Hi all, (Added Bruce and Daniel in CC:) $subject has been mentioned a couple of times lately, mainly by me for the recent cryptohash refactoring that has been done. We use in the core code HMAC with SHA256 for SCRAM, but this logic should go through SSL libraries able to support it (OpenSSL and libnss allow that) so as requirements like FIPS can be pushed down to any lower-level library we are building with and not Postgres.
FWIW, I have also bumped into this stuff as being a requirement for the recent thread about file-level encryption in [1] where the code makes use of HMAC with SHA512. So, please find attached a patch set to rework all that. This provides a split similar to what I have done recently for cryptohash functions, with a fallback implementation located as of src/common/hmac.c, that depends itself on the fallback implementations of cryptohash functions. The OpenSSL part is done hmac_openssl.c. There are five APIs to be able to plug in HMAC implementations to create, initialize, update, finalize and free a HMAC context, in a fashion similar to cryptohashes. Regarding OpenSSL, upstream has changed lately the way it is possible to control HMACs. 3.0.0 has introduced a new set of APIs, with compatibility macros for older versions, as mentioned here: https://www.openssl.org/docs/manmaster/man3/EVP_MAC_CTX_new.html The new APIs are named EVP_MAC_CTX_new() and such. I think that this is a bit too new to use though, as we need to support OpenSSL down to 1.0.1 on HEAD and because there are compatibility macros. So instead I have decided to rely on the older interface based on HMAC_Init_ex() and co: https://www.openssl.org/docs/manmaster/man3/HMAC.html After that there is another point to note. In 1.1.0, any consumers of HMAC *have* to let OpenSSL allocate the HMAC context, like cryptohashes because the internals of the HMAC context are only known to OpenSSL. In 1.0.2 and older versions, it is possible to have access to HMAC_CTX. This requires an extra tweak in hmac_openssl.c where we need to {m,p}alloc by ourselves instead of calling HMAC_CTX_new() for 1.1.0 and 1.1.1 but some extra configure switches are able to do the trick. That means that we could use resowners only when building with OpenSSL >= 1.1.0, and not for older versions but note that the patch uses resowners anyway, as a matter of simplicity. As the changes are local to a single file, that's easy enough to follow and update. It would be easy enough to rip off this code once support for older OpenSSL versions is removed. Please note that I have added code that should be enough for the compilation on Windows, but I have not taken the time to check that. I have checked that things compiled and that check-world passes with and without OpenSSL 1.1.1 on Linux though, so I guess that I have not messed up too badly. This stuff requires much more tests, like making sure that we are able to connect to PG correctly with SCRAM when using combinations like libpq based on OpenSSL and the backend using the fallback, or just check the consistency of the results of computations with SQL functions or such. An extra thing that can be done is to clean up pgcrypto's px-hmac.c but this also requires SHA1 in cryptohash.c, something that I have submitted separately in [2]. So this could just be done later. This patch has updated the code of SCRAM so as we don't use anymore all the SCRAM/HMAC business but the generic HMAC routines instead for this work. Thoughts are welcome. I am adding that to the next CF. [1]: https://www.postgresql.org/message-id/X9lhi1ht04I+v/r...@paquier.xyz [2]: https://commitfest.postgresql.org/31/2868/ Thanks, -- Michael
From 26f9375c72a512640711953b6b52f227863e9113 Mon Sep 17 00:00:00 2001
From: Michael Paquier <mich...@paquier.xyz>
Date: Wed, 16 Dec 2020 16:15:05 +0900
Subject: [PATCH] Refactor HMAC implementations
---
src/include/common/hmac.h | 33 +++
src/include/common/md5.h | 2 +
src/include/common/scram-common.h | 13 --
src/include/pg_config.h.in | 6 +
src/include/utils/resowner_private.h | 7 +
src/backend/libpq/auth-scram.c | 61 ++---
src/backend/utils/resowner/resowner.c | 61 +++++
src/common/Makefile | 4 +-
src/common/hmac.c | 312 ++++++++++++++++++++++++++
src/common/hmac_openssl.c | 242 ++++++++++++++++++++
src/common/scram-common.c | 158 +++----------
src/interfaces/libpq/fe-auth-scram.c | 70 +++---
configure | 2 +-
configure.ac | 2 +-
src/tools/msvc/Mkvcbuild.pm | 2 +
src/tools/msvc/Solution.pm | 4 +
src/tools/pgindent/typedefs.list | 1 -
17 files changed, 782 insertions(+), 198 deletions(-)
create mode 100644 src/include/common/hmac.h
create mode 100644 src/common/hmac.c
create mode 100644 src/common/hmac_openssl.c
diff --git a/src/include/common/hmac.h b/src/include/common/hmac.h
new file mode 100644
index 0000000000..3f5ff34387
--- /dev/null
+++ b/src/include/common/hmac.h
@@ -0,0 +1,33 @@
+/*-------------------------------------------------------------------------
+ *
+ * hmac.h
+ * Generic headers for HMAC
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * IDENTIFICATION
+ * src/include/common/hmac.h
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#ifndef PG_HMAC_H
+#define PG_HMAC_H
+
+#include "common/cryptohash.h"
+
+typedef struct pg_hmac_ctx
+{
+ pg_cryptohash_type type;
+ /* private area used by each HMAC implementation */
+ void *data;
+} pg_hmac_ctx;
+
+extern pg_hmac_ctx *pg_hmac_create(pg_cryptohash_type type);
+extern int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *data, size_t len);
+extern int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len);
+extern int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest);
+extern void pg_hmac_free(pg_hmac_ctx *ctx);
+
+#endif /* PG_HMAC_H */
diff --git a/src/include/common/md5.h b/src/include/common/md5.h
index 5dac70cbc5..ff22270416 100644
--- a/src/include/common/md5.h
+++ b/src/include/common/md5.h
@@ -18,6 +18,8 @@
/* Size of result generated by MD5 computation */
#define MD5_DIGEST_LENGTH 16
+/* Block size for MD5 */
+#define MD5_BLOCK_SIZE 64
/* password-related data */
#define MD5_PASSWD_CHARSET "0123456789abcdef"
diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h
index f4a7c60725..9138b751d2 100644
--- a/src/include/common/scram-common.h
+++ b/src/include/common/scram-common.h
@@ -46,19 +46,6 @@
*/
#define SCRAM_DEFAULT_ITERATIONS 4096
-/*
- * Context data for HMAC used in SCRAM authentication.
- */
-typedef struct
-{
- pg_cryptohash_ctx *sha256ctx;
- uint8 k_opad[SHA256_HMAC_B];
-} scram_HMAC_ctx;
-
-extern int scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen);
-extern int scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen);
-extern int scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx);
-
extern int scram_SaltedPassword(const char *password, const char *salt,
int saltlen, int iterations, uint8 *result);
extern int scram_H(const uint8 *str, int len, uint8 *result);
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index de8f838e53..5258c0bac8 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -268,6 +268,12 @@
/* Define to 1 if you have the `history_truncate_file' function. */
#undef HAVE_HISTORY_TRUNCATE_FILE
+/* Define to 1 if you have the `HMAC_CTX_new' function. */
+#undef HAVE_HMAC_CTX_FREE
+
+/* Define to 1 if you have the `HMAC_CTX_free' function. */
+#undef HAVE_HMAC_CTX_NEW
+
/* Define to 1 if you have the <ifaddrs.h> header file. */
#undef HAVE_IFADDRS_H
diff --git a/src/include/utils/resowner_private.h b/src/include/utils/resowner_private.h
index c373788bc1..fcd959e96d 100644
--- a/src/include/utils/resowner_private.h
+++ b/src/include/utils/resowner_private.h
@@ -102,4 +102,11 @@ extern void ResourceOwnerRememberCryptoHash(ResourceOwner owner,
extern void ResourceOwnerForgetCryptoHash(ResourceOwner owner,
Datum handle);
+/* support for hmac context management */
+extern void ResourceOwnerEnlargeHMAC(ResourceOwner owner);
+extern void ResourceOwnerRememberHMAC(ResourceOwner owner,
+ Datum handle);
+extern void ResourceOwnerForgetHMAC(ResourceOwner owner,
+ Datum handle);
+
#endif /* RESOWNER_PRIVATE_H */
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 6879a81618..6850c4fa0e 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -95,6 +95,7 @@
#include "catalog/pg_authid.h"
#include "catalog/pg_control.h"
#include "common/base64.h"
+#include "common/hmac.h"
#include "common/saslprep.h"
#include "common/scram-common.h"
#include "common/sha2.h"
@@ -1100,7 +1101,7 @@ verify_client_proof(scram_state *state)
uint8 ClientSignature[SCRAM_KEY_LEN];
uint8 ClientKey[SCRAM_KEY_LEN];
uint8 client_StoredKey[SCRAM_KEY_LEN];
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256);
int i;
/*
@@ -1108,23 +1109,25 @@ verify_client_proof(scram_state *state)
* here even when processing the calculations as this could involve a mock
* authentication.
*/
- if (scram_HMAC_init(&ctx, state->StoredKey, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_first_message_bare,
- strlen(state->client_first_message_bare)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->server_first_message,
- strlen(state->server_first_message)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_final_message_without_proof,
- strlen(state->client_final_message_without_proof)) < 0 ||
- scram_HMAC_final(ClientSignature, &ctx) < 0)
+ if (pg_hmac_init(ctx, state->StoredKey, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_first_message_bare,
+ strlen(state->client_first_message_bare)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->server_first_message,
+ strlen(state->server_first_message)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_final_message_without_proof,
+ strlen(state->client_final_message_without_proof)) < 0 ||
+ pg_hmac_final(ctx, ClientSignature) < 0)
{
elog(ERROR, "could not calculate client signature");
}
+ pg_hmac_free(ctx);
+
/* Extract the ClientKey that the client calculated from the proof */
for (i = 0; i < SCRAM_KEY_LEN; i++)
ClientKey[i] = state->ClientProof[i] ^ ClientSignature[i];
@@ -1359,26 +1362,28 @@ build_server_final_message(scram_state *state)
uint8 ServerSignature[SCRAM_KEY_LEN];
char *server_signature_base64;
int siglen;
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256);
/* calculate ServerSignature */
- if (scram_HMAC_init(&ctx, state->ServerKey, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_first_message_bare,
- strlen(state->client_first_message_bare)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->server_first_message,
- strlen(state->server_first_message)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_final_message_without_proof,
- strlen(state->client_final_message_without_proof)) < 0 ||
- scram_HMAC_final(ServerSignature, &ctx) < 0)
+ if (pg_hmac_init(ctx, state->ServerKey, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_first_message_bare,
+ strlen(state->client_first_message_bare)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->server_first_message,
+ strlen(state->server_first_message)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_final_message_without_proof,
+ strlen(state->client_final_message_without_proof)) < 0 ||
+ pg_hmac_final(ctx, ServerSignature) < 0)
{
elog(ERROR, "could not calculate server signature");
}
+ pg_hmac_free(ctx);
+
siglen = pg_b64_enc_len(SCRAM_KEY_LEN);
/* don't forget the zero-terminator */
server_signature_base64 = palloc(siglen + 1);
diff --git a/src/backend/utils/resowner/resowner.c b/src/backend/utils/resowner/resowner.c
index 546ad8d1c5..e66470bee0 100644
--- a/src/backend/utils/resowner/resowner.c
+++ b/src/backend/utils/resowner/resowner.c
@@ -22,6 +22,7 @@
#include "common/cryptohash.h"
#include "common/hashfn.h"
+#include "common/hmac.h"
#include "jit/jit.h"
#include "storage/bufmgr.h"
#include "storage/ipc.h"
@@ -130,6 +131,7 @@ typedef struct ResourceOwnerData
ResourceArray dsmarr; /* dynamic shmem segments */
ResourceArray jitarr; /* JIT contexts */
ResourceArray cryptohasharr; /* cryptohash contexts */
+ ResourceArray hmacarr; /* HMAC contexts */
/* We can remember up to MAX_RESOWNER_LOCKS references to local locks. */
int nlocks; /* number of owned locks */
@@ -178,6 +180,7 @@ static void PrintSnapshotLeakWarning(Snapshot snapshot);
static void PrintFileLeakWarning(File file);
static void PrintDSMLeakWarning(dsm_segment *seg);
static void PrintCryptoHashLeakWarning(Datum handle);
+static void PrintHMACLeakWarning(Datum handle);
/*****************************************************************************
@@ -448,6 +451,7 @@ ResourceOwnerCreate(ResourceOwner parent, const char *name)
ResourceArrayInit(&(owner->dsmarr), PointerGetDatum(NULL));
ResourceArrayInit(&(owner->jitarr), PointerGetDatum(NULL));
ResourceArrayInit(&(owner->cryptohasharr), PointerGetDatum(NULL));
+ ResourceArrayInit(&(owner->hmacarr), PointerGetDatum(NULL));
return owner;
}
@@ -568,6 +572,16 @@ ResourceOwnerReleaseInternal(ResourceOwner owner,
PrintCryptoHashLeakWarning(foundres);
pg_cryptohash_free(context);
}
+
+ /* Ditto for HMAC contexts */
+ while (ResourceArrayGetAny(&(owner->hmacarr), &foundres))
+ {
+ pg_hmac_ctx *context = (pg_hmac_ctx *) PointerGetDatum(foundres);
+
+ if (isCommit)
+ PrintHMACLeakWarning(foundres);
+ pg_hmac_free(context);
+ }
}
else if (phase == RESOURCE_RELEASE_LOCKS)
{
@@ -741,6 +755,7 @@ ResourceOwnerDelete(ResourceOwner owner)
Assert(owner->dsmarr.nitems == 0);
Assert(owner->jitarr.nitems == 0);
Assert(owner->cryptohasharr.nitems == 0);
+ Assert(owner->hmacarr.nitems == 0);
Assert(owner->nlocks == 0 || owner->nlocks == MAX_RESOWNER_LOCKS + 1);
/*
@@ -769,6 +784,7 @@ ResourceOwnerDelete(ResourceOwner owner)
ResourceArrayFree(&(owner->dsmarr));
ResourceArrayFree(&(owner->jitarr));
ResourceArrayFree(&(owner->cryptohasharr));
+ ResourceArrayFree(&(owner->hmacarr));
pfree(owner);
}
@@ -1432,3 +1448,48 @@ PrintCryptoHashLeakWarning(Datum handle)
elog(WARNING, "cryptohash context reference leak: context %p still referenced",
DatumGetPointer(handle));
}
+
+/*
+ * Make sure there is room for at least one more entry in a ResourceOwner's
+ * hmac context reference array.
+ *
+ * This is separate from actually inserting an entry because if we run out of
+ * memory, it's critical to do so *before* acquiring the resource.
+ */
+void
+ResourceOwnerEnlargeHMAC(ResourceOwner owner)
+{
+ ResourceArrayEnlarge(&(owner->hmacarr));
+}
+
+/*
+ * Remember that a HMAC context is owned by a ResourceOwner
+ *
+ * Caller must have previously done ResourceOwnerEnlargeHMAC()
+ */
+void
+ResourceOwnerRememberHMAC(ResourceOwner owner, Datum handle)
+{
+ ResourceArrayAdd(&(owner->hmacarr), handle);
+}
+
+/*
+ * Forget that a HMAC context is owned by a ResourceOwner
+ */
+void
+ResourceOwnerForgetHMAC(ResourceOwner owner, Datum handle)
+{
+ if (!ResourceArrayRemove(&(owner->hmacarr), handle))
+ elog(ERROR, "HMAC context %p is not owned by resource owner %s",
+ DatumGetPointer(handle), owner->name);
+}
+
+/*
+ * Debugging subroutine
+ */
+static void
+PrintHMACLeakWarning(Datum handle)
+{
+ elog(WARNING, "HMAC context reference leak: context %p still referenced",
+ DatumGetPointer(handle));
+}
diff --git a/src/common/Makefile b/src/common/Makefile
index af891cb0ce..ab895bc7f6 100644
--- a/src/common/Makefile
+++ b/src/common/Makefile
@@ -82,10 +82,12 @@ OBJS_COMMON = \
ifeq ($(with_openssl),yes)
OBJS_COMMON += \
protocol_openssl.o \
- cryptohash_openssl.o
+ cryptohash_openssl.o \
+ hmac_openssl.o
else
OBJS_COMMON += \
cryptohash.o \
+ hmac.o \
md5.o \
sha2.o
endif
diff --git a/src/common/hmac.c b/src/common/hmac.c
new file mode 100644
index 0000000000..1819112ed6
--- /dev/null
+++ b/src/common/hmac.c
@@ -0,0 +1,312 @@
+/*-------------------------------------------------------------------------
+ *
+ * hmac.c
+ * Implements Keyed-Hashing for Message Authentication (HMAC)
+ *
+ * Fallback implementation of HMAC, as specified in RFC 2104.
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * IDENTIFICATION
+ * src/common/hmac.c
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#ifndef FRONTEND
+#include "postgres.h"
+#else
+#include "postgres_fe.h"
+#endif
+
+#include "common/cryptohash.h"
+#include "common/hmac.h"
+#include "common/md5.h"
+#include "common/sha2.h"
+
+/*
+ * In backend, use palloc/pfree to ease the error handling. In frontend,
+ * use malloc to be able to return a failure status back to the caller.
+ */
+#ifndef FRONTEND
+#define ALLOC(size) palloc(size)
+#define FREE(ptr) pfree(ptr)
+#else
+#define ALLOC(size) malloc(size)
+#define FREE(ptr) free(ptr)
+#endif
+
+/*
+ * Internal structure for pg_hmac_ctx->data with this implementation.
+ */
+typedef struct pg_hmac_state
+{
+ pg_cryptohash_ctx *hash;
+ uint8 *k_ipad;
+ uint8 *k_opad;
+ int block_size;
+ int digest_size;
+} pg_hmac_state;
+
+#define HMAC_IPAD 0x36
+#define HMAC_OPAD 0x5C
+
+/*
+ * pg_hmac_create
+ *
+ * Allocate a hash context. Returns NULL on failure for an OOM. The
+ * backend issues an error, without returning.
+ */
+pg_hmac_ctx *
+pg_hmac_create(pg_cryptohash_type type)
+{
+ pg_hmac_ctx *ctx;
+ pg_hmac_state *state;
+
+ ctx = ALLOC(sizeof(pg_hmac_ctx));
+ if (ctx == NULL)
+ return NULL;
+ memset(ctx, 0, sizeof(pg_hmac_ctx));
+
+ ctx->type = type;
+
+ state = ALLOC(sizeof(pg_hmac_state));
+ if (state == NULL)
+ {
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+ return NULL;
+ }
+ memset(state, 0, sizeof(pg_hmac_state));
+ ctx->data = state;
+
+ /*
+ * Initialize the context data. This requires to know the digest and
+ * block lengths, that depend on the type of hash used.
+ */
+ switch (type)
+ {
+ case PG_MD5:
+ state->digest_size = MD5_DIGEST_LENGTH;
+ state->block_size = MD5_BLOCK_SIZE;
+ break;
+ case PG_SHA224:
+ state->digest_size = PG_SHA224_DIGEST_LENGTH;
+ state->block_size = PG_SHA224_BLOCK_LENGTH;
+ break;
+ case PG_SHA256:
+ state->digest_size = PG_SHA256_DIGEST_LENGTH;
+ state->block_size = PG_SHA256_BLOCK_LENGTH;
+ break;
+ case PG_SHA384:
+ state->digest_size = PG_SHA384_DIGEST_LENGTH;
+ state->block_size = PG_SHA384_BLOCK_LENGTH;
+ break;
+ case PG_SHA512:
+ state->digest_size = PG_SHA512_DIGEST_LENGTH;
+ state->block_size = PG_SHA512_BLOCK_LENGTH;
+ break;
+ }
+
+ state->k_opad = ALLOC(state->block_size);
+ if (state->k_opad == NULL)
+ {
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ FREE(state);
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+ return NULL;
+ }
+ memset(state->k_opad, 0, state->block_size);
+
+ state->k_ipad = ALLOC(state->block_size);
+ if (state->k_ipad == NULL)
+ {
+ explicit_bzero(state->k_opad, state->block_size);
+ FREE(state->k_opad);
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ FREE(state);
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+ return NULL;
+ }
+ memset(state->k_ipad, 0, state->block_size);
+
+ state->hash = pg_cryptohash_create(type);
+ if (state->hash == NULL)
+ {
+ explicit_bzero(state->k_ipad, state->block_size);
+ FREE(state->k_ipad);
+ explicit_bzero(state->k_opad, state->block_size);
+ FREE(state->k_opad);
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ FREE(state);
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+ return NULL;
+ }
+
+ return ctx;
+}
+
+/*
+ * pg_hmac_init
+ *
+ * Initialize a HMAC context. Note that this implementation is designed
+ * to never fail, so this always returns 0.
+ */
+int
+pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
+{
+ int i;
+ int digest_size;
+ int block_size;
+ uint8 *shrinkbuf = NULL;
+ pg_hmac_state *state;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+ digest_size = state->digest_size;
+ block_size = state->block_size;
+
+ memset(state->k_opad, HMAC_OPAD, state->block_size);
+ memset(state->k_ipad, HMAC_IPAD, state->block_size);
+
+ /*
+ * If the data is longer than the block size, pass it through
+ * the hash once to shrink it down.
+ */
+ if (len > block_size)
+ {
+ pg_cryptohash_ctx *hash_ctx;
+
+ /* temporary buffer for one-time shrink */
+ shrinkbuf = ALLOC(digest_size);
+ if (shrinkbuf == NULL)
+ return -1;
+ memset(shrinkbuf, 0, digest_size);
+
+ hash_ctx = pg_cryptohash_create(ctx->type);
+ if (hash_ctx == NULL)
+ {
+ FREE(shrinkbuf);
+ return -1;
+ }
+
+ if (pg_cryptohash_init(hash_ctx) < 0 ||
+ pg_cryptohash_update(hash_ctx, data, len) < 0 ||
+ pg_cryptohash_final(hash_ctx, shrinkbuf) < 0)
+ {
+ pg_cryptohash_free(hash_ctx);
+ FREE(shrinkbuf);
+ return -1;
+ }
+
+ data = shrinkbuf;
+ len = digest_size;
+ pg_cryptohash_free(hash_ctx);
+ }
+
+ for (i = 0; i < len; i++)
+ {
+ state->k_ipad[i] ^= data[i];
+ state->k_opad[i] ^= data[i];
+ }
+
+ /* tmp = H(K XOR ipad, text) */
+ if (pg_cryptohash_init(state->hash) < 0 ||
+ pg_cryptohash_update(state->hash, state->k_ipad, state->block_size) < 0)
+ {
+ if (shrinkbuf)
+ FREE(shrinkbuf);
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * pg_hmac_update
+ *
+ * Update a HMAC context. Returns 0 on success, -1 on failure.
+ */
+int
+pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
+{
+ pg_hmac_state *state;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+
+ if (pg_cryptohash_update(state->hash, data, len) < 0)
+ return -1;
+
+ return 0;
+}
+
+/*
+ * pg_hmac_final
+ *
+ * Finalize a HMAC context. Returns 0 on success, -1 on failure.
+ */
+int
+pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest)
+{
+ uint8 *h;
+ pg_hmac_state *state;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+
+ h = ALLOC(state->digest_size);
+ if (h == NULL)
+ return -1;
+ memset(h, 0, state->digest_size);
+
+ if (pg_cryptohash_final(state->hash, h) < 0)
+ return -1;
+
+ /* H(K XOR opad, tmp) */
+ if (pg_cryptohash_init(state->hash) < 0 ||
+ pg_cryptohash_update(state->hash, state->k_opad, state->block_size) < 0 ||
+ pg_cryptohash_update(state->hash, h, state->digest_size) < 0 ||
+ pg_cryptohash_final(state->hash, dest) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * pg_hmac_free
+ *
+ * Free a HMAC context.
+ */
+void
+pg_hmac_free(pg_hmac_ctx *ctx)
+{
+ pg_hmac_state *state;
+
+ if (ctx == NULL)
+ return;
+
+ state = (pg_hmac_state *) ctx->data;
+
+ pg_cryptohash_free(state->hash);
+ explicit_bzero(state->k_ipad, state->block_size);
+ FREE(state->k_ipad);
+ explicit_bzero(state->k_opad, state->block_size);
+ FREE(state->k_opad);
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ FREE(state);
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+}
diff --git a/src/common/hmac_openssl.c b/src/common/hmac_openssl.c
new file mode 100644
index 0000000000..f4d09741e9
--- /dev/null
+++ b/src/common/hmac_openssl.c
@@ -0,0 +1,242 @@
+/*-------------------------------------------------------------------------
+ *
+ * hmac_openssl.c
+ * Implementation of HMAC for OpenSSL.
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * IDENTIFICATION
+ * src/common/hmac_openssl.c
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#ifndef FRONTEND
+#include "postgres.h"
+#else
+#include "postgres_fe.h"
+#endif
+
+#include <openssl/hmac.h>
+
+#include "common/hmac.h"
+#ifndef FRONTEND
+#include "utils/memutils.h"
+#include "utils/resowner.h"
+#include "utils/resowner_private.h"
+#endif
+
+/*
+ * In backend, use palloc/pfree to ease the error handling. In frontend,
+ * use malloc to be able to return a failure status back to the caller.
+ */
+#ifndef FRONTEND
+#define ALLOC(size) palloc(size)
+#define FREE(ptr) pfree(ptr)
+#else
+#define ALLOC(size) malloc(size)
+#define FREE(ptr) free(ptr)
+#endif
+
+/*
+ * Internal structure for pg_hmac_ctx->data with this implementation.
+ */
+typedef struct pg_hmac_state
+{
+ HMAC_CTX *hmacctx;
+
+#ifndef FRONTEND
+ ResourceOwner resowner;
+#endif
+} pg_hmac_state;
+
+/*
+ * pg_hmac_create
+ *
+ * Allocate a hash context. Returns NULL on failure for an OOM. The
+ * backend issues an error, without returning.
+ */
+pg_hmac_ctx *
+pg_hmac_create(pg_cryptohash_type type)
+{
+ pg_hmac_ctx *ctx;
+ pg_hmac_state *state;
+
+ ctx = ALLOC(sizeof(pg_hmac_ctx));
+ if (ctx == NULL)
+ return NULL;
+ memset(ctx, 0, sizeof(pg_hmac_ctx));
+
+ ctx->type = type;
+
+ state = ALLOC(sizeof(pg_hmac_state));
+ if (state == NULL)
+ {
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+ return NULL;
+ }
+ memset(state, 0, sizeof(pg_hmac_state));
+ ctx->data = state;
+
+#ifndef FRONTEND
+ ResourceOwnerEnlargeHMAC(CurrentResourceOwner);
+#endif
+
+ /*
+ * Initialization takes care of assigning the correct type for OpenSSL.
+ */
+#ifdef HAVE_HMAC_CTX_NEW
+ state->hmacctx = HMAC_CTX_new();
+#else
+ state->hmacctx = ALLOC(sizeof(HMAC_CTX));
+#endif
+
+ if (state->hmacctx == NULL)
+ {
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+#ifndef FRONTEND
+ ereport(ERROR,
+ (errcode(ERRCODE_OUT_OF_MEMORY),
+ errmsg("out of memory")));
+#endif
+ FREE(state);
+ FREE(ctx);
+ return NULL;
+ }
+
+#ifndef HAVE_HMAC_CTX_NEW
+ memset(state->hmacctx, 0, sizeof(HMAC_CTX));
+#endif
+
+#ifndef FRONTEND
+ state->resowner = CurrentResourceOwner;
+ ResourceOwnerRememberHMAC(CurrentResourceOwner, PointerGetDatum(ctx));
+#endif
+
+ return ctx;
+}
+
+/*
+ * pg_hmac_init
+ *
+ * Initialize a HMAC context. Note that this implementation is designed
+ * to never fail, so this always returns 0.
+ */
+int
+pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
+{
+ pg_hmac_state *state;
+ int status = 0;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+
+ switch (ctx->type)
+ {
+ case PG_MD5:
+ status = HMAC_Init_ex(state->hmacctx, data, len, EVP_md5(), NULL);
+ break;
+ case PG_SHA224:
+ status = HMAC_Init_ex(state->hmacctx, data, len, EVP_sha224(), NULL);
+ break;
+ case PG_SHA256:
+ status = HMAC_Init_ex(state->hmacctx, data, len, EVP_sha256(), NULL);
+ break;
+ case PG_SHA384:
+ status = HMAC_Init_ex(state->hmacctx, data, len, EVP_sha384(), NULL);
+ break;
+ case PG_SHA512:
+ status = HMAC_Init_ex(state->hmacctx, data, len, EVP_sha512(), NULL);
+ break;
+ }
+
+ /* OpenSSL internals return 1 on success, 0 on failure */
+ if (status <= 0)
+ return -1;
+
+ return 0;
+}
+
+/*
+ * pg_hmac_update
+ *
+ * Update a HMAC context. Returns 0 on success, -1 on failure.
+ */
+int
+pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
+{
+ pg_hmac_state *state;
+ int status = 0;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+ status = HMAC_Update(state->hmacctx, data, len);
+
+ /* OpenSSL internals return 1 on success, 0 on failure */
+ if (status <= 0)
+ return -1;
+ return 0;
+}
+
+/*
+ * pg_hmac_final
+ *
+ * Finalize a HMAC context. Returns 0 on success, -1 on failure.
+ */
+int
+pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest)
+{
+ pg_hmac_state *state;
+ int status = 0;
+ uint32 len;
+
+ if (ctx == NULL)
+ return 0;
+
+ state = (pg_hmac_state *) ctx->data;
+ status = HMAC_Final(state->hmacctx, dest, &len);
+
+ /* OpenSSL internals return 1 on success, 0 on failure */
+ if (status <= 0)
+ return -1;
+ return 0;
+}
+
+/*
+ * pg_hmac_free
+ *
+ * Free a HMAC context.
+ */
+void
+pg_hmac_free(pg_hmac_ctx *ctx)
+{
+ pg_hmac_state *state;
+
+ if (ctx == NULL)
+ return;
+
+ state = (pg_hmac_state *) ctx->data;
+
+#ifdef HAVE_HMAC_CTX_FREE
+ HMAC_CTX_free(state->hmacctx);
+#else
+ explicit_bzero(state, sizeof(HMAC_CTX));
+ FREE(state->hmacctx);
+#endif
+
+#ifndef FRONTEND
+ ResourceOwnerForgetHMAC(state->resowner, PointerGetDatum(ctx));
+#endif
+
+ explicit_bzero(state, sizeof(pg_hmac_state));
+ FREE(state);
+ explicit_bzero(ctx, sizeof(pg_hmac_ctx));
+ FREE(ctx);
+}
diff --git a/src/common/scram-common.c b/src/common/scram-common.c
index caab68926d..922cabe24e 100644
--- a/src/common/scram-common.c
+++ b/src/common/scram-common.c
@@ -20,118 +20,10 @@
#endif
#include "common/base64.h"
+#include "common/hmac.h"
#include "common/scram-common.h"
#include "port/pg_bswap.h"
-#define HMAC_IPAD 0x36
-#define HMAC_OPAD 0x5C
-
-/*
- * Calculate HMAC per RFC2104.
- *
- * The hash function used is SHA-256. Returns 0 on success, -1 on failure.
- */
-int
-scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen)
-{
- uint8 k_ipad[SHA256_HMAC_B];
- int i;
- uint8 keybuf[SCRAM_KEY_LEN];
-
- /*
- * If the key is longer than the block size (64 bytes for SHA-256), pass
- * it through SHA-256 once to shrink it down.
- */
- if (keylen > SHA256_HMAC_B)
- {
- pg_cryptohash_ctx *sha256_ctx;
-
- sha256_ctx = pg_cryptohash_create(PG_SHA256);
- if (sha256_ctx == NULL)
- return -1;
- if (pg_cryptohash_init(sha256_ctx) < 0 ||
- pg_cryptohash_update(sha256_ctx, key, keylen) < 0 ||
- pg_cryptohash_final(sha256_ctx, keybuf) < 0)
- {
- pg_cryptohash_free(sha256_ctx);
- return -1;
- }
- key = keybuf;
- keylen = SCRAM_KEY_LEN;
- pg_cryptohash_free(sha256_ctx);
- }
-
- memset(k_ipad, HMAC_IPAD, SHA256_HMAC_B);
- memset(ctx->k_opad, HMAC_OPAD, SHA256_HMAC_B);
-
- for (i = 0; i < keylen; i++)
- {
- k_ipad[i] ^= key[i];
- ctx->k_opad[i] ^= key[i];
- }
-
- ctx->sha256ctx = pg_cryptohash_create(PG_SHA256);
- if (ctx->sha256ctx == NULL)
- return -1;
-
- /* tmp = H(K XOR ipad, text) */
- if (pg_cryptohash_init(ctx->sha256ctx) < 0 ||
- pg_cryptohash_update(ctx->sha256ctx, k_ipad, SHA256_HMAC_B) < 0)
- {
- pg_cryptohash_free(ctx->sha256ctx);
- return -1;
- }
-
- return 0;
-}
-
-/*
- * Update HMAC calculation
- * The hash function used is SHA-256. Returns 0 on success, -1 on failure.
- */
-int
-scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen)
-{
- Assert(ctx->sha256ctx != NULL);
- if (pg_cryptohash_update(ctx->sha256ctx, (const uint8 *) str, slen) < 0)
- {
- pg_cryptohash_free(ctx->sha256ctx);
- return -1;
- }
- return 0;
-}
-
-/*
- * Finalize HMAC calculation.
- * The hash function used is SHA-256. Returns 0 on success, -1 on failure.
- */
-int
-scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx)
-{
- uint8 h[SCRAM_KEY_LEN];
-
- Assert(ctx->sha256ctx != NULL);
-
- if (pg_cryptohash_final(ctx->sha256ctx, h) < 0)
- {
- pg_cryptohash_free(ctx->sha256ctx);
- return -1;
- }
-
- /* H(K XOR opad, tmp) */
- if (pg_cryptohash_init(ctx->sha256ctx) < 0 ||
- pg_cryptohash_update(ctx->sha256ctx, ctx->k_opad, SHA256_HMAC_B) < 0 ||
- pg_cryptohash_update(ctx->sha256ctx, h, SCRAM_KEY_LEN) < 0 ||
- pg_cryptohash_final(ctx->sha256ctx, result) < 0)
- {
- pg_cryptohash_free(ctx->sha256ctx);
- return -1;
- }
-
- pg_cryptohash_free(ctx->sha256ctx);
- return 0;
-}
-
/*
* Calculate SaltedPassword.
*
@@ -149,7 +41,10 @@ scram_SaltedPassword(const char *password,
j;
uint8 Ui[SCRAM_KEY_LEN];
uint8 Ui_prev[SCRAM_KEY_LEN];
- scram_HMAC_ctx hmac_ctx;
+ pg_hmac_ctx *hmac_ctx = pg_hmac_create(PG_SHA256);
+
+ if (hmac_ctx == NULL)
+ return -1;
/*
* Iterate hash calculation of HMAC entry using given salt. This is
@@ -158,11 +53,12 @@ scram_SaltedPassword(const char *password,
*/
/* First iteration */
- if (scram_HMAC_init(&hmac_ctx, (uint8 *) password, password_len) < 0 ||
- scram_HMAC_update(&hmac_ctx, salt, saltlen) < 0 ||
- scram_HMAC_update(&hmac_ctx, (char *) &one, sizeof(uint32)) < 0 ||
- scram_HMAC_final(Ui_prev, &hmac_ctx) < 0)
+ if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
+ pg_hmac_update(hmac_ctx, (uint8 *) salt, saltlen) < 0 ||
+ pg_hmac_update(hmac_ctx, (uint8 *) &one, sizeof(uint32)) < 0 ||
+ pg_hmac_final(hmac_ctx, Ui_prev) < 0)
{
+ pg_hmac_free(hmac_ctx);
return -1;
}
@@ -171,10 +67,11 @@ scram_SaltedPassword(const char *password,
/* Subsequent iterations */
for (i = 2; i <= iterations; i++)
{
- if (scram_HMAC_init(&hmac_ctx, (uint8 *) password, password_len) < 0 ||
- scram_HMAC_update(&hmac_ctx, (const char *) Ui_prev, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_final(Ui, &hmac_ctx) < 0)
+ if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
+ pg_hmac_update(hmac_ctx, (uint8 *) Ui_prev, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_final(hmac_ctx, Ui) < 0)
{
+ pg_hmac_free(hmac_ctx);
return -1;
}
@@ -183,6 +80,7 @@ scram_SaltedPassword(const char *password,
memcpy(Ui_prev, Ui, SCRAM_KEY_LEN);
}
+ pg_hmac_free(hmac_ctx);
return 0;
}
@@ -218,15 +116,20 @@ scram_H(const uint8 *input, int len, uint8 *result)
int
scram_ClientKey(const uint8 *salted_password, uint8 *result)
{
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256);
- if (scram_HMAC_init(&ctx, salted_password, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx, "Client Key", strlen("Client Key")) < 0 ||
- scram_HMAC_final(result, &ctx) < 0)
+ if (ctx == NULL)
+ return -1;
+
+ if (pg_hmac_init(ctx, salted_password, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) "Client Key", strlen("Client Key")) < 0 ||
+ pg_hmac_final(ctx, result) < 0)
{
+ pg_hmac_free(ctx);
return -1;
}
+ pg_hmac_free(ctx);
return 0;
}
@@ -236,15 +139,20 @@ scram_ClientKey(const uint8 *salted_password, uint8 *result)
int
scram_ServerKey(const uint8 *salted_password, uint8 *result)
{
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256);
- if (scram_HMAC_init(&ctx, salted_password, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx, "Server Key", strlen("Server Key")) < 0 ||
- scram_HMAC_final(result, &ctx) < 0)
+ if (ctx == NULL)
+ return -1;
+
+ if (pg_hmac_init(ctx, salted_password, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) "Server Key", strlen("Server Key")) < 0 ||
+ pg_hmac_final(ctx, result) < 0)
{
+ pg_hmac_free(ctx);
return -1;
}
+ pg_hmac_free(ctx);
return 0;
}
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 6dcf574f62..cbf326c9ef 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -15,6 +15,7 @@
#include "postgres_fe.h"
#include "common/base64.h"
+#include "common/hmac.h"
#include "common/saslprep.h"
#include "common/scram-common.h"
#include "fe-auth.h"
@@ -766,7 +767,11 @@ calculate_client_proof(fe_scram_state *state,
uint8 ClientKey[SCRAM_KEY_LEN];
uint8 ClientSignature[SCRAM_KEY_LEN];
int i;
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx;
+
+ ctx = pg_hmac_create(PG_SHA256);
+ if (ctx == NULL)
+ return false;
/*
* Calculate SaltedPassword, and store it in 'state' so that we can reuse
@@ -776,26 +781,28 @@ calculate_client_proof(fe_scram_state *state,
state->iterations, state->SaltedPassword) < 0 ||
scram_ClientKey(state->SaltedPassword, ClientKey) < 0 ||
scram_H(ClientKey, SCRAM_KEY_LEN, StoredKey) < 0 ||
- scram_HMAC_init(&ctx, StoredKey, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_first_message_bare,
- strlen(state->client_first_message_bare)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->server_first_message,
- strlen(state->server_first_message)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- client_final_message_without_proof,
- strlen(client_final_message_without_proof)) < 0 ||
- scram_HMAC_final(ClientSignature, &ctx) < 0)
+ pg_hmac_init(ctx, StoredKey, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_first_message_bare,
+ strlen(state->client_first_message_bare)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->server_first_message,
+ strlen(state->server_first_message)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) client_final_message_without_proof,
+ strlen(client_final_message_without_proof)) < 0 ||
+ pg_hmac_final(ctx, ClientSignature) < 0)
{
+ pg_hmac_free(ctx);
return false;
}
for (i = 0; i < SCRAM_KEY_LEN; i++)
result[i] = ClientKey[i] ^ ClientSignature[i];
+ pg_hmac_free(ctx);
return true;
}
@@ -810,27 +817,34 @@ verify_server_signature(fe_scram_state *state, bool *match)
{
uint8 expected_ServerSignature[SCRAM_KEY_LEN];
uint8 ServerKey[SCRAM_KEY_LEN];
- scram_HMAC_ctx ctx;
+ pg_hmac_ctx *ctx;
+
+ ctx = pg_hmac_create(PG_SHA256);
+ if (ctx == NULL)
+ return false;
if (scram_ServerKey(state->SaltedPassword, ServerKey) < 0 ||
/* calculate ServerSignature */
- scram_HMAC_init(&ctx, ServerKey, SCRAM_KEY_LEN) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_first_message_bare,
- strlen(state->client_first_message_bare)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->server_first_message,
- strlen(state->server_first_message)) < 0 ||
- scram_HMAC_update(&ctx, ",", 1) < 0 ||
- scram_HMAC_update(&ctx,
- state->client_final_message_without_proof,
- strlen(state->client_final_message_without_proof)) < 0 ||
- scram_HMAC_final(expected_ServerSignature, &ctx) < 0)
+ pg_hmac_init(ctx, ServerKey, SCRAM_KEY_LEN) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_first_message_bare,
+ strlen(state->client_first_message_bare)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->server_first_message,
+ strlen(state->server_first_message)) < 0 ||
+ pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+ pg_hmac_update(ctx,
+ (uint8 *) state->client_final_message_without_proof,
+ strlen(state->client_final_message_without_proof)) < 0 ||
+ pg_hmac_final(ctx, expected_ServerSignature) < 0)
{
+ pg_hmac_free(ctx);
return false;
}
+ pg_hmac_free(ctx);
+
/* signature processed, so now check after it */
if (memcmp(expected_ServerSignature, state->ServerSignature, SCRAM_KEY_LEN) != 0)
*match = false;
diff --git a/configure b/configure
index 11a4284e5b..1570c769a6 100755
--- a/configure
+++ b/configure
@@ -12414,7 +12414,7 @@ done
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
# functions.
- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
+ for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff --git a/configure.ac b/configure.ac
index fc523c6aeb..cf28742160 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1228,7 +1228,7 @@ if test "$with_openssl" = yes ; then
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
# functions.
- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
# OpenSSL versions before 1.1.0 required setting callback functions, for
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
# function was removed.
diff --git a/src/tools/msvc/Mkvcbuild.pm b/src/tools/msvc/Mkvcbuild.pm
index f92c14030d..e37a7291af 100644
--- a/src/tools/msvc/Mkvcbuild.pm
+++ b/src/tools/msvc/Mkvcbuild.pm
@@ -130,11 +130,13 @@ sub mkvcbuild
if ($solution->{options}->{openssl})
{
push(@pgcommonallfiles, 'cryptohash_openssl.c');
+ push(@pgcommonallfiles, 'hmac_openssl.c');
push(@pgcommonallfiles, 'protocol_openssl.c');
}
else
{
push(@pgcommonallfiles, 'cryptohash.c');
+ push(@pgcommonallfiles, 'hmac.c');
push(@pgcommonallfiles, 'md5.c');
push(@pgcommonallfiles, 'sha2.c');
}
diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
index 22d6abd367..9bc3be9879 100644
--- a/src/tools/msvc/Solution.pm
+++ b/src/tools/msvc/Solution.pm
@@ -279,6 +279,8 @@ sub GenerateFiles
HAVE_GETTIMEOFDAY => undef,
HAVE_GSSAPI_GSSAPI_H => undef,
HAVE_GSSAPI_H => undef,
+ HAVE_HMAC_CTX_FREE => undef,
+ HAVE_HMAC_CTX_NEW => undef,
HAVE_HISTORY_H => undef,
HAVE_HISTORY_TRUNCATE_FILE => undef,
HAVE_IFADDRS_H => undef,
@@ -531,6 +533,8 @@ sub GenerateFiles
$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
$define{HAVE_BIO_GET_DATA} = 1;
$define{HAVE_BIO_METH_NEW} = 1;
+ $define{HAVE_HMAC_CTX_FREE} = 1;
+ $define{HAVE_HMAC_CTX_NEW} = 1;
$define{HAVE_OPENSSL_INIT_SSL} = 1;
}
}
diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list
index a9dca717a6..8669da9b51 100644
--- a/src/tools/pgindent/typedefs.list
+++ b/src/tools/pgindent/typedefs.list
@@ -3331,7 +3331,6 @@ role_auth_extra
row_security_policy_hook_type
rsv_callback
save_buffer
-scram_HMAC_ctx
scram_state
scram_state_enum
sem_t
--
2.29.2
signature.asc
Description: PGP signature
