rpms/postgresql
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix openssl3 build issue

Browse Source 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2008773
This commit is contained in:
Filip Januš 2021-10-06 12:07:45 +02:00
parent f7fb7fc25d
commit 21b8d7a7d2
3 changed files with 146 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
postgresql-pgcrypto-openssl3-init.patch Normal file
View File

@ -0,0 +1,33 @@
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=135d8687ad
author Daniel Gustafsson <dgustafsson@postgresql.org>
The PX layer in pgcrypto is handling digest padding on its own uniformly
for all backend implementations. Starting with OpenSSL 3.0.0, DecryptUpdate
doesn't flush the last block in case padding is enabled so explicitly
disable it as we don't use it.
This will be backpatched to all supported version once there is sufficient
testing in the buildfarm of OpenSSL 3.
diff -ur postgresql-14rc1/contrib/pgcrypto/openssl.c postgresql-p/contrib/pgcrypto/openssl.c
--- postgresql-14rc1/contrib/pgcrypto/openssl.c 2021-09-20 17:33:01.000000000 -0400
+++ postgresql-p/contrib/pgcrypto/openssl.c 2021-10-06 04:07:24.628836908 -0400
@@ -379,6 +379,8 @@
{
if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
@@ -403,6 +405,8 @@
{
if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
return PXE_CIPHER_INIT;
+ if (!EVP_CIPHER_CTX_set_padding(od->evp_ctx, 0))
+ return PXE_CIPHER_INIT;
if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
return PXE_CIPHER_INIT;
if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))

102
postgresql-pgcrypto-openssl3-tests.patch Normal file
View File

@ -0,0 +1,102 @@
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out 2021-09-01 08:16:48.138600886 -0400
@@ -4,20 +4,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
- pgp_sym_decrypt
------------------
- Secret message.
-(1 row)
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out 2021-09-01 08:05:27.750172653 -0400
@@ -594,13 +594,6 @@
(1 row)
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
- pgp_pub_decrypt
------------------
- Secret msg
-(1 row)
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
pgp_pub_decrypt
-----------------
diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile
--- postgresql-13.4/contrib/pgcrypto/Makefile 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/Makefile 2021-09-01 08:26:47.207164873 -0400
@@ -5,7 +5,7 @@
INT_TESTS = sha2
OSSL_SRCS = openssl.c pgp-mpi-openssl.c
-OSSL_TESTS = sha2 des 3des cast5
+OSSL_TESTS = sha2
ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED
@@ -49,12 +49,13 @@
pgcrypto--1.0--1.1.sql
PGFILEDESC = "pgcrypto - cryptographic functions"
-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
+REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \
$(CF_TESTS) \
- crypt-des crypt-md5 crypt-blowfish crypt-xdes \
+ crypt-md5 \
pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
+#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \
EXTRA_CLEAN = gen-rtab
ifdef USE_PGXS
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql 2021-09-01 08:16:12.525212175 -0400
@@ -5,16 +5,6 @@
-- Checking ciphers
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
-
-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
-=JcP+
------END PGP MESSAGE-----
-'), 'foobar');
-
-select pgp_sym_decrypt(dearmor('
------BEGIN PGP MESSAGE-----
Comment: dat1.aes.sha1.mdc.s2k3.z0
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-08-09 16:49:05.000000000 -0400
+++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql 2021-09-01 08:06:18.963732342 -0400
@@ -606,9 +606,6 @@
from keytbl, encdata where keytbl.id=1 and encdata.id=1;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
-
-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
from keytbl, encdata where keytbl.id=3 and encdata.id=3;
select pgp_pub_decrypt(dearmor(data), dearmor(seckey))

13
postgresql.spec
View File

@ -61,7 +61,7 @@ Summary: PostgreSQL client programs
Name: postgresql Name: postgresql
%global majorversion 13 %global majorversion 13
Version: %{majorversion}.4 Version: %{majorversion}.4
Release: 2%{?dist} Release: 3%{?dist}
# The PostgreSQL license is very similar to other MIT licenses, but the OSI # The PostgreSQL license is very similar to other MIT licenses, but the OSI
# recognizes it as an independent license, so we do as well. # recognizes it as an independent license, so we do as well.
@ -112,6 +112,10 @@ Patch9: postgresql-server-pg_config.patch
# rhbz#1940964 # rhbz#1940964
Patch10: postgresql-datalayout-mismatch-on-s390.patch Patch10: postgresql-datalayout-mismatch-on-s390.patch
Patch12: postgresql-no-libecpg.patch Patch12: postgresql-no-libecpg.patch
# Upstream patch - it's assumed removal of this patch with the next upstream release
Patch13: postgresql-pgcrypto-openssl3-init.patch
# This patch disables deprecated ciphers in the test suite
Patch14: postgresql-pgcrypto-openssl3-tests.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -426,7 +430,8 @@ goal of accelerating analytics queries.
%endif %endif
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch13 -p1
%patch14 -p1
# We used to run autoconf here, but there's no longer any real need to, # We used to run autoconf here, but there's no longer any real need to,
# since Postgres ships with a reasonably modern configure script. # since Postgres ships with a reasonably modern configure script.
@ -1240,6 +1245,10 @@ make -C postgresql-setup-%{setup_version} check
%changelog %changelog
* Wed Oct 06 2021 Filip Januš <fjanus@redhat.com> - 13.4-3
- Add patch 13 - corrects initialization of ciphers
- Add patch 14 - disable unsupported ciphers in test suite
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 13.4-2 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 13.4-2
- Rebuilt with OpenSSL 3.0.0 - Rebuilt with OpenSSL 3.0.0