pgcrypto: fix memset() calls that might be optimized away

Specifically, on-stack memset() might be removed, so:

	* Replace memset() with px_memset()
	* Add px_memset to copy_crlf()
	* Add px_memset to pgp-s2k.c

Patch by Marko Kreen

Report by PVS-Studio

Backpatch through 8.4.

Author: bmomjian

contrib/pgcrypto/crypt-blowfish.c

@@ -35,6 +35,7 @@
 #include "postgres.h"
 
 #include "px-crypt.h"
+#include "px.h"
 
 #ifdef __i386__
 #define BF_ASM				0	/* 1 */
@@ -616,7 +617,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 	count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
 	if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
 	{
-		memset(data.binary.salt, 0, sizeof(data.binary.salt));
+		px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
 		return NULL;
 	}
 	BF_swap(data.binary.salt, 4);
@@ -729,7 +730,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 /* Overwrite the most obvious sensitive data we have on the stack. Note
  * that this does not guarantee there's no sensitive data left on the
  * stack and/or in registers; I'm not aware of portable code that does. */
-	memset(&data, 0, sizeof(data));
+	px_memset(&data, 0, sizeof(data));
 
 	return output;
 }

contrib/pgcrypto/crypt-md5.c

@@ -89,7 +89,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
 		px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof final);
+	px_memset(final, 0, sizeof final);
 
 	/* Then something really weird... */
 	for (i = strlen(pw); i; i >>= 1)
@@ -154,7 +154,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
 	*p = '\0';
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof final);
+	px_memset(final, 0, sizeof final);
 
 	px_md_free(ctx1);
 	px_md_free(ctx);

contrib/pgcrypto/fortuna.c

@@ -34,6 +34,7 @@
 #include <sys/time.h>
 #include <time.h>
 
+#include "px.h"
 #include "rijndael.h"
 #include "sha2.h"
 #include "fortuna.h"
@@ -169,7 +170,7 @@ md_result(MD_CTX * ctx, uint8 *dst)
 
 	memcpy(&tmp, ctx, sizeof(*ctx));
 	SHA256_Final(dst, &tmp);
-	memset(&tmp, 0, sizeof(tmp));
+	px_memset(&tmp, 0, sizeof(tmp));
 }
 
 /*
@@ -243,7 +244,7 @@ enough_time_passed(FState *st)
 	if (ok)
 		memcpy(last, &tv, sizeof(tv));
 
-	memset(&tv, 0, sizeof(tv));
+	px_memset(&tv, 0, sizeof(tv));
 
 	return ok;
 }
@@ -290,8 +291,8 @@ reseed(FState *st)
 	/* use new key */
 	ciph_init(&st->ciph, st->key, BLOCK);
 
-	memset(&key_md, 0, sizeof(key_md));
-	memset(buf, 0, BLOCK);
+	px_memset(&key_md, 0, sizeof(key_md));
+	px_memset(buf, 0, BLOCK);
 }
 
 /*
@@ -341,8 +342,8 @@ add_entropy(FState *st, const uint8 *data, unsigned len)
 	if (pos == 0)
 		st->pool0_bytes += len;
 
-	memset(hash, 0, BLOCK);
-	memset(&md, 0, sizeof(md));
+	px_memset(hash, 0, BLOCK);
+	px_memset(&md, 0, sizeof(md));
 }
 
 /*
@@ -378,7 +379,7 @@ startup_tricks(FState *st)
 		encrypt_counter(st, buf + CIPH_BLOCK);
 		md_update(&st->pool[i], buf, BLOCK);
 	}
-	memset(buf, 0, BLOCK);
+	px_memset(buf, 0, BLOCK);
 
 	/* Hide the key. */
 	rekey(st);

contrib/pgcrypto/internal-sha2.c

@@ -84,7 +84,7 @@ int_sha224_free(PX_MD *h)
 {
 	SHA224_CTX *ctx = (SHA224_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -132,7 +132,7 @@ int_sha256_free(PX_MD *h)
 {
 	SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -180,7 +180,7 @@ int_sha384_free(PX_MD *h)
 {
 	SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -228,7 +228,7 @@ int_sha512_free(PX_MD *h)
 {
 	SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }

contrib/pgcrypto/internal.c

@@ -142,7 +142,7 @@ int_md5_free(PX_MD *h)
 {
 	MD5_CTX    *ctx = (MD5_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -190,7 +190,7 @@ int_sha1_free(PX_MD *h)
 {
 	SHA1_CTX   *ctx = (SHA1_CTX *) h->p.ptr;
 
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 	px_free(h);
 }
@@ -265,7 +265,7 @@ intctx_free(PX_Cipher *c)
 
 	if (cx)
 	{
-		memset(cx, 0, sizeof *cx);
+		px_memset(cx, 0, sizeof *cx);
 		px_free(cx);
 	}
 	px_free(c);
@@ -658,7 +658,7 @@ system_reseed(void)
 		skip = buf[0] >= SYSTEM_RESEED_CHANCE;
 	}
 	/* clear 1 byte */
-	memset(buf, 0, sizeof(buf));
+	px_memset(buf, 0, sizeof(buf));
 
 	if (skip)
 		return;
@@ -668,7 +668,7 @@ system_reseed(void)
 		fortuna_add_entropy(buf, n);
 
 	seed_time = t;
-	memset(buf, 0, sizeof(buf));
+	px_memset(buf, 0, sizeof(buf));
 }
 
 int

contrib/pgcrypto/mbuf.c

@@ -69,7 +69,7 @@ mbuf_free(MBuf *mbuf)
 {
 	if (mbuf->own_data)
 	{
-		memset(mbuf->data, 0, mbuf->buf_end - mbuf->data);
+		px_memset(mbuf->data, 0, mbuf->buf_end - mbuf->data);
 		px_free(mbuf->data);
 	}
 	px_free(mbuf);
@@ -249,11 +249,11 @@ pullf_free(PullFilter *pf)
 
 	if (pf->buf)
 	{
-		memset(pf->buf, 0, pf->buflen);
+		px_memset(pf->buf, 0, pf->buflen);
 		px_free(pf->buf);
 	}
 
-	memset(pf, 0, sizeof(*pf));
+	px_memset(pf, 0, sizeof(*pf));
 	px_free(pf);
 }
 
@@ -298,7 +298,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf)
 		if (res < 0)
 		{
 			/* so the caller must clear only on success */
-			memset(tmpbuf, 0, total);
+			px_memset(tmpbuf, 0, total);
 			return res;
 		}
 		if (res == 0)
@@ -415,11 +415,11 @@ pushf_free(PushFilter *mp)
 
 	if (mp->buf)
 	{
-		memset(mp->buf, 0, mp->block_size);
+		px_memset(mp->buf, 0, mp->block_size);
 		px_free(mp->buf);
 	}
 
-	memset(mp, 0, sizeof(*mp));
+	px_memset(mp, 0, sizeof(*mp));
 	px_free(mp);
 }
 

contrib/pgcrypto/openssl.c

@@ -142,7 +142,7 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 static int
 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 {
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	return 1;
 }
 
@@ -381,7 +381,7 @@ gen_ossl_free(PX_Cipher *c)
 {
 	ossldata   *od = (ossldata *) c->ptr;
 
-	memset(od, 0, sizeof(*od));
+	px_memset(od, 0, sizeof(*od));
 	px_free(od);
 	px_free(c);
 }

contrib/pgcrypto/pgp-cfb.c

@@ -84,7 +84,7 @@ void
 pgp_cfb_free(PGP_CFB *ctx)
 {
 	px_cipher_free(ctx->ciph);
-	memset(ctx, 0, sizeof(*ctx));
+	px_memset(ctx, 0, sizeof(*ctx));
 	px_free(ctx);
 }
 

contrib/pgcrypto/pgp-compress.c

@@ -174,7 +174,7 @@ compress_free(void *priv)
 	struct ZipStat *st = priv;
 
 	deflateEnd(&st->stream);
-	memset(st, 0, sizeof(*st));
+	px_memset(st, 0, sizeof(*st));
 	px_free(st);
 }
 
@@ -297,7 +297,7 @@ decompress_free(void *priv)
 	struct DecomprData *dec = priv;
 
 	inflateEnd(&dec->stream);
-	memset(dec, 0, sizeof(*dec));
+	px_memset(dec, 0, sizeof(*dec));
 	px_free(dec);
 }
 

contrib/pgcrypto/pgp-decrypt.c

@@ -210,7 +210,7 @@ pktreader_free(void *priv)
 {
 	struct PktData *pkt = priv;
 
-	memset(pkt, 0, sizeof(*pkt));
+	px_memset(pkt, 0, sizeof(*pkt));
 	px_free(pkt);
 }
 
@@ -257,7 +257,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
 	if (res != len + 2)
 	{
 		px_debug("prefix_init: short read");
-		memset(tmpbuf, 0, sizeof(tmpbuf));
+		px_memset(tmpbuf, 0, sizeof(tmpbuf));
 		return PXE_PGP_CORRUPT_DATA;
 	}
 
@@ -280,7 +280,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
 		 */
 		ctx->corrupt_prefix = 1;
 	}
-	memset(tmpbuf, 0, sizeof(tmpbuf));
+	px_memset(tmpbuf, 0, sizeof(tmpbuf));
 	return 0;
 }
 
@@ -395,8 +395,8 @@ mdc_finish(PGP_Context *ctx, PullFilter *src,
 	 */
 	px_md_finish(ctx->mdc_ctx, hash);
 	res = memcmp(hash, *data_p, 20);
-	memset(hash, 0, 20);
-	memset(tmpbuf, 0, sizeof(tmpbuf));
+	px_memset(hash, 0, 20);
+	px_memset(tmpbuf, 0, sizeof(tmpbuf));
 	if (res != 0)
 	{
 		px_debug("mdc_finish: mdc failed");
@@ -493,7 +493,7 @@ mdcbuf_finish(struct MDCBufData * st)
 	px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2);
 	px_md_finish(st->ctx->mdc_ctx, hash);
 	res = memcmp(hash, st->mdc_buf + 2, 20);
-	memset(hash, 0, 20);
+	px_memset(hash, 0, 20);
 	if (res)
 	{
 		px_debug("mdcbuf_finish: MDC does not match");
@@ -593,7 +593,7 @@ mdcbuf_free(void *priv)
 
 	px_md_free(st->ctx->mdc_ctx);
 	st->ctx->mdc_ctx = NULL;
-	memset(st, 0, sizeof(*st));
+	px_memset(st, 0, sizeof(*st));
 	px_free(st);
 }
 
@@ -703,7 +703,7 @@ parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src)
 		res = decrypt_key(ctx, p, res);
 	}
 
-	memset(tmpbuf, 0, sizeof(tmpbuf));
+	px_memset(tmpbuf, 0, sizeof(tmpbuf));
 	return res;
 }
 
@@ -753,6 +753,7 @@ copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr)
 		if (res < 0)
 			return res;
 	}
+	px_memset(tmpbuf, 0, sizeof(tmpbuf));
 	return 0;
 }
 
@@ -792,7 +793,7 @@ parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt)
 		px_debug("parse_literal_data: unexpected eof");
 		return PXE_PGP_CORRUPT_DATA;
 	}
-	memset(tmpbuf, 0, 4);
+	px_memset(tmpbuf, 0, 4);
 
 	/* check if text */
 	if (ctx->text_mode)

contrib/pgcrypto/pgp-encrypt.c

@@ -128,7 +128,7 @@ mdc_flush(PushFilter *dst, void *priv)
 	px_md_finish(md, pkt + 2);
 
 	res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN);
-	memset(pkt, 0, 2 + MDC_DIGEST_LEN);
+	px_memset(pkt, 0, 2 + MDC_DIGEST_LEN);
 	return res;
 }
 
@@ -217,7 +217,7 @@ encrypt_free(void *priv)
 {
 	struct EncStat *st = priv;
 
-	memset(st, 0, sizeof(*st));
+	px_memset(st, 0, sizeof(*st));
 	px_free(st);
 }
 
@@ -299,7 +299,7 @@ pkt_stream_free(void *priv)
 {
 	struct PktStreamStat *st = priv;
 
-	memset(st, 0, sizeof(*st));
+	px_memset(st, 0, sizeof(*st));
 	px_free(st);
 }
 
@@ -490,7 +490,7 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
 	prefix[bs + 1] = prefix[bs - 1];
 
 	res = pushf_write(dst, prefix, bs + 2);
-	memset(prefix, 0, bs + 2);
+	px_memset(prefix, 0, bs + 2);
 	return res < 0 ? res : 0;
 }
 
@@ -552,7 +552,7 @@ write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst)
 	if (res >= 0)
 		res = pushf_write(dst, pkt, pktlen);
 
-	memset(pkt, 0, pktlen);
+	px_memset(pkt, 0, pktlen);
 	return res;
 }