o pgp_mpi_free: Accept NULLs
o pgp_mpi_cksum: result should be 16bit
o Remove function name from error messages - to be similar to other
SQL functions, and it does not match anyway the called function
o remove couple junk lines
Index: pgsql/contrib/pgcrypto/pgp-mpi.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-mpi.c
--- pgsql/contrib/pgcrypto/pgp-mpi.c
*************** int pgp_mpi_create(uint8 *data, int bits
*** 66,71 ****
--- 66,73 ----
int pgp_mpi_free(PGP_MPI *mpi)
{
+ if (mpi == NULL)
+ return 0;
memset(mpi, 0, sizeof(*mpi) + mpi->bytes);
px_free(mpi);
return 0;
*************** unsigned pgp_mpi_cksum(unsigned cksum, P
*** 129,134 ****
for (i = 0; i < n->bytes; i++)
cksum += n->data[i];
! return cksum;
}
--- 131,136 ----
for (i = 0; i < n->bytes; i++)
cksum += n->data[i];
! return cksum & 0xFFFF;
}
Index: pgsql/contrib/pgcrypto/pgp-pubkey.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-pubkey.c
--- pgsql/contrib/pgcrypto/pgp-pubkey.c
***************
*** 34,41 ****
#include "mbuf.h"
#include "pgp.h"
- #define PXE_PGP_BAD_KEY -90
-
int pgp_key_alloc(PGP_PubKey **pk_p)
{
PGP_PubKey *pk;
--- 34,39 ----
Index: pgsql/contrib/pgcrypto/pgp-pgsql.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-pgsql.c
--- pgsql/contrib/pgcrypto/pgp-pgsql.c
*************** encrypt_internal(int is_pubenc, int is_t
*** 496,502 ****
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("pgp_encrypt error: %s",
px_strerror(err))));
}
/* res_len includes VARHDRSZ */
--- 496,502 ----
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("%s", px_strerror(err))));
}
/* res_len includes VARHDRSZ */
*************** out:
*** 591,597 ****
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("pgp_decrypt error: %s",
px_strerror(err))));
}
res_len = mbuf_steal_data(dst, &restmp);
--- 591,597 ----
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("%s", px_strerror(err))));
}
res_len = mbuf_steal_data(dst, &restmp);
*************** pg_dearmor(PG_FUNCTION_ARGS)
*** 879,885 ****
if (res_len < 0)
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("dearmor: %s", px_strerror(res_len))));
if (res_len > guess_len)
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
--- 879,885 ----
if (res_len < 0)
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
! errmsg("%s", px_strerror(res_len))));
if (res_len > guess_len)
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
*************** pgp_key_id_w(PG_FUNCTION_ARGS)
*** 909,917 ****
buf = create_mbuf_from_vardata(data);
res = palloc(VARHDRSZ + 17);
- px_set_debug_handler(show_debug);
res_len = pgp_get_keyid(buf, VARDATA(res));
- px_set_debug_handler(NULL);
mbuf_free(buf);
if (res_len < 0)
ereport(ERROR,
--- 909,915 ----
Index: pgsql/contrib/pgcrypto/px.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/px.c
--- pgsql/contrib/pgcrypto/px.c
*************** static const struct error_desc px_err_li
*** 72,85 ****
{PXE_PGP_SHORT_ELGAMAL_KEY, "Elgamal keys must be at least 1024 bits
long"},
{PXE_PGP_RSA_UNSUPPORTED, "pgcrypto does not support RSA keys"},
{PXE_PGP_UNKNOWN_PUBALGO, "Unknown public-key encryption algorithm"},
! {PXE_PGP_WRONG_KEYID, "Data is not encrypted with this key"},
{PXE_PGP_MULTIPLE_KEYS,
"Several keys given - pgcrypto does not handle keyring"},
{PXE_PGP_EXPECT_PUBLIC_KEY, "Refusing to encrypt with secret key"},
{PXE_PGP_EXPECT_SECRET_KEY, "Cannot decrypt with public key"},
{PXE_PGP_NOT_V4_KEYPKT, "Only V4 key packets are supported"},
{PXE_PGP_KEYPKT_CORRUPT, "Corrupt key packet"},
! {PXE_PGP_NO_USABLE_KEY, "No usable key found (expecting Elgamal key)"},
{PXE_PGP_NEED_SECRET_PSW, "Need password for secret key"},
{PXE_PGP_BAD_S2K_MODE, "Bad S2K mode"},
{PXE_PGP_UNSUPPORTED_PUBALGO, "Unsupported public key algorithm"},
--- 72,85 ----
{PXE_PGP_SHORT_ELGAMAL_KEY, "Elgamal keys must be at least 1024 bits
long"},
{PXE_PGP_RSA_UNSUPPORTED, "pgcrypto does not support RSA keys"},
{PXE_PGP_UNKNOWN_PUBALGO, "Unknown public-key encryption algorithm"},
! {PXE_PGP_WRONG_KEY, "Wrong key"},
{PXE_PGP_MULTIPLE_KEYS,
"Several keys given - pgcrypto does not handle keyring"},
{PXE_PGP_EXPECT_PUBLIC_KEY, "Refusing to encrypt with secret key"},
{PXE_PGP_EXPECT_SECRET_KEY, "Cannot decrypt with public key"},
{PXE_PGP_NOT_V4_KEYPKT, "Only V4 key packets are supported"},
{PXE_PGP_KEYPKT_CORRUPT, "Corrupt key packet"},
! {PXE_PGP_NO_USABLE_KEY, "No encryption key found"},
{PXE_PGP_NEED_SECRET_PSW, "Need password for secret key"},
{PXE_PGP_BAD_S2K_MODE, "Bad S2K mode"},
{PXE_PGP_UNSUPPORTED_PUBALGO, "Unsupported public key algorithm"},
Index: pgsql/contrib/pgcrypto/px.h
===================================================================
*** pgsql.orig/contrib/pgcrypto/px.h
--- pgsql/contrib/pgcrypto/px.h
*************** void px_free(void *p);
*** 101,107 ****
#define PXE_PGP_SHORT_ELGAMAL_KEY -110
#define PXE_PGP_RSA_UNSUPPORTED -111
#define PXE_PGP_UNKNOWN_PUBALGO -112
! #define PXE_PGP_WRONG_KEYID -113
#define PXE_PGP_MULTIPLE_KEYS -114
#define PXE_PGP_EXPECT_PUBLIC_KEY -115
#define PXE_PGP_EXPECT_SECRET_KEY -116
--- 101,107 ----
#define PXE_PGP_SHORT_ELGAMAL_KEY -110
#define PXE_PGP_RSA_UNSUPPORTED -111
#define PXE_PGP_UNKNOWN_PUBALGO -112
! #define PXE_PGP_WRONG_KEY -113
#define PXE_PGP_MULTIPLE_KEYS -114
#define PXE_PGP_EXPECT_PUBLIC_KEY -115
#define PXE_PGP_EXPECT_SECRET_KEY -116
Index: pgsql/contrib/pgcrypto/expected/pgp-armor.out
===================================================================
*** pgsql.orig/contrib/pgcrypto/expected/pgp-armor.out
--- pgsql/contrib/pgcrypto/expected/pgp-armor.out
*************** em9va2E=
*** 99,102 ****
=ZZZZ
-----END PGP MESSAGE-----
');
! ERROR: dearmor: Corrupt ascii-armor
--- 99,102 ----
=ZZZZ
-----END PGP MESSAGE-----
');
! ERROR: Corrupt ascii-armor
Index: pgsql/contrib/pgcrypto/expected/pgp-encrypt.out
===================================================================
*** pgsql.orig/contrib/pgcrypto/expected/pgp-encrypt.out
--- pgsql/contrib/pgcrypto/expected/pgp-encrypt.out
*************** NOTICE: pgp_decrypt: unexpected compres
*** 43,49 ****
-- bytea as text
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: pgp_decrypt error: Not text data
-- text as bytea
select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
pgp_sym_decrypt_bytea
--- 43,49 ----
-- bytea as text
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: Not text data
-- text as bytea
select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
pgp_sym_decrypt_bytea
Index: pgsql/contrib/pgcrypto/expected/pgp-info.out
===================================================================
*** pgsql.orig/contrib/pgcrypto/expected/pgp-info.out
--- pgsql/contrib/pgcrypto/expected/pgp-info.out
*************** select pgp_key_id(dearmor(pubkey)) from
*** 21,27 ****
(1 row)
select pgp_key_id(dearmor(pubkey)) from keytbl where id=4; -- should fail
! ERROR: No usable key found (expecting Elgamal key)
select pgp_key_id(dearmor(pubkey)) from keytbl where id=5;
pgp_key_id
------------------
--- 21,27 ----
(1 row)
select pgp_key_id(dearmor(pubkey)) from keytbl where id=4; -- should fail
! ERROR: No encryption key found
select pgp_key_id(dearmor(pubkey)) from keytbl where id=5;
pgp_key_id
------------------
*************** select pgp_key_id(dearmor(seckey)) from
*** 47,53 ****
(1 row)
select pgp_key_id(dearmor(seckey)) from keytbl where id=4; -- should fail
! ERROR: No usable key found (expecting Elgamal key)
select pgp_key_id(dearmor(seckey)) from keytbl where id=5;
pgp_key_id
------------------
--- 47,53 ----
(1 row)
select pgp_key_id(dearmor(seckey)) from keytbl where id=4; -- should fail
! ERROR: No encryption key found
select pgp_key_id(dearmor(seckey)) from keytbl where id=5;
pgp_key_id
------------------
Index: pgsql/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
===================================================================
*** pgsql.orig/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
--- pgsql/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
*************** from keytbl, encdata where keytbl.id=3 a
*** 418,436 ****
-- wrong key
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=2 and encdata.id=1;
! ERROR: pgp_decrypt error: Data is not encrypted with this key
-- sign-only key
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=4 and encdata.id=1;
! ERROR: pgp_decrypt error: No usable key found (expecting Elgamal key)
-- password-protected secret key, no password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
! ERROR: pgp_decrypt error: Need password for secret key
-- password-protected secret key, wrong password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'foo')
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
! ERROR: pgp_decrypt error: Corrupt data
-- password-protected secret key, right password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'parool')
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
--- 418,436 ----
-- wrong key
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=2 and encdata.id=1;
! ERROR: Wrong key
-- sign-only key
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=4 and encdata.id=1;
! ERROR: No encryption key found
-- password-protected secret key, no password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
! ERROR: Need password for secret key
-- password-protected secret key, wrong password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'foo')
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
! ERROR: Corrupt data
-- password-protected secret key, right password
select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'parool')
from keytbl, encdata where keytbl.id=5 and encdata.id=1;
Index: pgsql/contrib/pgcrypto/expected/pgp-pubkey-encrypt.out
===================================================================
*** pgsql.orig/contrib/pgcrypto/expected/pgp-pubkey-encrypt.out
--- pgsql/contrib/pgcrypto/expected/pgp-pubkey-encrypt.out
*************** select pgp_pub_decrypt(
*** 34,46 ****
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=4;
! ERROR: pgp_encrypt error: No usable key found (expecting Elgamal key)
-- try with secret key
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(seckey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
! ERROR: pgp_encrypt error: Refusing to encrypt with secret key
-- does text-to-bytea works
select pgp_pub_decrypt_bytea(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
--- 34,46 ----
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=4;
! ERROR: No encryption key found
-- try with secret key
select pgp_pub_decrypt(
pgp_pub_encrypt('Secret msg', dearmor(seckey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
! ERROR: Refusing to encrypt with secret key
-- does text-to-bytea works
select pgp_pub_decrypt_bytea(
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
*************** select pgp_pub_decrypt(
*** 56,59 ****
pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
! ERROR: pgp_decrypt error: Not text data
--- 56,59 ----
pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
dearmor(seckey))
from keytbl where keytbl.id=1;
! ERROR: Not text data
Index: pgsql/contrib/pgcrypto/pgp-pubdec.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-pubdec.c
--- pgsql/contrib/pgcrypto/pgp-pubdec.c
*************** control_cksum(uint8 *msg, int msglen)
*** 77,83 ****
unsigned my_cksum, got_cksum;
if (msglen < 3)
! return PXE_PGP_CORRUPT_DATA;
my_cksum = 0;
for (i = 1; i < msglen - 2; i++)
--- 77,83 ----
unsigned my_cksum, got_cksum;
if (msglen < 3)
! return PXE_PGP_WRONG_KEY;
my_cksum = 0;
for (i = 1; i < msglen - 2; i++)
*************** control_cksum(uint8 *msg, int msglen)
*** 86,92 ****
got_cksum = ((unsigned)(msg[msglen-2]) << 8) + msg[msglen-1];
if (my_cksum != got_cksum) {
px_debug("pubenc cksum failed");
! return PXE_PGP_CORRUPT_DATA;
}
return 0;
}
--- 86,92 ----
got_cksum = ((unsigned)(msg[msglen-2]) << 8) + msg[msglen-1];
if (my_cksum != got_cksum) {
px_debug("pubenc cksum failed");
! return PXE_PGP_WRONG_KEY;
}
return 0;
}
*************** pgp_parse_pubenc_sesskey(PGP_Context *ct
*** 134,140 ****
&& memcmp(key_id, pk->key_id, 8) != 0)
{
px_debug("key_id's does not match");
! return PXE_PGP_WRONG_KEYID;
}
GETBYTE(pkt, algo);
--- 134,140 ----
&& memcmp(key_id, pk->key_id, 8) != 0)
{
px_debug("key_id's does not match");
! return PXE_PGP_WRONG_KEY;
}
GETBYTE(pkt, algo);
*************** pgp_parse_pubenc_sesskey(PGP_Context *ct
*** 170,176 ****
msg = check_eme_pkcs1_v15(m->data, m->bytes);
if (msg == NULL) {
px_debug("check_eme_pkcs1_v15 failed");
! return PXE_PGP_CORRUPT_DATA;
}
msglen = m->bytes - (msg - m->data);
--- 170,176 ----
msg = check_eme_pkcs1_v15(m->data, m->bytes);
if (msg == NULL) {
px_debug("check_eme_pkcs1_v15 failed");
! return PXE_PGP_WRONG_KEY;
}
msglen = m->bytes - (msg - m->data);
--
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
