"Annual" pgcrypto update from Marko Kreen:

Few cleanups and couple of new things:

 - add SHA2 algorithm to older OpenSSL
 - add BIGNUM math to have public-key cryptography work on non-OpenSSL
   build.
 - gen_random_bytes() function

The status of SHA2 algoritms and public-key encryption can now be
changed to 'always available.'

That makes pgcrypto functionally complete and unless there will be new
editions of AES, SHA2 or OpenPGP standards, there is no major changes
planned.

1 files changed, 9 insertions, 217 deletions

diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
index f5dd11c90b3..4b90399cdd6 100644
--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.23 2005/10/15 02:49:06 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.24 2006/07/13 04:15:24 neilc Exp $
  */
 
 #include "postgres.h"
@@ -77,9 +77,11 @@
 
 static void init_md5(PX_MD * h);
 static void init_sha1(PX_MD * h);
-static void init_sha256(PX_MD * h);
-static void init_sha384(PX_MD * h);
-static void init_sha512(PX_MD * h);
+
+void init_sha224(PX_MD * h);
+void init_sha256(PX_MD * h);
+void init_sha384(PX_MD * h);
+void init_sha512(PX_MD * h);
 
 struct int_digest
 {
@@ -91,6 +93,7 @@ static const struct int_digest
 			int_digest_list[] = {
 	{"md5", init_md5},
 	{"sha1", init_sha1},
+	{"sha224", init_sha224},
 	{"sha256", init_sha256},
 	{"sha384", init_sha384},
 	{"sha512", init_sha512},
@@ -193,150 +196,6 @@ int_sha1_free(PX_MD * h)
 	px_free(h);
 }
 
-/* SHA256 */
-
-static unsigned
-int_sha256_len(PX_MD * h)
-{
-	return SHA256_DIGEST_LENGTH;
-}
-
-static unsigned
-int_sha256_block_len(PX_MD * h)
-{
-	return SHA256_BLOCK_LENGTH;
-}
-
-static void
-int_sha256_update(PX_MD * h, const uint8 *data, unsigned dlen)
-{
-	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
-
-	SHA256_Update(ctx, data, dlen);
-}
-
-static void
-int_sha256_reset(PX_MD * h)
-{
-	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
-
-	SHA256_Init(ctx);
-}
-
-static void
-int_sha256_finish(PX_MD * h, uint8 *dst)
-{
-	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
-
-	SHA256_Final(dst, ctx);
-}
-
-static void
-int_sha256_free(PX_MD * h)
-{
-	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
-
-	memset(ctx, 0, sizeof(*ctx));
-	px_free(ctx);
-	px_free(h);
-}
-
-/* SHA384 */
-
-static unsigned
-int_sha384_len(PX_MD * h)
-{
-	return SHA384_DIGEST_LENGTH;
-}
-
-static unsigned
-int_sha384_block_len(PX_MD * h)
-{
-	return SHA384_BLOCK_LENGTH;
-}
-
-static void
-int_sha384_update(PX_MD * h, const uint8 *data, unsigned dlen)
-{
-	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
-
-	SHA384_Update(ctx, data, dlen);
-}
-
-static void
-int_sha384_reset(PX_MD * h)
-{
-	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
-
-	SHA384_Init(ctx);
-}
-
-static void
-int_sha384_finish(PX_MD * h, uint8 *dst)
-{
-	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
-
-	SHA384_Final(dst, ctx);
-}
-
-static void
-int_sha384_free(PX_MD * h)
-{
-	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
-
-	memset(ctx, 0, sizeof(*ctx));
-	px_free(ctx);
-	px_free(h);
-}
-
-/* SHA512 */
-
-static unsigned
-int_sha512_len(PX_MD * h)
-{
-	return SHA512_DIGEST_LENGTH;
-}
-
-static unsigned
-int_sha512_block_len(PX_MD * h)
-{
-	return SHA512_BLOCK_LENGTH;
-}
-
-static void
-int_sha512_update(PX_MD * h, const uint8 *data, unsigned dlen)
-{
-	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
-
-	SHA512_Update(ctx, data, dlen);
-}
-
-static void
-int_sha512_reset(PX_MD * h)
-{
-	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
-
-	SHA512_Init(ctx);
-}
-
-static void
-int_sha512_finish(PX_MD * h, uint8 *dst)
-{
-	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
-
-	SHA512_Final(dst, ctx);
-}
-
-static void
-int_sha512_free(PX_MD * h)
-{
-	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
-
-	memset(ctx, 0, sizeof(*ctx));
-	px_free(ctx);
-	px_free(h);
-}
-
 /* init functions */
 
 static void
@@ -379,66 +238,6 @@ init_sha1(PX_MD * md)
 	md->reset(md);
 }
 
-static void
-init_sha256(PX_MD * md)
-{
-	SHA256_CTX *ctx;
-
-	ctx = px_alloc(sizeof(*ctx));
-	memset(ctx, 0, sizeof(*ctx));
-
-	md->p.ptr = ctx;
-
-	md->result_size = int_sha256_len;
-	md->block_size = int_sha256_block_len;
-	md->reset = int_sha256_reset;
-	md->update = int_sha256_update;
-	md->finish = int_sha256_finish;
-	md->free = int_sha256_free;
-
-	md->reset(md);
-}
-
-static void
-init_sha384(PX_MD * md)
-{
-	SHA384_CTX *ctx;
-
-	ctx = px_alloc(sizeof(*ctx));
-	memset(ctx, 0, sizeof(*ctx));
-
-	md->p.ptr = ctx;
-
-	md->result_size = int_sha384_len;
-	md->block_size = int_sha384_block_len;
-	md->reset = int_sha384_reset;
-	md->update = int_sha384_update;
-	md->finish = int_sha384_finish;
-	md->free = int_sha384_free;
-
-	md->reset(md);
-}
-
-static void
-init_sha512(PX_MD * md)
-{
-	SHA512_CTX *ctx;
-
-	ctx = px_alloc(sizeof(*ctx));
-	memset(ctx, 0, sizeof(*ctx));
-
-	md->p.ptr = ctx;
-
-	md->result_size = int_sha512_len;
-	md->block_size = int_sha512_block_len;
-	md->reset = int_sha512_reset;
-	md->update = int_sha512_update;
-	md->finish = int_sha512_finish;
-	md->free = int_sha512_free;
-
-	md->reset(md);
-}
-
 /*
  * ciphers generally
  */
@@ -821,19 +620,12 @@ px_find_cipher(const char *name, PX_Cipher ** res)
  */
 
 /*
- * Use libc for all 'public' bytes.
- *
- * That way we don't expose bytes from Fortuna
- * to the public, in case it has some bugs.
+ * Use always strong randomness.
  */
 int
 px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
 {
-	int			i;
-
-	for (i = 0; i < count; i++)
-		*dst++ = random();
-	return i;
+	return px_get_random_bytes(dst, count);
 }
 
 static time_t seed_time = 0;