From 9b584953e7bf91e342af87ef44606acd6206cd1c Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Mon, 14 Dec 2020 12:38:13 +0900 Subject: Improve some code around cryptohash functions This adjusts some code related to recent changes for cryptohash functions: - Add a variable in md5.h to track down the size of a computed result, moved from pgcrypto. Note that pg_md5_hash() assumed a result of this size already. - Call explicit_bzero() on the hashed data when freeing the context for fallback implementations. For MD5, particularly, it would be annoying to leave some non-zeroed data around. - Clean up some code related to recent changes of uuid-ossp. .gitignore still included md5.c and a comment was incorrect. Discussion: https://postgr.es/m/X9HXKTgrvJvYO7Oh@paquier.xyz --- src/common/cryptohash.c | 20 ++++++++++++++++++++ src/common/md5_common.c | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) (limited to 'src/common') diff --git a/src/common/cryptohash.c b/src/common/cryptohash.c index 5cc2572eb6e..cf4588bad72 100644 --- a/src/common/cryptohash.c +++ b/src/common/cryptohash.c @@ -197,6 +197,26 @@ pg_cryptohash_free(pg_cryptohash_ctx *ctx) { if (ctx == NULL) return; + + switch (ctx->type) + { + case PG_MD5: + explicit_bzero(ctx->data, sizeof(pg_md5_ctx)); + break; + case PG_SHA224: + explicit_bzero(ctx->data, sizeof(pg_sha224_ctx)); + break; + case PG_SHA256: + explicit_bzero(ctx->data, sizeof(pg_sha256_ctx)); + break; + case PG_SHA384: + explicit_bzero(ctx->data, sizeof(pg_sha384_ctx)); + break; + case PG_SHA512: + explicit_bzero(ctx->data, sizeof(pg_sha512_ctx)); + break; + } + FREE(ctx->data); explicit_bzero(ctx, sizeof(pg_cryptohash_ctx)); FREE(ctx); diff --git a/src/common/md5_common.c b/src/common/md5_common.c index 74c274175fe..abf79e5918f 100644 --- a/src/common/md5_common.c +++ b/src/common/md5_common.c @@ -69,7 +69,7 @@ bytesToHex(uint8 b[16], char *s) bool pg_md5_hash(const void *buff, size_t len, char *hexsum) { - uint8 sum[16]; + uint8 sum[MD5_DIGEST_LENGTH]; pg_cryptohash_ctx *ctx; ctx = pg_cryptohash_create(PG_MD5); -- cgit v1.2.3