- Fix couple comments.

- internal.c didnt clean hash contexts when freeing

- zero the system randomness buffer too

- Google tells that we can use /dev/urandom on Cygwin,
  HPUX and AIX.  Add them to random.c

- remove a debug reference from pgp.h


Index: pgsql/contrib/pgcrypto/fortuna.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/fortuna.c
--- pgsql/contrib/pgcrypto/fortuna.c
*************** static void init_state(FState *st)
*** 174,181 ****
  }
  
  /*
!  * Must not reseed more ofter than RESEED_PER_SEC
!  * times per second.
   */
  static int too_often(FState *st)
  {
--- 174,181 ----
  }
  
  /*
!  * The time between reseed must be at least RESEED_INTERVAL
!  * microseconds.
   */
  static int too_often(FState *st)
  {
*************** static void reseed(FState *st)
*** 241,247 ****
  
        memset(&key_md, 0, sizeof(key_md));
        memset(buf, 0, BLOCK);
-       n = k = 0;
  }
  
  /*
--- 241,246 ----
Index: pgsql/contrib/pgcrypto/internal.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/internal.c
--- pgsql/contrib/pgcrypto/internal.c
*************** int_md5_free(PX_MD * h)
*** 127,132 ****
--- 127,133 ----
  {
        MD5_CTX    *ctx = (MD5_CTX *) h->p.ptr;
  
+       memset(ctx, 0, sizeof(*ctx));
        px_free(ctx);
        px_free(h);
  }
*************** int_sha1_free(PX_MD * h)
*** 174,179 ****
--- 175,181 ----
  {
        SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
  
+       memset(ctx, 0, sizeof(*ctx));
        px_free(ctx);
        px_free(h);
  }
*************** int_sha256_free(PX_MD * h)
*** 221,226 ****
--- 223,229 ----
  {
        SHA256_CTX   *ctx = (SHA256_CTX *) h->p.ptr;
  
+       memset(ctx, 0, sizeof(*ctx));
        px_free(ctx);
        px_free(h);
  }
*************** int_sha384_free(PX_MD * h)
*** 267,272 ****
--- 270,276 ----
  {
        SHA384_CTX   *ctx = (SHA384_CTX *) h->p.ptr;
  
+       memset(ctx, 0, sizeof(*ctx));
        px_free(ctx);
        px_free(h);
  }
*************** int_sha512_free(PX_MD * h)
*** 314,319 ****
--- 318,324 ----
  {
        SHA512_CTX   *ctx = (SHA512_CTX *) h->p.ptr;
  
+       memset(ctx, 0, sizeof(*ctx));
        px_free(ctx);
        px_free(h);
  }
*************** init_md5(PX_MD * md)
*** 326,331 ****
--- 331,337 ----
        MD5_CTX    *ctx;
  
        ctx = px_alloc(sizeof(*ctx));
+       memset(ctx, 0, sizeof(*ctx));
  
        md->p.ptr = ctx;
  
*************** init_sha1(PX_MD * md)
*** 345,350 ****
--- 351,357 ----
        SHA1_CTX   *ctx;
  
        ctx = px_alloc(sizeof(*ctx));
+       memset(ctx, 0, sizeof(*ctx));
  
        md->p.ptr = ctx;
  
*************** init_sha256(PX_MD * md)
*** 364,369 ****
--- 371,377 ----
        SHA256_CTX   *ctx;
  
        ctx = px_alloc(sizeof(*ctx));
+       memset(ctx, 0, sizeof(*ctx));
  
        md->p.ptr = ctx;
  
*************** init_sha384(PX_MD * md)
*** 383,388 ****
--- 391,397 ----
        SHA384_CTX   *ctx;
  
        ctx = px_alloc(sizeof(*ctx));
+       memset(ctx, 0, sizeof(*ctx));
  
        md->p.ptr = ctx;
  
*************** init_sha512(PX_MD * md)
*** 402,407 ****
--- 411,417 ----
        SHA512_CTX   *ctx;
  
        ctx = px_alloc(sizeof(*ctx));
+       memset(ctx, 0, sizeof(*ctx));
  
        md->p.ptr = ctx;
  
*************** static void system_reseed(void)
*** 829,834 ****
--- 839,845 ----
                fortuna_add_entropy(SYSTEM_ENTROPY, buf, n);
  
        seed_time = t;
+       memset(buf, 0, sizeof(buf));
  }
  
  int
Index: pgsql/contrib/pgcrypto/pgp-compress.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-compress.c
--- pgsql/contrib/pgcrypto/pgp-compress.c
*************** restart:
*** 270,276 ****
        dec->stream.avail_out = dec->buf_len;
        dec->pos = dec->buf;
  
!       // Z_NO_FLUSH, Z_SYNC_FLUSH,
        flush = dec->stream.avail_in ? Z_SYNC_FLUSH : Z_FINISH;
        res = inflate(&dec->stream, flush);
        if (res != Z_OK && res != Z_STREAM_END)
--- 270,280 ----
        dec->stream.avail_out = dec->buf_len;
        dec->pos = dec->buf;
  
!       /*
!        * Z_SYNC_FLUSH is tell zlib to output as much as possible.
!        * It should do in anyway (Z_NO_FLUSH), but seems to reserve
!        * the right not to.  So lets follow the API.
!        */
        flush = dec->stream.avail_in ? Z_SYNC_FLUSH : Z_FINISH;
        res = inflate(&dec->stream, flush);
        if (res != Z_OK && res != Z_STREAM_END)
Index: pgsql/contrib/pgcrypto/pgp-decrypt.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp-decrypt.c
--- pgsql/contrib/pgcrypto/pgp-decrypt.c
*************** static void mdc_free(void *priv)
*** 339,345 ****
        ctx->mdc_ctx = NULL;
  }
  
- // fixme: clarify
  static int mdc_finish(PGP_Context *ctx, PullFilter *src,
                int len, uint8 **data_p)
  {
--- 339,344 ----
*************** static int mdc_finish(PGP_Context *ctx, 
*** 364,369 ****
--- 363,369 ----
                return 0;
        }
        
+       /* safety check */
        if (ctx->in_mdc_pkt > 1)
        {
                px_debug("mdc_finish: several times here?");
*************** static int mdc_finish(PGP_Context *ctx, 
*** 371,376 ****
--- 371,377 ----
        }
        ctx->in_mdc_pkt++;
        
+       /* is the packet sane? */
        if (res != 20)
        {
                px_debug("mdc_finish: read failed, res=%d", res);
Index: pgsql/contrib/pgcrypto/random.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/random.c
--- pgsql/contrib/pgcrypto/random.c
***************
*** 44,50 ****
   */
  #if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
        || defined(__NetBSD__) || defined(__DragonFly__) \
!       || defined(__darwin__) || defined(__SOLARIS__)
  
  #define TRY_DEV_RANDOM
  
--- 44,52 ----
   */
  #if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
        || defined(__NetBSD__) || defined(__DragonFly__) \
!       || defined(__darwin__) || defined(__SOLARIS__) \
!       || defined(__hpux) || defined(__HPUX__) \
!       || defined(__CYGWIN__) || defined(_AIX)
  
  #define TRY_DEV_RANDOM
  
Index: pgsql/contrib/pgcrypto/pgp.h
===================================================================
*** pgsql.orig/contrib/pgcrypto/pgp.h
--- pgsql/contrib/pgcrypto/pgp.h
*************** unsigned        pgp_armor_dec_len(unsigned len)
*** 238,245 ****
  int pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst);
  int pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter 
*src);
  
- extern void (*pgp_packet_debug) (int tag, uint8 *buf, int len);
- 
  int pgp_key_alloc(PGP_PubKey **pk_p);
  void pgp_key_free(PGP_PubKey *pk);
  int _pgp_read_public_key(PullFilter *pkt, PGP_PubKey *pk);
--- 238,243 ----

--

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org

Reply via email to