More pgcrypto fixes: handle long messages correctly, suppress

compiler warnings.  Marko Kreen and Kris Jurka.

12 files changed, 102 insertions, 9 deletions

diff --git a/contrib/pgcrypto/expected/3des.out b/contrib/pgcrypto/expected/3des.out
index 7b6e3dcfdf..3e6a88e8bf 100644
--- a/contrib/pgcrypto/expected/3des.out
+++ b/contrib/pgcrypto/expected/3des.out
@@ -54,3 +54,16 @@ select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', '3des');
  foo
 (1 row)
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), 'hex');
+                              encode                              
+------------------------------------------------------------------
+ b71e3422269d0ded19468f33d65cd663c28e0871984792a7b3ba0ddcecec8d2c
+(1 row)
+
+select decrypt(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+          decrypt           
+----------------------------
+ Lets try a longer message.
+(1 row)
+
diff --git a/contrib/pgcrypto/expected/blowfish.out b/contrib/pgcrypto/expected/blowfish.out
index 7558aa937a..5c09cf5cd9 100644
--- a/contrib/pgcrypto/expected/blowfish.out
+++ b/contrib/pgcrypto/expected/blowfish.out
@@ -158,3 +158,16 @@ select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf');
  foo
 (1 row)
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 'hex');
+                              encode                              
+------------------------------------------------------------------
+ a76059f7a1b627b5b84080d9beb337714c7a7f8b70300023e5feb6dfa6813536
+(1 row)
+
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), '0123456789', 'bf');
+          decrypt           
+----------------------------
+ Lets try a longer message.
+(1 row)
+
diff --git a/contrib/pgcrypto/expected/cast5.out b/contrib/pgcrypto/expected/cast5.out
index f5b3cf6750..4ca824e2f8 100644
--- a/contrib/pgcrypto/expected/cast5.out
+++ b/contrib/pgcrypto/expected/cast5.out
@@ -71,3 +71,16 @@ select decrypt_iv(decode('384a970695ce016a', 'hex'),
  foo
 (1 row)
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 'hex');
+                              encode                              
+------------------------------------------------------------------
+ 04fcffc91533e1505dadcb10766d9fed0937818e663e402384e049942ba60fff
+(1 row)
+
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), '0123456789', 'cast5');
+          decrypt           
+----------------------------
+ Lets try a longer message.
+(1 row)
+
diff --git a/contrib/pgcrypto/expected/des.out b/contrib/pgcrypto/expected/des.out
index 333b30d8cc..00513c4e6a 100644
--- a/contrib/pgcrypto/expected/des.out
+++ b/contrib/pgcrypto/expected/des.out
@@ -46,3 +46,16 @@ select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des');
  foo
 (1 row)
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 'hex');
+                              encode                              
+------------------------------------------------------------------
+ 5ad146043e5f30967e06a0fcbae602daf4ff2a5fd0ed12d6c5913cf85f1e36ca
+(1 row)
+
+select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), '01234567', 'des');
+          decrypt           
+----------------------------
+ Lets try a longer message.
+(1 row)
+
diff --git a/contrib/pgcrypto/expected/rijndael.out b/contrib/pgcrypto/expected/rijndael.out
index fbbbc87189..cb336e335d 100644
--- a/contrib/pgcrypto/expected/rijndael.out
+++ b/contrib/pgcrypto/expected/rijndael.out
@@ -109,3 +109,16 @@ select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'),
  foo
 (1 row)
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 'hex');
+                              encode                              
+------------------------------------------------------------------
+ d9beb785dd5403ed02f66b755bb191b93ed93ca54930153f2c3b9ec7785056ad
+(1 row)
+
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), '0123456789', 'aes');
+          decrypt           
+----------------------------
+ Lets try a longer message.
+(1 row)
+
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index 8b27c84aea..6a5db0f3ba 100644
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -40,6 +40,11 @@
 #include <openssl/rand.h>
 #include <openssl/err.h>
 
+/*
+ * Max lengths we might want to handle.
+ */
+#define MAX_KEY		(512/8)
+#define MAX_IV		(128/8)
 
 /*
  * Does OpenSSL support AES? 
@@ -78,10 +83,13 @@
 #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
 	do { \
 		memcpy((dst), (src), (len)); \
-		if (enc) \
+		if (enc) { \
 			aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
-		else \
+			memcpy((iv), (dst) + (len) - 16, 16); \
+		} else { \
 			aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+			memcpy(iv, (src) + (len) - 16, 16); \
+		} \
 	} while (0)
 
 #endif	/* old OPENSSL */
@@ -243,8 +251,8 @@ typedef struct
 		CAST_KEY	cast_key;
 		AES_KEY		aes_key;
 	}			u;
-	uint8		key[EVP_MAX_KEY_LENGTH];
-	uint8		iv[EVP_MAX_IV_LENGTH];
+	uint8		key[MAX_KEY];
+	uint8		iv[MAX_IV];
 	unsigned	klen;
 	unsigned	init;
 	const struct ossl_cipher *ciph;
diff --git a/contrib/pgcrypto/sha2.c b/contrib/pgcrypto/sha2.c
index 35926fc5bc..406a07f91f 100644
--- a/contrib/pgcrypto/sha2.c
+++ b/contrib/pgcrypto/sha2.c
@@ -170,7 +170,7 @@ void SHA512_Transform(SHA512_CTX *, const uint8 *);
 
 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
 /* Hash constant words K for SHA-256: */
-const static uint32 K256[64] = {
+static const uint32 K256[64] = {
 	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
 	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
 	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
@@ -190,7 +190,7 @@ const static uint32 K256[64] = {
 };
 
 /* Initial hash value H for SHA-256: */
-const static uint32 sha256_initial_hash_value[8] = {
+static const uint32 sha256_initial_hash_value[8] = {
 	0x6a09e667UL,
 	0xbb67ae85UL,
 	0x3c6ef372UL,
@@ -202,7 +202,7 @@ const static uint32 sha256_initial_hash_value[8] = {
 };
 
 /* Hash constant words K for SHA-384 and SHA-512: */
-const static uint64 K512[80] = {
+static const uint64 K512[80] = {
 	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
 	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
 	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
@@ -246,7 +246,7 @@ const static uint64 K512[80] = {
 };
 
 /* Initial hash value H for SHA-384 */
-const static uint64 sha384_initial_hash_value[8] = {
+static const uint64 sha384_initial_hash_value[8] = {
 	0xcbbb9d5dc1059ed8ULL,
 	0x629a292a367cd507ULL,
 	0x9159015a3070dd17ULL,
@@ -258,7 +258,7 @@ const static uint64 sha384_initial_hash_value[8] = {
 };
 
 /* Initial hash value H for SHA-512 */
-const static uint64 sha512_initial_hash_value[8] = {
+static const uint64 sha512_initial_hash_value[8] = {
 	0x6a09e667f3bcc908ULL,
 	0xbb67ae8584caa73bULL,
 	0x3c6ef372fe94f82bULL,
diff --git a/contrib/pgcrypto/sql/3des.sql b/contrib/pgcrypto/sql/3des.sql
index 7e20aff5c0..99b936fa14 100644
--- a/contrib/pgcrypto/sql/3des.sql
+++ b/contrib/pgcrypto/sql/3des.sql
@@ -24,3 +24,7 @@ select decrypt(encrypt('foo', '0123456', '3des'), '0123456', '3des');
 select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex');
 select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', '3des');
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), 'hex');
+select decrypt(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), '0123456789012345678901', '3des');
+
diff --git a/contrib/pgcrypto/sql/blowfish.sql b/contrib/pgcrypto/sql/blowfish.sql
index 565282cb0f..c0383f5421 100644
--- a/contrib/pgcrypto/sql/blowfish.sql
+++ b/contrib/pgcrypto/sql/blowfish.sql
@@ -85,3 +85,7 @@ select decrypt(encrypt('foo', '0123456', 'bf'), '0123456', 'bf');
 select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex');
 select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf');
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 'hex');
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'bf'), '0123456789', 'bf');
+
diff --git a/contrib/pgcrypto/sql/cast5.sql b/contrib/pgcrypto/sql/cast5.sql
index 553ae4f0f2..0761f34e75 100644
--- a/contrib/pgcrypto/sql/cast5.sql
+++ b/contrib/pgcrypto/sql/cast5.sql
@@ -40,3 +40,7 @@ select encode(encrypt_iv('foo', '0123456', 'abcd', 'cast5'), 'hex');
 select decrypt_iv(decode('384a970695ce016a', 'hex'),
                 '0123456', 'abcd', 'cast5');
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 'hex');
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'cast5'), '0123456789', 'cast5');
+
diff --git a/contrib/pgcrypto/sql/des.sql b/contrib/pgcrypto/sql/des.sql
index 3b55ca5e3a..179bd83ba9 100644
--- a/contrib/pgcrypto/sql/des.sql
+++ b/contrib/pgcrypto/sql/des.sql
@@ -22,3 +22,7 @@ select decrypt(encrypt('foo', '0123456', 'des'), '0123456', 'des');
 select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex');
 select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des');
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '01234567', 'des'), 'hex');
+select decrypt(encrypt('Lets try a longer message.', '01234567', 'des'), '01234567', 'des');
+
diff --git a/contrib/pgcrypto/sql/rijndael.sql b/contrib/pgcrypto/sql/rijndael.sql
index c609a635df..4d6af0ffaa 100644
--- a/contrib/pgcrypto/sql/rijndael.sql
+++ b/contrib/pgcrypto/sql/rijndael.sql
@@ -56,3 +56,7 @@ select encode(encrypt_iv('foo', '0123456', 'abcd', 'aes'), 'hex');
 select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'),
 		'0123456', 'abcd', 'aes'); 
 
+-- long message
+select encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 'hex');
+select decrypt(encrypt('Lets try a longer message.', '0123456789', 'aes'), '0123456789', 'aes');
+