Re: [HACKERS] Fix memset usage in pgcrypto

2014-04-17 Thread Bruce Momjian 
On Mon, Mar 31, 2014 at 09:03:41PM -0400, Bruce Momjian wrote:
> On Thu, Dec 26, 2013 at 03:42:12PM +0200, Marko Kreen wrote:
> > http://www.viva64.com/en/b/0227/ reported that on-stack memset()s
> > might be optimized away by compilers.  Fix it.
> > 
> > * Replace memset() with px_memset()
> > * Add px_memset to copy_crlf()
> > * ADd px_memset to pgp-s2k.c
> 
> Where are we on this patch?  Seems it needs backpatching too.

Patch backpatched through 8.4.  Thanks.

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

  + Everyone has their own god. +


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Fix memset usage in pgcrypto

2014-03-31 Thread Bruce Momjian 
On Thu, Dec 26, 2013 at 03:42:12PM +0200, Marko Kreen wrote:
> http://www.viva64.com/en/b/0227/ reported that on-stack memset()s
> might be optimized away by compilers.  Fix it.
> 
> * Replace memset() with px_memset()
> * Add px_memset to copy_crlf()
> * ADd px_memset to pgp-s2k.c

Where are we on this patch?  Seems it needs backpatching too.

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

  + Everyone has their own god. +


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Fix memset usage in pgcrypto

2014-01-21 Thread Marko Kreen 
On Mon, Jan 20, 2014 at 06:49:21PM -0300, Alvaro Herrera wrote:
> Marko Kreen escribió:
> > http://www.viva64.com/en/b/0227/ reported that on-stack memset()s
> > might be optimized away by compilers.  Fix it.
> 
> Just to clarify, this needs to be applied to all branches, right?  If
> so, does the version submitted apply cleanly to all of them?

It does apply cleanly.  It is not critical fix, but it's simple,
so I think it should be back-patched.

-- 
marko



-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Fix memset usage in pgcrypto

2014-01-20 Thread Alvaro Herrera 
Marko Kreen escribió:
> http://www.viva64.com/en/b/0227/ reported that on-stack memset()s
> might be optimized away by compilers.  Fix it.

Just to clarify, this needs to be applied to all branches, right?  If
so, does the version submitted apply cleanly to all of them?

-- 
Álvaro Herrerahttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] Fix memset usage in pgcrypto

2013-12-26 Thread Marko Kreen 
http://www.viva64.com/en/b/0227/ reported that on-stack memset()s
might be optimized away by compilers.  Fix it.

* Replace memset() with px_memset()
* Add px_memset to copy_crlf()
* ADd px_memset to pgp-s2k.c

-- 
marko

diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c
index b49747d..fbaa3d7 100644
--- a/contrib/pgcrypto/crypt-blowfish.c
+++ b/contrib/pgcrypto/crypt-blowfish.c
@@ -35,6 +35,7 @@
 #include "postgres.h"
 
 #include "px-crypt.h"
+#include "px.h"
 
 #ifdef __i386__
 #define BF_ASM0	/* 1 */
@@ -616,7 +617,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 	count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
 	if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
 	{
-		memset(data.binary.salt, 0, sizeof(data.binary.salt));
+		px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
 		return NULL;
 	}
 	BF_swap(data.binary.salt, 4);
@@ -729,7 +730,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 /* Overwrite the most obvious sensitive data we have on the stack. Note
  * that this does not guarantee there's no sensitive data left on the
  * stack and/or in registers; I'm not aware of portable code that does. */
-	memset(&data, 0, sizeof(data));
+	px_memset(&data, 0, sizeof(data));
 
 	return output;
 }
diff --git a/contrib/pgcrypto/crypt-md5.c b/contrib/pgcrypto/crypt-md5.c
index 2a5cd70..6a09d76 100644
--- a/contrib/pgcrypto/crypt-md5.c
+++ b/contrib/pgcrypto/crypt-md5.c
@@ -89,7 +89,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
 		px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof final);
+	px_memset(final, 0, sizeof final);
 
 	/* Then something really weird... */
 	for (i = strlen(pw); i; i >>= 1)
@@ -154,7 +154,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
 	*p = '\0';
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof final);
+	px_memset(final, 0, sizeof final);
 
 	px_md_free(ctx1);
 	px_md_free(ctx);
diff --git a/contrib/pgcrypto/fortuna.c b/contrib/pgcrypto/fortuna.c
index 1228fb4..47380a8 100644
--- a/contrib/pgcrypto/fortuna.c
+++ b/contrib/pgcrypto/fortuna.c
@@ -34,6 +34,7 @@
 #include 
 #include 
 
+#include "px.h"
 #include "rijndael.h"
 #include "sha2.h"
 #include "fortuna.h"
@@ -169,7 +170,7 @@ md_result(MD_CTX * ctx, uint8 *dst)
 
 	memcpy(&tmp, ctx, sizeof(*ctx));
 	SHA256_Final(dst, &tmp);
-	memset(&tmp, 0, sizeof(tmp));
+	px_memset(&tmp, 0, sizeof(tmp));
 }
 
 /*
@@ -243,7 +244,7 @@ enough_time_passed(FState *st)
 	if (ok)
 		memcpy(last, &tv, sizeof(tv));
 
-	memset(&tv, 0, sizeof(tv));
+	px_memset(&tv, 0, sizeof(tv));
 
 	return ok;
 }
@@ -290,8 +291,8 @@ reseed(FState *st)
 	/* use new key */
 	ciph_init(&st->ciph, st->key, BLOCK);
 
-	memset(&key_md, 0, sizeof(key_md));
-	memset(buf, 0, BLOCK);
+	px_memset(&key_md, 0, sizeof(key_md));
+	px_memset(buf, 0, BLOCK);
 }
 
 /*
@@ -341,8 +342,8 @@ add_entropy(FState *st, const uint8 *data, unsigned len)
 	if (pos == 0)
 		st->pool0_bytes += len;
 
-	memset(hash, 0, BLOCK);
-	memset(&md, 0, sizeof(md));
+	px_memset(hash, 0, BLOCK);
+	px_memset(&md, 0, sizeof(md));
 }
 
 /*
@@ -378,7 +379,7 @@ startup_tricks(FState *st)
 		encrypt_counter(st, buf + CIPH_BLOCK);
 		md_update(&st->pool[i], buf, BLOCK);
 	}
-	memset(buf, 0, BLOCK);
+	px_memset(buf, 0, BLOCK);
 
 	/* Hide the key. */
 	rekey(st);
diff --git a/contrib/pgcrypto/internal-sha2.c b/contrib/pgcrypto/internal-sha2.c
index f86b478..912effb 100644
--- a/contrib/pgcrypto/internal-sha2.c
+++ b/contrib/pgcrypto/internal-sha2.c
@@ -84,7 +84,7 @@ int_sha224_free(PX_MD *h)
 {
 	SHA224_CTX *ctx = (SHA224_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -132,7 +132,7 @@ int_sha256_free(PX_MD *h)
 {
 	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -180,7 +180,7 @@ int_sha384_free(PX_MD *h)
 {
 	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -228,7 +228,7 @@ int_sha512_free(PX_MD *h)
 {
 	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
index a02c943..7b33e49 100644
--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -142,7 +142,7 @@ int_md5_free(PX_MD *h)
 {
 	MD5_CTX*ctx = (MD5_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -190,7 +190,7 @@ int_sha1_free(PX_MD *h)
 {
 	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, siz