Introduce SHA1 implementations in the cryptohash infrastructure

With this commit, SHA1 goes through the implementation provided by OpenSSL via EVP when building the backend with it, and uses as fallback implementation KAME which was located in pgcrypto and already shaped for an integration with a set of init, update and final routines. Structures and routines have been renamed to make things consistent with the fallback implementations of MD5 and SHA2. uuid-ossp has used for ages a shortcut with pgcrypto to fetch a copy of SHA1 if needed. This was built depending on the build options within ./configure, so this cleans up some code and removes the build dependency between pgcrypto and uuid-ossp. Note that this will help with the refactoring of HMAC, as pgcrypto offers the option to use MD5, SHA1 or SHA2, so only the second option was missing to make that possible. Author: Michael Paquier Reviewed-by: Heikki Linnakangas Discussion: https://postgr.es/m/X9HXKTgrvJvYO7Oh@paquier.xyz

Introduce SHA1 implementations in the cryptohash infrastructure
With this commit, SHA1 goes through the implementation provided by OpenSSL via EVP when building the backend with it, and uses as fallback implementation KAME which was located in pgcrypto and already shaped for an integration with a set of init, update and final routines. Structures and routines have been renamed to make things consistent with the fallback implementations of MD5 and SHA2. uuid-ossp has used for ages a shortcut with pgcrypto to fetch a copy of SHA1 if needed. This was built depending on the build options within ./configure, so this cleans up some code and removes the build dependency between pgcrypto and uuid-ossp. Note that this will help with the refactoring of HMAC, as pgcrypto offers the option to use MD5, SHA1 or SHA2, so only the second option was missing to make that possible. Author: Michael Paquier Reviewed-by: Heikki Linnakangas Discussion: https://postgr.es/m/X9HXKTgrvJvYO7Oh@paquier.xyz
a8ed6bb8 · Michael Paquier · 3fc81ce4 · a8ed6bb8 · a8ed6bb8 · a8ed6bb8
Commit a8ed6bb8 authored Jan 23, 2021 by Michael Paquier
17 changed files
--- a/configure
+++ b/configure
@@ -705,7 +705,6 @@ XML2_LIBS
 XML2_CFLAGS
 XML2_CONFIG
 with_libxml
-UUID_EXTRA_OBJS
 with_uuid
 with_readline
 with_systemd
@@ -8303,30 +8302,26 @@ if test "$with_ossp_uuid" = yes ; then
  with_uuid=ossp
 fi
-if test "$with_uuid" = bsd ; then
+if test "$with_uuid" != no ; then
+  if test "$with_uuid" = bsd ; then
 $as_echo "#define HAVE_UUID_BSD 1" >>confdefs.h
-  UUID_EXTRA_OBJS="sha1.o"
+  elif test "$with_uuid" = e2fs ; then
-elif test "$with_uuid" = e2fs ; then
 $as_echo "#define HAVE_UUID_E2FS 1" >>confdefs.h
-  UUID_EXTRA_OBJS="sha1.o"
+  elif test "$with_uuid" = ossp ; then
-elif test "$with_uuid" = ossp ; then
 $as_echo "#define HAVE_UUID_OSSP 1" >>confdefs.h
-  UUID_EXTRA_OBJS=""
+  else
-elif test "$with_uuid" = no ; then
-  UUID_EXTRA_OBJS=""
-else
    as_fn_error $? "--with-uuid must specify one of bsd, e2fs, or ossp" "$LINENO" 5
+  fi
 fi
 #
 # XML
 #

--- a/configure.ac
+++ b/configure.ac
@@ -919,22 +919,18 @@ if test "$with_ossp_uuid" = yes ; then
  with_uuid=ossp
 fi
-if test "$with_uuid" = bsd ; then
+if test "$with_uuid" != no ; then
+  if test "$with_uuid" = bsd ; then
    AC_DEFINE([HAVE_UUID_BSD], 1, [Define to 1 if you have BSD UUID support.])
-  UUID_EXTRA_OBJS="sha1.o"
+  elif test "$with_uuid" = e2fs ; then
-elif test "$with_uuid" = e2fs ; then
    AC_DEFINE([HAVE_UUID_E2FS], 1, [Define to 1 if you have E2FS UUID support.])
-  UUID_EXTRA_OBJS="sha1.o"
+  elif test "$with_uuid" = ossp ; then
-elif test "$with_uuid" = ossp ; then
    AC_DEFINE([HAVE_UUID_OSSP], 1, [Define to 1 if you have OSSP UUID support.])
-  UUID_EXTRA_OBJS=""
+  else
-elif test "$with_uuid" = no ; then
-  UUID_EXTRA_OBJS=""
-else
    AC_MSG_ERROR([--with-uuid must specify one of bsd, e2fs, or ossp])
+  fi
 fi
 AC_SUBST(with_uuid)
-AC_SUBST(UUID_EXTRA_OBJS)
 #

--- a/contrib/pgcrypto/Makefile
+++ b/contrib/pgcrypto/Makefile
 # contrib/pgcrypto/Makefile
-INT_SRCS = sha1.c internal.c internal-sha2.c blf.c rijndael.c \
+INT_SRCS = internal.c internal-sha2.c blf.c rijndael.c \
 		pgp-mpi-internal.c imath.c
 INT_TESTS = sha2

--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -36,18 +36,10 @@
 #include "blf.h"
 #include "px.h"
 #include "rijndael.h"
-#include "sha1.h"
 #include "common/cryptohash.h"
 #include "common/md5.h"
+#include "common/sha1.h"
-#ifndef SHA1_DIGEST_LENGTH
-#ifdef SHA1_RESULTLEN
-#define SHA1_DIGEST_LENGTH SHA1_RESULTLEN
-#else
-#define SHA1_DIGEST_LENGTH 20
-#endif
-#endif
 #define SHA1_BLOCK_SIZE 64
 #define MD5_BLOCK_SIZE 64
@@ -144,34 +136,36 @@ int_sha1_block_len(PX_MD *h)
 static void
 int_sha1_update(PX_MD *h, const uint8 *data, unsigned dlen)
 {
-	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
+	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
-	SHA1Update(ctx, data, dlen);
+	if (pg_cryptohash_update(ctx, data, dlen) < 0)
+		elog(ERROR, "could not update %s context", "SHA1");
 }
 static void
 int_sha1_reset(PX_MD *h)
 {
-	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
+	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
-	SHA1Init(ctx);
+	if (pg_cryptohash_init(ctx) < 0)
+		elog(ERROR, "could not initialize %s context", "SHA1");
 }
 static void
 int_sha1_finish(PX_MD *h, uint8 *dst)
 {
-	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
+	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
-	SHA1Final(dst, ctx);
+	if (pg_cryptohash_final(ctx, dst) < 0)
+		elog(ERROR, "could not finalize %s context", "SHA1");
 }
 static void
 int_sha1_free(PX_MD *h)
 {
-	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
+	pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
-	px_memset(ctx, 0, sizeof(*ctx));
+	pg_cryptohash_free(ctx);
-	pfree(ctx);
 	pfree(h);
 }
@@ -199,9 +193,9 @@ init_md5(PX_MD *md)
 static void
 init_sha1(PX_MD *md)
 {
-	SHA1_CTX   *ctx;
+	pg_cryptohash_ctx *ctx;
-	ctx = palloc0(sizeof(*ctx));
+	ctx = pg_cryptohash_create(PG_SHA1);
 	md->p.ptr = ctx;

--- a/contrib/uuid-ossp/.gitignore
+++ b/contrib/uuid-ossp/.gitignore
-/sha1.c
 # Generated subdirectories
 /log/
 /results/

--- a/contrib/uuid-ossp/Makefile
+++ b/contrib/uuid-ossp/Makefile
@@ -2,7 +2,6 @@
 MODULE_big = uuid-ossp
 OBJS = \
-	$(UUID_EXTRA_OBJS) \
 	$(WIN32RES) \
 	uuid-ossp.o
@@ -19,8 +18,6 @@ pgcrypto_src = $(top_srcdir)/contrib/pgcrypto
 PG_CPPFLAGS = -I$(pgcrypto_src)
-EXTRA_CLEAN = sha1.c
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
@@ -31,6 +28,3 @@ top_builddir = ../..
 include $(top_builddir)/src/Makefile.global
 include $(top_srcdir)/contrib/contrib-global.mk
 endif
-sha1.c: % : $(pgcrypto_src)/%
-	rm -f $@ && $(LN_S) $< .
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@@ -15,6 +15,7 @@
 #include "fmgr.h"
 #include "common/cryptohash.h"
+#include "common/sha1.h"
 #include "port/pg_bswap.h"
 #include "utils/builtins.h"
 #include "utils/uuid.h"
@@ -40,15 +41,6 @@
 #undef uuid_hash
-/*
- * Some BSD variants offer sha1 implementation but Linux does not, so we use
- * a copy from pgcrypto.  Not needed with OSSP, though.
- */
-#ifndef HAVE_UUID_OSSP
-#include "sha1.h"
-#endif
 /* Check our UUID length against OSSP's; better both be 16 */
 #if defined(HAVE_UUID_OSSP) && (UUID_LEN != UUID_LEN_BIN)
 #error UUID length mismatch
@@ -338,13 +330,18 @@ uuid_generate_internal(int v, unsigned char *ns, const char *ptr, int len)
 				}
 				else
 				{
-					SHA1_CTX	ctx;
+					pg_cryptohash_ctx *ctx = pg_cryptohash_create(PG_SHA1);
-					unsigned char sha1result[SHA1_RESULTLEN];
+					unsigned char sha1result[SHA1_DIGEST_LENGTH];
+					if (pg_cryptohash_init(ctx) < 0)
+						elog(ERROR, "could not initialize %s context", "SHA1");
+					if (pg_cryptohash_update(ctx, ns, sizeof(uu)) < 0 ||
+						pg_cryptohash_update(ctx, (unsigned char *) ptr, len) < 0)
+						elog(ERROR, "could not update %s context", "SHA1");
+					if (pg_cryptohash_final(ctx, sha1result) < 0)
+						elog(ERROR, "could not finalize %s context", "SHA1");
+					pg_cryptohash_free(ctx);
-					SHA1Init(&ctx);
-					SHA1Update(&ctx, ns, sizeof(uu));
-					SHA1Update(&ctx, (unsigned char *) ptr, len);
-					SHA1Final(sha1result, &ctx);
 					memcpy(&uu, sha1result, sizeof(uu));
 				}

--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
@@ -289,7 +289,6 @@ LIBS = @LIBS@
 LDAP_LIBS_FE = @LDAP_LIBS_FE@
 LDAP_LIBS_BE = @LDAP_LIBS_BE@
 UUID_LIBS = @UUID_LIBS@
-UUID_EXTRA_OBJS = @UUID_EXTRA_OBJS@
 LLVM_LIBS=@LLVM_LIBS@
 LD = @LD@
 with_gnu_ld = @with_gnu_ld@

--- a/src/common/Makefile
+++ b/src/common/Makefile
@@ -88,6 +88,7 @@ else
 OBJS_COMMON += \
 	cryptohash.o \
 	md5.o \
+	sha1.o \
 	sha2.o
 endif

--- a/src/common/cryptohash.c
+++ b/src/common/cryptohash.c
@@ -25,6 +25,7 @@
 #include "common/cryptohash.h"
 #include "md5_int.h"
+#include "sha1_int.h"
 #include "sha2_int.h"
 /*
@@ -47,6 +48,7 @@ struct pg_cryptohash_ctx
 	union
 	{
 		pg_md5_ctx	md5;
+		pg_sha1_ctx sha1;
 		pg_sha224_ctx sha224;
 		pg_sha256_ctx sha256;
 		pg_sha384_ctx sha384;
@@ -97,6 +99,9 @@ pg_cryptohash_init(pg_cryptohash_ctx *ctx)
 		case PG_MD5:
 			pg_md5_init(&ctx->data.md5);
 			break;
+		case PG_SHA1:
+			pg_sha1_init(&ctx->data.sha1);
+			break;
 		case PG_SHA224:
 			pg_sha224_init(&ctx->data.sha224);
 			break;
@@ -132,6 +137,9 @@ pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
 		case PG_MD5:
 			pg_md5_update(&ctx->data.md5, data, len);
 			break;
+		case PG_SHA1:
+			pg_sha1_update(&ctx->data.sha1, data, len);
+			break;
 		case PG_SHA224:
 			pg_sha224_update(&ctx->data.sha224, data, len);
 			break;
@@ -167,6 +175,9 @@ pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest)
 		case PG_MD5:
 			pg_md5_final(&ctx->data.md5, dest);
 			break;
+		case PG_SHA1:
+			pg_sha1_final(&ctx->data.sha1, dest);
+			break;
 		case PG_SHA224:
 			pg_sha224_final(&ctx->data.sha224, dest);
 			break;

--- a/src/common/cryptohash_openssl.c
+++ b/src/common/cryptohash_openssl.c
@@ -131,6 +131,9 @@ pg_cryptohash_init(pg_cryptohash_ctx *ctx)
 		case PG_MD5:
 			status = EVP_DigestInit_ex(ctx->evpctx, EVP_md5(), NULL);
 			break;
+		case PG_SHA1:
+			status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha1(), NULL);
+			break;
 		case PG_SHA224:
 			status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha224(), NULL);
 			break;

--- a/contrib/pgcrypto/sha1.c
+++ b/contrib/pgcrypto/sha1.c
--- a/contrib/pgcrypto/sha1.h
+++ b/contrib/pgcrypto/sha1.h
-/*	contrib/pgcrypto/sha1.h */
+/*-------------------------------------------------------------------------
+ *
+ * sha1_int.h
+ *	  Internal headers for fallback implementation of SHA1
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * IDENTIFICATION
+ *		  src/common/sha1_int.h
+ *
+ *-------------------------------------------------------------------------
+ */
 /*	   $KAME: sha1.h,v 1.4 2000/02/22 14:01:18 itojun Exp $    */
 /*
@@ -35,10 +48,12 @@
 * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
 */
-#ifndef _NETINET6_SHA1_H_
+#ifndef PG_SHA1_INT_H
-#define _NETINET6_SHA1_H_
+#define PG_SHA1_INT_H
+#include "common/sha1.h"
-struct sha1_ctxt
+typedef struct
 {
 	union
 	{
@@ -56,20 +71,11 @@ struct sha1_ctxt
 		uint32		b32[16];
 	}			m;
 	uint8		count;
-};
+} pg_sha1_ctx;
-extern void sha1_init(struct sha1_ctxt *);
-extern void sha1_pad(struct sha1_ctxt *);
-extern void sha1_loop(struct sha1_ctxt *, const uint8 *, size_t);
-extern void sha1_result(struct sha1_ctxt *, uint8 *);
-/* compatibility with other SHA1 source codes */
-typedef struct sha1_ctxt SHA1_CTX;
-#define SHA1Init(x)		sha1_init((x))
-#define SHA1Update(x, y, z) sha1_loop((x), (y), (z))
-#define SHA1Final(x, y)		sha1_result((y), (x))
-#define SHA1_RESULTLEN	(160/8)
+/* Interface routines for SHA1 */
+extern void pg_sha1_init(pg_sha1_ctx *ctx);
+extern void pg_sha1_update(pg_sha1_ctx *ctx, const uint8 *data, size_t len);
+extern void pg_sha1_final(pg_sha1_ctx *ctx, uint8 *dest);
-#endif							/* _NETINET6_SHA1_H_ */
+#endif							/* PG_SHA1_INT_H */
--- a/src/include/common/cryptohash.h
+++ b/src/include/common/cryptohash.h
@@ -19,6 +19,7 @@
 typedef enum
 {
 	PG_MD5 = 0,
+	PG_SHA1,
 	PG_SHA224,
 	PG_SHA256,
 	PG_SHA384,

--- a/src/include/common/sha1.h
+++ b/src/include/common/sha1.h
+/*-------------------------------------------------------------------------
+ *
+ * sha1.h
+ *	  Constants related to SHA1.
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * src/include/common/sha1.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef PG_SHA1_H
+#define PG_SHA1_H
+/* Size of result generated by SHA1 computation */
+#define SHA1_DIGEST_LENGTH 20
+#endif							/* PG_SHA1_H */
--- a/src/tools/msvc/Mkvcbuild.pm
+++ b/src/tools/msvc/Mkvcbuild.pm
@@ -136,6 +136,7 @@ sub mkvcbuild
 	{
 		push(@pgcommonallfiles, 'cryptohash.c');
 		push(@pgcommonallfiles, 'md5.c');
+		push(@pgcommonallfiles, 'sha1.c');
 		push(@pgcommonallfiles, 'sha2.c');
 	}
@@ -465,10 +466,10 @@ sub mkvcbuild
 	else
 	{
 		$pgcrypto->AddFiles(
-			'contrib/pgcrypto',   'sha1.c',
+			'contrib/pgcrypto', 'internal.c',
-			'internal.c',         'internal-sha2.c',
+			'internal-sha2.c',  'blf.c',
-			'blf.c',              'rijndael.c',
+			'rijndael.c',       'pgp-mpi-internal.c',
-			'pgp-mpi-internal.c', 'imath.c');
+			'imath.c');
 	}
 	$pgcrypto->AddReference($postgres);
 	$pgcrypto->AddLibrary('ws2_32.lib');

--- a/src/tools/pgindent/typedefs.list
+++ b/src/tools/pgindent/typedefs.list
@@ -3214,6 +3214,7 @@ pg_md5_ctx
 pg_on_exit_callback
 pg_re_flags
 pg_saslprep_rc
+pg_sha1_ctx
 pg_sha224_ctx
 pg_sha256_ctx
 pg_sha384_ctx