Re: BlastRADIUS mitigation - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: BlastRADIUS mitigation
Date
Msg-id ZrHCgiQxhjIFP4p1@paquier.xyz
Whole thread Raw
In response to Re: BlastRADIUS mitigation  (Heikki Linnakangas <hlinnaka@iki.fi>)
List pgsql-hackers
On Mon, Aug 05, 2024 at 05:41:21PM +0300, Heikki Linnakangas wrote:
> On 05/08/2024 15:43, Thomas Munro wrote:
>> Since PostgreSQL v12 and v13 don't have the modern "common/hmac.h"
>> API, I came up with a cheap kludge: locally #define those interfaces
>> to point directly to the OpenSSL HMAC API, or just give up and drop
>> Message-Authenticator support if you didn't build with OpenSSL support
>> (in practice everyone does).  Better ideas?
>
> Seems reasonable. It probably wouldn't be hard to backport common/hmac.h
> either, perhaps in a limited fashion with just md5 support.

It's a bit more than just backporting hmac.h and hmac.c.
hmac_openssl.c only depends on OpenSSL to do its business, but the
non-OpenSSL fallback implementation depends also on the cryptohash
fallbacks for SHA-NNN and MD5.  So you would also need the parts
related to cryptohash.c, sha{1,2}.c, etc.  Not really complex as these
could be dropped as-is into the stable branches of 12 and 13, but not
that straight-forward either as we had the bad idea to use the
fallback MD5 implementation even if linking to OpenSSL in v12 and v13,
meaning that you may need some tweaks to avoid API conflicts.

Requiring OpenSSL and its HMAC APIs to do the job is much safer for a
stable branch, IMO.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Amul Sul
Date:
Subject: Re: pg_verifybackup: TAR format backup verification
Next
From: "Vitaly Davydov"
Date:
Subject: Fsync (flush) all inserted WAL records