NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitefb8046

committed

Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.

We should have done it this way all along, but we accidentally gotaway with using the wrong BIO field up until OpenSSL 3.2. There,the library's BIO routines that we rely on use the "data" fieldfor their own purposes, and our conflicting use causes assortedweird behaviors up to and including core dumps when SSL connectionsare attempted. Switch to using the approved field for the purpose,i.e. app_data.While at it, remove our configure probes for BIO_get_data as wellas the fallback implementation. BIO_{get,set}_app_data have beenthere since long before any OpenSSL version that we still support,even in the back branches.Also, update src/test/ssl/t/001_ssltests.pl to allow for a minorchange in an error message spelling that evidently came in with 3.2.Tristan Partin and Bo Andreson. Back-patch to all supported branches.Discussion:https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com

1 parente434d36 commitefb8046Copy full SHA for efb8046

File tree

6 files changed

-23

lines changed

configure
configure.in
src
- backend/libpq
  - be-secure-openssl.c
- include
  - pg_config.h.in
- interfaces/libpq
  - fe-secure-openssl.c
- tools/msvc
  - Solution.pm

6 files changed

-23

lines changed

`‎configure`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12713,7 +12713,7 @@ done`
`12713`	`12713`	`# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it`
`12714`	`12714`	`# doesn't have these OpenSSL 1.1.0 functions. So check for individual`
`12715`	`12715`	`# functions.`
`12716`		`- for ac_func in OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data`
	`12716`	`+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data`
`12717`	`12717`	`do :`
`12718`	`12718`	as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh`
`12719`	`12719`	`ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"`

`‎configure.in`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1275,7 +1275,7 @@ if test "$with_openssl" = yes ; then`
`1275`	`1275`	`# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it`
`1276`	`1276`	`# doesn't have these OpenSSL 1.1.0 functions. So check for individual`
`1277`	`1277`	`# functions.`
`1278`		`- AC_CHECK_FUNCS([OPENSSL_init_sslBIO_get_dataBIO_meth_new ASN1_STRING_get0_data])`
	`1278`	`+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])`
`1279`	`1279`	`# OpenSSL versions before 1.1.0 required setting callback functions, for`
`1280`	`1280`	`# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()`
`1281`	`1281`	`# function was removed.`

`‎src/backend/libpq/be-secure-openssl.c`

Lines changed: 3 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -748,11 +748,6 @@ be_tls_write(Port port, void ptr, size_t len, int *waitfor)`
`748`	`748`	`* to retry; do we need to adopt their logic for that?`
`749`	`749`	`*/`
`750`	`750`
`751`		`-#ifndefHAVE_BIO_GET_DATA`
`752`		`-#defineBIO_get_data(bio) (bio->ptr)`
`753`		`-#defineBIO_set_data(bio,data) (bio->ptr = data)`
`754`		`-#endif`
`755`		`-`
`756`	`751`	`staticBIO_METHOD*my_bio_methods=NULL;`
`757`	`752`
`758`	`753`	`staticint`
`@@ -762,7 +757,7 @@ my_sock_read(BIO h, char buf, int size)`
`762`	`757`
`763`	`758`	`if (buf!=NULL)`
`764`	`759`	`{`
`765`		`-res=secure_raw_read(((Port*)BIO_get_data(h)),buf,size);`
	`760`	`+res=secure_raw_read(((Port*)BIO_get_app_data(h)),buf,size);`
`766`	`761`	`BIO_clear_retry_flags(h);`
`767`	`762`	`if (res <=0)`
`768`	`763`	`{`
`@@ -782,7 +777,7 @@ my_sock_write(BIO h, const char buf, int size)`
`782`	`777`	`{`
`783`	`778`	`intres=0;`
`784`	`779`
`785`		`-res=secure_raw_write(((Port*)BIO_get_data(h)),buf,size);`
	`780`	`+res=secure_raw_write(((Port*)BIO_get_app_data(h)),buf,size);`
`786`	`781`	`BIO_clear_retry_flags(h);`
`787`	`782`	`if (res <=0)`
`788`	`783`	`{`
`@@ -858,7 +853,7 @@ my_SSL_set_fd(Port *port, int fd)`
`858`	`853`	`SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);`
`859`	`854`	`gotoerr;`
`860`	`855`	`}`
`861`		`-BIO_set_data(bio,port);`
	`856`	`+BIO_set_app_data(bio,port);`
`862`	`857`
`863`	`858`	`BIO_set_fd(bio,fd,BIO_NOCLOSE);`
`864`	`859`	`SSL_set_bio(port->ssl,bio,bio);`

`‎src/include/pg_config.h.in`

Lines changed: 0 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -86,9 +86,6 @@`
`86`	`86`	/* Define to 1 if you have the `backtrace_symbols' function. */
`87`	`87`	`#undef HAVE_BACKTRACE_SYMBOLS`
`88`	`88`
`89`		-/* Define to 1 if you have the `BIO_get_data' function. */
`90`		`-#undef HAVE_BIO_GET_DATA`
`91`		`-`
`92`	`89`	/* Define to 1 if you have the `BIO_meth_new' function. */
`93`	`90`	`#undef HAVE_BIO_METH_NEW`
`94`	`91`

`‎src/interfaces/libpq/fe-secure-openssl.c`

Lines changed: 3 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1602,11 +1602,6 @@ PQsslAttribute(PGconn conn, const char attribute_name)`
`1602`	`1602`	`* to retry; do we need to adopt their logic for that?`
`1603`	`1603`	`*/`
`1604`	`1604`
`1605`		`-#ifndefHAVE_BIO_GET_DATA`
`1606`		`-#defineBIO_get_data(bio) (bio->ptr)`
`1607`		`-#defineBIO_set_data(bio,data) (bio->ptr = data)`
`1608`		`-#endif`
`1609`		`-`
`1610`	`1605`	`/* protected by ssl_config_mutex */`
`1611`	`1606`	`staticBIO_METHOD*my_bio_methods;`
`1612`	`1607`
`@@ -1615,7 +1610,7 @@ my_sock_read(BIO h, char buf, int size)`
`1615`	`1610`	`{`
`1616`	`1611`	`intres;`
`1617`	`1612`
`1618`		`-res=pqsecure_raw_read((PGconn*)BIO_get_data(h),buf,size);`
	`1613`	`+res=pqsecure_raw_read((PGconn*)BIO_get_app_data(h),buf,size);`
`1619`	`1614`	`BIO_clear_retry_flags(h);`
`1620`	`1615`	`if (res<0)`
`1621`	`1616`	`{`
`@@ -1645,7 +1640,7 @@ my_sock_write(BIO h, const char buf, int size)`
`1645`	`1640`	`{`
`1646`	`1641`	`intres;`
`1647`	`1642`
`1648`		`-res=pqsecure_raw_write((PGconn*)BIO_get_data(h),buf,size);`
	`1643`	`+res=pqsecure_raw_write((PGconn*)BIO_get_app_data(h),buf,size);`
`1649`	`1644`	`BIO_clear_retry_flags(h);`
`1650`	`1645`	`if (res<0)`
`1651`	`1646`	`{`
`@@ -1764,7 +1759,7 @@ my_SSL_set_fd(PGconn *conn, int fd)`
`1764`	`1759`	`SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);`
`1765`	`1760`	`gotoerr;`
`1766`	`1761`	`}`
`1767`		`-BIO_set_data(bio,conn);`
	`1762`	`+BIO_set_app_data(bio,conn);`
`1768`	`1763`
`1769`	`1764`	`SSL_set_bio(conn->ssl,bio,bio);`
`1770`	`1765`	`BIO_set_fd(bio,fd,BIO_NOCLOSE);`

`‎src/tools/msvc/Solution.pm`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -226,7 +226,6 @@ sub GenerateFiles`
`226`	`226`	`HAVE_ATOMICS=> 1,`
`227`	`227`	`HAVE_ATOMIC_H=>undef,`
`228`	`228`	`HAVE_BACKTRACE_SYMBOLS=>undef,`
`229`		`-HAVE_BIO_GET_DATA=>undef,`
`230`	`229`	`HAVE_BIO_METH_NEW=>undef,`
`231`	`230`	`HAVE_CLOCK_GETTIME=>undef,`
`232`	`231`	`HAVE_COMPUTED_GOTO=>undef,`
`@@ -543,7 +542,6 @@ sub GenerateFiles`
`543`	`542`	`\|\| ($digit1 >='1' &&$digit2 >='1' &&$digit3 >='0'))`
`544`	`543`	`{`
`545`	`544`	`$define{HAVE_ASN1_STRING_GET0_DATA} = 1;`
`546`		`-$define{HAVE_BIO_GET_DATA} = 1;`
`547`	`545`	`$define{HAVE_BIO_METH_NEW} = 1;`
`548`	`546`	`$define{HAVE_OPENSSL_INIT_SSL} = 1;`
`549`	`547`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitefb8046

File tree

6 files changed

6 files changed

`‎configure`

`‎configure.in`

`‎src/backend/libpq/be-secure-openssl.c`

`‎src/include/pg_config.h.in`

`‎src/interfaces/libpq/fe-secure-openssl.c`

`‎src/tools/msvc/Solution.pm`

0 commit comments