public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dagfinn Ilmari Mannsåker <[email protected]>
Subject: [PATCH 2/2] pgcrypto: use explicit_bzero() instead of px_memset(..., 0, ...)
Date: Thu, 9 Apr 2026 11:35:13 +0100
px_memset() is only ever called with zero for the value, so use
explicit_bzero() instead and remove the function.
---
contrib/pgcrypto/crypt-blowfish.c | 4 ++--
contrib/pgcrypto/crypt-md5.c | 4 ++--
contrib/pgcrypto/crypt-sha.c | 4 ++--
contrib/pgcrypto/mbuf.c | 12 ++++++------
contrib/pgcrypto/pgp-cfb.c | 2 +-
contrib/pgcrypto/pgp-compress.c | 4 ++--
contrib/pgcrypto/pgp-decrypt.c | 20 ++++++++++----------
contrib/pgcrypto/pgp-encrypt.c | 10 +++++-----
contrib/pgcrypto/pgp-mpi.c | 2 +-
contrib/pgcrypto/pgp-pgsql.c | 2 +-
contrib/pgcrypto/pgp-pubenc.c | 6 +++---
contrib/pgcrypto/pgp-pubkey.c | 8 ++++----
contrib/pgcrypto/pgp-s2k.c | 6 +++---
contrib/pgcrypto/pgp.c | 2 +-
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/px-hmac.c | 8 ++++----
contrib/pgcrypto/px.c | 9 +--------
contrib/pgcrypto/px.h | 2 --
18 files changed, 49 insertions(+), 58 deletions(-)
diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c
index 4d870fd65d7..b688d320ad8 100644
--- a/contrib/pgcrypto/crypt-blowfish.c
+++ b/contrib/pgcrypto/crypt-blowfish.c
@@ -621,7 +621,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
{
- px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
+ explicit_bzero(data.binary.salt, sizeof(data.binary.salt));
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("invalid salt")));
@@ -738,7 +738,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
/* Overwrite the most obvious sensitive data we have on the stack. Note
* that this does not guarantee there's no sensitive data left on the
* stack and/or in registers; I'm not aware of portable code that does. */
- px_memset(&data, 0, sizeof(data));
+ explicit_bzero(&data, sizeof(data));
return output;
}
diff --git a/contrib/pgcrypto/crypt-md5.c b/contrib/pgcrypto/crypt-md5.c
index 33f93847a42..4e667063aef 100644
--- a/contrib/pgcrypto/crypt-md5.c
+++ b/contrib/pgcrypto/crypt-md5.c
@@ -95,7 +95,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
/* Don't leave anything around in vm they could use. */
- px_memset(final, 0, sizeof final);
+ explicit_bzero(final, sizeof final);
/* Then something really weird... */
for (i = strlen(pw); i; i >>= 1)
@@ -160,7 +160,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
*p = '\0';
/* Don't leave anything around in vm they could use. */
- px_memset(final, 0, sizeof final);
+ explicit_bzero(final, sizeof final);
px_md_free(ctx1);
px_md_free(ctx);
diff --git a/contrib/pgcrypto/crypt-sha.c b/contrib/pgcrypto/crypt-sha.c
index e8f32bc3896..91e31835f69 100644
--- a/contrib/pgcrypto/crypt-sha.c
+++ b/contrib/pgcrypto/crypt-sha.c
@@ -477,7 +477,7 @@ px_crypt_shacrypt(const char *pw, const char *salt, char *passwd, unsigned dstle
memcpy(cp, sha_buf_tmp, block);
/* Make sure we don't leave something important behind */
- px_memset(&sha_buf_tmp, 0, sizeof sha_buf);
+ explicit_bzero(&sha_buf_tmp, sizeof sha_buf);
/*-
* 21. Repeat a loop according to the number specified in the rounds=<N>
@@ -618,7 +618,7 @@ px_crypt_shacrypt(const char *pw, const char *salt, char *passwd, unsigned dstle
memcpy(passwd, out_buf->data, out_buf->len);
/* make sure nothing important is left behind */
- px_memset(&sha_buf, 0, sizeof sha_buf);
+ explicit_bzero(&sha_buf, sizeof sha_buf);
destroyStringInfo(out_buf);
destroyStringInfo(decoded_salt);
diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c
index 6a23ad99706..9f5824da557 100644
--- a/contrib/pgcrypto/mbuf.c
+++ b/contrib/pgcrypto/mbuf.c
@@ -63,7 +63,7 @@ mbuf_free(MBuf *mbuf)
{
if (mbuf->own_data)
{
- px_memset(mbuf->data, 0, mbuf->buf_end - mbuf->data);
+ explicit_bzero(mbuf->data, mbuf->buf_end - mbuf->data);
pfree(mbuf->data);
}
pfree(mbuf);
@@ -233,11 +233,11 @@ pullf_free(PullFilter *pf)
if (pf->buf)
{
- px_memset(pf->buf, 0, pf->buflen);
+ explicit_bzero(pf->buf, pf->buflen);
pfree(pf->buf);
}
- px_memset(pf, 0, sizeof(*pf));
+ explicit_bzero(pf, sizeof(*pf));
pfree(pf);
}
@@ -282,7 +282,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf)
if (res < 0)
{
/* so the caller must clear only on success */
- px_memset(tmpbuf, 0, total);
+ explicit_bzero(tmpbuf, total);
return res;
}
if (res == 0)
@@ -399,11 +399,11 @@ pushf_free(PushFilter *mp)
if (mp->buf)
{
- px_memset(mp->buf, 0, mp->block_size);
+ explicit_bzero(mp->buf, mp->block_size);
pfree(mp->buf);
}
- px_memset(mp, 0, sizeof(*mp));
+ explicit_bzero(mp, sizeof(*mp));
pfree(mp);
}
diff --git a/contrib/pgcrypto/pgp-cfb.c b/contrib/pgcrypto/pgp-cfb.c
index d8f1afc3aba..4cd5660cbcd 100644
--- a/contrib/pgcrypto/pgp-cfb.c
+++ b/contrib/pgcrypto/pgp-cfb.c
@@ -83,7 +83,7 @@ void
pgp_cfb_free(PGP_CFB *ctx)
{
px_cipher_free(ctx->ciph);
- px_memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
pfree(ctx);
}
diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c
index caa80ecdb45..5b827c96f2b 100644
--- a/contrib/pgcrypto/pgp-compress.c
+++ b/contrib/pgcrypto/pgp-compress.c
@@ -172,7 +172,7 @@ compress_free(void *priv)
struct ZipStat *st = priv;
deflateEnd(&st->stream);
- px_memset(st, 0, sizeof(*st));
+ explicit_bzero(st, sizeof(*st));
pfree(st);
}
@@ -315,7 +315,7 @@ decompress_free(void *priv)
struct DecomprData *dec = priv;
inflateEnd(&dec->stream);
- px_memset(dec, 0, sizeof(*dec));
+ explicit_bzero(dec, sizeof(*dec));
pfree(dec);
}
diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
index 52ca7840c6d..9696d609d03 100644
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ b/contrib/pgcrypto/pgp-decrypt.c
@@ -210,7 +210,7 @@ pktreader_free(void *priv)
{
struct PktData *pkt = priv;
- px_memset(pkt, 0, sizeof(*pkt));
+ explicit_bzero(pkt, sizeof(*pkt));
pfree(pkt);
}
@@ -260,7 +260,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
if (res != len + 2)
{
px_debug("prefix_init: short read");
- px_memset(tmpbuf, 0, sizeof(tmpbuf));
+ explicit_bzero(tmpbuf, sizeof(tmpbuf));
return PXE_PGP_CORRUPT_DATA;
}
@@ -270,7 +270,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
/* report error in pgp_decrypt() */
ctx->corrupt_prefix = 1;
}
- px_memset(tmpbuf, 0, sizeof(tmpbuf));
+ explicit_bzero(tmpbuf, sizeof(tmpbuf));
return 0;
}
@@ -381,8 +381,8 @@ mdc_finish(PGP_Context *ctx, PullFilter *src, int len)
*/
px_md_finish(ctx->mdc_ctx, hash);
res = memcmp(hash, data, 20);
- px_memset(hash, 0, 20);
- px_memset(tmpbuf, 0, sizeof(tmpbuf));
+ explicit_bzero(hash, 20);
+ explicit_bzero(tmpbuf, sizeof(tmpbuf));
if (res != 0)
{
px_debug("mdc_finish: mdc failed");
@@ -475,7 +475,7 @@ mdcbuf_finish(struct MDCBufData *st)
px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2);
px_md_finish(st->ctx->mdc_ctx, hash);
res = memcmp(hash, st->mdc_buf + 2, 20);
- px_memset(hash, 0, 20);
+ explicit_bzero(hash, 20);
if (res)
{
px_debug("mdcbuf_finish: MDC does not match");
@@ -575,7 +575,7 @@ mdcbuf_free(void *priv)
px_md_free(st->ctx->mdc_ctx);
st->ctx->mdc_ctx = NULL;
- px_memset(st, 0, sizeof(*st));
+ explicit_bzero(st, sizeof(*st));
pfree(st);
}
@@ -686,7 +686,7 @@ parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src)
res = decrypt_key(ctx, p, res);
}
- px_memset(tmpbuf, 0, sizeof(tmpbuf));
+ explicit_bzero(tmpbuf, sizeof(tmpbuf));
return res;
}
@@ -736,7 +736,7 @@ copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr)
if (res < 0)
return res;
}
- px_memset(tmpbuf, 0, sizeof(tmpbuf));
+ explicit_bzero(tmpbuf, sizeof(tmpbuf));
return 0;
}
@@ -776,7 +776,7 @@ parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt)
px_debug("parse_literal_data: unexpected eof");
return PXE_PGP_CORRUPT_DATA;
}
- px_memset(tmpbuf, 0, 4);
+ explicit_bzero(tmpbuf, 4);
/*
* If called from an SQL function that returns text, pgp_decrypt() rejects
diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c
index 2c059804706..0a23fe59a5f 100644
--- a/contrib/pgcrypto/pgp-encrypt.c
+++ b/contrib/pgcrypto/pgp-encrypt.c
@@ -127,7 +127,7 @@ mdc_flush(PushFilter *dst, void *priv)
px_md_finish(md, pkt + 2);
res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN);
- px_memset(pkt, 0, 2 + MDC_DIGEST_LEN);
+ explicit_bzero(pkt, 2 + MDC_DIGEST_LEN);
return res;
}
@@ -217,7 +217,7 @@ encrypt_free(void *priv)
if (st->ciph)
pgp_cfb_free(st->ciph);
- px_memset(st, 0, sizeof(*st));
+ explicit_bzero(st, sizeof(*st));
pfree(st);
}
@@ -299,7 +299,7 @@ pkt_stream_free(void *priv)
{
struct PktStreamStat *st = priv;
- px_memset(st, 0, sizeof(*st));
+ explicit_bzero(st, sizeof(*st));
pfree(st);
}
@@ -489,7 +489,7 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
prefix[bs + 1] = prefix[bs - 1];
res = pushf_write(dst, prefix, bs + 2);
- px_memset(prefix, 0, bs + 2);
+ explicit_bzero(prefix, bs + 2);
return res < 0 ? res : 0;
}
@@ -551,7 +551,7 @@ write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst)
if (res >= 0)
res = pushf_write(dst, pkt, pktlen);
- px_memset(pkt, 0, pktlen);
+ explicit_bzero(pkt, pktlen);
return res;
}
diff --git a/contrib/pgcrypto/pgp-mpi.c b/contrib/pgcrypto/pgp-mpi.c
index 03be27973be..95e4e9ba138 100644
--- a/contrib/pgcrypto/pgp-mpi.c
+++ b/contrib/pgcrypto/pgp-mpi.c
@@ -71,7 +71,7 @@ pgp_mpi_free(PGP_MPI *mpi)
{
if (mpi == NULL)
return 0;
- px_memset(mpi, 0, sizeof(*mpi) + mpi->bytes);
+ explicit_bzero(mpi, sizeof(*mpi) + mpi->bytes);
pfree(mpi);
return 0;
}
diff --git a/contrib/pgcrypto/pgp-pgsql.c b/contrib/pgcrypto/pgp-pgsql.c
index d3e7895b0d9..c9d9e230a2e 100644
--- a/contrib/pgcrypto/pgp-pgsql.c
+++ b/contrib/pgcrypto/pgp-pgsql.c
@@ -96,7 +96,7 @@ convert_to_utf8(text *src)
static void
clear_and_pfree(text *p)
{
- px_memset(p, 0, VARSIZE_ANY(p));
+ explicit_bzero(p, VARSIZE_ANY(p));
pfree(p);
}
diff --git a/contrib/pgcrypto/pgp-pubenc.c b/contrib/pgcrypto/pgp-pubenc.c
index c254a372750..aaae01da810 100644
--- a/contrib/pgcrypto/pgp-pubenc.c
+++ b/contrib/pgcrypto/pgp-pubenc.c
@@ -63,7 +63,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
{
if (!pg_strong_random(p, 1))
{
- px_memset(buf, 0, res_len);
+ explicit_bzero(buf, res_len);
pfree(buf);
return PXE_NO_RANDOM;
}
@@ -117,10 +117,10 @@ create_secmsg(PGP_Context *ctx, PGP_MPI **msg_p, int full_bytes)
if (padded)
{
- px_memset(padded, 0, full_bytes);
+ explicit_bzero(padded, full_bytes);
pfree(padded);
}
- px_memset(secmsg, 0, klen + 3);
+ explicit_bzero(secmsg, klen + 3);
pfree(secmsg);
if (res >= 0)
diff --git a/contrib/pgcrypto/pgp-pubkey.c b/contrib/pgcrypto/pgp-pubkey.c
index 6f118865917..f866eb19eeb 100644
--- a/contrib/pgcrypto/pgp-pubkey.c
+++ b/contrib/pgcrypto/pgp-pubkey.c
@@ -76,7 +76,7 @@ pgp_key_free(PGP_PubKey *pk)
pgp_mpi_free(pk->sec.dsa.x);
break;
}
- px_memset(pk, 0, sizeof(*pk));
+ explicit_bzero(pk, sizeof(*pk));
pfree(pk);
}
@@ -149,7 +149,7 @@ calc_key_id(PGP_PubKey *pk)
px_md_free(md);
memcpy(pk->key_id, hash + 12, 8);
- px_memset(hash, 0, 20);
+ explicit_bzero(hash, 20);
return 0;
}
@@ -290,8 +290,8 @@ check_key_sha1(PullFilter *src, PGP_PubKey *pk)
res = PXE_PGP_KEYPKT_CORRUPT;
}
err:
- px_memset(got_sha1, 0, 20);
- px_memset(my_sha1, 0, 20);
+ explicit_bzero(got_sha1, 20);
+ explicit_bzero(my_sha1, 20);
return res;
}
diff --git a/contrib/pgcrypto/pgp-s2k.c b/contrib/pgcrypto/pgp-s2k.c
index 81ca1f094a1..ea7a99d1eec 100644
--- a/contrib/pgcrypto/pgp-s2k.c
+++ b/contrib/pgcrypto/pgp-s2k.c
@@ -74,7 +74,7 @@ calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
remain = 0;
}
}
- px_memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return 0;
}
@@ -118,7 +118,7 @@ calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
remain = 0;
}
}
- px_memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return 0;
}
@@ -188,7 +188,7 @@ calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
remain = 0;
}
}
- px_memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return 0;
}
diff --git a/contrib/pgcrypto/pgp.c b/contrib/pgcrypto/pgp.c
index 8a6a6c2adf1..4c17282c573 100644
--- a/contrib/pgcrypto/pgp.c
+++ b/contrib/pgcrypto/pgp.c
@@ -214,7 +214,7 @@ pgp_free(PGP_Context *ctx)
{
if (ctx->pub_key)
pgp_key_free(ctx->pub_key);
- px_memset(ctx, 0, sizeof *ctx);
+ explicit_bzero(ctx, sizeof *ctx);
pfree(ctx);
return 0;
}
diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c
index d7729eec9bc..03eca3d6ae0 100644
--- a/contrib/pgcrypto/px-crypt.c
+++ b/contrib/pgcrypto/px-crypt.c
@@ -181,7 +181,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
return PXE_NO_RANDOM;
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
- px_memset(rbuf, 0, sizeof(rbuf));
+ explicit_bzero(rbuf, sizeof(rbuf));
if (p == NULL)
return PXE_BAD_SALT_ROUNDS;
diff --git a/contrib/pgcrypto/px-hmac.c b/contrib/pgcrypto/px-hmac.c
index 68e5cff6d6a..24511aa6ad6 100644
--- a/contrib/pgcrypto/px-hmac.c
+++ b/contrib/pgcrypto/px-hmac.c
@@ -74,7 +74,7 @@ hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen)
h->p.opad[i] = keybuf[i] ^ HMAC_OPAD;
}
- px_memset(keybuf, 0, bs);
+ explicit_bzero(keybuf, bs);
pfree(keybuf);
px_md_update(md, h->p.ipad, bs);
@@ -116,7 +116,7 @@ hmac_finish(PX_HMAC *h, uint8 *dst)
px_md_update(md, buf, hlen);
px_md_finish(md, dst);
- px_memset(buf, 0, hlen);
+ explicit_bzero(buf, hlen);
pfree(buf);
}
@@ -128,8 +128,8 @@ hmac_free(PX_HMAC *h)
bs = px_md_block_size(h->md);
px_md_free(h->md);
- px_memset(h->p.ipad, 0, bs);
- px_memset(h->p.opad, 0, bs);
+ explicit_bzero(h->p.ipad, bs);
+ explicit_bzero(h->p.opad, bs);
pfree(h->p.ipad);
pfree(h->p.opad);
pfree(h);
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index f08bc498ac8..e8f96232de8 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -119,13 +119,6 @@ px_strerror(int err)
return "Bad error code";
}
-/* memset that must not be optimized away */
-void
-px_memset(void *ptr, int c, size_t len)
-{
- memset(ptr, c, len);
-}
-
const char *
px_resolve_alias(const PX_Alias *list, const char *name)
{
@@ -234,7 +227,7 @@ combo_free(PX_Combo *cx)
{
if (cx->cipher)
px_cipher_free(cx->cipher);
- px_memset(cx, 0, sizeof(*cx));
+ explicit_bzero(cx, sizeof(*cx));
pfree(cx);
}
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
index a09533a3582..bb5ee899d60 100644
--- a/contrib/pgcrypto/px.h
+++ b/contrib/pgcrypto/px.h
@@ -188,8 +188,6 @@ const char *px_resolve_alias(const PX_Alias *list, const char *name);
void px_set_debug_handler(void (*handler) (const char *));
-void px_memset(void *ptr, int c, size_t len);
-
bool CheckFIPSMode(void);
void CheckBuiltinCryptoMode(void);
--
2.53.0
--=-=-=--
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [PATCH 2/2] pgcrypto: use explicit_bzero() instead of px_memset(..., 0, ...)
In-Reply-To: <no-message-id-602184@localhost>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox