NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commitc770686

committed

Apply 0002-Replace-PostmasterRandom-with-a-stronger-way-of-gene.patch

1 parentf858ca3 commitc770686Copy full SHA for c770686

File tree

11 files changed

+249

-392

lines changed

contrib/pgcrypto
src
- backend
  - libpq
    - auth.c
  - postmaster
    - postmaster.c
  - utils/init
    - globals.c
- include
  - miscadmin.h
  - port.h
- port
  - Makefile
  - pg_strong_random.c
- tools/msvc
  - Mkvcbuild.pm

11 files changed

+249

-392

lines changed

`‎contrib/pgcrypto/Makefile`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`# contrib/pgcrypto/Makefile`
`2`	`2`
`3`	`3`	`INT_SRCS = md5.c sha1.c sha2.c internal.c internal-sha2.c blf.c rijndael.c\`
`4`		`-fortuna.crandom.cpgp-mpi-internal.c imath.c`
	`4`	`+fortuna.c pgp-mpi-internal.c imath.c`
`5`	`5`	`INT_TESTS = sha2`
`6`	`6`
`7`	`7`	`OSSL_SRCS = openssl.c pgp-mpi-openssl.c sha2_openssl.c`

`‎contrib/pgcrypto/internal.c`

Lines changed: 24 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -626,8 +626,6 @@ static time_t check_time = 0;`
`626`	`626`	`staticvoid`
`627`	`627`	`system_reseed(void)`
`628`	`628`	`{`
`629`		`-uint8buf[1024];`
`630`		`-intn;`
`631`	`629`	`time_tt;`
`632`	`630`	`intskip=1;`
`633`	`631`
`@@ -642,24 +640,34 @@ system_reseed(void)`
`642`	`640`	`elseif (check_time==0\|\|`
`643`	`641`	`(t-check_time)>SYSTEM_RESEED_CHECK_TIME)`
`644`	`642`	`{`
	`643`	`+uint8buf;`
	`644`	`+`
`645`	`645`	`check_time=t;`
`646`	`646`
`647`	`647`	`/* roll dice */`
`648`		`-px_get_random_bytes(buf,1);`
`649`		`-skip=buf[0] >=SYSTEM_RESEED_CHANCE;`
`650`		`-}`
`651`		`-/* clear 1 byte */`
`652`		`-px_memset(buf,0,sizeof(buf));`
`653`		`-`
`654`		`-if (skip)`
`655`		`-return;`
`656`		`-`
`657`		`-n=px_acquire_system_randomness(buf);`
`658`		`-if (n>0)`
`659`		`-fortuna_add_entropy(buf,n);`
	`648`	`+px_get_random_bytes(&buf,1);`
	`649`	`+skip= (buf >=SYSTEM_RESEED_CHANCE);`
`660`	`650`
`661`		`-seed_time=t;`
`662`		`-px_memset(buf,0,sizeof(buf));`
	`651`	`+/* clear 1 byte */`
	`652`	`+px_memset(&buf,0,sizeof(buf));`
	`653`	`+}`
	`654`	`+if (!skip)`
	`655`	`+{`
	`656`	`+/*`
	`657`	`+ * fortuna_add_entropy passes the input to SHA-256, so there's no`
	`658`	`+ * point in giving it more than 256 bits of input to begin with.`
	`659`	`+ */`
	`660`	`+uint8buf[32];`
	`661`	`+`
	`662`	`+if (!pg_strong_random(buf,sizeof(buf)))`
	`663`	`+ereport(ERROR,`
	`664`	`+(errcode(ERRCODE_INTERNAL_ERROR),`
	`665`	`+errmsg("could not acquire random data")));`
	`666`	`+fortuna_add_entropy(buf,sizeof(buf));`
	`667`	`+`
	`668`	`+seed_time=t;`
	`669`	`+px_memset(buf,0,sizeof(buf));`
	`670`	`+}`
`663`	`671`	`}`
`664`	`672`
`665`	`673`	`int`

`‎contrib/pgcrypto/random.c`

Lines changed: 0 additions & 247 deletions

This file was deleted.

`‎src/backend/libpq/auth.c`

Lines changed: 23 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,12 @@ static void auth_failed(Port port, int status, char logdetail);`
`44`	`44`	`staticcharrecv_password_packet(Portport);`
`45`	`45`	`staticintrecv_and_check_password_packet(Portport,char*logdetail);`
`46`	`46`
	`47`	`+/*----------------------------------------------------------------`
	`48`	`+ * MD5 authentication`
	`49`	`+ *----------------------------------------------------------------`
	`50`	`+ */`
	`51`	`+staticintCheckMD5Auth(Portport,char*logdetail);`
	`52`	`+`
`47`	`53`
`48`	`54`	`/*----------------------------------------------------------------`
`49`	`55`	`* Ident authentication`
`@@ -534,8 +540,7 @@ ClientAuthentication(Port *port)`
`534`	`540`	`ereport(FATAL,`
`535`	`541`	`(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
`536`	`542`	`errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));`
`537`		`-sendAuthRequest(port,AUTH_REQ_MD5);`
`538`		`-status=recv_and_check_password_packet(port,&logdetail);`
	`543`	`+status=CheckMD5Auth(port,&logdetail);`
`539`	`544`	`break;`
`540`	`545`
`541`	`546`	`caseuaPassword:`
`@@ -710,10 +715,25 @@ recv_password_packet(Port *port)`
`710`	`715`
`711`	`716`
`712`	`717`	`/*----------------------------------------------------------------`
`713`		`- * MD5 authentication`
	`718`	`+ * MD5and passwordauthentication`
`714`	`719`	`*----------------------------------------------------------------`
`715`	`720`	`*/`
`716`	`721`
	`722`	`+staticint`
	`723`	`+CheckMD5Auth(Portport,char*logdetail)`
	`724`	`+{`
	`725`	`+/* include the salt to use for computing the response */`
	`726`	`+if (!pg_strong_random(port->md5Salt,sizeof(port->md5Salt)))`
	`727`	`+{`
	`728`	`+*logdetail=psprintf(_("Could not generate random salt"));`
	`729`	`+returnSTATUS_ERROR;`
	`730`	`+}`
	`731`	`+`
	`732`	`+sendAuthRequest(port,AUTH_REQ_MD5);`
	`733`	`+returnrecv_and_check_password_packet(port,logdetail);`
	`734`	`+}`
	`735`	`+`
	`736`	`+`
`717`	`737`	`/*`
`718`	`738`	`* Called when we have sent an authorization request for a password.`
`719`	`739`	`* Get the response and check it.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc770686

File tree

11 files changed

11 files changed

`‎contrib/pgcrypto/Makefile`

`‎contrib/pgcrypto/internal.c`

`‎contrib/pgcrypto/random.c`

`‎src/backend/libpq/auth.c`

0 commit comments