Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9244c11

Browse files
committed
Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates
OpenSSL 1.1.1 and newer versions have added support for RSA-PSScertificates, which requires the use of a specific routine in OpenSSL todetermine which hash function to use when compiling it when usingchannel binding in SCRAM-SHA-256. X509_get_signature_nid(), that is theoriginal routine the channel binding code has relied on, is not able todetermine which hash algorithm to use for such certificates. However,X509_get_signature_info(), new to OpenSSL 1.1.1, is able to do it. Thiscommit switches the channel binding logic to rely onX509_get_signature_info() over X509_get_signature_nid(), which would bethe choice when building with 1.1.1 or newer.The error could have been triggered on the client or the server, hencelibpq and the backend need to have their related code paths patched.Note that attempting to load an RSA-PSS certificate with OpenSSL 1.1.0or older leads to a failure due to an unsupported algorithm.The discovery of relying on X509_get_signature_info() comes from Jacob,the tests have been written by Heikki (with few tweaks from me), while Ihave bundled the whole together while adding the bits needed for MSVCand meson.This issue exists since channel binding exists, so backpatch all the waydown. Some tests are added in 15~, triggered if compiling with OpenSSL1.1.1 or newer, where the certificate and key files can easily begenerated for RSA-PSS.Reported-by: Gunnar "Nick" BluthAuthor: Jacob Champion, Heikki LinnakangasDiscussion:https://postgr.es/m/17760-b6c61e752ec07060@postgresql.orgBackpatch-through: 11
1 parent87f21d2 commit9244c11

File tree

15 files changed

+148
-11
lines changed

15 files changed

+148
-11
lines changed

‎configure‎

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13013,6 +13013,18 @@ if test "x$ac_cv_func_CRYPTO_lock" = xyes; then :
1301313013
#define HAVE_CRYPTO_LOCK 1
1301413014
_ACEOF
1301513015

13016+
fi
13017+
done
13018+
13019+
# Function introduced in OpenSSL 1.1.1.
13020+
for ac_func in X509_get_signature_info
13021+
do :
13022+
ac_fn_c_check_func "$LINENO" "X509_get_signature_info" "ac_cv_func_X509_get_signature_info"
13023+
if test "x$ac_cv_func_X509_get_signature_info" = xyes; then :
13024+
cat >>confdefs.h <<_ACEOF
13025+
#define HAVE_X509_GET_SIGNATURE_INFO 1
13026+
_ACEOF
13027+
1301613028
fi
1301713029
done
1301813030

‎configure.ac‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1385,6 +1385,8 @@ if test "$with_ssl" = openssl ; then
13851385
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
13861386
# function was removed.
13871387
AC_CHECK_FUNCS([CRYPTO_lock])
1388+
# Function introduced in OpenSSL 1.1.1.
1389+
AC_CHECK_FUNCS([X509_get_signature_info])
13881390
AC_DEFINE([USE_OPENSSL],1,[Define to 1 to build with OpenSSL support. (--with-ssl=openssl)])
13891391
elif test "$with_ssl" != no ; then
13901392
AC_MSG_ERROR([--with-ssl must specify openssl])

‎meson.build‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1223,6 +1223,9 @@ if get_option('ssl') == 'openssl'
12231223
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
12241224
# function was removed.
12251225
['CRYPTO_lock'],
1226+
1227+
# Function introduced in OpenSSL 1.1.1
1228+
['X509_get_signature_info'],
12261229
]
12271230

12281231
foreachc: check_funcs

‎src/backend/libpq/be-secure-openssl.c‎

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1429,7 +1429,7 @@ be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
14291429
ptr[0]='\0';
14301430
}
14311431

1432-
#ifdefHAVE_X509_GET_SIGNATURE_NID
1432+
#if defined(HAVE_X509_GET_SIGNATURE_NID)|| defined(HAVE_X509_GET_SIGNATURE_INFO)
14331433
char*
14341434
be_tls_get_certificate_hash(Port*port,size_t*len)
14351435
{
@@ -1447,10 +1447,15 @@ be_tls_get_certificate_hash(Port *port, size_t *len)
14471447

14481448
/*
14491449
* Get the signature algorithm of the certificate to determine the hash
1450-
* algorithm to use for the result.
1450+
* algorithm to use for the result. Prefer X509_get_signature_info(),
1451+
* introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
14511452
*/
1453+
#ifHAVE_X509_GET_SIGNATURE_INFO
1454+
if (!X509_get_signature_info(server_cert,&algo_nid,NULL,NULL,NULL))
1455+
#else
14521456
if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
14531457
&algo_nid,NULL))
1458+
#endif
14541459
elog(ERROR,"could not determine server certificate signature algorithm");
14551460

14561461
/*

‎src/include/libpq/libpq-be.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -308,7 +308,7 @@ extern void be_tls_get_peer_serial(Port *port, char *ptr, size_t len);
308308
* This is not supported with old versions of OpenSSL that don't have
309309
* the X509_get_signature_nid() function.
310310
*/
311-
#if defined(USE_OPENSSL)&& defined(HAVE_X509_GET_SIGNATURE_NID)
311+
#if defined(USE_OPENSSL)&&(defined(HAVE_X509_GET_SIGNATURE_NID)|| defined(HAVE_X509_GET_SIGNATURE_INFO))
312312
#defineHAVE_BE_TLS_GET_CERTIFICATE_HASH
313313
externchar*be_tls_get_certificate_hash(Port*port,size_t*len);
314314
#endif

‎src/include/pg_config.h.in‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -523,6 +523,9 @@
523523
/* Define to 1 if you have the `wcstombs_l' function. */
524524
#undef HAVE_WCSTOMBS_L
525525

526+
/* Define to 1 if you have the `X509_get_signature_info' function. */
527+
#undef HAVE_X509_GET_SIGNATURE_INFO
528+
526529
/* Define to 1 if you have the `X509_get_signature_nid' function. */
527530
#undef HAVE_X509_GET_SIGNATURE_NID
528531

‎src/interfaces/libpq/fe-secure-openssl.c‎

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,7 @@ pgtls_write(PGconn *conn, const void *ptr, size_t len)
364364
returnn;
365365
}
366366

367-
#ifdefHAVE_X509_GET_SIGNATURE_NID
367+
#if defined(HAVE_X509_GET_SIGNATURE_NID)|| defined(HAVE_X509_GET_SIGNATURE_INFO)
368368
char*
369369
pgtls_get_peer_certificate_hash(PGconn*conn,size_t*len)
370370
{
@@ -384,10 +384,15 @@ pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
384384

385385
/*
386386
* Get the signature algorithm of the certificate to determine the hash
387-
* algorithm to use for the result.
387+
* algorithm to use for the result. Prefer X509_get_signature_info(),
388+
* introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
388389
*/
390+
#ifHAVE_X509_GET_SIGNATURE_INFO
391+
if (!X509_get_signature_info(peer_cert,&algo_nid,NULL,NULL,NULL))
392+
#else
389393
if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
390394
&algo_nid,NULL))
395+
#endif
391396
{
392397
libpq_append_conn_error(conn,"could not determine server certificate signature algorithm");
393398
returnNULL;

‎src/interfaces/libpq/libpq-int.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -806,7 +806,7 @@ extern ssize_t pgtls_write(PGconn *conn, const void *ptr, size_t len);
806806
* This is not supported with old versions of OpenSSL that don't have
807807
* the X509_get_signature_nid() function.
808808
*/
809-
#if defined(USE_OPENSSL)&& defined(HAVE_X509_GET_SIGNATURE_NID)
809+
#if defined(USE_OPENSSL)&&(defined(HAVE_X509_GET_SIGNATURE_NID)|| defined(HAVE_X509_GET_SIGNATURE_INFO))
810810
#defineHAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
811811
externchar*pgtls_get_peer_certificate_hash(PGconn*conn,size_t*len);
812812
#endif

‎src/test/ssl/README‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ ssl/ subdirectory. The Makefile also contains a rule, "make sslfiles", to
9292
recreate them if you need to make changes. "make sslfiles-clean" is required
9393
in order to recreate the full set of keypairs and certificates. To rebuild
9494
separate files, touch (or remove) the files in question and run "make sslfiles".
95+
This step requires at least OpenSSL 1.1.1.
9596

9697
Note
9798
====
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
# An OpenSSL format CSR config file for creating a server certificate.
2+
#
3+
# This is identical to server-cn-only certificate, but we specify
4+
# RSA-PSS as the algorithm on the command line.
5+
6+
[ req ]
7+
distinguished_name = req_distinguished_name
8+
prompt = no
9+
10+
[ req_distinguished_name ]
11+
CN = common-name.pg-ssltest.test
12+
OU = PostgreSQL test suite
13+
14+
# No Subject Alternative Names

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp