Backport OpenSSL 3.2 fix from upstream master

https://git.postgresql.org/gitweb/?p=postgresql.git;h=b2b1f12882fb561c7d474b834044dd8ed570bfea
2024-02-19 21:52:30 -05:00 · 2024-02-19 21:52:30 -05:00 · 9b9a8eb409
commit 9b9a8eb409
parent 9647cd2b64
2 changed files with 148 additions and 1 deletions
--- a/postgresql-openssl32.patch
+++ b/postgresql-openssl32.patch
@ -0,0 +1,142 @@
+Backport of commit b2b1f12882fb561c7d474b834044dd8ed570bfea to 16.1
+
+Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+
+We should have done it this way all along, but we accidentally got
+away with using the wrong BIO field up until OpenSSL 3.2.  There,
+the library's BIO routines that we rely on use the "data" field
+for their own purposes, and our conflicting use causes assorted
+weird behaviors up to and including core dumps when SSL connections
+are attempted.  Switch to using the approved field for the purpose,
+i.e. app_data.
+
+While at it, remove our configure probes for BIO_get_data as well
+as the fallback implementation.  BIO_{get,set}_app_data have been
+there since long before any OpenSSL version that we still support,
+even in the back branches.
+
+Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+change in an error message spelling that evidently came in with 3.2.
+
+Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+
+Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+---
+
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 31b6a6eacdf0..1b8b32c5b39e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
+@@ -842,11 +842,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -856,7 +851,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
+		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -876,7 +871,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
+	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -952,7 +947,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
+	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 4aeaf08312ce..e669bdbf1d2d 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
+	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
+	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
+	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index a049fd2ff03a..d921f1dde9fa 100644
+--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
+@@ -776,7 +776,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -881,7 +881,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -894,7 +894,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
+ 	  . sslkey('client-revoked-utf8.key'),
+ 	"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
+	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
--- a/postgresql16.spec
+++ b/postgresql16.spec
@ -48,7 +48,7 @@
 Summary: PostgreSQL client programs
 Name: %{majorname}%{majorversion}
 Version: %{majorversion}.1
-Release: 5%{?dist}
+Release: 6%{?dist}

 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
 # recognizes it as an independent license, so we do as well.
@ -97,6 +97,7 @@ Patch10: postgresql-datalayout-mismatch-on-s390.patch
 Patch12: postgresql-no-libecpg.patch
 Patch13: postgresql-libxml2.patch
 Patch14: postgresql15-libxml2.patch
+Patch15: postgresql-openssl32.patch

 # This macro is used for package names in the files section
 %if %?postgresql_default
@ -520,6 +521,7 @@ goal of accelerating analytics queries.
 %patch 9 -p1
 %patch 10 -p1
 %patch 13 -p1
+%patch 15 -p1


 %if ! %external_libpq
@ -1336,6 +1338,9 @@ make -C postgresql-setup-%{setup_version} check


 %changelog
+* Tue Feb 20 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 16.1-6
+- Backport OpenSSL 3.2 fix from upstream master
+
 * Mon Feb 5 2024 Filip Janus <fjanus@redhat.com> - 16.1-5
 - Add versioned provide to the default version
 - Obsolete versioned is no more needed since only default stream provides