Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitefa8f60

Browse files
committed
Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
We should have done it this way all along, but we accidentally gotaway with using the wrong BIO field up until OpenSSL 3.2. There,the library's BIO routines that we rely on use the "data" fieldfor their own purposes, and our conflicting use causes assortedweird behaviors up to and including core dumps when SSL connectionsare attempted. Switch to using the approved field for the purpose,i.e. app_data.While at it, remove our configure probes for BIO_get_data as wellas the fallback implementation. BIO_{get,set}_app_data have beenthere since long before any OpenSSL version that we still support,even in the back branches.Also, update src/test/ssl/t/001_ssltests.pl to allow for a minorchange in an error message spelling that evidently came in with 3.2.Tristan Partin and Bo Andreson. Back-patch to all supported branches.Discussion:https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
1 parent9fee323 commitefa8f60

File tree

8 files changed

+11
-27
lines changed

8 files changed

+11
-27
lines changed

‎configure

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12982,7 +12982,7 @@ done
1298212982
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
1298312983
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
1298412984
# functions.
12985-
for ac_func in OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
12985+
for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
1298612986
do :
1298712987
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
1298812988
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

‎configure.ac

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then
13851385
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
13861386
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
13871387
# functions.
1388-
AC_CHECK_FUNCS([OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
1388+
AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
13891389
# OpenSSL versions before 1.1.0 required setting callback functions, for
13901390
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
13911391
# function was removed.

‎meson.build

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl']
12781278
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
12791279
# functions.
12801280
['OPENSSL_init_ssl'],
1281-
['BIO_get_data'],
12821281
['BIO_meth_new'],
12831282
['ASN1_STRING_get0_data'],
12841283
['HMAC_CTX_new'],

‎src/backend/libpq/be-secure-openssl.c

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
844844
* to retry; do we need to adopt their logic for that?
845845
*/
846846

847-
#ifndefHAVE_BIO_GET_DATA
848-
#defineBIO_get_data(bio) (bio->ptr)
849-
#defineBIO_set_data(bio,data) (bio->ptr = data)
850-
#endif
851-
852847
staticBIO_METHOD*my_bio_methods=NULL;
853848

854849
staticint
@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size)
858853

859854
if (buf!=NULL)
860855
{
861-
res=secure_raw_read(((Port*)BIO_get_data(h)),buf,size);
856+
res=secure_raw_read(((Port*)BIO_get_app_data(h)),buf,size);
862857
BIO_clear_retry_flags(h);
863858
if (res <=0)
864859
{
@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size)
878873
{
879874
intres=0;
880875

881-
res=secure_raw_write(((Port*)BIO_get_data(h)),buf,size);
876+
res=secure_raw_write(((Port*)BIO_get_app_data(h)),buf,size);
882877
BIO_clear_retry_flags(h);
883878
if (res <=0)
884879
{
@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd)
954949
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
955950
gotoerr;
956951
}
957-
BIO_set_data(bio,port);
952+
BIO_set_app_data(bio,port);
958953

959954
BIO_set_fd(bio,fd,BIO_NOCLOSE);
960955
SSL_set_bio(port->ssl,bio,bio);

‎src/include/pg_config.h.in

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -70,9 +70,6 @@
7070
/* Define to 1 if you have the `backtrace_symbols' function. */
7171
#undef HAVE_BACKTRACE_SYMBOLS
7272

73-
/* Define to 1 if you have the `BIO_get_data' function. */
74-
#undef HAVE_BIO_GET_DATA
75-
7673
/* Define to 1 if you have the `BIO_meth_new' function. */
7774
#undef HAVE_BIO_METH_NEW
7875

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1830,11 +1830,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
18301830
* to retry; do we need to adopt their logic for that?
18311831
*/
18321832

1833-
#ifndefHAVE_BIO_GET_DATA
1834-
#defineBIO_get_data(bio) (bio->ptr)
1835-
#defineBIO_set_data(bio,data) (bio->ptr = data)
1836-
#endif
1837-
18381833
/* protected by ssl_config_mutex */
18391834
staticBIO_METHOD*my_bio_methods;
18401835

@@ -1843,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size)
18431838
{
18441839
intres;
18451840

1846-
res=pqsecure_raw_read((PGconn*)BIO_get_data(h),buf,size);
1841+
res=pqsecure_raw_read((PGconn*)BIO_get_app_data(h),buf,size);
18471842
BIO_clear_retry_flags(h);
18481843
if (res<0)
18491844
{
@@ -1873,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
18731868
{
18741869
intres;
18751870

1876-
res=pqsecure_raw_write((PGconn*)BIO_get_data(h),buf,size);
1871+
res=pqsecure_raw_write((PGconn*)BIO_get_app_data(h),buf,size);
18771872
BIO_clear_retry_flags(h);
18781873
if (res<0)
18791874
{
@@ -1992,7 +1987,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
19921987
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
19931988
gotoerr;
19941989
}
1995-
BIO_set_data(bio,conn);
1990+
BIO_set_app_data(bio,conn);
19961991

19971992
SSL_set_bio(conn->ssl,bio,bio);
19981993
BIO_set_fd(bio,fd,BIO_NOCLOSE);

‎src/test/ssl/t/001_ssltests.pl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -781,7 +781,7 @@ sub switch_server_cert
781781
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt"
782782
. sslkey('client-revoked.key'),
783783
"certificate authorization fails with revoked client cert",
784-
expected_stderr=>qr/SSL error:sslv3 alert certificate revoked/,
784+
expected_stderr=>qr|SSL error:ssl[a-z0-9/]* alert certificate revoked|,
785785
# temporarily(?) skip this check due to timing issue
786786
#log_like => [
787787
#qr{Client certificate verification failed at depth 0: certificate revoked},
@@ -886,7 +886,7 @@ sub switch_server_cert
886886
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt"
887887
. sslkey('client-revoked.key'),
888888
"certificate authorization fails with revoked client cert with server-side CRL directory",
889-
expected_stderr=>qr/SSL error:sslv3 alert certificate revoked/,
889+
expected_stderr=>qr|SSL error:ssl[a-z0-9/]* alert certificate revoked|,
890890
# temporarily(?) skip this check due to timing issue
891891
#log_like => [
892892
#qr{Client certificate verification failed at depth 0: certificate revoked},
@@ -899,7 +899,7 @@ sub switch_server_cert
899899
"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt"
900900
. sslkey('client-revoked-utf8.key'),
901901
"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
902-
expected_stderr=>qr/SSL error:sslv3 alert certificate revoked/,
902+
expected_stderr=>qr|SSL error:ssl[a-z0-9/]* alert certificate revoked|,
903903
# temporarily(?) skip this check due to timing issue
904904
#log_like => [
905905
#qr{Client certificate verification failed at depth 0: certificate revoked},

‎src/tools/msvc/Solution.pm

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,6 @@ sub GenerateFiles
225225
HAVE_ATOMICS=> 1,
226226
HAVE_ATOMIC_H=>undef,
227227
HAVE_BACKTRACE_SYMBOLS=>undef,
228-
HAVE_BIO_GET_DATA=>undef,
229228
HAVE_BIO_METH_NEW=>undef,
230229
HAVE_COMPUTED_GOTO=>undef,
231230
HAVE_COPYFILE=>undef,
@@ -503,7 +502,6 @@ sub GenerateFiles
503502
|| ($digit1 >='1' &&$digit2 >='1' &&$digit3 >='0'))
504503
{
505504
$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
506-
$define{HAVE_BIO_GET_DATA} = 1;
507505
$define{HAVE_BIO_METH_NEW} = 1;
508506
$define{HAVE_HMAC_CTX_FREE} = 1;
509507
$define{HAVE_HMAC_CTX_NEW} = 1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp