[PATCH] Avoid mixing custom and OpenSSL BIO functions
David Benjamin <davidben@google.com>
From: David Benjamin <davidben@google.com>
To: pgsql-hackers@lists.postgresql.org
Date: 2024-02-11T18:19:00Z
Lists: pgsql-hackers
Attachments
- avoid-mixing-custom-and-openssl-bios-v1.patch (application/octet-stream) patch v1
Hi all, I've attached a patch for the master branch to fix up the custom BIOs used by PostgreSQL, in light of the issues with the OpenSSL update recently. While c82207a548db47623a2bfa2447babdaa630302b9 (switching from BIO_get_data to BIO_get_app_data) resolved the immediate conflict, I don't think it addressed the root cause, which is that PostgreSQL was mixing up two BIO implementations, each of which expected to be driving the BIO. It turns out the parts that came from the OpenSSL socket BIO were a no-op, and in fact PostgreSQL is relying on it being a no-op. Instead, it's cleaner to just define a custom BIO the normal way, which then leaves the more standard BIO_get_data mechanism usable. This also avoids the risk that a future OpenSSL will add a now BIO_ctrl to the socket type, with libssl calling into it, and then break some assumptions made by PostgreSQL. I've attached a patch which does that. The existing SSL tests pass with it, tested on Debian stable. (Though it took me a few iterations to figure out how to run the SSL tests, so it's possible I've missed something.) The patch is not expected to change behavior, so nothing new to document, nor any expected performance impact. David
Commits
-
Avoid mixing custom and OpenSSL BIO functions
- 6f782a2a1738 18.0 landed
-
Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
- c82207a548db 17.0 cited