From e06f9ee31e30e8ea19608ea26b1a793ce2a70fe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= Date: Thu, 9 Apr 2026 11:35:13 +0100 Subject: [PATCH 2/2] pgcrypto: use explicit_bzero() instead of px_memset(..., 0, ...) px_memset() is only ever called with zero for the value, so use explicit_bzero() instead and remove the function. --- contrib/pgcrypto/crypt-blowfish.c | 4 ++-- contrib/pgcrypto/crypt-md5.c | 4 ++-- contrib/pgcrypto/crypt-sha.c | 4 ++-- contrib/pgcrypto/mbuf.c | 12 ++++++------ contrib/pgcrypto/pgp-cfb.c | 2 +- contrib/pgcrypto/pgp-compress.c | 4 ++-- contrib/pgcrypto/pgp-decrypt.c | 20 ++++++++++---------- contrib/pgcrypto/pgp-encrypt.c | 10 +++++----- contrib/pgcrypto/pgp-mpi.c | 2 +- contrib/pgcrypto/pgp-pgsql.c | 2 +- contrib/pgcrypto/pgp-pubenc.c | 6 +++--- contrib/pgcrypto/pgp-pubkey.c | 8 ++++---- contrib/pgcrypto/pgp-s2k.c | 6 +++--- contrib/pgcrypto/pgp.c | 2 +- contrib/pgcrypto/px-crypt.c | 2 +- contrib/pgcrypto/px-hmac.c | 8 ++++---- contrib/pgcrypto/px.c | 9 +-------- contrib/pgcrypto/px.h | 2 -- 18 files changed, 49 insertions(+), 58 deletions(-) diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c index 4d870fd65d7..b688d320ad8 100644 --- a/contrib/pgcrypto/crypt-blowfish.c +++ b/contrib/pgcrypto/crypt-blowfish.c @@ -621,7 +621,7 @@ _crypt_blowfish_rn(const char *key, const char *setting, count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) { - px_memset(data.binary.salt, 0, sizeof(data.binary.salt)); + explicit_bzero(data.binary.salt, sizeof(data.binary.salt)); ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("invalid salt"))); @@ -738,7 +738,7 @@ _crypt_blowfish_rn(const char *key, const char *setting, /* Overwrite the most obvious sensitive data we have on the stack. Note * that this does not guarantee there's no sensitive data left on the * stack and/or in registers; I'm not aware of portable code that does. */ - px_memset(&data, 0, sizeof(data)); + explicit_bzero(&data, sizeof(data)); return output; } diff --git a/contrib/pgcrypto/crypt-md5.c b/contrib/pgcrypto/crypt-md5.c index 33f93847a42..4e667063aef 100644 --- a/contrib/pgcrypto/crypt-md5.c +++ b/contrib/pgcrypto/crypt-md5.c @@ -95,7 +95,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen) px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl); /* Don't leave anything around in vm they could use. */ - px_memset(final, 0, sizeof final); + explicit_bzero(final, sizeof final); /* Then something really weird... */ for (i = strlen(pw); i; i >>= 1) @@ -160,7 +160,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen) *p = '\0'; /* Don't leave anything around in vm they could use. */ - px_memset(final, 0, sizeof final); + explicit_bzero(final, sizeof final); px_md_free(ctx1); px_md_free(ctx); diff --git a/contrib/pgcrypto/crypt-sha.c b/contrib/pgcrypto/crypt-sha.c index e8f32bc3896..91e31835f69 100644 --- a/contrib/pgcrypto/crypt-sha.c +++ b/contrib/pgcrypto/crypt-sha.c @@ -477,7 +477,7 @@ px_crypt_shacrypt(const char *pw, const char *salt, char *passwd, unsigned dstle memcpy(cp, sha_buf_tmp, block); /* Make sure we don't leave something important behind */ - px_memset(&sha_buf_tmp, 0, sizeof sha_buf); + explicit_bzero(&sha_buf_tmp, sizeof sha_buf); /*- * 21. Repeat a loop according to the number specified in the rounds= @@ -618,7 +618,7 @@ px_crypt_shacrypt(const char *pw, const char *salt, char *passwd, unsigned dstle memcpy(passwd, out_buf->data, out_buf->len); /* make sure nothing important is left behind */ - px_memset(&sha_buf, 0, sizeof sha_buf); + explicit_bzero(&sha_buf, sizeof sha_buf); destroyStringInfo(out_buf); destroyStringInfo(decoded_salt); diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c index 6a23ad99706..9f5824da557 100644 --- a/contrib/pgcrypto/mbuf.c +++ b/contrib/pgcrypto/mbuf.c @@ -63,7 +63,7 @@ mbuf_free(MBuf *mbuf) { if (mbuf->own_data) { - px_memset(mbuf->data, 0, mbuf->buf_end - mbuf->data); + explicit_bzero(mbuf->data, mbuf->buf_end - mbuf->data); pfree(mbuf->data); } pfree(mbuf); @@ -233,11 +233,11 @@ pullf_free(PullFilter *pf) if (pf->buf) { - px_memset(pf->buf, 0, pf->buflen); + explicit_bzero(pf->buf, pf->buflen); pfree(pf->buf); } - px_memset(pf, 0, sizeof(*pf)); + explicit_bzero(pf, sizeof(*pf)); pfree(pf); } @@ -282,7 +282,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf) if (res < 0) { /* so the caller must clear only on success */ - px_memset(tmpbuf, 0, total); + explicit_bzero(tmpbuf, total); return res; } if (res == 0) @@ -399,11 +399,11 @@ pushf_free(PushFilter *mp) if (mp->buf) { - px_memset(mp->buf, 0, mp->block_size); + explicit_bzero(mp->buf, mp->block_size); pfree(mp->buf); } - px_memset(mp, 0, sizeof(*mp)); + explicit_bzero(mp, sizeof(*mp)); pfree(mp); } diff --git a/contrib/pgcrypto/pgp-cfb.c b/contrib/pgcrypto/pgp-cfb.c index d8f1afc3aba..4cd5660cbcd 100644 --- a/contrib/pgcrypto/pgp-cfb.c +++ b/contrib/pgcrypto/pgp-cfb.c @@ -83,7 +83,7 @@ void pgp_cfb_free(PGP_CFB *ctx) { px_cipher_free(ctx->ciph); - px_memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); pfree(ctx); } diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c index caa80ecdb45..5b827c96f2b 100644 --- a/contrib/pgcrypto/pgp-compress.c +++ b/contrib/pgcrypto/pgp-compress.c @@ -172,7 +172,7 @@ compress_free(void *priv) struct ZipStat *st = priv; deflateEnd(&st->stream); - px_memset(st, 0, sizeof(*st)); + explicit_bzero(st, sizeof(*st)); pfree(st); } @@ -315,7 +315,7 @@ decompress_free(void *priv) struct DecomprData *dec = priv; inflateEnd(&dec->stream); - px_memset(dec, 0, sizeof(*dec)); + explicit_bzero(dec, sizeof(*dec)); pfree(dec); } diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c index 52ca7840c6d..9696d609d03 100644 --- a/contrib/pgcrypto/pgp-decrypt.c +++ b/contrib/pgcrypto/pgp-decrypt.c @@ -210,7 +210,7 @@ pktreader_free(void *priv) { struct PktData *pkt = priv; - px_memset(pkt, 0, sizeof(*pkt)); + explicit_bzero(pkt, sizeof(*pkt)); pfree(pkt); } @@ -260,7 +260,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src) if (res != len + 2) { px_debug("prefix_init: short read"); - px_memset(tmpbuf, 0, sizeof(tmpbuf)); + explicit_bzero(tmpbuf, sizeof(tmpbuf)); return PXE_PGP_CORRUPT_DATA; } @@ -270,7 +270,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src) /* report error in pgp_decrypt() */ ctx->corrupt_prefix = 1; } - px_memset(tmpbuf, 0, sizeof(tmpbuf)); + explicit_bzero(tmpbuf, sizeof(tmpbuf)); return 0; } @@ -381,8 +381,8 @@ mdc_finish(PGP_Context *ctx, PullFilter *src, int len) */ px_md_finish(ctx->mdc_ctx, hash); res = memcmp(hash, data, 20); - px_memset(hash, 0, 20); - px_memset(tmpbuf, 0, sizeof(tmpbuf)); + explicit_bzero(hash, 20); + explicit_bzero(tmpbuf, sizeof(tmpbuf)); if (res != 0) { px_debug("mdc_finish: mdc failed"); @@ -475,7 +475,7 @@ mdcbuf_finish(struct MDCBufData *st) px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2); px_md_finish(st->ctx->mdc_ctx, hash); res = memcmp(hash, st->mdc_buf + 2, 20); - px_memset(hash, 0, 20); + explicit_bzero(hash, 20); if (res) { px_debug("mdcbuf_finish: MDC does not match"); @@ -575,7 +575,7 @@ mdcbuf_free(void *priv) px_md_free(st->ctx->mdc_ctx); st->ctx->mdc_ctx = NULL; - px_memset(st, 0, sizeof(*st)); + explicit_bzero(st, sizeof(*st)); pfree(st); } @@ -686,7 +686,7 @@ parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src) res = decrypt_key(ctx, p, res); } - px_memset(tmpbuf, 0, sizeof(tmpbuf)); + explicit_bzero(tmpbuf, sizeof(tmpbuf)); return res; } @@ -736,7 +736,7 @@ copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr) if (res < 0) return res; } - px_memset(tmpbuf, 0, sizeof(tmpbuf)); + explicit_bzero(tmpbuf, sizeof(tmpbuf)); return 0; } @@ -776,7 +776,7 @@ parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt) px_debug("parse_literal_data: unexpected eof"); return PXE_PGP_CORRUPT_DATA; } - px_memset(tmpbuf, 0, 4); + explicit_bzero(tmpbuf, 4); /* * If called from an SQL function that returns text, pgp_decrypt() rejects diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c index 2c059804706..0a23fe59a5f 100644 --- a/contrib/pgcrypto/pgp-encrypt.c +++ b/contrib/pgcrypto/pgp-encrypt.c @@ -127,7 +127,7 @@ mdc_flush(PushFilter *dst, void *priv) px_md_finish(md, pkt + 2); res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN); - px_memset(pkt, 0, 2 + MDC_DIGEST_LEN); + explicit_bzero(pkt, 2 + MDC_DIGEST_LEN); return res; } @@ -217,7 +217,7 @@ encrypt_free(void *priv) if (st->ciph) pgp_cfb_free(st->ciph); - px_memset(st, 0, sizeof(*st)); + explicit_bzero(st, sizeof(*st)); pfree(st); } @@ -299,7 +299,7 @@ pkt_stream_free(void *priv) { struct PktStreamStat *st = priv; - px_memset(st, 0, sizeof(*st)); + explicit_bzero(st, sizeof(*st)); pfree(st); } @@ -489,7 +489,7 @@ write_prefix(PGP_Context *ctx, PushFilter *dst) prefix[bs + 1] = prefix[bs - 1]; res = pushf_write(dst, prefix, bs + 2); - px_memset(prefix, 0, bs + 2); + explicit_bzero(prefix, bs + 2); return res < 0 ? res : 0; } @@ -551,7 +551,7 @@ write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst) if (res >= 0) res = pushf_write(dst, pkt, pktlen); - px_memset(pkt, 0, pktlen); + explicit_bzero(pkt, pktlen); return res; } diff --git a/contrib/pgcrypto/pgp-mpi.c b/contrib/pgcrypto/pgp-mpi.c index 03be27973be..95e4e9ba138 100644 --- a/contrib/pgcrypto/pgp-mpi.c +++ b/contrib/pgcrypto/pgp-mpi.c @@ -71,7 +71,7 @@ pgp_mpi_free(PGP_MPI *mpi) { if (mpi == NULL) return 0; - px_memset(mpi, 0, sizeof(*mpi) + mpi->bytes); + explicit_bzero(mpi, sizeof(*mpi) + mpi->bytes); pfree(mpi); return 0; } diff --git a/contrib/pgcrypto/pgp-pgsql.c b/contrib/pgcrypto/pgp-pgsql.c index d3e7895b0d9..c9d9e230a2e 100644 --- a/contrib/pgcrypto/pgp-pgsql.c +++ b/contrib/pgcrypto/pgp-pgsql.c @@ -96,7 +96,7 @@ convert_to_utf8(text *src) static void clear_and_pfree(text *p) { - px_memset(p, 0, VARSIZE_ANY(p)); + explicit_bzero(p, VARSIZE_ANY(p)); pfree(p); } diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c index c254a372750..aaae01da810 100644 --- a/contrib/pgcrypto/pgp-pubenc.c +++ b/contrib/pgcrypto/pgp-pubenc.c @@ -63,7 +63,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p) { if (!pg_strong_random(p, 1)) { - px_memset(buf, 0, res_len); + explicit_bzero(buf, res_len); pfree(buf); return PXE_NO_RANDOM; } @@ -117,10 +117,10 @@ create_secmsg(PGP_Context *ctx, PGP_MPI **msg_p, int full_bytes) if (padded) { - px_memset(padded, 0, full_bytes); + explicit_bzero(padded, full_bytes); pfree(padded); } - px_memset(secmsg, 0, klen + 3); + explicit_bzero(secmsg, klen + 3); pfree(secmsg); if (res >= 0) diff --git a/contrib/pgcrypto/pgp-pubkey.c b/contrib/pgcrypto/pgp-pubkey.c index 6f118865917..f866eb19eeb 100644 --- a/contrib/pgcrypto/pgp-pubkey.c +++ b/contrib/pgcrypto/pgp-pubkey.c @@ -76,7 +76,7 @@ pgp_key_free(PGP_PubKey *pk) pgp_mpi_free(pk->sec.dsa.x); break; } - px_memset(pk, 0, sizeof(*pk)); + explicit_bzero(pk, sizeof(*pk)); pfree(pk); } @@ -149,7 +149,7 @@ calc_key_id(PGP_PubKey *pk) px_md_free(md); memcpy(pk->key_id, hash + 12, 8); - px_memset(hash, 0, 20); + explicit_bzero(hash, 20); return 0; } @@ -290,8 +290,8 @@ check_key_sha1(PullFilter *src, PGP_PubKey *pk) res = PXE_PGP_KEYPKT_CORRUPT; } err: - px_memset(got_sha1, 0, 20); - px_memset(my_sha1, 0, 20); + explicit_bzero(got_sha1, 20); + explicit_bzero(my_sha1, 20); return res; } diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c index 81ca1f094a1..ea7a99d1eec 100644 --- a/contrib/pgcrypto/pgp-s2k.c +++ b/contrib/pgcrypto/pgp-s2k.c @@ -74,7 +74,7 @@ calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key, remain = 0; } } - px_memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return 0; } @@ -118,7 +118,7 @@ calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len) remain = 0; } } - px_memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return 0; } @@ -188,7 +188,7 @@ calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, remain = 0; } } - px_memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return 0; } diff --git a/contrib/pgcrypto/pgp.c b/contrib/pgcrypto/pgp.c index 8a6a6c2adf1..4c17282c573 100644 --- a/contrib/pgcrypto/pgp.c +++ b/contrib/pgcrypto/pgp.c @@ -214,7 +214,7 @@ pgp_free(PGP_Context *ctx) { if (ctx->pub_key) pgp_key_free(ctx->pub_key); - px_memset(ctx, 0, sizeof *ctx); + explicit_bzero(ctx, sizeof *ctx); pfree(ctx); return 0; } diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c index d7729eec9bc..03eca3d6ae0 100644 --- a/contrib/pgcrypto/px-crypt.c +++ b/contrib/pgcrypto/px-crypt.c @@ -181,7 +181,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds) return PXE_NO_RANDOM; p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN); - px_memset(rbuf, 0, sizeof(rbuf)); + explicit_bzero(rbuf, sizeof(rbuf)); if (p == NULL) return PXE_BAD_SALT_ROUNDS; diff --git a/contrib/pgcrypto/px-hmac.c b/contrib/pgcrypto/px-hmac.c index 68e5cff6d6a..24511aa6ad6 100644 --- a/contrib/pgcrypto/px-hmac.c +++ b/contrib/pgcrypto/px-hmac.c @@ -74,7 +74,7 @@ hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen) h->p.opad[i] = keybuf[i] ^ HMAC_OPAD; } - px_memset(keybuf, 0, bs); + explicit_bzero(keybuf, bs); pfree(keybuf); px_md_update(md, h->p.ipad, bs); @@ -116,7 +116,7 @@ hmac_finish(PX_HMAC *h, uint8 *dst) px_md_update(md, buf, hlen); px_md_finish(md, dst); - px_memset(buf, 0, hlen); + explicit_bzero(buf, hlen); pfree(buf); } @@ -128,8 +128,8 @@ hmac_free(PX_HMAC *h) bs = px_md_block_size(h->md); px_md_free(h->md); - px_memset(h->p.ipad, 0, bs); - px_memset(h->p.opad, 0, bs); + explicit_bzero(h->p.ipad, bs); + explicit_bzero(h->p.opad, bs); pfree(h->p.ipad); pfree(h->p.opad); pfree(h); diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index f08bc498ac8..e8f96232de8 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -119,13 +119,6 @@ px_strerror(int err) return "Bad error code"; } -/* memset that must not be optimized away */ -void -px_memset(void *ptr, int c, size_t len) -{ - memset(ptr, c, len); -} - const char * px_resolve_alias(const PX_Alias *list, const char *name) { @@ -234,7 +227,7 @@ combo_free(PX_Combo *cx) { if (cx->cipher) px_cipher_free(cx->cipher); - px_memset(cx, 0, sizeof(*cx)); + explicit_bzero(cx, sizeof(*cx)); pfree(cx); } diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h index a09533a3582..bb5ee899d60 100644 --- a/contrib/pgcrypto/px.h +++ b/contrib/pgcrypto/px.h @@ -188,8 +188,6 @@ const char *px_resolve_alias(const PX_Alias *list, const char *name); void px_set_debug_handler(void (*handler) (const char *)); -void px_memset(void *ptr, int c, size_t len); - bool CheckFIPSMode(void); void CheckBuiltinCryptoMode(void); -- 2.53.0