Re: Modern SHA2- based password hashes for pgcrypto
Bernd Helmle <mailings@oopsware.de>
From: Bernd Helmle <mailings@oopsware.de>
To: Japin Li <japinli@hotmail.com>
Cc: PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2025-01-07T17:48:25Z
Lists: pgsql-hackers
Attachments
- 0001-Add-modern-SHA-2-based-password-hashes-to-pgcrypto-v2.patch (text/x-patch) patch v2-0001
Am Samstag, dem 04.01.2025 um 08:19 +0800 schrieb Japin Li: > (gdb) bt > #0 __pthread_kill_implementation (no_tid=0, signo=6, > threadid=<optimized out>) at ./nptl/pthread_kill.c:44 > #1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at > ./nptl/pthread_kill.c:78 > #2 __GI___pthread_kill (threadid=<optimized out>, > signo=signo@entry=6) at ./nptl/pthread_kill.c:89 > #3 0x00007ba852a4526e in __GI_raise (sig=sig@entry=6) at > ../sysdeps/posix/raise.c:26 > #4 0x00007ba852a288ff in __GI_abort () at ./stdlib/abort.c:79 > #5 0x00007ba852a297b6 in __libc_message_impl > (fmt=fmt@entry=0x7ba852bce765 "*** %s ***: terminated\n") at > ../sysdeps/posix/libc_fatal.c:132 > #6 0x00007ba852b36c19 in __GI___fortify_fail > (msg=msg@entry=0x7ba852bce77d "stack smashing detected") at > ./debug/fortify_fail.c:24 > #7 0x00007ba852b37ea4 in __stack_chk_fail () at > ./debug/stack_chk_fail.c:24 > #8 0x00007ba853d8cb2e in px_crypt_shacrypt (pw=0x64e191229370 > "hello", salt=0x64e191229388 "$5$$6$rounds=10000$/Zg436s2vmTwsoSz", > passwd=0x64e1912293d8 > "$6$rounds=10000$/Zg436s2vmTwsoSz$TTCnOO7S5pkJHBVJ.oL74WN1Yt0n1RfQOWd > 60CRb4xtd9q7ChipyZ00jwYZfhDGRRJOoJNOgYKAVGpdmA8qhT1", dstlen=128) at > /data/Codes/pg/master/build/../contrib/pgcrypto/crypt-sha.c:546 Thank you very much. This points to the same area i've investigated and it turned out i confused length macros for the password salt, leading to the out_buf buffer in px_crypt_shacrypt() being too small, stupid me. Attached is a new version of the patch: - Use correct length for the out_buf result buffer in px_crypt_shacrypt() - Silent a compiler warning in the error goto branch in px_crypt_shacrypt() - Don't accept rounds values lower or larger than supported (previously they were silently changed to minimum/maximum). - Per your suggestions, use CHECK_FOR_INTERRUPTS() during block calculation to make it possible to interrupt the code when using large values for the rounds option and just rely on the very first three bytes when parsing the magic bytes of the salt string. Please test again. Bernd
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed