pgcrypto deprecated functions?
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?
--
Michael Fuhr
Michael Fuhr wrote:
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?
Yes, I see this text:
The `digest_exists()`, `hmac_exists()` and `cipher_exists()` functions
are deprecated. The plan is to remove them in PostgreSQL 8.2.
Would someone address this?
--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Michael Fuhr wrote:
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?
Marko, any comment on this pgcrypto item?
--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
On 8/30/06, Bruce Momjian <bruce@momjian.us> wrote:
Michael Fuhr wrote:
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?Marko, any comment on this pgcrypto item?
Heh, I had it forgotten. Lets do it. Although there's no hurry with it,
delaying just will annoy more users.
Also, update my email address.
--
marko
Attachments:
deprec.difftext/x-patch; charset=ANSI_X3.4-1968; name=deprec.diffDownload
Index: contrib/pgcrypto/README.pgcrypto
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/README.pgcrypto,v
retrieving revision 1.17
diff -u -c -r1.17 README.pgcrypto
*** contrib/pgcrypto/README.pgcrypto 5 Aug 2006 00:29:11 -0000 1.17
--- contrib/pgcrypto/README.pgcrypto 5 Sep 2006 08:29:58 -0000
***************
*** 1,6 ****
pgcrypto - cryptographic functions for PostgreSQL
=================================================
! Marko Kreen <marko@l-t.ee>
// Note: this document is in asciidoc format.
--- 1,6 ----
pgcrypto - cryptographic functions for PostgreSQL
=================================================
! Marko Kreen <markokr@gmail.com>
// Note: this document is in asciidoc format.
***************
*** 79,92 ****
are NULL. This may create security risks on careless usage.
! 2.3. Deprecated functions
! ~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
! The `digest_exists()`, `hmac_exists()` and `cipher_exists()` functions
! are deprecated. The plan is to remove them in PostgreSQL 8.2.
!
!
! 2.4. Security
~~~~~~~~~~~~~~~
All the functions here run inside database server. That means that all
--- 79,85 ----
are NULL. This may create security risks on careless usage.
! 2.3. Security
~~~~~~~~~~~~~~~
All the functions here run inside database server. That means that all
Index: contrib/pgcrypto/pgcrypto.c
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/pgcrypto.c,v
retrieving revision 1.22
diff -u -c -r1.22 pgcrypto.c
*** contrib/pgcrypto/pgcrypto.c 13 Jul 2006 04:15:25 -0000 1.22
--- contrib/pgcrypto/pgcrypto.c 5 Sep 2006 08:28:23 -0000
***************
*** 87,118 ****
PG_RETURN_BYTEA_P(res);
}
- /* check if given hash exists */
- PG_FUNCTION_INFO_V1(pg_digest_exists);
-
- Datum
- pg_digest_exists(PG_FUNCTION_ARGS)
- {
- text *name;
- PX_MD *res;
-
- if (PG_ARGISNULL(0))
- PG_RETURN_NULL();
-
- name = PG_GETARG_TEXT_P(0);
-
- res = find_provider(name, (PFN) px_find_digest, "Digest", 1);
-
- PG_FREE_IF_COPY(name, 0);
-
- if (res == NULL)
- PG_RETURN_BOOL(false);
-
- res->free(res);
-
- PG_RETURN_BOOL(true);
- }
-
/* SQL function: hmac(data:bytea, key:bytea, type:text) returns bytea */
PG_FUNCTION_INFO_V1(pg_hmac);
--- 87,92 ----
***************
*** 158,189 ****
PG_RETURN_BYTEA_P(res);
}
- /* check if given hmac type exists */
- PG_FUNCTION_INFO_V1(pg_hmac_exists);
-
- Datum
- pg_hmac_exists(PG_FUNCTION_ARGS)
- {
- text *name;
- PX_HMAC *h;
-
- if (PG_ARGISNULL(0))
- PG_RETURN_NULL();
-
- name = PG_GETARG_TEXT_P(0);
-
- h = find_provider(name, (PFN) px_find_hmac, "HMAC", 1);
-
- PG_FREE_IF_COPY(name, 0);
-
- if (h != NULL)
- {
- px_hmac_free(h);
- PG_RETURN_BOOL(true);
- }
- PG_RETURN_BOOL(false);
- }
-
/* SQL function: pg_gen_salt(text) returns text */
PG_FUNCTION_INFO_V1(pg_gen_salt);
--- 132,137 ----
***************
*** 565,591 ****
PG_RETURN_BYTEA_P(res);
}
- /* SQL function: pg_cipher_exists(text) returns bool */
- PG_FUNCTION_INFO_V1(pg_cipher_exists);
-
- Datum
- pg_cipher_exists(PG_FUNCTION_ARGS)
- {
- text *arg;
- PX_Combo *c;
-
- if (PG_ARGISNULL(0))
- PG_RETURN_NULL();
-
- arg = PG_GETARG_TEXT_P(0);
-
- c = find_provider(arg, (PFN) px_find_combo, "Cipher", 1);
- if (c != NULL)
- px_combo_free(c);
-
- PG_RETURN_BOOL((c != NULL) ? true : false);
- }
-
static void *
find_provider(text *name,
PFN provider_lookup,
--- 513,518 ----
Index: contrib/pgcrypto/pgcrypto.h
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/pgcrypto.h,v
retrieving revision 1.10
diff -u -c -r1.10 pgcrypto.h
*** contrib/pgcrypto/pgcrypto.h 13 Jul 2006 04:15:25 -0000 1.10
--- contrib/pgcrypto/pgcrypto.h 5 Sep 2006 08:27:28 -0000
***************
*** 36,44 ****
/* exported functions */
Datum pg_digest(PG_FUNCTION_ARGS);
- Datum pg_digest_exists(PG_FUNCTION_ARGS);
Datum pg_hmac(PG_FUNCTION_ARGS);
- Datum pg_hmac_exists(PG_FUNCTION_ARGS);
Datum pg_gen_salt(PG_FUNCTION_ARGS);
Datum pg_gen_salt_rounds(PG_FUNCTION_ARGS);
Datum pg_crypt(PG_FUNCTION_ARGS);
--- 36,42 ----
***************
*** 46,52 ****
Datum pg_decrypt(PG_FUNCTION_ARGS);
Datum pg_encrypt_iv(PG_FUNCTION_ARGS);
Datum pg_decrypt_iv(PG_FUNCTION_ARGS);
- Datum pg_cipher_exists(PG_FUNCTION_ARGS);
Datum pg_random_bytes(PG_FUNCTION_ARGS);
#endif
--- 44,49 ----
Index: contrib/pgcrypto/pgcrypto.sql.in
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/pgcrypto.sql.in,v
retrieving revision 1.13
diff -u -c -r1.13 pgcrypto.sql.in
*** contrib/pgcrypto/pgcrypto.sql.in 13 Jul 2006 04:15:25 -0000 1.13
--- contrib/pgcrypto/pgcrypto.sql.in 5 Sep 2006 08:27:12 -0000
***************
*** 11,21 ****
AS 'MODULE_PATHNAME', 'pg_digest'
LANGUAGE C IMMUTABLE STRICT;
- CREATE OR REPLACE FUNCTION digest_exists(text)
- RETURNS bool
- AS 'MODULE_PATHNAME', 'pg_digest_exists'
- LANGUAGE C IMMUTABLE STRICT;
-
CREATE OR REPLACE FUNCTION hmac(text, text, text)
RETURNS bytea
AS 'MODULE_PATHNAME', 'pg_hmac'
--- 11,16 ----
***************
*** 26,36 ****
AS 'MODULE_PATHNAME', 'pg_hmac'
LANGUAGE C IMMUTABLE STRICT;
- CREATE OR REPLACE FUNCTION hmac_exists(text)
- RETURNS bool
- AS 'MODULE_PATHNAME', 'pg_hmac_exists'
- LANGUAGE C IMMUTABLE STRICT;
-
CREATE OR REPLACE FUNCTION crypt(text, text)
RETURNS text
AS 'MODULE_PATHNAME', 'pg_crypt'
--- 21,26 ----
***************
*** 66,76 ****
AS 'MODULE_PATHNAME', 'pg_decrypt_iv'
LANGUAGE C IMMUTABLE STRICT;
- CREATE OR REPLACE FUNCTION cipher_exists(text)
- RETURNS bool
- AS 'MODULE_PATHNAME', 'pg_cipher_exists'
- LANGUAGE C IMMUTABLE STRICT;
-
CREATE OR REPLACE FUNCTION gen_random_bytes(int4)
RETURNS bytea
AS 'MODULE_PATHNAME', 'pg_random_bytes'
--- 56,61 ----
Index: contrib/pgcrypto/uninstall_pgcrypto.sql
===================================================================
RCS file: /opt/cvs/pgsql/contrib/pgcrypto/uninstall_pgcrypto.sql,v
retrieving revision 1.1
diff -u -c -r1.1 uninstall_pgcrypto.sql
*** contrib/pgcrypto/uninstall_pgcrypto.sql 13 Jul 2006 04:15:25 -0000 1.1
--- contrib/pgcrypto/uninstall_pgcrypto.sql 5 Sep 2006 08:29:32 -0000
***************
*** 3,13 ****
DROP FUNCTION digest(text, text);
DROP FUNCTION digest(bytea, text);
- DROP FUNCTION digest_exists(text);
DROP FUNCTION hmac(text, text, text);
DROP FUNCTION hmac(bytea, bytea, text);
- DROP FUNCTION hmac_exists(text);
DROP FUNCTION crypt(text, text);
DROP FUNCTION gen_salt(text);
--- 3,11 ----
***************
*** 17,23 ****
DROP FUNCTION decrypt(bytea, bytea, text);
DROP FUNCTION encrypt_iv(bytea, bytea, bytea, text);
DROP FUNCTION decrypt_iv(bytea, bytea, bytea, text);
! DROP FUNCTION cipher_exists(text);
DROP FUNCTION gen_random_bytes(int4);
DROP FUNCTION pgp_sym_encrypt(text, text);
--- 15,21 ----
DROP FUNCTION decrypt(bytea, bytea, text);
DROP FUNCTION encrypt_iv(bytea, bytea, bytea, text);
DROP FUNCTION decrypt_iv(bytea, bytea, bytea, text);
!
DROP FUNCTION gen_random_bytes(int4);
DROP FUNCTION pgp_sym_encrypt(text, text);
"Marko Kreen" <markokr@gmail.com> writes:
On 8/30/06, Bruce Momjian <bruce@momjian.us> wrote:
Michael Fuhr wrote:
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?Marko, any comment on this pgcrypto item?
Heh, I had it forgotten. Lets do it. Although there's no hurry with it,
delaying just will annoy more users.
Also, update my email address.
Applied, thanks.
regards, tom lane
Tom Lane wrote:
"Marko Kreen" <markokr@gmail.com> writes:
On 8/30/06, Bruce Momjian <bruce@momjian.us> wrote:
Michael Fuhr wrote:
In README.pgcrypto, Section 2.3 "Deprecated functions" says that
digest_exists(), hmac_exists(), and cipher_exists() are planned to
be removed in PostgreSQL 8.2. Those functions still exist -- should
they be removed or does that section need updating?Marko, any comment on this pgcrypto item?
Heh, I had it forgotten. Lets do it. Although there's no hurry with it,
delaying just will annoy more users.
Also, update my email address.Applied, thanks.
FYI, and email address updated.
--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +