From 9d9a9bb6d9b4eb93ecf3e7e3c5695a2ac2c2a2d7 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Thu, 10 Dec 2020 16:34:19 +0900 Subject: [PATCH 1/2] Adjust some code of cryptohash This adjusts the code around recent changes for cryptohash functions: - Add a variable in md5.h to track down the size of a digest result, taken from pgcrypto/. - Call explicit_bzero() on the context data when freeing the thing for fallback implementations. - Clean up some code related to recent changes of uuid-ossp. --- src/include/common/md5.h | 4 ++++ src/common/cryptohash.c | 20 ++++++++++++++++++++ contrib/pgcrypto/internal.c | 4 ---- contrib/uuid-ossp/.gitignore | 1 - contrib/uuid-ossp/uuid-ossp.c | 4 ++-- 5 files changed, 26 insertions(+), 7 deletions(-) diff --git a/src/include/common/md5.h b/src/include/common/md5.h index 53036d2d17..5dac70cbc5 100644 --- a/src/include/common/md5.h +++ b/src/include/common/md5.h @@ -16,6 +16,10 @@ #ifndef PG_MD5_H #define PG_MD5_H +/* Size of result generated by MD5 computation */ +#define MD5_DIGEST_LENGTH 16 + +/* password-related data */ #define MD5_PASSWD_CHARSET "0123456789abcdef" #define MD5_PASSWD_LEN 35 diff --git a/src/common/cryptohash.c b/src/common/cryptohash.c index 5cc2572eb6..cf4588bad7 100644 --- a/src/common/cryptohash.c +++ b/src/common/cryptohash.c @@ -197,6 +197,26 @@ pg_cryptohash_free(pg_cryptohash_ctx *ctx) { if (ctx == NULL) return; + + switch (ctx->type) + { + case PG_MD5: + explicit_bzero(ctx->data, sizeof(pg_md5_ctx)); + break; + case PG_SHA224: + explicit_bzero(ctx->data, sizeof(pg_sha224_ctx)); + break; + case PG_SHA256: + explicit_bzero(ctx->data, sizeof(pg_sha256_ctx)); + break; + case PG_SHA384: + explicit_bzero(ctx->data, sizeof(pg_sha384_ctx)); + break; + case PG_SHA512: + explicit_bzero(ctx->data, sizeof(pg_sha512_ctx)); + break; + } + FREE(ctx->data); explicit_bzero(ctx, sizeof(pg_cryptohash_ctx)); FREE(ctx); diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c index e6d90c5656..ea377bdf83 100644 --- a/contrib/pgcrypto/internal.c +++ b/contrib/pgcrypto/internal.c @@ -41,10 +41,6 @@ #include "common/cryptohash.h" #include "common/md5.h" -#ifndef MD5_DIGEST_LENGTH -#define MD5_DIGEST_LENGTH 16 -#endif - #ifndef SHA1_DIGEST_LENGTH #ifdef SHA1_RESULTLEN #define SHA1_DIGEST_LENGTH SHA1_RESULTLEN diff --git a/contrib/uuid-ossp/.gitignore b/contrib/uuid-ossp/.gitignore index 6c989c7872..d7260edc61 100644 --- a/contrib/uuid-ossp/.gitignore +++ b/contrib/uuid-ossp/.gitignore @@ -1,4 +1,3 @@ -/md5.c /sha1.c # Generated subdirectories /log/ diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c index 8f81c94e72..2ff7d9448b 100644 --- a/contrib/uuid-ossp/uuid-ossp.c +++ b/contrib/uuid-ossp/uuid-ossp.c @@ -41,8 +41,8 @@ #undef uuid_hash /* - * Some BSD variants offer md5 and sha1 implementations but Linux does not, - * so we use a copy of the ones from pgcrypto. Not needed with OSSP, though. + * Some BSD variants offer sha1 implementation but Linux does not, so we use + * a copy from pgcrypto. Not needed with OSSP, though. */ #ifndef HAVE_UUID_OSSP #include "sha1.h" -- 2.29.2