On 5/9/06, Joe Kramer <cckramer@xxxxxxxxx> wrote:
On 5/9/06, Marko Kreen <markokr@xxxxxxxxx> wrote:
> The fact that Fedora pgcrypto is linked with OpenSSL that does not
> support SHA256 is not a bug, just a fact.
It's not Fedora only, same problem with Gentoo/portage.
I think it's problem for all distros. You need recompile pgcrypto or install
openssl 0.9.8 which is considered as "unstable" by most distros.
Maybe pgcrypto should use built-in algorithms until OpenSSL 0.9.8 is
mainstream/default install.
To be honest, pgcrypto actually falls back on built-in code for AES,
in case old OpenSSL that does not have AES. Thats because AES
should be "always there", together with md5/sha1/blowfish.
I do not consider SHA2 that important (yet?), so they don't
get same treatment.
> OTOH, the nicest solution to your problem would be self-compiled
> pgcrypto, that would work with stock PostgreSQL. As the conflict
> happens with only (new) SHA2 functions, I can prepare a patch for
> symbol conflict, would that be satisfactory for you?
Ideally, would be great if pgcrypto could fallback to built-in algorithm of
OpenSSL don't support it.
But since it's compile switch, completely seld-compiled pgcrypto would be
great.
Attached is a patch that re-defines SHA2 symbols so that they would not
conflict with OpenSSL.
Now that I think about it, if your OpenSSL does not contain SHA2, then
there should be no conflict. But ofcourse, if someone upgrades OpenSSL,
server starts crashing. So I think its best to always apply this patch.
I think I'll send the patch to 8.2 later, not sure if it's important
enough for 8.1.
--
marko
Index: contrib/pgcrypto/sha2.c
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/sha2.c,v
retrieving revision 1.5
diff -u -c -r1.5 sha2.c
*** contrib/pgcrypto/sha2.c 15 Oct 2005 02:49:06 -0000 1.5
--- contrib/pgcrypto/sha2.c 9 May 2006 14:09:12 -0000
***************
*** 163,171 ****
* library -- they are intended for private internal visibility/use
* only.
*/
! void SHA512_Last(SHA512_CTX *);
! void SHA256_Transform(SHA256_CTX *, const uint8 *);
! void SHA512_Transform(SHA512_CTX *, const uint8 *);
/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
--- 163,171 ----
* library -- they are intended for private internal visibility/use
* only.
*/
! static void SHA512_Last(SHA512_CTX *);
! static void SHA256_Transform(SHA256_CTX *, const uint8 *);
! static void SHA512_Transform(SHA512_CTX *, const uint8 *);
/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
***************
*** 307,313 ****
j++; \
} while(0)
! void
SHA256_Transform(SHA256_CTX * context, const uint8 *data)
{
uint32 a,
--- 307,313 ----
j++; \
} while(0)
! static void
SHA256_Transform(SHA256_CTX * context, const uint8 *data)
{
uint32 a,
***************
*** 378,384 ****
}
#else /* SHA2_UNROLL_TRANSFORM */
! void
SHA256_Transform(SHA256_CTX * context, const uint8 *data)
{
uint32 a,
--- 378,384 ----
}
#else /* SHA2_UNROLL_TRANSFORM */
! static void
SHA256_Transform(SHA256_CTX * context, const uint8 *data)
{
uint32 a,
***************
*** 631,637 ****
j++; \
} while(0)
! void
SHA512_Transform(SHA512_CTX * context, const uint8 *data)
{
uint64 a,
--- 631,637 ----
j++; \
} while(0)
! static void
SHA512_Transform(SHA512_CTX * context, const uint8 *data)
{
uint64 a,
***************
*** 699,705 ****
}
#else /* SHA2_UNROLL_TRANSFORM */
! void
SHA512_Transform(SHA512_CTX * context, const uint8 *data)
{
uint64 a,
--- 699,705 ----
}
#else /* SHA2_UNROLL_TRANSFORM */
! static void
SHA512_Transform(SHA512_CTX * context, const uint8 *data)
{
uint64 a,
***************
*** 842,848 ****
usedspace = freespace = 0;
}
! void
SHA512_Last(SHA512_CTX * context)
{
unsigned int usedspace;
--- 842,848 ----
usedspace = freespace = 0;
}
! static void
SHA512_Last(SHA512_CTX * context)
{
unsigned int usedspace;
Index: contrib/pgcrypto/sha2.h
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/sha2.h,v
retrieving revision 1.2
diff -u -c -r1.2 sha2.h
*** contrib/pgcrypto/sha2.h 15 Oct 2005 02:49:06 -0000 1.2
--- contrib/pgcrypto/sha2.h 9 May 2006 11:43:13 -0000
***************
*** 38,43 ****
--- 38,53 ----
#ifndef _SHA2_H
#define _SHA2_H
+ /* avoid conflict with OpenSSL */
+ #define SHA256_Init pg_SHA256_Init
+ #define SHA256_Update pg_SHA256_Update
+ #define SHA256_Final pg_SHA256_Final
+ #define SHA384_Init pg_SHA384_Init
+ #define SHA384_Update pg_SHA384_Update
+ #define SHA384_Final pg_SHA384_Final
+ #define SHA512_Init pg_SHA512_Init
+ #define SHA512_Update pg_SHA512_Update
+ #define SHA512_Final pg_SHA512_Final
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
