Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5dd30bb

Browse files
committed
Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
We should have done it this way all along, but we accidentally gotaway with using the wrong BIO field up until OpenSSL 3.2. There,the library's BIO routines that we rely on use the "data" fieldfor their own purposes, and our conflicting use causes assortedweird behaviors up to and including core dumps when SSL connectionsare attempted. Switch to using the approved field for the purpose,i.e. app_data.While at it, remove our configure probes for BIO_get_data as wellas the fallback implementation. BIO_{get,set}_app_data have beenthere since long before any OpenSSL version that we still support,even in the back branches.Also, update src/test/ssl/t/001_ssltests.pl to allow for a minorchange in an error message spelling that evidently came in with 3.2.Tristan Partin and Bo Andreson. Back-patch to all supported branches.Discussion:https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
1 parent2873fbf commit5dd30bb

File tree

7 files changed

+10
-25
lines changed

7 files changed

+10
-25
lines changed

‎configure

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13239,7 +13239,7 @@ done
1323913239
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
1324013240
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
1324113241
# functions.
13242-
for ac_func in OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
13242+
for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
1324313243
do :
1324413244
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
1324513245
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

‎configure.ac

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1347,7 +1347,7 @@ if test "$with_ssl" = openssl ; then
13471347
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
13481348
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
13491349
# functions.
1350-
AC_CHECK_FUNCS([OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
1350+
AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
13511351
# OpenSSL versions before 1.1.0 required setting callback functions, for
13521352
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
13531353
# function was removed.

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -839,11 +839,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
839839
* to retry; do we need to adopt their logic for that?
840840
*/
841841

842-
#ifndefHAVE_BIO_GET_DATA
843-
#defineBIO_get_data(bio) (bio->ptr)
844-
#defineBIO_set_data(bio,data) (bio->ptr = data)
845-
#endif
846-
847842
staticBIO_METHOD*my_bio_methods=NULL;
848843

849844
staticint
@@ -853,7 +848,7 @@ my_sock_read(BIO *h, char *buf, int size)
853848

854849
if (buf!=NULL)
855850
{
856-
res=secure_raw_read(((Port*)BIO_get_data(h)),buf,size);
851+
res=secure_raw_read(((Port*)BIO_get_app_data(h)),buf,size);
857852
BIO_clear_retry_flags(h);
858853
if (res <=0)
859854
{
@@ -873,7 +868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
873868
{
874869
intres=0;
875870

876-
res=secure_raw_write(((Port*)BIO_get_data(h)),buf,size);
871+
res=secure_raw_write(((Port*)BIO_get_app_data(h)),buf,size);
877872
BIO_clear_retry_flags(h);
878873
if (res <=0)
879874
{
@@ -949,7 +944,7 @@ my_SSL_set_fd(Port *port, int fd)
949944
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
950945
gotoerr;
951946
}
952-
BIO_set_data(bio,port);
947+
BIO_set_app_data(bio,port);
953948

954949
BIO_set_fd(bio,fd,BIO_NOCLOSE);
955950
SSL_set_bio(port->ssl,bio,bio);

‎src/include/pg_config.h.in

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,9 +77,6 @@
7777
/* Define to 1 if you have the `backtrace_symbols' function. */
7878
#undef HAVE_BACKTRACE_SYMBOLS
7979

80-
/* Define to 1 if you have the `BIO_get_data' function. */
81-
#undef HAVE_BIO_GET_DATA
82-
8380
/* Define to 1 if you have the `BIO_meth_new' function. */
8481
#undef HAVE_BIO_METH_NEW
8582

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1800,11 +1800,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
18001800
* to retry; do we need to adopt their logic for that?
18011801
*/
18021802

1803-
#ifndefHAVE_BIO_GET_DATA
1804-
#defineBIO_get_data(bio) (bio->ptr)
1805-
#defineBIO_set_data(bio,data) (bio->ptr = data)
1806-
#endif
1807-
18081803
/* protected by ssl_config_mutex */
18091804
staticBIO_METHOD*my_bio_methods;
18101805

@@ -1813,7 +1808,7 @@ my_sock_read(BIO *h, char *buf, int size)
18131808
{
18141809
intres;
18151810

1816-
res=pqsecure_raw_read((PGconn*)BIO_get_data(h),buf,size);
1811+
res=pqsecure_raw_read((PGconn*)BIO_get_app_data(h),buf,size);
18171812
BIO_clear_retry_flags(h);
18181813
if (res<0)
18191814
{
@@ -1843,7 +1838,7 @@ my_sock_write(BIO *h, const char *buf, int size)
18431838
{
18441839
intres;
18451840

1846-
res=pqsecure_raw_write((PGconn*)BIO_get_data(h),buf,size);
1841+
res=pqsecure_raw_write((PGconn*)BIO_get_app_data(h),buf,size);
18471842
BIO_clear_retry_flags(h);
18481843
if (res<0)
18491844
{
@@ -1962,7 +1957,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
19621957
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
19631958
gotoerr;
19641959
}
1965-
BIO_set_data(bio,conn);
1960+
BIO_set_app_data(bio,conn);
19661961

19671962
SSL_set_bio(conn->ssl,bio,bio);
19681963
BIO_set_fd(bio,fd,BIO_NOCLOSE);

‎src/test/ssl/t/001_ssltests.pl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -682,7 +682,7 @@ sub switch_server_cert
682682
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt"
683683
. sslkey('client-revoked.key'),
684684
"certificate authorization fails with revoked client cert",
685-
expected_stderr=>qr/SSL error:sslv3 alert certificate revoked/,
685+
expected_stderr=>qr|SSL error:ssl[a-z0-9/]* alert certificate revoked|,
686686
# revoked certificates should not authenticate the user
687687
log_unlike=> [qr/connection authenticated:/],);
688688

@@ -743,6 +743,6 @@ sub switch_server_cert
743743
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt"
744744
. sslkey('client-revoked.key'),
745745
"certificate authorization fails with revoked client cert with server-side CRL directory",
746-
expected_stderr=>qr/SSL error:sslv3 alert certificate revoked/);
746+
expected_stderr=>qr|SSL error:ssl[a-z0-9/]* alert certificate revoked|);
747747

748748
done_testing();

‎src/tools/msvc/Solution.pm

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,6 @@ sub GenerateFiles
226226
HAVE_ATOMICS=> 1,
227227
HAVE_ATOMIC_H=>undef,
228228
HAVE_BACKTRACE_SYMBOLS=>undef,
229-
HAVE_BIO_GET_DATA=>undef,
230229
HAVE_BIO_METH_NEW=>undef,
231230
HAVE_CLOCK_GETTIME=>undef,
232231
HAVE_COMPUTED_GOTO=>undef,
@@ -566,7 +565,6 @@ sub GenerateFiles
566565
|| ($digit1 >='1' &&$digit2 >='1' &&$digit3 >='0'))
567566
{
568567
$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
569-
$define{HAVE_BIO_GET_DATA} = 1;
570568
$define{HAVE_BIO_METH_NEW} = 1;
571569
$define{HAVE_HMAC_CTX_FREE} = 1;
572570
$define{HAVE_HMAC_CTX_NEW} = 1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp