher_encrypt;
-	c->decrypt = cipher_decrypt;
-	c->free = cipher_free;
-	c->ptr = ctx;
-	c->pstat = 0;
-
-	*res = c;
-	return 0;
-}