I ran clang checker and noticed these. It looks like the
sha2 implementation is trying to zero out state on exit, but
clang checker finds at least 'a' is a dead store.
Should we fix this?
Is something like the attached sensible?
Is there a common/better approach to zero-out in PG ?
Garick
diff --git a/src/common/sha2.c b/src/common/sha2.c
index ae0a1a3..9c19ef2 100644
--- a/src/common/sha2.c
+++ b/src/common/sha2.c
@@ -457,7 +457,16 @@ SHA256_Transform(pg_sha256_ctx *context, const uint8 *data)
context->state[7] += h;
/* Clean up */
- a = b = c = d = e = f = g = h = T1 = T2 = 0;
+ *((volatile uint32 *) &a) = 0;
+ *((volatile uint32 *) &b) = 0;
+ *((volatile uint32 *) &c) = 0;
+ *((volatile uint32 *) &d) = 0;
+ *((volatile uint32 *) &e) = 0;
+ *((volatile uint32 *) &f) = 0;
+ *((volatile uint32 *) &g) = 0;
+ *((volatile uint32 *) &h) = 0;
+ *((volatile uint32 *) &T1) = 0;
+ *((volatile uint32 *) &T2) = 0;
}
#endif /*
SHA2_UNROLL_TRANSFORM */
@@ -693,7 +702,15 @@ SHA512_Transform(pg_sha512_ctx *context, const uint8 *data)
context->state[7] += h;
/* Clean up */
- a = b = c = d = e = f = g = h = T1 = 0;
+ *((volatile uint32 *) &a) = 0;
+ *((volatile uint32 *) &b) = 0;
+ *((volatile uint32 *) &c) = 0;
+ *((volatile uint32 *) &d) = 0;
+ *((volatile uint32 *) &e) = 0;
+ *((volatile uint32 *) &f) = 0;
+ *((volatile uint32 *) &g) = 0;
+ *((volatile uint32 *) &h) = 0;
+ *((volatile uint32 *) &T1) = 0;
}
#else /*
SHA2_UNROLL_TRANSFORM */
@@ -783,7 +800,16 @@ SHA512_Transform(pg_sha512_ctx *context, const uint8 *data)
context->state[7] += h;
/* Clean up */
- a = b = c = d = e = f = g = h = T1 = T2 = 0;
+ *((volatile uint32 *) &a) = 0;
+ *((volatile uint32 *) &b) = 0;
+ *((volatile uint32 *) &c) = 0;
+ *((volatile uint32 *) &d) = 0;
+ *((volatile uint32 *) &e) = 0;
+ *((volatile uint32 *) &f) = 0;
+ *((volatile uint32 *) &g) = 0;
+ *((volatile uint32 *) &h) = 0;
+ *((volatile uint32 *) &T1) = 0;
+ *((volatile uint32 *) &T2) = 0;
}
#endif /*
SHA2_UNROLL_TRANSFORM */
