diff --git a/contrib/pgcrypto/fortuna.c b/contrib/pgcrypto/fortuna.c
index 7aa9270729f5dc063c7e2a8dcc94919185c53daf..b02618430e2cd6622e767381576d8ffbe9b83a7e 100644
--- a/contrib/pgcrypto/fortuna.c
+++ b/contrib/pgcrypto/fortuna.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/fortuna.c,v 1.2 2005/07/11 15:07:59 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/fortuna.c,v 1.3 2005/07/18 17:09:01 tgl Exp $
  */
 
 #include "postgres.h"
@@ -174,8 +174,8 @@ static void init_state(FState *st)
 }
 
 /*
- * Must not reseed more ofter than RESEED_PER_SEC
- * times per second.
+ * The time between reseed must be at least RESEED_INTERVAL
+ * microseconds.
  */
 static int too_often(FState *st)
 {
@@ -241,7 +241,6 @@ static void reseed(FState *st)
 
 	memset(&key_md, 0, sizeof(key_md));
 	memset(buf, 0, BLOCK);
-	n = k = 0;
 }
 
 /*
diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
index 4dcbb48069615f59790ad370a123992f0b017ad7..93085dbf6d3b71ab4f2a31673275b3c73b2d5c7f 100644
--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.20 2005/07/11 15:07:59 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/internal.c,v 1.21 2005/07/18 17:09:01 tgl Exp $
  */
 
 #include "postgres.h"
@@ -127,6 +127,7 @@ int_md5_free(PX_MD * h)
 {
 	MD5_CTX    *ctx = (MD5_CTX *) h->p.ptr;
 
+	memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -174,6 +175,7 @@ int_sha1_free(PX_MD * h)
 {
 	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
 
+	memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -221,6 +223,7 @@ int_sha256_free(PX_MD * h)
 {
 	SHA256_CTX   *ctx = (SHA256_CTX *) h->p.ptr;
 
+	memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -267,6 +270,7 @@ int_sha384_free(PX_MD * h)
 {
 	SHA384_CTX   *ctx = (SHA384_CTX *) h->p.ptr;
 
+	memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -314,6 +318,7 @@ int_sha512_free(PX_MD * h)
 {
 	SHA512_CTX   *ctx = (SHA512_CTX *) h->p.ptr;
 
+	memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -326,6 +331,7 @@ init_md5(PX_MD * md)
 	MD5_CTX    *ctx;
 
 	ctx = px_alloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 
 	md->p.ptr = ctx;
 
@@ -345,6 +351,7 @@ init_sha1(PX_MD * md)
 	SHA1_CTX   *ctx;
 
 	ctx = px_alloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 
 	md->p.ptr = ctx;
 
@@ -364,6 +371,7 @@ init_sha256(PX_MD * md)
 	SHA256_CTX   *ctx;
 
 	ctx = px_alloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 
 	md->p.ptr = ctx;
 
@@ -383,6 +391,7 @@ init_sha384(PX_MD * md)
 	SHA384_CTX   *ctx;
 
 	ctx = px_alloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 
 	md->p.ptr = ctx;
 
@@ -402,6 +411,7 @@ init_sha512(PX_MD * md)
 	SHA512_CTX   *ctx;
 
 	ctx = px_alloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 
 	md->p.ptr = ctx;
 
@@ -829,6 +839,7 @@ static void system_reseed(void)
 		fortuna_add_entropy(SYSTEM_ENTROPY, buf, n);
 
 	seed_time = t;
+	memset(buf, 0, sizeof(buf));
 }
 
 int
diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c
index f1a41f10a266f72b8e69b36346427eca336c88ce..da0ba9a18cf3dad3c9856fcd7499e9fab44339ca 100644
--- a/contrib/pgcrypto/pgp-compress.c
+++ b/contrib/pgcrypto/pgp-compress.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-compress.c,v 1.3 2005/07/18 16:35:06 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-compress.c,v 1.4 2005/07/18 17:09:01 tgl Exp $
  */
 
 #include "postgres.h"
@@ -270,7 +270,11 @@ restart:
 	dec->stream.avail_out = dec->buf_len;
 	dec->pos = dec->buf;
 
-	/* Z_NO_FLUSH, Z_SYNC_FLUSH */
+	/*
+	 * Z_SYNC_FLUSH is tell zlib to output as much as possible.
+	 * It should do it anyway (Z_NO_FLUSH), but seems to reserve
+	 * the right not to.  So lets follow the API.
+	 */
 	flush = dec->stream.avail_in ? Z_SYNC_FLUSH : Z_FINISH;
 	res = inflate(&dec->stream, flush);
 	if (res != Z_OK && res != Z_STREAM_END)
diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
index 18173610756b204d856578f78e15e3e59c0b98d6..1fc4f4feb0ac8b47d908b375e367196ebb3eb543 100644
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ b/contrib/pgcrypto/pgp-decrypt.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-decrypt.c,v 1.3 2005/07/18 16:35:06 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-decrypt.c,v 1.4 2005/07/18 17:09:01 tgl Exp $
  */
 
 #include "postgres.h"
@@ -339,7 +339,6 @@ static void mdc_free(void *priv)
 	ctx->mdc_ctx = NULL;
 }
 
-/* fixme: clarify */
 static int mdc_finish(PGP_Context *ctx, PullFilter *src,
 		int len, uint8 **data_p)
 {
@@ -364,6 +363,7 @@ static int mdc_finish(PGP_Context *ctx, PullFilter *src,
 		return 0;
 	}
 	
+	/* safety check */
 	if (ctx->in_mdc_pkt > 1)
 	{
 		px_debug("mdc_finish: several times here?");
@@ -371,6 +371,7 @@ static int mdc_finish(PGP_Context *ctx, PullFilter *src,
 	}
 	ctx->in_mdc_pkt++;
 	
+	/* is the packet sane? */
 	if (res != 20)
 	{
 		px_debug("mdc_finish: read failed, res=%d", res);
diff --git a/contrib/pgcrypto/pgp.h b/contrib/pgcrypto/pgp.h
index 7f31aa3d732f0e54272759cf31c95e0d7eaef775..93a06d46f222e1cf396f43fb97eac412fe9e2aaa 100644
--- a/contrib/pgcrypto/pgp.h
+++ b/contrib/pgcrypto/pgp.h
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/pgp.h,v 1.1 2005/07/10 13:46:29 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/pgp.h,v 1.2 2005/07/18 17:09:01 tgl Exp $
  */
 
 enum
@@ -238,8 +238,6 @@ unsigned	pgp_armor_dec_len(unsigned len);
 int pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst);
 int pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src);
 
-extern void (*pgp_packet_debug) (int tag, uint8 *buf, int len);
-
 int pgp_key_alloc(PGP_PubKey **pk_p);
 void pgp_key_free(PGP_PubKey *pk);
 int _pgp_read_public_key(PullFilter *pkt, PGP_PubKey *pk);
diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c
index 059fad3c8b35d142a7a5a4997bd638996439c657..242eb175dab5e528721b6329b65a58a0707b44b2 100644
--- a/contrib/pgcrypto/random.c
+++ b/contrib/pgcrypto/random.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.14 2005/07/11 19:06:46 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.15 2005/07/18 17:09:01 tgl Exp $
  */
 
 #include "postgres.h"
@@ -44,7 +44,9 @@
  */
 #if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
 	|| defined(__NetBSD__) || defined(__DragonFly__) \
-	|| defined(__darwin__) || defined(__SOLARIS__)
+	|| defined(__darwin__) || defined(__SOLARIS__) \
+	|| defined(__hpux) || defined(__HPUX__) \
+	|| defined(__CYGWIN__) || defined(_AIX)
 
 #define TRY_DEV_RANDOM