postgres

Commit Graph

Author	SHA1	Message	Date
Bruce Momjian	0a78320057	pgindent run for 9.4 This includes removing tabs after periods in C comments, which was applied to back branches, so this change should not effect backpatching.	12 years ago
Bruce Momjian	9fe55259fd	pgcrypto: fix memset() calls that might be optimized away Specifically, on-stack memset() might be removed, so: * Replace memset() with px_memset() * Add px_memset to copy_crlf() * Add px_memset to pgp-s2k.c Patch by Marko Kreen Report by PVS-Studio Backpatch through 8.4.	12 years ago
Bruce Momjian	927d61eeff	Run pgindent on 9.2 source tree in preparation for first 9.3 commit-fest.	13 years ago
Peter Eisentraut	52ce20589a	Add missing format attributes Add __attribute__ decorations for printf format checking to the places that were missing them. Fix the resulting warnings. Add -Wmissing-format-attribute to the standard set of warnings for GCC, so these don't happen again. The warning fixes here are relatively harmless. The one serious problem discovered by this was already committed earlier in `cf15fb5cab`.	14 years ago
Magnus Hagander	9f2e211386	Remove cvs keywords from all files.	15 years ago
Bruce Momjian	d747140279	8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list provided by Andrew.	16 years ago
Tom Lane	b918bf86c6	Fix combo_decrypt() to throw an error for zero-length input when using a padded encryption scheme. Formerly it would try to access res[(unsigned) -1], which resulted in core dumps on 64-bit machines, and was certainly trouble waiting to happen on 32-bit machines (though in at least the known case it was harmless because that byte would be overwritten after return). Per report from Ken Colson; fix by Marko Kreen.	18 years ago
Tom Lane	37a609b27f	Now that core functionality is depending on autoconf's AC_C_BIGENDIAN to be right, there seems precious little reason to have a pile of hand-maintained endianness definitions in src/include/port/*.h. Get rid of those, and make the couple of places that used them depend on WORDS_BIGENDIAN instead.	19 years ago
Bruce Momjian	1dc3498251	Standard pgindent run for 8.1.	20 years ago
Bruce Momjian	87688ddf87	The large one adds support for RSA keys and reorganizes the pubkey functions a bit. The actual RSA-specific code there is tiny, most of the patch consists of reorg of the pubkey code, as lots of it was written as elgamal-only. --------------------------------------------------------------------------- The SHLIB section was copy-pasted from somewhere and contains several unnecessary libs. This cleans it up a bit. -lcrypt we don't use system crypt() -lssl, -lssleay32 no SSL here -lz in win32 section already added on previous line -ldes The chance anybody has it is pretty low. And the chance pgcrypto works with it is even lower. Also trim the win32 section. --------------------------------------------------------------------------- It is already disabled in Makefile, remove code too. --------------------------------------------------------------------------- I was bit hasty making the random exponent 'k' a prime. Further researh shows that Elgamal encryption has no specific needs in respect to k, any random number is fine. It is bit different for signing, there it needs to be 'relatively prime' to p - 1, that means GCD(k, p-1) == 1, which is also a lot lighter than full primality. As we don't do signing, this can be ignored. This brings major speedup to Elgamal encryption. --------------------------------------------------------------------------- o pgp_mpi_free: Accept NULLs o pgp_mpi_cksum: result should be 16bit o Remove function name from error messages - to be similar to other SQL functions, and it does not match anyway the called function o remove couple junk lines --------------------------------------------------------------------------- o Support for RSA encryption o Big reorg to better separate generic and algorithm-specific code. o Regression tests for RSA. --------------------------------------------------------------------------- o Tom stuck a CVS id into file. I doubt the usefulness of it, but if it needs to be in the file then rather at the end. Also tag it as comment for asciidoc. o Mention bytea vs. text difference o Couple clarifications --------------------------------------------------------------------------- There is a choice whether to update it with pgp functions or remove it. I decided to remove it, updating is pointless. I've tried to keep the core of pgcrypto relatively independent from main PostgreSQL, to make it easy to use externally if needed, and that is good. Eg. that made development of PGP functions much nicer. But I have no plans to release it as generic library, so keeping such doc up-to-date is waste of time. If anyone is interested in using it in other products, he can probably bother to read the source too. Commented source is another thing - I'll try to make another pass over code to see if there is anything non-obvious that would need more comments. --------------------------------------------------------------------------- Marko Kreen	20 years ago
Bruce Momjian	73e2431817	Major pgcrypto changes: of password-based encryption from RFC2440 (OpenPGP). The goal of this code is to be more featureful encryption solution than current encrypt(), which only functionality is running cipher over data. Compared to encrypt(), pgp_encrypt() does following: * It uses the equvialent of random Inital Vector to get cipher into random state before it processes user data * Stores SHA-1 of the data into result so any modification will be detected. * Remembers if data was text or binary - thus it can decrypt to/from text data. This was a major nuisance for encrypt(). * Stores info about used algorithms with result, so user needs not remember them - more user friendly! * Uses String2Key algorithms (similar to crypt()) with random salt to generate full-length binary key to be used for encrypting. * Uses standard format for data - you can feed it to GnuPG, if needed. Optional features (off by default): * Can use separate session key - user data will be encrypted with totally random key, which will be encrypted with S2K generated key and attached to result. * Data compression with zlib. * Can convert between CRLF<->LF line-endings - to get fully RFC2440-compliant behaviour. This is off by default as pgcrypto does not know the line-endings of user data. Interface is simple: pgp_encrypt(data text, key text) returns bytea pgp_decrypt(data text, key text) returns text pgp_encrypt_bytea(data bytea, key text) returns bytea pgp_decrypt_bytea(data bytea, key text) returns bytea To change parameters (cipher, compression, mdc): pgp_encrypt(data text, key text, parms text) returns bytea pgp_decrypt(data text, key text, parms text) returns text pgp_encrypt_bytea(data bytea, key text, parms text) returns bytea pgp_decrypt_bytea(data bytea, key text, parms text) returns bytea Parameter names I lifted from gpg: pgp_encrypt('message', 'key', 'compress-algo=1,cipher-algo=aes256') For text data, pgp_encrypt simply encrypts the PostgreSQL internal data. This maps to RFC2440 data type 't' - 'extenally specified encoding'. But this may cause problems if data is dumped and reloaded into database which as different internal encoding. My next goal is to implement data type 'u' - which means data is in UTF-8 encoding by converting internal encoding to UTF-8 and back. And there wont be any compatibility problems with current code, I think its ok to submit this without UTF-8 encoding by converting internal encoding to UTF-8 and back. And there wont be any compatibility problems with current code, I think its ok to submit this without UTF-8 support. Here is v4 of PGP encrypt. This depends on previously sent Fortuna-patch, as it uses the px_add_entropy function. - New function: pgp_key_id() for finding key id's. - Add SHA1 of user data and key into RNG pools. We need to get randomness from somewhere, and it is in user best interests to contribute. - Regenerate pgp-armor test for SQL_ASCII database. - Cleanup the key handling so that the pubkey support is less hackish. Marko Kreen	20 years ago
Bruce Momjian	4fcf8b11ff	- Add Fortuna PRNG to pgcrypto. - Move openssl random provider to openssl.c and builtin provider to internal.c - Make px_random_bytes use Fortuna, instead of giving error. - Retarget random.c to aquiring system randomness, for initial seeding of Fortuna. There is ATM 2 functions for Windows, reader from /dev/urandom and the regular time()/getpid() silliness. Marko Kreen	20 years ago
Neil Conway	19b676869a	pgcrypto update: Reserve px_get_random_bytes() for strong randomness, add new function px_get_pseudo_random_bytes() for weak randomness and use it in gen_salt(). On openssl case, use RAND_pseudo_bytes() for px_get_pseudo_random_bytes(). Final result is that is user has not configured random souce but kept the 'silly' one, gen_salt() keeps working, but pgp_encrypt() will throw error. Marko Kreen	21 years ago
Neil Conway	b160d6b9dc	pgcrypto update: * Use error codes instead of -1 * px_strerror for new error codes * calling convention change for px_gen_salt - return error code * use px_strerror in pgcrypto.c Marko Kreen	21 years ago
Neil Conway	fa332a06ec	* construct "struct {} list [] = {}" confuses pgindent - split those. It was a bad style to begin with, and now several loops can be clearer. * pgcrypto.c: Fix function comments * crypt-gensalt.c, crypt-blowfish.c: stop messing with errno * openssl.c: use px_free instead pfree * px.h: make redefining px_alloc/px_realloc/px_free easier Marko Kreen	21 years ago
PostgreSQL Daemon	55b113257c	make sure the $Id tags are converted to $PostgreSQL as well ...	22 years ago
Peter Eisentraut	0530d7a24b	Need sys/param.h for endianness macros.	23 years ago
Bruce Momjian	8f73bb4da9	* include <endian.h> is not enough, include sys/types.h too everywhere. At least it was now detected correctly. marko	24 years ago
Bruce Momjian	8aa538cfd5	* When postgres.h does not define BYTE_ENDIAN pgcrypto produces garbage. I learned the hard way that #if UNDEFINED_1 == UNDEFINED_2 #error "gcc is idiot" #endif prints "gcc is idiot" ... Affected are MD5/SHA1 in internal library, and also HMAC-MD5/HMAC-SHA1/ crypt-md5 which use them. Blowfish is ok, also Rijndael on at least x86. Big thanks to Daniel Holtzman who send me a build log which contained warning: md5.c:246: warning: `X' defined but not used Yes, gcc is that helpful... Please apply this. -- marko	24 years ago
Bruce Momjian	540155b777	pgcrypto uses non-standard type uint, which causes compile failures on FreeBSD. This patch replaces uint -> unsigned. This was reported by Daniel Holtzman against 0.4pre3 standalone package, but it needs fixing in contrib/pgcrypto too. Marko Kreen	24 years ago
Bruce Momjian	ea08e6cd55	New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.	24 years ago
Bruce Momjian	b81844b173	pgindent run on all C files. Java run to follow. initdb/regression tests pass.	24 years ago
Bruce Momjian	ab56022864	Big thanks to Solar Designer who pointed out a bug in bcrypt salt generation code. He also urged using better random source and making possible to choose using bcrypt and xdes rounds more easily. So, here's patch: * For all salt generation, use Solar Designer's own code. This is mostly due fact that his code is more fit for get_random_bytes() style interface. * New function: gen_salt(type, rounds). This lets specify iteration count for algorithm. * random.c: px_get_random_bytes() function. Supported randomness soure: /dev/urandom, OpenSSL PRNG, libc random() Default: /dev/urandom. * Draft description of C API for pgcrypto functions. New files: API, crypt-gensalt.c, random.c Marko Kreen	24 years ago
Bruce Momjian	df24cb73f6	Add missing pgcrypto file.	24 years ago

24 Commits (0a7832005792fa6dad171f9cadb8d587fe0dd800)