Skip to content
Snippets Groups Projects
  1. Sep 30, 2016
  2. Sep 15, 2016
    • Heikki Linnakangas's avatar
      Fix building with LibreSSL. · 5c6df67e
      Heikki Linnakangas authored
      LibreSSL defines OPENSSL_VERSION_NUMBER to claim that it is version 2.0.0,
      but it doesn't have the functions added in OpenSSL 1.1.0. Add autoconf
      checks for the individual functions we need, and stop relying on
      OPENSSL_VERSION_NUMBER.
      
      Backport to 9.5 and 9.6, like the patch that broke this. In the
      back-branches, there are still a few OPENSSL_VERSION_NUMBER checks left,
      to check for OpenSSL 0.9.8 or 0.9.7. I left them as they were - LibreSSL
      has all those functions, so they work as intended.
      
      Per buildfarm member curculio.
      
      Discussion: <2442.1473957669@sss.pgh.pa.us>
      5c6df67e
    • Heikki Linnakangas's avatar
      Support OpenSSL 1.1.0. · 593d4e47
      Heikki Linnakangas authored
      Changes needed to build at all:
      
      - Check for SSL_new in configure, now that SSL_library_init is a macro.
      - Do not access struct members directly. This includes some new code in
        pgcrypto, to use the resource owner mechanism to ensure that we don't
        leak OpenSSL handles, now that we can't embed them in other structs
        anymore.
      - RAND_SSLeay() -> RAND_OpenSSL()
      
      Changes that were needed to silence deprecation warnings, but were not
      strictly necessary:
      
      - RAND_pseudo_bytes() -> RAND_bytes().
      - SSL_library_init() and OpenSSL_config() -> OPENSSL_init_ssl()
      - ASN1_STRING_data() -> ASN1_STRING_get0_data()
      - DH_generate_parameters() -> DH_generate_parameters()
      - Locking callbacks are not needed with OpenSSL 1.1.0 anymore. (Good
        riddance!)
      
      Also change references to SSLEAY_VERSION_NUMBER with OPENSSL_VERSION_NUMBER,
      for the sake of consistency. OPENSSL_VERSION_NUMBER has existed since time
      immemorial.
      
      Fix SSL test suite to work with OpenSSL 1.1.0. CA certificates must have
      the "CA:true" basic constraint extension now, or OpenSSL will refuse them.
      Regenerate the test certificates with that. The "openssl" binary, used to
      generate the certificates, is also now more picky, and throws an error
      if an X509 extension is specified in "req_extensions", but that section
      is empty.
      
      Backpatch to all supported branches, per popular demand. In back-branches,
      we still support OpenSSL 0.9.7 and above. OpenSSL 0.9.6 should still work
      too, but I didn't test it. In master, we only support 0.9.8 and above.
      
      Patch by Andreas Karlsson, with additional changes by me.
      
      Discussion: <20160627151604.GD1051@msg.df7cb.de>
      593d4e47
  3. Aug 29, 2016
    • Heikki Linnakangas's avatar
      Remove support for OpenSSL versions older than 0.9.8. · 9b7cd59a
      Heikki Linnakangas authored
      OpenSSL officially only supports 1.0.1 and newer. Some OS distributions
      still provide patches for 0.9.8, but anything older than that is not
      interesting anymore. Let's simplify things by removing compatibility code.
      
      Andreas Karlsson, with small changes by me.
      9b7cd59a
  4. Aug 10, 2016
  5. Jun 14, 2016
    • Tom Lane's avatar
      Minor fixes in contrib installation scripts. · 5484c0a9
      Tom Lane authored
      Extension scripts should never use CREATE OR REPLACE for initial object
      creation.  If there is a collision with a pre-existing (probably
      user-created) object, we want extension installation to fail, not silently
      overwrite the user's object.  Bloom and sslinfo both violated this precept.
      
      Also fix a number of scripts that had no standard header (the file name
      comment and the \echo...\quit guard).  Probably the \echo...\quit hack
      is less important now than it was in 9.1 days, but that doesn't mean
      that individual extensions get to choose whether to use it or not.
      
      And fix a couple of evident copy-and-pasteos in file name comments.
      
      No need for back-patch: the REPLACE bugs are both new in 9.6, and the
      rest of this is pretty much cosmetic.
      
      Andreas Karlsson and Tom Lane
      5484c0a9
  6. Jun 10, 2016
  7. Jun 09, 2016
  8. Mar 15, 2016
  9. Mar 09, 2016
    • Alvaro Herrera's avatar
      pgcrypto: support changing S2K iteration count · 188f359d
      Alvaro Herrera authored
      pgcrypto already supports key-stretching during symmetric encryption,
      including the salted-and-iterated method; but the number of iterations
      was not configurable.  This commit implements a new s2k-count parameter
      to pgp_sym_encrypt() which permits selecting a larger number of
      iterations.
      
      Author: Jeff Janes
      188f359d
  10. Feb 01, 2016
  11. Dec 27, 2015
  12. Oct 12, 2015
  13. Oct 05, 2015
    • Noah Misch's avatar
      pgcrypto: Detect and report too-short crypt() salts. · 1d812c8b
      Noah Misch authored
      Certain short salts crashed the backend or disclosed a few bytes of
      backend memory.  For existing salt-induced error conditions, emit a
      message saying as much.  Back-patch to 9.0 (all supported versions).
      
      Josh Kupershmidt
      
      Security: CVE-2015-5288
      1d812c8b
  14. May 24, 2015
  15. May 18, 2015
    • Noah Misch's avatar
      pgcrypto: Report errant decryption as "Wrong key or corrupt data". · 85270ac7
      Noah Misch authored
      This has been the predominant outcome.  When the output of decrypting
      with a wrong key coincidentally resembled an OpenPGP packet header,
      pgcrypto could instead report "Corrupt data", "Not text data" or
      "Unsupported compression algorithm".  The distinct "Corrupt data"
      message added no value.  The latter two error messages misled when the
      decrypted payload also exhibited fundamental integrity problems.  Worse,
      error message variance in other systems has enabled cryptologic attacks;
      see RFC 4880 section "14. Security Considerations".  Whether these
      pgcrypto behaviors are likewise exploitable is unknown.
      
      In passing, document that pgcrypto does not resist side-channel attacks.
      Back-patch to 9.0 (all supported versions).
      
      Security: CVE-2015-3167
      85270ac7
  16. Mar 26, 2015
    • Tom Lane's avatar
      Tweak __attribute__-wrapping macros for better pgindent results. · 785941cd
      Tom Lane authored
      This improves on commit bbfd7eda by
      making two simple changes:
      
      * pg_attribute_noreturn now takes parentheses, ie pg_attribute_noreturn().
      Likewise pg_attribute_unused(), pg_attribute_packed().  This reduces
      pgindent's tendency to misformat declarations involving them.
      
      * attributes are now always attached to function declarations, not
      definitions.  Previously some places were taking creative shortcuts,
      which were not merely candidates for bad misformatting by pgindent
      but often were outright wrong anyway.  (It does little good to put a
      noreturn annotation where callers can't see it.)  In any case, if
      we would like to believe that these macros can be used with non-gcc
      compilers, we should avoid gratuitous variance in usage patterns.
      
      I also went through and manually improved the formatting of a lot of
      declarations, and got rid of excessively repetitive (and now obsolete
      anyway) comments informing the reader what pg_attribute_printf is for.
      785941cd
  17. Mar 11, 2015
    • Andres Freund's avatar
      Add macros wrapping all usage of gcc's __attribute__. · bbfd7eda
      Andres Freund authored
      Until now __attribute__() was defined to be empty for all compilers but
      gcc. That's problematic because it prevents using it in other compilers;
      which is necessary e.g. for atomics portability.  It's also just
      generally dubious to do so in a header as widely included as c.h.
      
      Instead add pg_attribute_format_arg, pg_attribute_printf,
      pg_attribute_noreturn macros which are implemented in the compilers that
      understand them. Also add pg_attribute_noreturn and pg_attribute_packed,
      but don't provide fallbacks, since they can affect functionality.
      
      This means that external code that, possibly unwittingly, relied on
      __attribute__ defined to be empty on !gcc compilers may now run into
      warnings or errors on those compilers. But there shouldn't be many
      occurances of that and it's hard to work around...
      
      Discussion: 54B58BA3.8040302@ohmu.fi
      Author: Oskari Saarenmaa, with some minor changes by me.
      bbfd7eda
  18. Feb 04, 2015
  19. Feb 02, 2015
    • Noah Misch's avatar
      Prevent Valgrind Memcheck errors around px_acquire_system_randomness(). · 59b91982
      Noah Misch authored
      This function uses uninitialized stack and heap buffers as supplementary
      entropy sources.  Mark them so Memcheck will not complain.  Back-patch
      to 9.4, where Valgrind Memcheck cooperation first appeared.
      
      Marko Tiikkaja
      59b91982
    • Noah Misch's avatar
      Cherry-pick security-relevant fixes from upstream imath library. · 8b59672d
      Noah Misch authored
      This covers alterations to buffer sizing and zeroing made between imath
      1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
      and reliance on uninitialized data; their exploit potential is unknown.
      Builds specifying --with-openssl are unaffected, because they use the
      OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
      supported versions).
      
      Security: CVE-2015-0243
      8b59672d
    • Noah Misch's avatar
      Fix buffer overrun after incomplete read in pullf_read_max(). · 1dc75515
      Noah Misch authored
      Most callers pass a stack buffer.  The ensuing stack smash can crash the
      server, and we have not ruled out the viability of attacks that lead to
      privilege escalation.  Back-patch to 9.0 (all supported versions).
      
      Marko Tiikkaja
      
      Security: CVE-2015-0243
      1dc75515
  20. Jan 30, 2015
    • Tom Lane's avatar
      Fix Coverity warning about contrib/pgcrypto's mdc_finish(). · a59ee881
      Tom Lane authored
      Coverity points out that mdc_finish returns a pointer to a local buffer
      (which of course is gone as soon as the function returns), leaving open
      a risk of misbehaviors possibly as bad as a stack overwrite.
      
      In reality, the only possible call site is in process_data_packets()
      which does not examine the returned pointer at all.  So there's no
      live bug, but nonetheless the code is confusing and risky.  Refactor
      to avoid the issue by letting process_data_packets() call mdc_finish()
      directly instead of going through the pullf_read() API.
      
      Although this is only cosmetic, it seems good to back-patch so that
      the logic in pgp-decrypt.c stays in sync across all branches.
      
      Marko Kreen
      a59ee881
  21. Jan 24, 2015
    • Tom Lane's avatar
      Replace a bunch more uses of strncpy() with safer coding. · 586dd5d6
      Tom Lane authored
      strncpy() has a well-deserved reputation for being unsafe, so make an
      effort to get rid of nearly all occurrences in HEAD.
      
      A large fraction of the remaining uses were passing length less than or
      equal to the known strlen() of the source, in which case no null-padding
      can occur and the behavior is equivalent to memcpy(), though doubtless
      slower and certainly harder to reason about.  So just use memcpy() in
      these cases.
      
      In other cases, use either StrNCpy() or strlcpy() as appropriate (depending
      on whether padding to the full length of the destination buffer seems
      useful).
      
      I left a few strncpy() calls alone in the src/timezone/ code, to keep it
      in sync with upstream (the IANA tzcode distribution).  There are also a
      few such calls in ecpg that could possibly do with more analysis.
      
      AFAICT, none of these changes are more than cosmetic, except for the four
      occurrences in fe-secure-openssl.c, which are in fact buggy: an overlength
      source leads to a non-null-terminated destination buffer and ensuing
      misbehavior.  These don't seem like security issues, first because no stack
      clobber is possible and second because if your values of sslcert etc are
      coming from untrusted sources then you've got problems way worse than this.
      Still, it's undesirable to have unpredictable behavior for overlength
      inputs, so back-patch those four changes to all active branches.
      586dd5d6
  22. Nov 11, 2014
    • Tom Lane's avatar
      Loop when necessary in contrib/pgcrypto's pktreader_pull(). · f2ad2bdd
      Tom Lane authored
      This fixes a scenario in which pgp_sym_decrypt() failed with "Wrong key
      or corrupt data" on messages whose length is 6 less than a power of 2.
      
      Per bug #11905 from Connor Penhale.  Fix by Marko Tiikkaja, regression
      test case from Jeff Janes.
      f2ad2bdd
  23. Nov 03, 2014
  24. Oct 20, 2014
  25. Oct 01, 2014
  26. Sep 25, 2014
    • Heikki Linnakangas's avatar
      Refactor space allocation for base64 encoding/decoding in pgcrypto. · 1dcfb8da
      Heikki Linnakangas authored
      Instead of trying to accurately calculate the space needed, use a StringInfo
      that's enlarged as needed. This is just moving things around currently - the
      old code was not wrong - but this is in preparation for a patch that adds
      support for extra armor headers, and would make the space calculation more
      complicated.
      
      Marko Tiikkaja
      1dcfb8da
  27. Aug 25, 2014
  28. Jul 15, 2014
    • Magnus Hagander's avatar
      Remove dependency on wsock32.lib in favor of ws2_32 · a16bac36
      Magnus Hagander authored
      ws2_32 is the new version of the library that should be used, as
      it contains the require functionality from wsock32 as well as some
      more (which is why some binaries were already using ws2_32).
      
      Michael Paquier, reviewed by MauMau
      a16bac36
  29. Jul 14, 2014
  30. May 06, 2014
    • Bruce Momjian's avatar
      pgindent run for 9.4 · 0a783200
      Bruce Momjian authored
      This includes removing tabs after periods in C comments, which was
      applied to back branches, so this change should not effect backpatching.
      0a783200
  31. Apr 18, 2014
    • Peter Eisentraut's avatar
      Create function prototype as part of PG_FUNCTION_INFO_V1 macro · e7128e8d
      Peter Eisentraut authored
      Because of gcc -Wmissing-prototypes, all functions in dynamically
      loadable modules must have a separate prototype declaration.  This is
      meant to detect global functions that are not declared in header files,
      but in cases where the function is called via dfmgr, this is redundant.
      Besides filling up space with boilerplate, this is a frequent source of
      compiler warnings in extension modules.
      
      We can fix that by creating the function prototype as part of the
      PG_FUNCTION_INFO_V1 macro, which such modules have to use anyway.  That
      makes the code of modules cleaner, because there is one less place where
      the entry points have to be listed, and creates an additional check that
      functions have the right prototype.
      
      Remove now redundant prototypes from contrib and other modules.
      e7128e8d
  32. Apr 17, 2014
  33. Mar 17, 2014
  34. Jan 17, 2014
    • Tom Lane's avatar
      Add gen_random_uuid() to contrib/pgcrypto. · e6170126
      Tom Lane authored
      This function provides a way of generating version 4 (pseudorandom) UUIDs
      based on pgcrypto's PRNG.  The main reason for doing this is that the
      OSSP UUID library depended on by contrib/uuid-ossp is becoming more and
      more of a porting headache, so we need an alternative for people who can't
      install that.  A nice side benefit though is that this implementation is
      noticeably faster than uuid-ossp's uuid_generate_v4() function.
      
      Oskari Saarenmaa, reviewed by Emre Hasegeli
      e6170126
  35. Jan 09, 2014
    • Peter Eisentraut's avatar
      pgcrypto: Make header files stand alone · 10a3b165
      Peter Eisentraut authored
      pgp.h used to require including mbuf.h and px.h first.  Include those in
      pgp.h, so that it can be used without prerequisites.  Remove mbuf.h
      inclusions in .c files where mbuf.h features are not used
      directly.  (px.h was always used.)
      10a3b165
  36. Nov 10, 2013
Loading