Improve some code around cryptohash functions

This adjusts some code related to recent changes for cryptohash
functions:
- Add a variable in md5.h to track down the size of a computed result,
moved from pgcrypto.  Note that pg_md5_hash() assumed a result of this
size already.
- Call explicit_bzero() on the hashed data when freeing the context for
fallback implementations.  For MD5, particularly, it would be annoying
to leave some non-zeroed data around.
- Clean up some code related to recent changes of uuid-ossp.  .gitignore
still included md5.c and a comment was incorrect.

Discussion: https://postgr.es/m/[email protected]

diff --git a/contrib/pgcrypto/internal.c b/contrib/pgcrypto/internal.c
index e6d90c56567b50be331c6775fceae0a85a1a8daa..ea377bdf83ae9d2af9880cce51c2d7f2159a94f0 100644 (file)
--- a/contrib/pgcrypto/internal.c
+++ b/contrib/pgcrypto/internal.c
@@ -41,10 +41,6 @@
 #include "common/cryptohash.h"
 #include "common/md5.h"
 
-#ifndef MD5_DIGEST_LENGTH
-#define MD5_DIGEST_LENGTH 16
-#endif
-
 #ifndef SHA1_DIGEST_LENGTH
 #ifdef SHA1_RESULTLEN
 #define SHA1_DIGEST_LENGTH SHA1_RESULTLEN

diff --git a/contrib/uuid-ossp/.gitignore b/contrib/uuid-ossp/.gitignore
index 6c989c787297ee6470129a330de3809945d4a69d..d7260edc610abc6e41fd4bff39d4724aa53fdf54 100644 (file)
--- a/contrib/uuid-ossp/.gitignore
+++ b/contrib/uuid-ossp/.gitignore
@@ -1,4 +1,3 @@
-/md5.c
 /sha1.c
 # Generated subdirectories
 /log/

diff --git a/contrib/uuid-ossp/uuid-ossp.c b/contrib/uuid-ossp/uuid-ossp.c
index 8f81c94e725308966153c41a4c01024a6d4257e6..2ff7d9448bcad09a0f1b81c341472788c3014a4b 100644 (file)
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@@ -41,8 +41,8 @@
 #undef uuid_hash
 
 /*
- * Some BSD variants offer md5 and sha1 implementations but Linux does not,
- * so we use a copy of the ones from pgcrypto.  Not needed with OSSP, though.
+ * Some BSD variants offer sha1 implementation but Linux does not, so we use
+ * a copy from pgcrypto.  Not needed with OSSP, though.
  */
 #ifndef HAVE_UUID_OSSP
 #include "sha1.h"

diff --git a/src/common/cryptohash.c b/src/common/cryptohash.c
index 5cc2572eb6e405675362f218d5ca9d9cf4e8f6d6..cf4588bad72ae3189dbb3f103b6e3ac31610e61d 100644 (file)
--- a/src/common/cryptohash.c
+++ b/src/common/cryptohash.c
@@ -197,6 +197,26 @@ pg_cryptohash_free(pg_cryptohash_ctx *ctx)
 {
    if (ctx == NULL)
        return;
+
+   switch (ctx->type)
+   {
+       case PG_MD5:
+           explicit_bzero(ctx->data, sizeof(pg_md5_ctx));
+           break;
+       case PG_SHA224:
+           explicit_bzero(ctx->data, sizeof(pg_sha224_ctx));
+           break;
+       case PG_SHA256:
+           explicit_bzero(ctx->data, sizeof(pg_sha256_ctx));
+           break;
+       case PG_SHA384:
+           explicit_bzero(ctx->data, sizeof(pg_sha384_ctx));
+           break;
+       case PG_SHA512:
+           explicit_bzero(ctx->data, sizeof(pg_sha512_ctx));
+           break;
+   }
+
    FREE(ctx->data);
    explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
    FREE(ctx);

diff --git a/src/common/md5_common.c b/src/common/md5_common.c
index 74c274175fe7273d243da6dc0ffa297fff4f1bc1..abf79e5918f76c602062a048dfd5d74601f3ffbe 100644 (file)
--- a/src/common/md5_common.c
+++ b/src/common/md5_common.c
@@ -69,7 +69,7 @@ bytesToHex(uint8 b[16], char *s)
 bool
 pg_md5_hash(const void *buff, size_t len, char *hexsum)
 {
-   uint8       sum[16];
+   uint8       sum[MD5_DIGEST_LENGTH];
    pg_cryptohash_ctx *ctx;
 
    ctx = pg_cryptohash_create(PG_MD5);

diff --git a/src/include/common/md5.h b/src/include/common/md5.h
index 53036d2d17ee694a6bebff5b21bc841a1755547a..5dac70cbc5024635f367f7e21bc7143a2d3a8300 100644 (file)
--- a/src/include/common/md5.h
+++ b/src/include/common/md5.h
@@ -16,6 +16,10 @@
 #ifndef PG_MD5_H
 #define PG_MD5_H
 
+/* Size of result generated by MD5 computation */
+#define MD5_DIGEST_LENGTH 16
+
+/* password-related data */
 #define MD5_PASSWD_CHARSET "0123456789abcdef"
 #define MD5_PASSWD_LEN 35