fix: change to openssl rather than rust

fix: support hashing of lists of fixed types and strings

feat: add blake3 support

fix: update readme

feat: add crypto_hash_agg function

Author: rustyconover

.github/workflows/MainDistributionPipeline.yml

@@ -21,5 +21,4 @@ jobs:
       duckdb_version: v1.4-andium
       ci_tools_version: main
       extension_name: crypto
-      enable_rust: true
-      exclude_archs: "windows_amd64_rtools;windows_amd64_mingw"
+      exclude_archs: "wasm_mvp;wasm_eh;wasm_threads;"

CLAUDE.md

@@ -0,0 +1,106 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Overview
+
+This is a DuckDB extension that adds cryptographic hash functions and HMAC calculation capabilities using OpenSSL.
+
+## Architecture
+
+The extension is implemented in C++ and uses OpenSSL's EVP API for cryptographic operations:
+
+1. **C++ implementation** (`src/`):
+   - `src/crypto_extension.cpp`: Main extension entry point, registers functions with DuckDB
+   - `src/crypto_hash.cpp`: Core hash and HMAC implementations using OpenSSL
+   - `src/query_farm_telemetry.cpp`: Telemetry integration
+   - Implements DuckDB scalar functions: `crypto_hash()` and `crypto_hmac()`
+
+### Build Integration
+
+- Uses standard CMake `find_package(OpenSSL)` to locate and link OpenSSL
+- Links against OpenSSL::SSL and OpenSSL::Crypto for both static and loadable extension variants
+- No external code generation tools required
+
+## Common Commands
+
+### Building
+
+For debug
+
+```sh
+VCPKG_TOOLCHAIN_PATH=`pwd`/vcpkg/scripts/buildsystems/vcpkg.cmake GEN=ninja make debug
+```
+
+Builds:
+- `./build/debug/duckdb` - DuckDB shell with extension pre-loaded
+- `./build/debug/test/unittest` - Test runner with extension linked
+- `./build/debug/extension/crypto/crypto.duckdb_extension` - Loadable extension binary
+
+For release builds:
+
+```sh
+VCPKG_TOOLCHAIN_PATH=`pwd`/vcpkg/scripts/buildsystems/vcpkg.cmake GEN=ninja make release
+```
+
+Builds:
+- `./build/release/duckdb` - DuckDB shell with extension pre-loaded
+- `./build/release/test/unittest` - Test runner with extension linked
+- `./build/release/extension/crypto/crypto.duckdb_extension` - Loadable extension binary
+
+**Note**: Requires OpenSSL to be installed on your system.
+
+### Testing
+
+```sh
+make test
+```
+
+Runs SQL tests located in `test/sql/crypto.test`.  but using the release build.
+
+### Running the Extension
+
+```sh
+./build/release/duckdb
+```
+
+Launches DuckDB with the extension already loaded.
+
+## Supported Hash Algorithms
+
+The extension supports these algorithms (defined in `src/crypto_hash.cpp:getDigestByName()`):
+- blake2b-512
+- keccak224, keccak256, keccak384, keccak512 (mapped to SHA3 variants)
+- md4, md5
+- sha1
+- sha2-224, sha2-256, sha2-384, sha2-512
+- sha3-224, sha3-256, sha3-384, sha3-512
+
+Both `crypto_hash()` and `crypto_hmac()` support all these algorithms.
+
+**Note**: Keccak is mapped to SHA3 in OpenSSL. True Keccak (pre-standardization) differs slightly from SHA3.
+
+## Development Workflow
+
+### Adding a New Hash Algorithm
+
+1. Add the new algorithm case to `getDigestByName()` in `src/crypto_hash.cpp`
+2. Return the appropriate OpenSSL EVP_MD function (e.g., `EVP_sha512_256()`)
+3. Update error messages to include the new algorithm name
+4. Add tests to `test/sql/crypto.test`
+5. Update README.md with the new algorithm
+
+### Error Handling
+
+The C++ implementation throws DuckDB exceptions:
+- `InvalidInputException`: For invalid algorithm names or input validation failures
+- `InternalException`: For OpenSSL operation failures
+
+Exceptions are caught by DuckDB's executor and presented to the user.
+
+## CI/CD
+
+The repository uses the DuckDB extension template's CI system:
+- Build configuration is in `extension_config.cmake`
+- CI tools are in `extension-ci-tools/` (git submodule)
+- The Makefile includes `extension-ci-tools/makefiles/duckdb_extension.Makefile`

CMakeLists.txt

@@ -1,75 +1,8 @@
 cmake_minimum_required(VERSION 3.5)
 
-set(CORROSION_VERBOSE_OUTPUT ON)
-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 14)
 set(CMAKE_CXX_STANDARD_REQUIRED 1)
 
-execute_process(
-    COMMAND rustup target list --installed
-    OUTPUT_VARIABLE RUST_TARGETS
-)
-# Propagate arch to rust build for CI
-set(Rust_CARGO_TARGET "")
-if("${OS_NAME}" STREQUAL "linux")
-    if ("${OS_ARCH}" STREQUAL "arm64")
-        set(Rust_CARGO_TARGET "aarch64-unknown-linux-gnu")
-    elseif("${CMAKE_CXX_COMPILER}" MATCHES "aarch64")
-        set(Rust_CARGO_TARGET ${RUST_ENV_VARS} CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc)
-        set(Rust_CARGO_TARGET "aarch64-unknown-linux-gnu")
-    else()
-        string(FIND "${RUST_TARGETS}" "musl" MUSL_TARGET_FOUND)
-        if(NOT MUSL_TARGET_FOUND EQUAL -1)
-            set(Rust_CARGO_TARGET "x86_64-unknown-linux-musl")
-        else()
-            set(Rust_CARGO_TARGET "x86_64-unknown-linux-gnu")
-        endif()
-    endif()
-elseif("${OS_NAME}" STREQUAL "osx")
-    if ("${OSX_BUILD_ARCH}" STREQUAL "arm64")
-        set(Rust_CARGO_TARGET "aarch64-apple-darwin")
-    elseif ("${OSX_BUILD_ARCH}" STREQUAL "x86_64")
-        set(Rust_CARGO_TARGET "x86_64-apple-darwin")
-    elseif ("${OS_ARCH}" STREQUAL "arm64")
-        set(Rust_CARGO_TARGET "aarch64-apple-darwin")
-    endif()
-elseif(WIN32)
-    if (MINGW AND "${OS_ARCH}" STREQUAL "arm64")
-        set(Rust_CARGO_TARGET "aarch64-pc-windows-gnu")
-    elseif (MINGW AND "${OS_ARCH}" STREQUAL "amd64")
-        set(Rust_CARGO_TARGET "x86_64-pc-windows-gnu")
-    elseif (MSVC AND "${OS_ARCH}" STREQUAL "arm64")
-        set(Rust_CARGO_TARGET "aarch64-pc-windows-msvc")
-    elseif (MSVC AND "${OS_ARCH}" STREQUAL "amd64")
-        set(Rust_CARGO_TARGET "x86_64-pc-windows-msvc")
-    endif()
-endif()
-
-execute_process(
-    COMMAND rustup target list --installed
-    OUTPUT_VARIABLE RUST_TARGETS
-)
-string(FIND "${RUST_TARGETS}" "wasm32-unknown-emscripten" WASM_TARGET_FOUND)
-
-if (NOT WASM_TARGET_FOUND EQUAL -1)
-  set(Rust_CARGO_TARGET "wasm32-unknown-emscripten")
-endif()
-
-
-include(FetchContent)
-
-FetchContent_Declare(
-    Corrosion
-    GIT_REPOSITORY https://github.com/corrosion-rs/corrosion.git
-    GIT_TAG v0.5.2
-)
-# Set any global configuration variables such as `Rust_TOOLCHAIN` before this line!
-FetchContent_MakeAvailable(Corrosion)
-
-# Import targets defined in a package or workspace manifest `Cargo.toml` file
-corrosion_import_crate(MANIFEST_PATH "${CMAKE_SOURCE_DIR}/../duckdb_crypto_rust/Cargo.toml"
-CRATES "duckdb_crypto_rust"
-)
-
 # Set extension name here
 set(TARGET_NAME crypto)
 
@@ -80,20 +13,25 @@ project(${TARGET_NAME})
 
 include_directories(src/include)
 
-set(EXTENSION_SOURCES src/crypto_extension.cpp
-src/query_farm_telemetry.cpp)
+# Find OpenSSL
+find_package(OpenSSL REQUIRED)
+find_package(blake3 CONFIG REQUIRED)
+
+set(EXTENSION_SOURCES
+    src/crypto_extension.cpp
+    src/crypto_hash.cpp
+    src/query_farm_telemetry.cpp
+)
 
 build_static_extension(${TARGET_NAME} ${EXTENSION_SOURCES})
 build_loadable_extension(${TARGET_NAME} " " ${EXTENSION_SOURCES})
 
-get_target_property(fake_includes duckdb_crypto_rust INCLUDE_DIRECTORIES)
-
-target_link_libraries(${EXTENSION_NAME} duckdb_crypto_rust-static)
-target_link_libraries(${LOADABLE_EXTENSION_NAME} duckdb_crypto_rust)
+# Link OpenSSL to both static and loadable extensions
+target_link_libraries(${EXTENSION_NAME} OpenSSL::SSL OpenSSL::Crypto BLAKE3::blake3)
+target_link_libraries(${LOADABLE_EXTENSION_NAME} OpenSSL::SSL OpenSSL::Crypto BLAKE3::blake3)
 
 install(
   TARGETS ${EXTENSION_NAME}
   EXPORT "${DUCKDB_EXPORT_SET}"
   LIBRARY DESTINATION "${INSTALL_LIB_DIR}"
   ARCHIVE DESTINATION "${INSTALL_LIB_DIR}")
-

Makefile

@@ -5,7 +5,4 @@ EXT_NAME=crypto
 EXT_CONFIG=${PROJ_DIR}extension_config.cmake
 
 # Include the Makefile from extension-ci-tools
-include extension-ci-tools/makefiles/duckdb_extension.Makefile
-
-rust_binding_headers:
-	cd duckdb_crypto_rust && cbindgen --config ./cbindgen.toml --crate duckdb_crypto_rust --output ../src/include/rust.h
+include extension-ci-tools/makefiles/duckdb_extension.Makefile