head	1.27;
access;
symbols
	REL9_0_0:1.27
	REL9_1_ALPHA1:1.27
	REL9_0_RC1:1.27
	REL9_0_BETA4:1.27
	REL9_0_STABLE:1.27.0.16
	REL9_0_BETA3:1.27
	REL9_0_BETA2:1.27
	REL7_4_29:1.9
	REL8_0_25:1.12
	REL8_1_21:1.23
	REL8_2_17:1.24
	REL8_3_11:1.27
	REL8_4_4:1.27
	REL9_0_BETA1:1.27
	REL9_0_ALPHA5_BRANCH:1.27.0.14
	REL9_0_ALPHA5:1.27
	REL7_4_28:1.9
	REL8_0_24:1.12
	REL8_1_20:1.23
	REL8_2_16:1.24
	REL8_3_10:1.27
	REL8_4_3:1.27
	REL9_0_ALPHA4:1.27
	REL9_0_ALPHA4_BRANCH:1.27.0.12
	REL8_5_ALPHA3:1.27
	REL8_5_ALPHA3_BRANCH:1.27.0.10
	REL7_4_27:1.9
	REL8_0_23:1.12
	REL8_1_19:1.23
	REL8_2_15:1.24
	REL8_3_9:1.27
	REL8_4_2:1.27
	REL8_5_ALPHA2:1.27
	REL8_5_ALPHA2_BRANCH:1.27.0.8
	REL7_4_26:1.9
	REL8_0_22:1.12
	REL8_1_18:1.23
	REL8_2_14:1.24
	REL8_3_8:1.27
	REL8_4_1:1.27
	REL8_5_ALPHA1:1.27
	REL8_5_ALPHA1_BRANCH:1.27.0.6
	REL8_4_STABLE:1.27.0.4
	REL8_4_0:1.27
	REL8_4_RC2:1.27
	REL8_4_RC1:1.27
	REL8_4_BETA2:1.27
	REL8_4_BETA1:1.27
	REL7_4_25:1.9
	REL8_0_21:1.12
	REL8_1_17:1.23
	REL8_2_13:1.24
	REL8_3_7:1.27
	REL7_4_24:1.9
	REL8_0_20:1.12
	REL8_1_16:1.23
	REL8_2_12:1.24
	REL8_3_6:1.27
	REL7_4_23:1.9
	REL8_0_19:1.12
	REL8_1_15:1.23
	REL8_2_11:1.24
	REL8_3_5:1.27
	REL7_4_22:1.9
	REL8_0_18:1.12
	REL8_1_14:1.23
	REL8_2_10:1.24
	REL8_3_4:1.27
	REL7_4_21:1.9
	REL8_0_17:1.12
	REL8_1_13:1.23
	REL8_2_9:1.24
	REL8_3_3:1.27
	REL7_4_20:1.9
	REL8_0_16:1.12
	REL8_1_12:1.23
	REL8_2_8:1.24
	REL8_3_2:1.27
	REL8_2_7:1.24
	REL8_3_1:1.27
	REL8_3_STABLE:1.27.0.2
	REL8_3_0:1.27
	REL8_3_RC2:1.27
	REL7_3_21:1.9
	REL7_4_19:1.9
	REL8_0_15:1.12
	REL8_1_11:1.23
	REL8_2_6:1.24
	REL8_3_RC1:1.27
	REL8_3_BETA4:1.27
	REL8_3_BETA3:1.27
	REL8_3_BETA2:1.26
	REL8_3_BETA1:1.26
	REL7_3_20:1.9
	REL7_4_18:1.9
	REL8_0_14:1.12
	REL8_1_10:1.23
	REL8_2_5:1.24
	REL7_3_19:1.9
	REL7_4_17:1.9
	REL8_0_13:1.12
	REL8_1_9:1.23
	REL8_2_4:1.24
	REL8_0_12:1.12
	REL8_1_8:1.23
	REL8_2_3:1.24
	REL7_3_18:1.9
	REL7_4_16:1.9
	REL8_0_11:1.12
	REL8_1_7:1.23
	REL8_2_2:1.24
	REL8_0_10:1.12
	REL8_1_6:1.23
	REL8_2_1:1.24
	REL7_4_15:1.9
	REL7_3_17:1.9
	REL8_2_STABLE:1.24.0.2
	REL8_2_0:1.24
	REL8_2_RC1:1.24
	REL8_2_BETA3:1.24
	REL8_2_BETA2:1.24
	REL8_1_5:1.23
	REL8_0_9:1.12
	REL7_4_14:1.9
	REL7_3_16:1.9
	REL8_2_BETA1:1.24
	REL7_3_15:1.9
	REL7_4_13:1.9
	REL8_0_8:1.12
	REL8_1_4:1.23
	REL7_3_14:1.9
	REL7_4_12:1.9
	REL8_0_7:1.12
	REL8_1_3:1.23
	REL7_3_13:1.9
	REL7_4_11:1.9
	REL8_0_6:1.12
	REL8_1_2:1.23
	REL7_3_12:1.9
	REL7_4_10:1.9
	REL8_0_5:1.12
	REL8_1_1:1.23
	REL8_1_STABLE:1.23.0.2
	REL8_1_0:1.23
	REL8_1_0RC1:1.23
	REL8_1_0BETA4:1.23
	REL8_1_0BETA3:1.23
	REL7_3_11:1.9
	REL7_4_9:1.9
	REL8_0_4:1.12
	REL8_1_0BETA2:1.22
	REL8_1_0BETA1:1.22
	REL7_2_8:1.9
	REL7_3_10:1.9
	REL7_4_8:1.9
	REL8_0_3:1.12
	REL8_0_2:1.12
	REL7_2_7:1.9
	REL7_3_9:1.9
	REL7_4_7:1.9
	REL8_0_1:1.12
	REL8_0_STABLE:1.12.0.4
	REL8_0_0:1.12.0.2
	REL8_0_0RC5:1.12
	REL8_0_0RC4:1.12
	REL8_0_0RC3:1.12
	REL8_0_0RC2:1.12
	REL8_0_0RC1:1.12
	REL8_0_0BETA5:1.12
	REL8_0_0BETA4:1.12
	REL7_4_6:1.9
	REL7_3_8:1.9
	REL7_2_6:1.9
	REL8_0_0BETA3:1.12
	REL8_0_0BETA2:1.11
	REL7_2_5:1.9
	REL7_4_5:1.9
	REL7_3_7:1.9
	REL7_4_4:1.9
	REL8_0_0BETA1:1.10
	REL7_4_3:1.9
	REL7_4_2:1.9
	REL7_3_6:1.9
	REL7_4_1:1.9
	REL7_3_5:1.9
	REL7_4:1.9
	REL7_4_RC2:1.9
	REL7_4_STABLE:1.9.0.8
	REL7_4_RC1:1.9
	REL7_4_BETA5:1.9
	REL7_4_BETA4:1.9
	REL7_4_BETA3:1.9
	REL7_4_BETA2:1.9
	WIN32_DEV:1.9.0.6
	REL7_4_BETA1:1.9
	REL7_3_4:1.9
	REL7_3_2:1.9
	REL7_2_4:1.9
	REL7_3_STABLE:1.9.0.4
	REL7_2_3:1.9
	REL7_2_STABLE:1.9.0.2
	REL7_2:1.9
	REL7_2_RC2:1.9
	REL7_2_RC1:1.9
	REL7_2_BETA5:1.9
	REL7_2_BETA4:1.9
	REL7_2_BETA3:1.9
	REL7_2_BETA2:1.9
	REL7_2_BETA1:1.9
	REL7_1_2:1.3
	REL7_1_STABLE:1.3.0.2
	REL7_1_BETA:1.1
	REL7_1_BETA3:1.1
	REL7_1_BETA2:1.1
	REL7_1:1.3;
locks; strict;
comment	@# @;


1.27
date	2007.11.10.23.59.51;	author momjian;	state Exp;
branches;
next	1.26;

1.26
date	2007.06.26.22.05.03;	author tgl;	state Exp;
branches;
next	1.25;

1.25
date	2007.01.14.20.55.14;	author alvherre;	state Exp;
branches;
next	1.24;

1.24
date	2006.07.13.04.15.24;	author neilc;	state Exp;
branches;
next	1.23;

1.23
date	2005.09.27.17.13.08;	author tgl;	state Exp;
branches;
next	1.22;

1.22
date	2005.08.13.02.06.20;	author momjian;	state Exp;
branches;
next	1.21;

1.21
date	2005.07.10.18.32.55;	author momjian;	state Exp;
branches;
next	1.20;

1.20
date	2005.07.10.03.57.55;	author momjian;	state Exp;
branches;
next	1.19;

1.19
date	2005.07.10.03.55.28;	author momjian;	state Exp;
branches;
next	1.18;

1.18
date	2005.07.10.03.52.56;	author momjian;	state Exp;
branches;
next	1.17;

1.17
date	2005.07.06.16.14.42;	author tgl;	state Exp;
branches;
next	1.16;

1.16
date	2005.07.05.23.18.44;	author tgl;	state Exp;
branches;
next	1.15;

1.15
date	2005.07.05.23.13.57;	author tgl;	state Exp;
branches;
next	1.14;

1.14
date	2005.03.21.05.24.51;	author neilc;	state Exp;
branches;
next	1.13;

1.13
date	2005.03.21.05.17.16;	author neilc;	state Exp;
branches;
next	1.12;

1.12
date	2004.09.14.03.39.48;	author tgl;	state Exp;
branches;
next	1.11;

1.11
date	2004.08.20.20.13.06;	author momjian;	state Exp;
branches;
next	1.10;

1.10
date	2003.11.29.19.51.35;	author pgsql;	state Exp;
branches;
next	1.9;

1.9
date	2001.09.30.22.18.29;	author momjian;	state Exp;
branches;
next	1.8;

1.8
date	2001.09.29.03.11.58;	author momjian;	state Exp;
branches;
next	1.7;

1.7
date	2001.09.23.04.12.44;	author momjian;	state Exp;
branches;
next	1.6;

1.6
date	2001.09.16.16.11.09;	author petere;	state Exp;
branches;
next	1.5;

1.5
date	2001.08.21.00.42.41;	author momjian;	state Exp;
branches;
next	1.4;

1.4
date	2001.06.18.21.38.02;	author momjian;	state Exp;
branches;
next	1.3;

1.3
date	2001.02.20.15.34.14;	author momjian;	state Exp;
branches;
next	1.2;

1.2
date	2001.01.24.03.46.16;	author momjian;	state Exp;
branches;
next	1.1;

1.1
date	2000.10.31.13.11.28;	author petere;	state Exp;
branches;
next	;


desc
@@


1.27
log
@Remove references to READMEs from /contrib Makefiles.
@
text
@#
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.26 2007/06/26 22:05:03 tgl Exp $
#

INT_SRCS = md5.c sha1.c sha2.c internal.c internal-sha2.c blf.c rijndael.c \
		fortuna.c random.c pgp-mpi-internal.c imath.c
INT_TESTS = sha2

OSSL_SRCS = openssl.c pgp-mpi-openssl.c
OSSL_TESTS = sha2 des 3des cast5

ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED

CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS))
CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS))
CF_PGP_TESTS = $(if $(subst no,,$(with_zlib)), $(ZLIB_TST), $(ZLIB_OFF_TST))

SRCS		= pgcrypto.c px.c px-hmac.c px-crypt.c \
		crypt-gensalt.c crypt-blowfish.c crypt-des.c \
		crypt-md5.c $(CF_SRCS) \
		mbuf.c pgp.c pgp-armor.c pgp-cfb.c pgp-compress.c \
		pgp-decrypt.c pgp-encrypt.c pgp-info.c pgp-mpi.c \
		pgp-pubdec.c pgp-pubenc.c pgp-pubkey.c pgp-s2k.c \
		pgp-pgsql.c

MODULE_big	= pgcrypto
OBJS		= $(SRCS:.c=.o)
DATA_built	= pgcrypto.sql
DATA		= uninstall_pgcrypto.sql
EXTRA_CLEAN	= gen-rtab

REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
	$(CF_TESTS) \
	crypt-des crypt-md5 crypt-blowfish crypt-xdes \
	pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
	pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info


ifdef USE_PGXS
PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
include $(PGXS)
else
subdir = contrib/pgcrypto
top_builddir = ../..
include $(top_builddir)/src/Makefile.global
include $(top_srcdir)/contrib/contrib-global.mk
endif

# Add libraries that pgcrypto depends (or might depend) on into the
# shared library link.  (The order in which you list them here doesn't
# matter.)
SHLIB_LINK += $(filter -lcrypto -lz, $(LIBS))
ifeq ($(PORTNAME), win32)
SHLIB_LINK += $(filter -leay32, $(LIBS))
# those must be at the end
SHLIB_LINK += -lwsock32 -lws2_32
endif

rijndael.o: rijndael.tbl

rijndael.tbl:
	$(CC) $(CPPFLAGS) $(CFLAGS) -DPRINT_TABS rijndael.c -o gen-rtab
	./gen-rtab > rijndael.tbl
@


1.26
log
@Fix PGXS conventions so that extensions can be built against Postgres
installations whose pg_config program does not appear first in the PATH.
Per gripe from Eddie Stanley and subsequent discussions with Fabien Coelho
and others.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.25 2007/01/14 20:55:14 alvherre Exp $
a28 1
DOCS		= README.pgcrypto
@


1.25
log
@Replace unnecessary DISABLE_ZLIB define in pgcrypto with HAVE_LIBZ from core.

Patch from Marko Kreen.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.24 2006/07/13 04:15:24 neilc Exp $
d42 2
a43 1
PGXS := $(shell pg_config --pgxs)
@


1.24
log
@"Annual" pgcrypto update from Marko Kreen:

Few cleanups and couple of new things:

 - add SHA2 algorithm to older OpenSSL
 - add BIGNUM math to have public-key cryptography work on non-OpenSSL
   build.
 - gen_random_bytes() function

The status of SHA2 algoritms and public-key encryption can now be
changed to 'always available.'

That makes pgcrypto functionally complete and unless there will be new
editions of AES, SHA2 or OpenPGP standards, there is no major changes
planned.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.23 2005/09/27 17:13:08 tgl Exp $
a11 1
ZLIB_OFF_CFLAGS = -DDISABLE_ZLIB
a16 1
CF_CFLAGS = $(if $(subst yes,,$(with_zlib)), $(ZLIB_OFF_CFLAGS))
a18 2
PG_CPPFLAGS	= $(CF_CFLAGS)

@


1.23
log
@PGXS should be set with := not =, as specified in the documentation,
to avoid useless multiple executions of pg_config.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.22 2005/08/13 02:06:20 momjian Exp $
d5 2
a6 2
INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c \
		fortuna.c random.c pgp-mpi-internal.c
d10 1
a10 1
OSSL_TESTS = des 3des cast5
a14 2
PUBENC_ON = pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
PUBENC_OFF = pgp-pubkey-DISABLED
d19 1
a19 2
CF_PGP_TESTS = $(if $(subst no,,$(with_zlib)), $(ZLIB_TST), $(ZLIB_OFF_TST)) \
	$(if $(subst no,,$(with_openssl)), $(PUBENC_ON), $(PUBENC_OFF))
d23 1
a23 1
SRCS		= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c \
d35 1
d41 2
a42 1
	pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS)
@


1.22
log
@The large one adds support for RSA keys and reorganizes
the pubkey functions a bit.  The actual RSA-specific code
there is tiny, most of the patch consists of reorg of the
pubkey code, as lots of it was written as elgamal-only.

---------------------------------------------------------------------------

The SHLIB section was copy-pasted from somewhere and contains
several unnecessary libs.  This cleans it up a bit.

 -lcrypt
   we don't use system crypt()

 -lssl, -lssleay32
   no SSL here

 -lz in win32 section
   already added on previous line

 -ldes
   The chance anybody has it is pretty low.
   And the chance pgcrypto works with it is even lower.

Also trim the win32 section.

---------------------------------------------------------------------------

It is already disabled in Makefile, remove code too.

---------------------------------------------------------------------------

I was bit hasty making the random exponent 'k' a prime.  Further researh
shows that Elgamal encryption has no specific needs in respect to k,
any random number is fine.

It is bit different for signing, there it needs to be 'relatively prime'
to p - 1,  that means GCD(k, p-1) == 1, which is also a lot lighter than
full primality.  As we don't do signing, this can be ignored.

This brings major speedup to Elgamal encryption.

---------------------------------------------------------------------------

o  pgp_mpi_free: Accept NULLs
o  pgp_mpi_cksum: result should be 16bit
o  Remove function name from error messages - to be similar to other
   SQL functions, and it does not match anyway the called function
o  remove couple junk lines

---------------------------------------------------------------------------

o  Support for RSA encryption
o  Big reorg to better separate generic and algorithm-specific code.
o  Regression tests for RSA.

---------------------------------------------------------------------------

o  Tom stuck a CVS id into file.  I doubt the usefulness of it,
   but if it needs to be in the file then rather at the end.
   Also tag it as comment for asciidoc.
o  Mention bytea vs. text difference
o  Couple clarifications

---------------------------------------------------------------------------

There is a choice whether to update it with pgp functions or
remove it.  I decided to remove it, updating is pointless.

I've tried to keep the core of pgcrypto relatively independent
from main PostgreSQL, to make it easy to use externally if needed,
and that is good.  Eg. that made development of PGP functions much
nicer.

But I have no plans to release it as generic library, so keeping such
doc
up-to-date is waste of time.  If anyone is interested in using it in
other products, he can probably bother to read the source too.

Commented source is another thing - I'll try to make another pass
over code to see if there is anything non-obvious that would need
more comments.

---------------------------------------------------------------------------

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.21 2005/07/10 18:32:55 momjian Exp $
d47 1
a47 1
PGXS = $(shell pg_config --pgxs)
@


1.21
log
@> One more failure:
>
> I think this is because we don't have -lz in SHLIB_LINK.
> Following patch fixes it.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.20 2005/07/10 03:57:55 momjian Exp $
d59 1
a59 1
SHLIB_LINK += $(filter -lcrypt -ldes -lcrypto -lssl -lz, $(LIBS))
d61 2
a62 5
SHLIB_LINK += $(filter -leay32 -lssleay32 -lz, $(LIBS))
endif

# to make ws2_32.lib the last library (must occur after definition of PORTNAME)
ifeq ($(PORTNAME),win32)
a65 1

@


1.20
log
@Major pgcrypto changes:

of password-based encryption from RFC2440 (OpenPGP).

The goal of this code is to be more featureful encryption solution
than current encrypt(), which only functionality is running cipher
over data.

Compared to encrypt(), pgp_encrypt() does following:

* It uses the equvialent of random Inital Vector to get cipher
  into random state before it processes user data
* Stores SHA-1 of the data into result so any modification
  will be detected.
* Remembers if data was text or binary - thus it can decrypt
  to/from text data.  This was a major nuisance for encrypt().
* Stores info about used algorithms with result, so user needs
  not remember them - more user friendly!
* Uses String2Key algorithms (similar to crypt()) with random salt
  to generate full-length binary key to be used for encrypting.
* Uses standard format for data - you can feed it to GnuPG, if needed.

Optional features (off by default):

* Can use separate session key - user data will be encrypted
  with totally random key, which will be encrypted with S2K
  generated key and attached to result.
* Data compression with zlib.
* Can convert between CRLF<->LF line-endings - to get fully
  RFC2440-compliant behaviour.  This is off by default as
  pgcrypto does not know the line-endings of user data.

Interface is simple:


    pgp_encrypt(data text, key text) returns bytea
    pgp_decrypt(data text, key text) returns text
    pgp_encrypt_bytea(data bytea, key text) returns bytea
    pgp_decrypt_bytea(data bytea, key text) returns bytea

To change parameters (cipher, compression, mdc):

    pgp_encrypt(data text, key text, parms text) returns bytea
    pgp_decrypt(data text, key text, parms text) returns text
    pgp_encrypt_bytea(data bytea, key text, parms text) returns bytea
    pgp_decrypt_bytea(data bytea, key text, parms text) returns bytea

Parameter names I lifted from gpg:

   pgp_encrypt('message', 'key', 'compress-algo=1,cipher-algo=aes256')

For text data, pgp_encrypt simply encrypts the PostgreSQL internal data.

This maps to RFC2440 data type 't' - 'extenally specified encoding'.
But this may cause problems if data is dumped and reloaded into database
which as different internal encoding.  My next goal is to implement data
type 'u' - which means data is in UTF-8 encoding by converting internal
encoding to UTF-8 and back.  And there wont be any compatibility
problems with current code, I think its ok to submit this without UTF-8
encoding by converting internal encoding to UTF-8 and back.  And there
wont be any compatibility problems with current code, I think its ok to
submit this without UTF-8 support.


Here is v4 of PGP encrypt.  This depends on previously sent
Fortuna-patch, as it uses the px_add_entropy function.

- New function: pgp_key_id() for finding key id's.
- Add SHA1 of user data and key into RNG pools.  We need to get
  randomness from somewhere, and it is in user best interests
  to contribute.
- Regenerate pgp-armor test for SQL_ASCII database.
- Cleanup the key handling so that the pubkey support is less
  hackish.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.19 2005/07/10 03:55:28 momjian Exp $
d59 1
a59 1
SHLIB_LINK += $(filter -lcrypt -ldes -lcrypto -lssl, $(LIBS))
d61 1
a61 1
SHLIB_LINK += $(filter -leay32 -lssleay32, $(LIBS))
@


1.19
log
@- Add Fortuna PRNG to pgcrypto.
- Move openssl random provider to openssl.c and builtin provider
  to internal.c
- Make px_random_bytes use Fortuna, instead of giving error.
- Retarget random.c to aquiring system randomness, for initial seeding
  of Fortuna.  There is ATM 2 functions for Windows,
  reader from /dev/urandom and the regular time()/getpid() silliness.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.18 2005/07/10 03:52:56 momjian Exp $
d6 1
a6 1
		fortuna.c random.c
d9 1
a9 1
OSSL_SRCS = openssl.c
d12 6
d20 3
a22 1
CF_CFLAGS =
d28 5
a32 1
		crypt-md5.c $(CF_SRCS)
d42 2
a43 1
	crypt-des crypt-md5 crypt-blowfish crypt-xdes
@


1.18
log
@This patch adds implementation of SHA2 to pgcrypto.
New hashes: SHA256, SHA384, SHA512.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.17 2005/07/06 16:14:42 tgl Exp $
d5 2
a6 5
# if you don't have OpenSSL, you can use libc random() or /dev/urandom
INT_CFLAGS = -DRAND_SILLY
#INT_CFLAGS = -DRAND_DEV=\"/dev/urandom\"

INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c
a8 1
OSSL_CFLAGS = -DRAND_OPENSSL
d14 1
a14 1
CF_CFLAGS = $(if $(subst no,,$(with_openssl)), $(OSSL_CFLAGS), $(INT_CFLAGS))
d18 1
a18 1
SRCS		= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c random.c \
@


1.17
log
@Fix incorrect PG_CPPFLAGS initialization, per Marko.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.16 2005/07/05 23:18:44 tgl Exp $
d9 2
a10 1
INT_SRCS = md5.c sha1.c internal.c blf.c rijndael.c
d17 1
a17 1
CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS))
@


1.16
log
@Dept of second thoughts: don't expose rijndael.tbl: rijndael.c dependency
to make.  We ship the table file in the tarball and so this dependency
just opens file timestamp skew problems without doing anything useful.
(Not that it should hurt, either ... except for cross-compile builds.)
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.15 2005/07/05 23:13:57 tgl Exp $
d19 1
a19 1
PG_CPPFLAGS	:= $(CF_CFLAGS) -I$(srcdir) $(PG_CPPFLAGS)
@


1.15
log
@Fix contrib/pgcrypto to autoconfigure for OpenSSL when --with-openssl
is used in the toplevel configure.  Per Marko Kreen.
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.14 2005/03/21 05:24:51 neilc Exp $
d62 1
a62 1
rijndael.tbl: rijndael.c
@


1.14
log
@pgcrypto update:

* test error handling
* add tests for des, 3des, cast5
* add some tests to blowfish, rijndael
* Makefile: ability to specify different tests for different crypto
  libraries, so we can skip des, 3des and cast5 for builtin.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.13 2005/03/21 05:17:16 neilc Exp $
d5 3
a7 2
# either 'builtin', 'openssl'
cryptolib = builtin
d9 1
a9 2
# either 'builtin', 'system'
cryptsrc = builtin
d11 3
a13 20
# Random source, preferred order:
# 'dev'      - read from random device
#
# 'openssl'  - use openssl PRNG.
#              Note that currently pgcrypto does not do any
#              entropy feeding to it
#              This works ofcouse only with cryptolib = openssl
#
# 'silly'    - use libc random() - very weak
random = silly
random_dev = \"/dev/urandom\"

##########################

ifeq ($(cryptolib), builtin)
CRYPTO_CFLAGS =
CRYPTO_LDFLAGS =
SRCS = md5.c sha1.c internal.c blf.c rijndael.c
EXTRA_TESTS = 
endif
d15 3
a17 6
ifeq ($(cryptolib), openssl)
CRYPTO_CFLAGS = -I/usr/include/openssl
CRYPTO_LDFLAGS = -lcrypto
SRCS = openssl.c
EXTRA_TESTS = des 3des cast5
endif
d19 1
a19 5
ifeq ($(cryptsrc), builtin)
SRCS += crypt-blowfish.c crypt-des.c crypt-md5.c 
else
CRYPTO_CFLAGS += -DPX_SYSTEM_CRYPT
endif
d21 3
a23 12
ifeq ($(random), dev)
CRYPTO_CFLAGS += -DRAND_DEV=$(random_dev)
endif
ifeq ($(random), openssl)
CRYPTO_CFLAGS += -DRAND_OPENSSL
endif
ifeq ($(random), silly)
CRYPTO_CFLAGS += -DRAND_SILLY
endif

SRCS		+= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c \
			crypt-gensalt.c random.c
a30 3
PG_CPPFLAGS	= $(CRYPTO_CFLAGS) -I$(srcdir) 
SHLIB_LINK 	= $(CRYPTO_LDFLAGS)

d32 2
a33 2
		$(EXTRA_TESTS) \
		crypt-des crypt-md5 crypt-blowfish crypt-xdes 
d46 8
d62 1
a62 1
rijndael.tbl:
@


1.13
log
@Remove support for libmhash/libmcrypt.

libmcrypt seems to dead, maintainer address bounces,
and cast-128 fails on 2 of the 3 test vectors from RFC2144.

So I see no reason to keep around stuff I don't trust
anymore.

Support for several crypto libraries is probably only
confusing to users, although it was good for initial
developing - it helped to find hidden assumptions and
forced me to create regression tests for all functionality.

Marko Kreen
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.12 2004/09/14 03:39:48 tgl Exp $
d29 1
d36 1
d68 1
@


1.12
log
@Win32 compile fixes for pgbench, pgcrypto, and tsearch.
Claudio Natoli
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql-server/contrib/pgcrypto/Makefile,v 1.11 2004/08/20 20:13:06 momjian Exp $
d5 1
a5 1
# either 'builtin', 'mhash', 'openssl'
a36 6
ifeq ($(cryptolib), mhash)
CRYPTO_CFLAGS = -I/usr/local/include
CRYPTO_LDFLAGS = -L/usr/local/lib -lmcrypt -lmhash -lltdl
SRCS = mhash.c
endif

@


1.11
log
@> Please find enclose a submission to fix these problems.
>
> The patch adds missing the "libpgport.a" file to the installation under
> "install-all-headers". It is needed by some contribs. I install the
> library in "pkglibdir", but I was wondering whether it should be "libdir"?
> I was wondering also whether it would make sense to have a "libpgport.so"?
>
> It fixes various macros which are used by contrib makefiles, especially
> libpq_*dir and LDFLAGS when used under PGXS. It seems to me that they are
> needed to
>
> It adds the ability to test and use PGXS with contribs, with "make
> USE_PGXS=1". Without the macro, this is exactly as before, there should be
> no difference, esp. wrt the vpath feature that seemed broken by previous
> submission. So it should not harm anybody, and it is useful at least to me.
>
> It fixes some inconsistencies in various contrib makefiles
> (useless override, ":=" instead of "=").

Fabien COELHO
@
text
@d2 1
a2 1
# $PostgreSQL: pgsql-server/contrib/pgcrypto/Makefile,v 1.10 2003/11/29 19:51:35 pgsql Exp $
d85 5
@


1.10
log
@
$Header: -> $PostgreSQL Changes ...
@
text
@d2 1
a2 1
# $PostgreSQL: /cvsroot/pgsql-server/contrib/pgcrypto/Makefile,v 1.9 2001/09/30 22:18:29 momjian Exp $
a4 4
subdir = contrib/pgcrypto
top_builddir = ../..
include $(top_builddir)/src/Makefile.global

a58 1
MODULE_big	:= pgcrypto
a60 4
OBJS		:= $(SRCS:.c=.o)
DOCS		:= README.pgcrypto
DATA_built	:= pgcrypto.sql
EXTRA_CLEAN	:= gen-rtab
d62 5
a66 2
PG_CPPFLAGS	:= $(CRYPTO_CFLAGS) -I$(srcdir) 
SHLIB_LINK 	:= $(CRYPTO_LDFLAGS)
d68 4
a71 1
REGRESS := init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
d74 8
d83 2
a90 1

@


1.9
log
@* regression tests
* minor doc updates

Marko Kreen
@
text
@d2 1
a2 1
# $Header: /cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.8 2001/09/29 03:11:58 momjian Exp $
@


1.8
log
@I noticed that the contrib Makefiles were reorganized.
Converted pgcrypto one too.

* Changed default randomness source to libc random()
  That way pgcrypto does not have any external dependencies
  and should work everywhere.
* Re-enabled pgcrypto build in contrib/makefile
* contrib/README update - there is more stuff than
  only 'hash functions'
* Noted the libc random fact in README.pgcrypto


Marko Kreen
@
text
@d2 1
a2 1
# $Header: /cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.7 2001/09/23 04:12:44 momjian Exp $
d73 3
@


1.7
log
@Big thanks to Solar Designer who pointed out a bug in bcrypt
salt generation code.  He also urged using better random source
and making possible to choose using bcrypt and xdes rounds more
easily.  So, here's patch:

* For all salt generation, use Solar Designer's own code.  This
  is mostly due fact that his code is more fit for get_random_bytes()
  style interface.
* New function: gen_salt(type, rounds).  This lets specify iteration
  count for algorithm.
* random.c: px_get_random_bytes() function.
  Supported randomness soure: /dev/urandom, OpenSSL PRNG, libc random()
  Default: /dev/urandom.
* Draft description of C API for pgcrypto functions.

New files: API, crypt-gensalt.c, random.c

Marko Kreen
@
text
@d2 1
a2 1
# $Header: /cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.6 2001/09/16 16:11:09 petere Exp $
d24 1
a24 1
random = dev
d63 7
a69 11
NAME	:= pgcrypto
SRCS	+= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c \
		crypt-gensalt.c random.c
OBJS	:= $(SRCS:.c=.o)
SHLIB_LINK := $(CRYPTO_LDFLAGS)
SO_MAJOR_VERSION = 0
SO_MINOR_VERSION = 1

override CPPFLAGS	+= $(CRYPTO_CFLAGS) -I$(srcdir) 
override DLLLIBS := $(BE_DLLLIBS) $(DLLLIBS)
rpath :=
d71 2
a72 1
all: all-lib $(NAME).sql
d74 1
a74 4
include $(top_srcdir)/src/Makefile.shlib

$(NAME).sql: $(NAME).sql.in
	sed 's,@@MODULE_FILENAME@@,$$libdir/$(NAME),g' $< >$@@
a81 13
install: all installdirs
	$(INSTALL_SHLIB) $(shlib)	$(DESTDIR)$(pkglibdir)/pgcrypto$(DLSUFFIX)
	$(INSTALL_DATA) $(NAME).sql	$(DESTDIR)$(datadir)/contrib/$(NAME).sql
	$(INSTALL_DATA) README.$(NAME)	$(DESTDIR)$(docdir)/contrib/README.$(NAME)

installdirs:
	$(mkinstalldirs) $(pkglibdir) $(datadir)/contrib $(docdir)/contrib

uninstall: uninstall-lib
	rm -f $(DESTDIR)$(pkglibdir)/pgcrypto$(DLSUFFIX) $(datadir)/contrib/$(NAME).sql $(docdir)/contrib/README.$(NAME)

clean distclean maintainer-clean: clean-lib
	rm -f $(OBJS) $(NAME).sql gen-rtab
@


1.6
log
@Install dynamically loadable modules into a private subdirectory
under libdir, for a cleaner separation in the installation layout
and compatibility with binary packaging standards.  Point backend's
default search location there.  The contrib modules are also
installed in the said location, giving them the benefit of the
default search path as well.  No changes in user interface
nevertheless.
@
text
@d2 1
a2 1
# $Header: /home/projects/pgsql/cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.5 2001/08/21 00:42:41 momjian Exp $
d15 12
d53 10
d64 2
a65 1
SRCS	+= pgcrypto.c px.c px-hmac.c px-crypt.c misc.c
@


1.5
log
@/contrib/pgcrypto:

* remove support for encode() as it is in main tree now
* remove krb5.c
* new 'PX library' architecture
* remove BSD license from my code to let the general
  PostgreSQL one to apply
* md5, sha1: ANSIfy, use const where appropriate
* various other formatting and clarity changes
* hmac()
* UN*X-like crypt() - system or internal crypt
* Internal crypt: DES, Extended DES, MD5, Blowfish
  crypt-des.c, crypt-md5.c from FreeBSD
  crypt-blowfish.c from Solar Designer
* gen_salt() for crypt() -  Blowfish, MD5, DES, Extended DES
* encrypt(), decrypt(), encrypt_iv(), decrypt_iv()
* Cipher support in mhash.c, openssl.c
* internal: Blowfish, Rijndael-128 ciphers
* blf.[ch], rijndael.[ch] from OpenBSD
* there will be generated file rijndael-tbl.inc.

Marko Kreen
@
text
@d2 1
a2 1
# $Header$
d50 1
d57 1
a57 1
	sed 's,@@MODULE_FILENAME@@,$(libdir)/contrib/pgcrypto$(DLSUFFIX),g' $< >$@@
d66 1
a66 1
	$(INSTALL_SHLIB) $(shlib)	$(DESTDIR)$(libdir)/contrib/pgcrypto$(DLSUFFIX)
d71 1
a71 1
	$(mkinstalldirs) $(libdir)/contrib $(datadir)/contrib $(docdir)/contrib
d74 1
a74 1
	rm -f $(DESTDIR)$(libdir)/contrib/pgcrypto$(DLSUFFIX) $(datadir)/contrib/$(NAME).sql $(docdir)/contrib/README.$(NAME)
@


1.4
log
@The attached patch enables the contrib subtree to build cleanly under
Cygwin with the possible exception of mSQL-interface.  Since I don't
have mSQL installed, I skipped this tool.

Except for dealing with a missing getopt.h (oid2name) and HUGE (seg),
the bulk of the patch uses the standard PostgreSQL approach to deal with
Windows DLL issues.

I tested the build aspect of this patch under Cygwin and Linux without
any ill affects.  Note that I did not actually attempt to test the code
for functionality.

The procedure to apply the patch is as follows:

    $ # save the attachment as /tmp/contrib.patch
    $ # change directory to the top of the PostgreSQL source tree
    $ patch -p0 </tmp/contrib.patch

Jason
@
text
@d2 1
a2 1
# $Header: /home/projects/pgsql/cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.3 2001/02/20 15:34:14 momjian Exp $
d9 1
a9 1
# either 'builtin', 'mhash', 'openssl', 'krb5'
d12 3
d20 1
a20 1
SRCS = md5.c sha1.c internal.c
d31 1
a31 1
CRYPTO_LDFLAGS = -L/usr/local/lib -lmhash
d35 4
a38 4
ifeq ($(cryptolib), krb5)
CRYPTO_CFLAGS = -I/usr/include
CRYPTO_LDFLAGS = -ldes
SRCS = krb.c
d42 1
a42 1
SRCS	+= pgcrypto.c encode.c
d58 6
d76 1
a76 1
	rm -f $(OBJS) $(NAME).sql
@


1.3
log
@Changes:

* reverse the change #include <> -> "" in krb.c.
  It _must not_ include files in "."
* Makefile update.  Inconsistent var usage and SHLIB was
  not set.

Now it should work with all external libs.

arko Kreen
@
text
@d2 1
a2 1
# $Header: /home/projects/pgsql/cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.2 2001/01/24 03:46:16 momjian Exp $
d46 1
@


1.2
log
@I would like to do a interface change in pgcrypto.  (Good
timing, I know :))  At the moment the digest() function returns
hexadecimal coded hash, but I want it to return pure binary.  I
have also included functions encode() and decode() which support
'base64' and 'hex' encodings, so if anyone needs digest() in hex
he can do encode(digest(...), 'hex').

Main reason for it is "to do one thing and do it well" :)

Another reason is if someone needs really lot of digesting, in
the end he wants to store the binary not the hexadecimal result.
It is really silly to convert it to hex then back to binary
again.  As I said if someone needs hex he can get it.

Well, and the real reason that I am doing encrypt()/decrypt()
functions and _they_ return binary.  For testing I like to see
it in hex occasionally, but it is really wrong to let them
return hex.  Only now it caught my eye that hex-coding in
digest() is wrong.  When doing digest() I thought about 'common
case' but hacking with psql is probably _not_ the common case :)

Marko Kreen
@
text
@d2 1
a2 1
# $Header: /home/projects/pgsql/cvsroot/pgsql/contrib/pgcrypto/Makefile,v 1.1 2000/10/31 13:11:28 petere Exp $
d15 3
a17 1
SRCS= md5.c sha1.c internal.c
d21 2
a22 2
cryptoinc := -I/usr/include/openssl
cryptolib := -lcrypto
d27 3
a29 3
cryptoinc=
cryptolib=-lmhash
SRCS=mhash.c
d33 3
a35 3
cryptoinc=-I/usr/include
cryptolib=-ldes
SRCS=krb.c
d41 1
d45 1
a45 1
override CPPFLAGS	+= -I$(srcdir) $(cryptoinc)
@


1.1
log
@Hashing functions from Marko Kreen <marko@@l-t.ee>
@
text
@d2 1
a2 1
# $Header$
d37 1
a37 1
SRCS	+= pgcrypto.c
@
