7 files changed, 1 insertions, 199 deletions
diff --git a/src/include/catalog/pg_control.h b/src/include/catalog/pg_control.h
index a4c12599f74..06bed90c5e9 100644
--- a/src/include/catalog/pg_control.h
+++ b/src/include/catalog/pg_control.h
@@ -22,7 +22,7 @@
 
 
 /* Version identifier for this pg_control format */
-#define PG_CONTROL_VERSION	1400
+#define PG_CONTROL_VERSION	1300
 
 /* Nonce key length, see below */
 #define MOCK_AUTH_NONCE_LEN		32
@@ -226,9 +226,6 @@ typedef struct ControlFileData
 	 */
 	char		mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
 
-	/* File encryption key length. Zero if disabled. */
-	int		file_encryption_keylen;
-
 	/* CRC of all above ... MUST BE LAST! */
 	pg_crc32c	crc;
 } ControlFileData;
diff --git a/src/include/common/cipher.h b/src/include/common/cipher.h
deleted file mode 100644
index 598ef11289f..00000000000
--- a/src/include/common/cipher.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*-------------------------------------------------------------------------
- *
- * cipher.h
- *		Declarations for cryptographic functions
- *
- * Portions Copyright (c) 2020, PostgreSQL Global Development Group
- *
- * src/include/common/cipher.h
- *
- *-------------------------------------------------------------------------
- */
-#ifndef PG_CIPHER_H
-#define PG_CIPHER_H
-
-#ifdef USE_OPENSSL
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#endif
-
-/*
- * Supported symmetric encryption algorithm. These identifiers are passed
- * to pg_cipher_ctx_create() function, and then actual encryption
- * implementations need to initialize their context of the given encryption
- * algorithm.
- */
-#define PG_CIPHER_AES_GCM			0
-#define PG_MAX_CIPHER_ID			1
-
-/* AES128/192/256 various length definitions */
-#define PG_AES128_KEY_LEN			(128 / 8)
-#define PG_AES192_KEY_LEN			(192 / 8)
-#define PG_AES256_KEY_LEN			(256 / 8)
-
-/*
- * The encrypted data is a series of blocks of size. Initialization
- * vector(IV) is the same size of cipher block.
- */
-#define PG_AES_BLOCK_SIZE			16
-#define PG_AES_IV_SIZE				(PG_AES_BLOCK_SIZE)
-
-#ifdef USE_OPENSSL
-typedef EVP_CIPHER_CTX PgCipherCtx;
-#else
-typedef void PgCipherCtx;
-#endif
-
-extern PgCipherCtx *pg_cipher_ctx_create(int cipher, uint8 *key, int klen,
-										 bool enc);
-extern void pg_cipher_ctx_free(PgCipherCtx *ctx);
-extern bool pg_cipher_encrypt(PgCipherCtx *ctx,
-							  const unsigned char *plaintext, const int inlen,
-							  unsigned char *ciphertext, int *outlen,
-							  const unsigned char *iv, const int ivlen,
-							  unsigned char *tag, const int taglen);
-extern bool pg_cipher_decrypt(PgCipherCtx *ctx,
-							  const unsigned char *ciphertext, const int inlen,
-							  unsigned char *plaintext, int *outlen,
-							  const unsigned char *iv, const int ivlen,
-							  unsigned char *intag, const int taglen);
-
-#endif							/* PG_CIPHER_H */
diff --git a/src/include/common/kmgr_utils.h b/src/include/common/kmgr_utils.h
deleted file mode 100644
index ce26df56fb3..00000000000
--- a/src/include/common/kmgr_utils.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*-------------------------------------------------------------------------
- *
- * kmgr_utils.h
- *		Declarations for utility function for file encryption key
- *
- * Portions Copyright (c) 2020, PostgreSQL Global Development Group
- *
- * src/include/common/kmgr_utils.h
- *
- *-------------------------------------------------------------------------
- */
-#ifndef KMGR_UTILS_H
-#define KMGR_UTILS_H
-
-#include "common/cipher.h"
-
-/* Current version number */
-#define KMGR_VERSION 1
-
-/*
- * Directories where cluster file encryption keys reside within PGDATA.
- */
-#define KMGR_DIR			"pg_cryptokeys"
-#define KMGR_DIR_PID		KMGR_DIR"/pg_alterckey.pid"
-#define LIVE_KMGR_DIR		KMGR_DIR"/live"
-/* used during cluster key rotation */
-#define NEW_KMGR_DIR		KMGR_DIR"/new"
-#define OLD_KMGR_DIR		KMGR_DIR"/old"
-
-/* CryptoKey file name is keys id */
-#define CryptoKeyFilePath(path, dir, id) \
-	snprintf((path), MAXPGPATH, "%s/%d", (dir), (id))
-
-/*
- * Identifiers of internal keys.
- */
-#define KMGR_KEY_ID_REL 		0
-#define KMGR_KEY_ID_WAL 		1
-#define KMGR_MAX_INTERNAL_KEYS	2
-
-/* We always, today, use a 256-bit AES key. */
-#define KMGR_CLUSTER_KEY_LEN 	PG_AES256_KEY_LEN
-
-/* double for hex format, plus some for spaces, \r,\n, and null byte */
-#define ALLOC_KMGR_CLUSTER_KEY_LEN	(KMGR_CLUSTER_KEY_LEN * 2 + 10 + 2 + 1)
-
-/* Maximum length of key the key manager can store */
-#define KMGR_MAX_KEY_LEN			256
-#define KMGR_MAX_KEY_LEN_BYTES		KMGR_MAX_KEY_LEN / 8
-#define KMGR_MAX_WRAPPED_KEY_LEN	KmgrSizeOfCipherText(KMGR_MAX_KEY_LEN)
-
-
-/*
- * Cryptographic key data structure.
- *
- * This is the structure we use to write out the encrypted keys.
- *
- * pgkey_id is the identifier for this key (should be same as the
- * file name and be one of KMGR_KEY_ID_* from above).  This is what
- * we consider our 'context' or 'fixed' portion of the deterministic
- * IV we create.
- *
- * counter is updated each time we use the cluster KEK to encrypt a
- * new key.  This is our the 'invocation' field of the deterministic
- * IV we create.
- *
- * Absolutely essential when using GCM (or CTR) is that the IV is unique,
- * for a given key, but a deterministic IV such as this is perfectly
- * acceptable and encouraged.  If (and only if!) the KEK is changed to a
- * new key, then we can re-initialize the counter.
- *
- * Detailed discussion of deterministic IV creation can be found here:
- *
- * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
- *
- * tag is the GCM tag which is produced and must be validated in order
- * to be able to trust the results of our decryption.
- *
- * encrypted_key is the encrypted key length (as an int) + encrypted key.
- */
-typedef struct CryptoKey
-{
-	uint64	pgkey_id;								/* Upper half of IV */
-	uint64	counter;								/* Lower half of IV */
-	unsigned char tag[16];							/* GCM tag */
-	unsigned char encrypted_key[sizeof(int) + KMGR_MAX_KEY_LEN_BYTES];
-} CryptoKey;
-
-extern bool kmgr_wrap_key(PgCipherCtx *ctx, CryptoKey *in, CryptoKey *out);
-extern bool kmgr_unwrap_key(PgCipherCtx *ctx, CryptoKey *in, CryptoKey *out);
-extern bool kmgr_verify_cluster_key(unsigned char *cluster_key,
-								    CryptoKey *in_keys, CryptoKey *out_keys,
-									int nkey);
-extern int	kmgr_run_cluster_key_command(char *cluster_key_command,
-												char *buf, int size, char *dir);
-extern CryptoKey *kmgr_get_cryptokeys(const char *path, int *nkeys);
-
-#endif							/* KMGR_UTILS_H */
diff --git a/src/include/crypto/kmgr.h b/src/include/crypto/kmgr.h
deleted file mode 100644
index 386ac1cb4a8..00000000000
--- a/src/include/crypto/kmgr.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*-------------------------------------------------------------------------
- *
- * kmgr.h
- *
- * Portions Copyright (c) 2020, PostgreSQL Global Development Group
- *
- * src/include/crypto/kmgr.h
- *
- *-------------------------------------------------------------------------
- */
-#ifndef KMGR_H
-#define KMGR_H
-
-#include "common/cipher.h"
-#include "common/kmgr_utils.h"
-#include "storage/relfilenode.h"
-#include "storage/bufpage.h"
-
-/* GUC parameters */
-extern int file_encryption_keylen;
-extern char *cluster_key_command;
-
-extern Size KmgrShmemSize(void);
-extern void KmgrShmemInit(void);
-extern void BootStrapKmgr(void);
-extern void InitializeKmgr(void);
-extern const CryptoKey *KmgrGetKey(int id);
-
-#endif							/* KMGR_H */
diff --git a/src/include/pgstat.h b/src/include/pgstat.h
index b8f98f9a58a..5954068dec5 100644
--- a/src/include/pgstat.h
+++ b/src/include/pgstat.h
@@ -1010,9 +1010,6 @@ typedef enum
 	WAIT_EVENT_DATA_FILE_TRUNCATE,
 	WAIT_EVENT_DATA_FILE_WRITE,
 	WAIT_EVENT_DSM_FILL_ZERO_WRITE,
-	WAIT_EVENT_KEY_FILE_READ,
-	WAIT_EVENT_KEY_FILE_WRITE,
-	WAIT_EVENT_KEY_FILE_SYNC,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_READ,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_SYNC,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_WRITE,
diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h
index b1f0721b856..babc87dfc9d 100644
--- a/src/include/postmaster/postmaster.h
+++ b/src/include/postmaster/postmaster.h
@@ -30,8 +30,6 @@ extern bool enable_bonjour;
 extern char *bonjour_name;
 extern bool restart_after_crash;
 
-extern int	terminal_fd;
-
 #ifdef WIN32
 extern HANDLE PostmasterHandle;
 #else
diff --git a/src/include/utils/guc_tables.h b/src/include/utils/guc_tables.h
index c0dbf691165..7f36e1146f2 100644
--- a/src/include/utils/guc_tables.h
+++ b/src/include/utils/guc_tables.h
@@ -89,7 +89,6 @@ enum config_group
 	STATS,
 	STATS_MONITORING,
 	STATS_COLLECTOR,
-	ENCRYPTION,
 	AUTOVACUUM,
 	CLIENT_CONN,
 	CLIENT_CONN_STATEMENT,