Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * be-secure-openssl.c
4 : * functions for OpenSSL support in the backend.
5 : *
6 : *
7 : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
8 : * Portions Copyright (c) 1994, Regents of the University of California
9 : *
10 : *
11 : * IDENTIFICATION
12 : * src/backend/libpq/be-secure-openssl.c
13 : *
14 : *-------------------------------------------------------------------------
15 : */
16 :
17 : #include "postgres.h"
18 :
19 : #include <sys/stat.h>
20 : #include <signal.h>
21 : #include <fcntl.h>
22 : #include <ctype.h>
23 : #include <sys/socket.h>
24 : #include <unistd.h>
25 : #include <netdb.h>
26 : #include <netinet/in.h>
27 : #include <netinet/tcp.h>
28 : #include <arpa/inet.h>
29 :
30 : #include "common/hashfn.h"
31 : #include "common/string.h"
32 : #include "libpq/libpq.h"
33 : #include "miscadmin.h"
34 : #include "pgstat.h"
35 : #include "storage/fd.h"
36 : #include "storage/latch.h"
37 : #include "utils/guc.h"
38 : #include "utils/memutils.h"
39 : #include "utils/wait_event.h"
40 :
41 : /*
42 : * These SSL-related #includes must come after all system-provided headers.
43 : * This ensures that OpenSSL can take care of conflicts with Windows'
44 : * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly
45 : * include <wincrypt.h>, but some other Windows headers do.)
46 : */
47 : #include "common/openssl.h"
48 : #include <openssl/bn.h>
49 : #include <openssl/conf.h>
50 : #include <openssl/dh.h>
51 : #ifndef OPENSSL_NO_ECDH
52 : #include <openssl/ec.h>
53 : #endif
54 : #include <openssl/x509v3.h>
55 :
56 : /*
57 : * Simplehash for tracking configured hostnames to guard against duplicate
58 : * entries. Each list of hosts is traversed and added to the hash during
59 : * parsing and if a duplicate error is detected an error will be thrown.
60 : */
61 : typedef struct
62 : {
63 : uint32 status;
64 : const char *hostname;
65 : } HostCacheEntry;
66 : static uint32 host_cache_pointer(const char *key);
67 : #define SH_PREFIX host_cache
68 : #define SH_ELEMENT_TYPE HostCacheEntry
69 : #define SH_KEY_TYPE const char *
70 : #define SH_KEY hostname
71 : #define SH_HASH_KEY(tb, key) host_cache_pointer(key)
72 : #define SH_EQUAL(tb, a, b) (pg_strcasecmp(a, b) == 0)
73 : #define SH_SCOPE static inline
74 : #define SH_DECLARE
75 : #define SH_DEFINE
76 : #include "lib/simplehash.h"
77 :
78 : /* default init hook can be overridden by a shared library */
79 : static void default_openssl_tls_init(SSL_CTX *context, bool isServerStart);
80 : openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init;
81 :
82 : static int port_bio_read(BIO *h, char *buf, int size);
83 : static int port_bio_write(BIO *h, const char *buf, int size);
84 : static BIO_METHOD *port_bio_method(void);
85 : static int ssl_set_port_bio(Port *port);
86 :
87 : static DH *load_dh_file(char *filename, bool isServerStart);
88 : static DH *load_dh_buffer(const char *buffer, size_t len);
89 : static int ssl_external_passwd_cb(char *buf, int size, int rwflag, void *userdata);
90 : static int dummy_ssl_passwd_cb(char *buf, int size, int rwflag, void *userdata);
91 : static int verify_cb(int ok, X509_STORE_CTX *ctx);
92 : static void info_cb(const SSL *ssl, int type, int args);
93 : static int alpn_cb(SSL *ssl,
94 : const unsigned char **out,
95 : unsigned char *outlen,
96 : const unsigned char *in,
97 : unsigned int inlen,
98 : void *userdata);
99 : static bool initialize_dh(SSL_CTX *context, bool isServerStart);
100 : static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);
101 : static const char *SSLerrmessageExt(unsigned long ecode, const char *replacement);
102 : static const char *SSLerrmessage(unsigned long ecode);
103 : static bool init_host_context(HostsLine *host, bool isServerStart);
104 : static void host_context_cleanup_cb(void *arg);
105 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
106 : static int sni_clienthello_cb(SSL *ssl, int *al, void *arg);
107 : #endif
108 :
109 : static char *X509_NAME_to_cstring(X509_NAME *name);
110 :
111 : static SSL_CTX *SSL_context = NULL;
112 : static MemoryContext SSL_hosts_memcxt = NULL;
113 : static struct hosts
114 : {
115 : /*
116 : * List of HostsLine structures containing SSL configurations for
117 : * connections with hostnames defined in the SNI extension.
118 : */
119 : List *sni;
120 :
121 : /* The SSL configuration to use for connections without SNI */
122 : HostsLine *no_sni;
123 :
124 : /*
125 : * The default SSL configuration to use as a fallback in case no hostname
126 : * matches the supplied hostname in the SNI extension.
127 : */
128 : HostsLine *default_host;
129 : } *SSL_hosts;
130 :
131 : static bool dummy_ssl_passwd_cb_called = false;
132 : static bool ssl_is_server_start;
133 :
134 : static int ssl_protocol_version_to_openssl(int v);
135 : static const char *ssl_protocol_version_to_string(int v);
136 :
137 : struct CallbackErr
138 : {
139 : /*
140 : * Storage for passing certificate verification error logging from the
141 : * callback.
142 : */
143 : char *cert_errdetail;
144 : };
145 :
146 : /* ------------------------------------------------------------ */
147 : /* Public interface */
148 : /* ------------------------------------------------------------ */
149 :
150 : int
151 65 : be_tls_init(bool isServerStart)
152 : {
153 65 : List *pg_hosts = NIL;
154 : ListCell *line;
155 : MemoryContext oldcxt;
156 65 : MemoryContext host_memcxt = NULL;
157 : MemoryContextCallback *host_memcxt_cb;
158 65 : char *err_msg = NULL;
159 : int res;
160 : struct hosts *new_hosts;
161 65 : SSL_CTX *context = NULL;
162 65 : int ssl_ver_min = -1;
163 65 : int ssl_ver_max = -1;
164 65 : host_cache_hash *host_cache = NULL;
165 :
166 : /*
167 : * Since we don't know which host we're using until the ClientHello is
168 : * sent, ssl_loaded_verify_locations *always* starts out as false. The
169 : * only place it's set to true is in sni_clienthello_cb().
170 : */
171 65 : ssl_loaded_verify_locations = false;
172 :
173 65 : host_memcxt = AllocSetContextCreate(CurrentMemoryContext,
174 : "hosts file parser context",
175 : ALLOCSET_SMALL_SIZES);
176 65 : oldcxt = MemoryContextSwitchTo(host_memcxt);
177 :
178 : /* Allocate a tentative replacement for SSL_hosts. */
179 65 : new_hosts = palloc0_object(struct hosts);
180 :
181 : /*
182 : * Register a reset callback for the memory context which is responsible
183 : * for freeing OpenSSL managed allocations upon context deletion. The
184 : * callback is allocated here to make sure it gets cleaned up along with
185 : * the memory context it's registered for.
186 : */
187 65 : host_memcxt_cb = palloc0_object(MemoryContextCallback);
188 65 : host_memcxt_cb->func = host_context_cleanup_cb;
189 65 : host_memcxt_cb->arg = new_hosts;
190 65 : MemoryContextRegisterResetCallback(host_memcxt, host_memcxt_cb);
191 :
192 : /*
193 : * If ssl_sni is enabled, attempt to load and parse TLS configuration from
194 : * the pg_hosts.conf file with the set of hosts returned as a list. If
195 : * there are hosts configured they take precedence over the configuration
196 : * in postgresql.conf. Make sure to allocate the parsed rows in their own
197 : * memory context so that we can delete them easily in case parsing fails.
198 : * If ssl_sni is disabled then set the state accordingly to make sure we
199 : * instead parse the config from postgresql.conf.
200 : *
201 : * The reason for not doing everything in this if-else conditional is that
202 : * we want to use the same processing of postgresql.conf for when ssl_sni
203 : * is off as well as when it's on but the hostsfile is missing etc. Thus
204 : * we set res to the state and continue with a new conditional instead of
205 : * duplicating logic and risk it diverging over time.
206 : */
207 65 : if (ssl_sni)
208 : {
209 : /*
210 : * The GUC check hook should have already blocked this but to be on
211 : * the safe side we doublecheck here.
212 : */
213 : #ifndef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
214 : ereport(isServerStart ? FATAL : LOG,
215 : errcode(ERRCODE_CONFIG_FILE_ERROR),
216 : errmsg("ssl_sni is not supported with LibreSSL"));
217 : goto error;
218 : #endif
219 :
220 : /* Attempt to load configuration from pg_hosts.conf */
221 25 : res = load_hosts(&pg_hosts, &err_msg);
222 :
223 : /*
224 : * pg_hosts.conf is not required to contain configuration, but if it
225 : * does we error out in case it fails to load rather than continue to
226 : * try the postgresql.conf configuration to avoid silently falling
227 : * back on an undesired configuration.
228 : */
229 25 : if (res == HOSTSFILE_LOAD_FAILED)
230 : {
231 3 : ereport(isServerStart ? FATAL : LOG,
232 : errcode(ERRCODE_CONFIG_FILE_ERROR),
233 : errmsg("could not load \"%s\": %s", "pg_hosts.conf",
234 : err_msg ? err_msg : "unknown error"));
235 0 : goto error;
236 : }
237 : }
238 : else
239 40 : res = HOSTSFILE_DISABLED;
240 :
241 : /*
242 : * Loading and parsing the hosts file was successful, create configs for
243 : * each host entry and add to the list of hosts to be checked during
244 : * login.
245 : */
246 62 : if (res == HOSTSFILE_LOAD_OK)
247 : {
248 : Assert(ssl_sni);
249 :
250 49 : foreach(line, pg_hosts)
251 : {
252 34 : HostsLine *host = lfirst(line);
253 :
254 34 : if (!init_host_context(host, isServerStart))
255 1 : goto error;
256 :
257 : /*
258 : * The hostname in the config will be set to NULL for the default
259 : * host as well as in configs used for non-SNI connections. Lists
260 : * of hostnames in pg_hosts.conf are not allowed to contain the
261 : * default '*' entry or a '/no_sni/' entry and this is checked
262 : * during parsing. Thus we can inspect the head of the hostnames
263 : * list for these since they will never be anywhere else.
264 : */
265 32 : if (strcmp(linitial(host->hostnames), "*") == 0)
266 : {
267 6 : if (new_hosts->default_host)
268 : {
269 1 : ereport(isServerStart ? FATAL : LOG,
270 : errcode(ERRCODE_CONFIG_FILE_ERROR),
271 : errmsg("multiple default hosts specified"),
272 : errcontext("line %d of configuration file \"%s\"",
273 : host->linenumber, host->sourcefile));
274 0 : goto error;
275 : }
276 :
277 5 : new_hosts->default_host = host;
278 : }
279 26 : else if (strcmp(linitial(host->hostnames), "/no_sni/") == 0)
280 : {
281 3 : if (new_hosts->no_sni)
282 : {
283 1 : ereport(isServerStart ? FATAL : LOG,
284 : errcode(ERRCODE_CONFIG_FILE_ERROR),
285 : errmsg("multiple no_sni hosts specified"),
286 : errcontext("line %d of configuration file \"%s\"",
287 : host->linenumber, host->sourcefile));
288 0 : goto error;
289 : }
290 :
291 2 : new_hosts->no_sni = host;
292 : }
293 : else
294 : {
295 : /* Check the hostnames for duplicates */
296 23 : if (!host_cache)
297 15 : host_cache = host_cache_create(host_memcxt, 32, NULL);
298 :
299 71 : foreach_ptr(char, hostname, host->hostnames)
300 : {
301 : HostCacheEntry *entry;
302 : bool found;
303 :
304 29 : entry = host_cache_insert(host_cache, hostname, &found);
305 29 : if (found)
306 : {
307 2 : ereport(isServerStart ? FATAL : LOG,
308 : errcode(ERRCODE_CONFIG_FILE_ERROR),
309 : errmsg("multiple entries for host \"%s\" specified",
310 : hostname),
311 : errcontext("line %d of configuration file \"%s\"",
312 : host->linenumber, host->sourcefile));
313 0 : goto error;
314 : }
315 : else
316 27 : entry->hostname = pstrdup(hostname);
317 : }
318 :
319 : /*
320 : * At this point we know we have a configuration with a list
321 : * of distinct 1..n hostnames for literal string matching with
322 : * the SNI extension from the user.
323 : */
324 21 : new_hosts->sni = lappend(new_hosts->sni, host);
325 : }
326 : }
327 : }
328 :
329 : /*
330 : * If SNI is disabled, then we load configuration from postgresql.conf. If
331 : * SNI is enabled but the pg_hosts.conf file doesn't exist, or is empty,
332 : * then we also load the config from postgresql.conf.
333 : */
334 41 : else if (res == HOSTSFILE_DISABLED || res == HOSTSFILE_EMPTY || res == HOSTSFILE_MISSING)
335 : {
336 41 : HostsLine *pgconf = palloc0(sizeof(HostsLine));
337 :
338 : #ifdef USE_ASSERT_CHECKING
339 : if (res == HOSTSFILE_DISABLED)
340 : Assert(ssl_sni == false);
341 : #endif
342 :
343 41 : pgconf->ssl_cert = ssl_cert_file;
344 41 : pgconf->ssl_key = ssl_key_file;
345 41 : pgconf->ssl_ca = ssl_ca_file;
346 41 : pgconf->ssl_passphrase_cmd = ssl_passphrase_command;
347 41 : pgconf->ssl_passphrase_reload = ssl_passphrase_command_supports_reload;
348 :
349 41 : if (!init_host_context(pgconf, isServerStart))
350 1 : goto error;
351 :
352 : /*
353 : * If postgresql.conf is used to configure SSL then by definition it
354 : * will be the default context as we don't have per-host config.
355 : */
356 38 : new_hosts->default_host = pgconf;
357 : }
358 :
359 : /*
360 : * Make sure we have at least one configuration loaded to use, without
361 : * that we cannot drive a connection so exit.
362 : */
363 53 : if (new_hosts->sni == NIL && !new_hosts->default_host && !new_hosts->no_sni)
364 : {
365 0 : ereport(isServerStart ? FATAL : LOG,
366 : errcode(ERRCODE_CONFIG_FILE_ERROR),
367 : errmsg("no SSL configurations loaded"),
368 : /*- translator: The two %s contain filenames */
369 : errhint("If ssl_sni is enabled then add configuration to \"%s\", else \"%s\"",
370 : "pg_hosts.conf", "postgresql.conf"));
371 0 : goto error;
372 : }
373 :
374 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
375 :
376 : /*
377 : * Create a new SSL context into which we'll load all the configuration
378 : * settings. If we fail partway through, we can avoid memory leakage by
379 : * freeing this context; we don't install it as active until the end.
380 : *
381 : * We use SSLv23_method() because it can negotiate use of the highest
382 : * mutually supported protocol version, while alternatives like
383 : * TLSv1_2_method() permit only one specific version. Note that we don't
384 : * actually allow SSL v2 or v3, only TLS protocols (see below).
385 : */
386 53 : context = SSL_CTX_new(SSLv23_method());
387 53 : if (!context)
388 : {
389 0 : ereport(isServerStart ? FATAL : LOG,
390 : (errmsg("could not create SSL context: %s",
391 : SSLerrmessage(ERR_get_error()))));
392 0 : goto error;
393 : }
394 : #else
395 :
396 : /*
397 : * If the client hello callback isn't supported we want to use the default
398 : * context as the one to drive the handshake so avoid creating a new one
399 : * and use the already existing default one instead.
400 : */
401 : context = new_hosts->default_host->ssl_ctx;
402 :
403 : /*
404 : * Since we don't allocate a new SSL_CTX here like we do when SNI has been
405 : * enabled we need to bump the reference count on context to avoid double
406 : * free of the context when using the same cleanup logic across the cases.
407 : */
408 : SSL_CTX_up_ref(context);
409 : #endif
410 :
411 : /*
412 : * Disable OpenSSL's moving-write-buffer sanity check, because it causes
413 : * unnecessary failures in nonblocking send cases.
414 : */
415 53 : SSL_CTX_set_mode(context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
416 :
417 53 : if (ssl_min_protocol_version)
418 : {
419 53 : ssl_ver_min = ssl_protocol_version_to_openssl(ssl_min_protocol_version);
420 :
421 53 : if (ssl_ver_min == -1)
422 : {
423 0 : ereport(isServerStart ? FATAL : LOG,
424 : /*- translator: first %s is a GUC option name, second %s is its value */
425 : (errmsg("\"%s\" setting \"%s\" not supported by this build",
426 : "ssl_min_protocol_version",
427 : GetConfigOption("ssl_min_protocol_version",
428 : false, false))));
429 0 : goto error;
430 : }
431 :
432 53 : if (!SSL_CTX_set_min_proto_version(context, ssl_ver_min))
433 : {
434 0 : ereport(isServerStart ? FATAL : LOG,
435 : (errmsg("could not set minimum SSL protocol version")));
436 0 : goto error;
437 : }
438 : }
439 :
440 53 : if (ssl_max_protocol_version)
441 : {
442 1 : ssl_ver_max = ssl_protocol_version_to_openssl(ssl_max_protocol_version);
443 :
444 1 : if (ssl_ver_max == -1)
445 : {
446 0 : ereport(isServerStart ? FATAL : LOG,
447 : /*- translator: first %s is a GUC option name, second %s is its value */
448 : (errmsg("\"%s\" setting \"%s\" not supported by this build",
449 : "ssl_max_protocol_version",
450 : GetConfigOption("ssl_max_protocol_version",
451 : false, false))));
452 0 : goto error;
453 : }
454 :
455 1 : if (!SSL_CTX_set_max_proto_version(context, ssl_ver_max))
456 : {
457 0 : ereport(isServerStart ? FATAL : LOG,
458 : (errmsg("could not set maximum SSL protocol version")));
459 0 : goto error;
460 : }
461 : }
462 :
463 : /* Check compatibility of min/max protocols */
464 53 : if (ssl_min_protocol_version &&
465 : ssl_max_protocol_version)
466 : {
467 : /*
468 : * No need to check for invalid values (-1) for each protocol number
469 : * as the code above would have already generated an error.
470 : */
471 1 : if (ssl_ver_min > ssl_ver_max)
472 : {
473 1 : ereport(isServerStart ? FATAL : LOG,
474 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
475 : errmsg("could not set SSL protocol version range"),
476 : errdetail("\"%s\" cannot be higher than \"%s\"",
477 : "ssl_min_protocol_version",
478 : "ssl_max_protocol_version")));
479 0 : goto error;
480 : }
481 : }
482 :
483 : /*
484 : * Disallow SSL session tickets. OpenSSL use both stateful and stateless
485 : * tickets for TLSv1.3, and stateless ticket for TLSv1.2. SSL_OP_NO_TICKET
486 : * is available since 0.9.8f but only turns off stateless tickets. In
487 : * order to turn off stateful tickets we need SSL_CTX_set_num_tickets,
488 : * which is available since OpenSSL 1.1.1. LibreSSL 3.5.4 (from OpenBSD
489 : * 7.1) introduced this API for compatibility, but doesn't support session
490 : * tickets at all so it's a no-op there.
491 : */
492 : #ifdef HAVE_SSL_CTX_SET_NUM_TICKETS
493 52 : SSL_CTX_set_num_tickets(context, 0);
494 : #endif
495 52 : SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
496 :
497 : /* disallow SSL session caching, too */
498 52 : SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
499 :
500 : /* disallow SSL compression */
501 52 : SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
502 :
503 : /*
504 : * Disallow SSL renegotiation. This concerns only TLSv1.2 and older
505 : * protocol versions, as TLSv1.3 has no support for renegotiation.
506 : * SSL_OP_NO_RENEGOTIATION is available in OpenSSL since 1.1.0h (via a
507 : * backport from 1.1.1). SSL_OP_NO_CLIENT_RENEGOTIATION is available in
508 : * LibreSSL since 2.5.1 disallowing all client-initiated renegotiation
509 : * (this is usually on by default).
510 : */
511 : #ifdef SSL_OP_NO_RENEGOTIATION
512 52 : SSL_CTX_set_options(context, SSL_OP_NO_RENEGOTIATION);
513 : #endif
514 : #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
515 : SSL_CTX_set_options(context, SSL_OP_NO_CLIENT_RENEGOTIATION);
516 : #endif
517 :
518 : /* set up ephemeral DH and ECDH keys */
519 52 : if (!initialize_dh(context, isServerStart))
520 0 : goto error;
521 52 : if (!initialize_ecdh(context, isServerStart))
522 0 : goto error;
523 :
524 : /* set up the allowed cipher list for TLSv1.2 and below */
525 50 : if (SSL_CTX_set_cipher_list(context, SSLCipherList) != 1)
526 : {
527 0 : ereport(isServerStart ? FATAL : LOG,
528 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
529 : errmsg("could not set the TLSv1.2 cipher list (no valid ciphers available)")));
530 0 : goto error;
531 : }
532 :
533 : /*
534 : * Set up the allowed cipher suites for TLSv1.3. If the GUC is an empty
535 : * string we leave the allowed suites to be the OpenSSL default value.
536 : */
537 50 : if (SSLCipherSuites[0])
538 : {
539 : /* set up the allowed cipher suites */
540 43 : if (SSL_CTX_set_ciphersuites(context, SSLCipherSuites) != 1)
541 : {
542 0 : ereport(isServerStart ? FATAL : LOG,
543 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
544 : errmsg("could not set the TLSv1.3 cipher suites (no valid ciphers available)")));
545 0 : goto error;
546 : }
547 : }
548 :
549 : /* Let server choose order */
550 50 : if (SSLPreferServerCiphers)
551 50 : SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
552 :
553 : /*
554 : * Success! Replace any existing SSL_context and host configurations.
555 : */
556 50 : if (SSL_context)
557 : {
558 11 : SSL_CTX_free(SSL_context);
559 11 : SSL_context = NULL;
560 : }
561 :
562 50 : MemoryContextSwitchTo(oldcxt);
563 :
564 50 : if (SSL_hosts_memcxt)
565 11 : MemoryContextDelete(SSL_hosts_memcxt);
566 :
567 50 : SSL_hosts_memcxt = host_memcxt;
568 50 : SSL_hosts = new_hosts;
569 50 : SSL_context = context;
570 :
571 50 : return 0;
572 :
573 : /*
574 : * Clean up by releasing working SSL contexts as well as allocations
575 : * performed during parsing. Since all our allocations are done in a
576 : * local memory context all we need to do is delete it.
577 : */
578 2 : error:
579 2 : if (context)
580 0 : SSL_CTX_free(context);
581 :
582 2 : MemoryContextSwitchTo(oldcxt);
583 2 : MemoryContextDelete(host_memcxt);
584 2 : return -1;
585 : }
586 :
587 : /*
588 : * host_context_cleanup_cb
589 : *
590 : * Memory context reset callback for clearing OpenSSL managed resources when
591 : * hosts are reloaded and the previous set of configured hosts are freed. As
592 : * all hosts are allocated in a single context we don't need to free each host
593 : * individually, just resources managed by OpenSSL.
594 : */
595 : static void
596 444 : host_context_cleanup_cb(void *arg)
597 : {
598 444 : struct hosts *hosts = arg;
599 :
600 1010 : foreach_ptr(HostsLine, host, hosts->sni)
601 : {
602 122 : if (host->ssl_ctx != NULL)
603 122 : SSL_CTX_free(host->ssl_ctx);
604 : }
605 :
606 444 : if (hosts->no_sni && hosts->no_sni->ssl_ctx)
607 10 : SSL_CTX_free(hosts->no_sni->ssl_ctx);
608 :
609 444 : if (hosts->default_host && hosts->default_host->ssl_ctx)
610 380 : SSL_CTX_free(hosts->default_host->ssl_ctx);
611 444 : }
612 :
613 : static bool
614 75 : init_host_context(HostsLine *host, bool isServerStart)
615 : {
616 75 : SSL_CTX *ctx = SSL_CTX_new(SSLv23_method());
617 : static bool init_warned = false;
618 :
619 75 : if (!ctx)
620 : {
621 0 : ereport(isServerStart ? FATAL : LOG,
622 : (errmsg("could not create SSL context: %s",
623 : SSLerrmessage(ERR_get_error()))));
624 0 : goto error;
625 : }
626 :
627 : /*
628 : * Call init hook (usually to set password callback) in case SNI hasn't
629 : * been enabled. If SNI is enabled the hook won't operate on the actual
630 : * TLS context used so it cannot function properly; we warn if one has
631 : * been installed.
632 : *
633 : * If SNI is enabled, we set password callback based what was configured.
634 : */
635 75 : if (!ssl_sni)
636 40 : (*openssl_tls_init_hook) (ctx, isServerStart);
637 : else
638 : {
639 35 : if (openssl_tls_init_hook != default_openssl_tls_init && !init_warned)
640 : {
641 1 : ereport(WARNING,
642 : errcode(ERRCODE_CONFIG_FILE_ERROR),
643 : errmsg("SNI is enabled; installed TLS init hook will be ignored"),
644 : /*- translator: first %s is a GUC, second %s contains a filename */
645 : errhint("TLS init hooks are incompatible with SNI. "
646 : "Set \"%s\" to \"off\" to make use of the hook "
647 : "that is currently installed, or remove the hook "
648 : "and use per-host passphrase commands in \"%s\".",
649 : "ssl_sni", "pg_hosts.conf"));
650 1 : init_warned = true;
651 : }
652 :
653 : /*
654 : * Set up the password callback, if configured.
655 : */
656 35 : if (isServerStart)
657 : {
658 24 : if (host->ssl_passphrase_cmd && host->ssl_passphrase_cmd[0])
659 : {
660 5 : SSL_CTX_set_default_passwd_cb(ctx, ssl_external_passwd_cb);
661 5 : SSL_CTX_set_default_passwd_cb_userdata(ctx, host->ssl_passphrase_cmd);
662 : }
663 : }
664 : else
665 : {
666 : /*
667 : * If ssl_passphrase_reload is true then ssl_passphrase_cmd cannot
668 : * be NULL due to their parsing order, but just in case and to
669 : * self-document the code we replicate the nullness checks.
670 : */
671 11 : if (host->ssl_passphrase_reload &&
672 4 : (host->ssl_passphrase_cmd && host->ssl_passphrase_cmd[0]))
673 : {
674 4 : SSL_CTX_set_default_passwd_cb(ctx, ssl_external_passwd_cb);
675 4 : SSL_CTX_set_default_passwd_cb_userdata(ctx, host->ssl_passphrase_cmd);
676 : }
677 : else
678 : {
679 : /*
680 : * If reloading and no external command is configured,
681 : * override OpenSSL's default handling of passphrase-protected
682 : * files, because we don't want to prompt for a passphrase in
683 : * an already-running server.
684 : */
685 7 : SSL_CTX_set_default_passwd_cb(ctx, dummy_ssl_passwd_cb);
686 : }
687 : }
688 : }
689 :
690 : /*
691 : * Load and verify server's certificate and private key
692 : */
693 75 : if (SSL_CTX_use_certificate_chain_file(ctx, host->ssl_cert) != 1)
694 : {
695 0 : ereport(isServerStart ? FATAL : LOG,
696 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
697 : errmsg("could not load server certificate file \"%s\": %s",
698 : host->ssl_cert, SSLerrmessage(ERR_get_error()))));
699 0 : goto error;
700 : }
701 :
702 75 : if (!check_ssl_key_file_permissions(host->ssl_key, isServerStart))
703 0 : goto error;
704 :
705 :
706 : /* used by the callback */
707 75 : ssl_is_server_start = isServerStart;
708 :
709 : /*
710 : * OK, try to load the private key file.
711 : */
712 75 : dummy_ssl_passwd_cb_called = false;
713 :
714 75 : if (SSL_CTX_use_PrivateKey_file(ctx,
715 75 : host->ssl_key,
716 : SSL_FILETYPE_PEM) != 1)
717 : {
718 5 : if (dummy_ssl_passwd_cb_called)
719 2 : ereport(isServerStart ? FATAL : LOG,
720 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
721 : errmsg("private key file \"%s\" cannot be reloaded because it requires a passphrase",
722 : host->ssl_key)));
723 : else
724 3 : ereport(isServerStart ? FATAL : LOG,
725 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
726 : errmsg("could not load private key file \"%s\": %s",
727 : host->ssl_key, SSLerrmessage(ERR_get_error()))));
728 2 : goto error;
729 : }
730 :
731 70 : if (SSL_CTX_check_private_key(ctx) != 1)
732 : {
733 0 : ereport(isServerStart ? FATAL : LOG,
734 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
735 : errmsg("check of private key failed: %s",
736 : SSLerrmessage(ERR_get_error()))));
737 0 : goto error;
738 : }
739 :
740 : /*
741 : * Load CA store, so we can verify client certificates if needed.
742 : */
743 70 : if (host->ssl_ca && host->ssl_ca[0])
744 : {
745 : STACK_OF(X509_NAME) * root_cert_list;
746 :
747 94 : if (SSL_CTX_load_verify_locations(ctx, host->ssl_ca, NULL) != 1 ||
748 47 : (root_cert_list = SSL_load_client_CA_file(host->ssl_ca)) == NULL)
749 : {
750 0 : ereport(isServerStart ? FATAL : LOG,
751 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
752 : errmsg("could not load root certificate file \"%s\": %s",
753 : host->ssl_ca, SSLerrmessage(ERR_get_error()))));
754 0 : goto error;
755 : }
756 :
757 : /*
758 : * Tell OpenSSL to send the list of root certs we trust to clients in
759 : * CertificateRequests. This lets a client with a keystore select the
760 : * appropriate client certificate to send to us. Also, this ensures
761 : * that the SSL context will "own" the root_cert_list and remember to
762 : * free it when no longer needed.
763 : */
764 47 : SSL_CTX_set_client_CA_list(ctx, root_cert_list);
765 : }
766 :
767 : /*----------
768 : * Load the Certificate Revocation List (CRL).
769 : * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
770 : *----------
771 : */
772 70 : if (ssl_crl_file[0] || ssl_crl_dir[0])
773 : {
774 62 : X509_STORE *cvstore = SSL_CTX_get_cert_store(ctx);
775 :
776 62 : if (cvstore)
777 : {
778 : /* Set the flags to check against the complete CRL chain */
779 124 : if (X509_STORE_load_locations(cvstore,
780 62 : ssl_crl_file[0] ? ssl_crl_file : NULL,
781 62 : ssl_crl_dir[0] ? ssl_crl_dir : NULL)
782 : == 1)
783 : {
784 62 : X509_STORE_set_flags(cvstore,
785 : X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
786 : }
787 0 : else if (ssl_crl_dir[0] == 0)
788 : {
789 0 : ereport(isServerStart ? FATAL : LOG,
790 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
791 : errmsg("could not load SSL certificate revocation list file \"%s\": %s",
792 : ssl_crl_file, SSLerrmessage(ERR_get_error()))));
793 0 : goto error;
794 : }
795 0 : else if (ssl_crl_file[0] == 0)
796 : {
797 0 : ereport(isServerStart ? FATAL : LOG,
798 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
799 : errmsg("could not load SSL certificate revocation list directory \"%s\": %s",
800 : ssl_crl_dir, SSLerrmessage(ERR_get_error()))));
801 0 : goto error;
802 : }
803 : else
804 : {
805 0 : ereport(isServerStart ? FATAL : LOG,
806 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
807 : errmsg("could not load SSL certificate revocation list file \"%s\" or directory \"%s\": %s",
808 : ssl_crl_file, ssl_crl_dir,
809 : SSLerrmessage(ERR_get_error()))));
810 0 : goto error;
811 : }
812 : }
813 : }
814 :
815 70 : host->ssl_ctx = ctx;
816 70 : return true;
817 :
818 2 : error:
819 2 : if (ctx)
820 2 : SSL_CTX_free(ctx);
821 2 : return false;
822 : }
823 :
824 : void
825 149 : be_tls_destroy(void)
826 : {
827 149 : if (SSL_context)
828 1 : SSL_CTX_free(SSL_context);
829 149 : SSL_context = NULL;
830 149 : ssl_loaded_verify_locations = false;
831 149 : }
832 :
833 : int
834 171 : be_tls_open_server(Port *port)
835 : {
836 : int r;
837 : int err;
838 : int waitfor;
839 : unsigned long ecode;
840 : bool give_proto_hint;
841 : static struct CallbackErr err_context;
842 :
843 : Assert(!port->ssl);
844 : Assert(!port->peer);
845 :
846 171 : if (!SSL_context)
847 : {
848 0 : ereport(COMMERROR,
849 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
850 : errmsg("could not initialize SSL connection: SSL context not set up")));
851 0 : return -1;
852 : }
853 :
854 : /* set up debugging/info callback */
855 171 : SSL_CTX_set_info_callback(SSL_context, info_cb);
856 :
857 : /* enable ALPN */
858 171 : SSL_CTX_set_alpn_select_cb(SSL_context, alpn_cb, port);
859 :
860 171 : if (!(port->ssl = SSL_new(SSL_context)))
861 : {
862 0 : ereport(COMMERROR,
863 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
864 : errmsg("could not initialize SSL connection: %s",
865 : SSLerrmessage(ERR_get_error()))));
866 0 : return -1;
867 : }
868 171 : if (!ssl_set_port_bio(port))
869 : {
870 0 : ereport(COMMERROR,
871 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
872 : errmsg("could not set SSL socket: %s",
873 : SSLerrmessage(ERR_get_error()))));
874 0 : return -1;
875 : }
876 :
877 : /*
878 : * If the underlying TLS library supports the client hello callback we use
879 : * that in order to support host based configuration using the SNI TLS
880 : * extension. If the user has disabled SNI via the ssl_sni GUC we still
881 : * make use of the callback in order to have consistent handling of
882 : * OpenSSL contexts, except in that case the callback will install the
883 : * default configuration regardless of the hostname sent by the user in
884 : * the handshake.
885 : *
886 : * In case the TLS library does not support the client hello callback, as
887 : * of this writing LibreSSL does not, we need to install the client cert
888 : * verification callback here (if the user configured a CA) since we
889 : * cannot use the OpenSSL context update functionality.
890 : */
891 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
892 171 : SSL_CTX_set_client_hello_cb(SSL_context, sni_clienthello_cb, NULL);
893 : #else
894 : if (SSL_hosts->default_host->ssl_ca && SSL_hosts->default_host->ssl_ca[0])
895 : {
896 : /*
897 : * Always ask for SSL client cert, but don't fail if it's not
898 : * presented. We might fail such connections later, depending on what
899 : * we find in pg_hba.conf.
900 : */
901 : SSL_set_verify(port->ssl,
902 : (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
903 : verify_cb);
904 :
905 : ssl_loaded_verify_locations = true;
906 : }
907 : #endif
908 :
909 171 : err_context.cert_errdetail = NULL;
910 171 : SSL_set_ex_data(port->ssl, 0, &err_context);
911 :
912 171 : port->ssl_in_use = true;
913 :
914 613 : aloop:
915 :
916 : /*
917 : * Prepare to call SSL_get_error() by clearing thread's OpenSSL error
918 : * queue. In general, the current thread's error queue must be empty
919 : * before the TLS/SSL I/O operation is attempted, or SSL_get_error() will
920 : * not work reliably. An extension may have failed to clear the
921 : * per-thread error queue following another call to an OpenSSL I/O
922 : * routine.
923 : */
924 613 : errno = 0;
925 613 : ERR_clear_error();
926 613 : r = SSL_accept(port->ssl);
927 613 : if (r <= 0)
928 : {
929 474 : err = SSL_get_error(port->ssl, r);
930 :
931 : /*
932 : * Other clients of OpenSSL in the backend may fail to call
933 : * ERR_get_error(), but we always do, so as to not cause problems for
934 : * OpenSSL clients that don't call ERR_clear_error() defensively. Be
935 : * sure that this happens by calling now. SSL_get_error() relies on
936 : * the OpenSSL per-thread error queue being intact, so this is the
937 : * earliest possible point ERR_get_error() may be called.
938 : */
939 474 : ecode = ERR_get_error();
940 474 : switch (err)
941 : {
942 442 : case SSL_ERROR_WANT_READ:
943 : case SSL_ERROR_WANT_WRITE:
944 : /* not allowed during connection establishment */
945 : Assert(!port->noblock);
946 :
947 : /*
948 : * No need to care about timeouts/interrupts here. At this
949 : * point authentication_timeout still employs
950 : * StartupPacketTimeoutHandler() which directly exits.
951 : */
952 442 : if (err == SSL_ERROR_WANT_READ)
953 442 : waitfor = WL_SOCKET_READABLE | WL_EXIT_ON_PM_DEATH;
954 : else
955 0 : waitfor = WL_SOCKET_WRITEABLE | WL_EXIT_ON_PM_DEATH;
956 :
957 442 : (void) WaitLatchOrSocket(NULL, waitfor, port->sock, 0,
958 : WAIT_EVENT_SSL_OPEN_SERVER);
959 442 : goto aloop;
960 0 : case SSL_ERROR_SYSCALL:
961 0 : if (r < 0 && errno != 0)
962 0 : ereport(COMMERROR,
963 : (errcode_for_socket_access(),
964 : errmsg("could not accept SSL connection: %m")));
965 : else
966 0 : ereport(COMMERROR,
967 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
968 : errmsg("could not accept SSL connection: EOF detected")));
969 0 : break;
970 32 : case SSL_ERROR_SSL:
971 32 : switch (ERR_GET_REASON(ecode))
972 : {
973 : /*
974 : * UNSUPPORTED_PROTOCOL, WRONG_VERSION_NUMBER, and
975 : * TLSV1_ALERT_PROTOCOL_VERSION have been observed
976 : * when trying to communicate with an old OpenSSL
977 : * library, or when the client and server specify
978 : * disjoint protocol ranges. NO_PROTOCOLS_AVAILABLE
979 : * occurs if there's a local misconfiguration (which
980 : * can happen despite our checks, if openssl.cnf
981 : * injects a limit we didn't account for). It's not
982 : * very clear what would make OpenSSL return the other
983 : * codes listed here, but a hint about protocol
984 : * versions seems like it's appropriate for all.
985 : */
986 0 : case SSL_R_NO_PROTOCOLS_AVAILABLE:
987 : case SSL_R_UNSUPPORTED_PROTOCOL:
988 : case SSL_R_BAD_PROTOCOL_VERSION_NUMBER:
989 : case SSL_R_UNKNOWN_PROTOCOL:
990 : case SSL_R_UNKNOWN_SSL_VERSION:
991 : case SSL_R_UNSUPPORTED_SSL_VERSION:
992 : case SSL_R_WRONG_SSL_VERSION:
993 : case SSL_R_WRONG_VERSION_NUMBER:
994 : case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
995 : #ifdef SSL_R_VERSION_TOO_HIGH
996 : case SSL_R_VERSION_TOO_HIGH:
997 : #endif
998 : #ifdef SSL_R_VERSION_TOO_LOW
999 : case SSL_R_VERSION_TOO_LOW:
1000 : #endif
1001 0 : give_proto_hint = true;
1002 0 : break;
1003 32 : default:
1004 32 : give_proto_hint = false;
1005 32 : break;
1006 : }
1007 32 : ereport(COMMERROR,
1008 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1009 : errmsg("could not accept SSL connection: %s",
1010 : SSLerrmessage(ecode)),
1011 : err_context.cert_errdetail ? errdetail_internal("%s", err_context.cert_errdetail) : 0,
1012 : give_proto_hint ?
1013 : errhint("This may indicate that the client does not support any SSL protocol version between %s and %s.",
1014 : ssl_min_protocol_version ?
1015 : ssl_protocol_version_to_string(ssl_min_protocol_version) :
1016 : MIN_OPENSSL_TLS_VERSION,
1017 : ssl_max_protocol_version ?
1018 : ssl_protocol_version_to_string(ssl_max_protocol_version) :
1019 : MAX_OPENSSL_TLS_VERSION) : 0));
1020 32 : if (err_context.cert_errdetail)
1021 9 : pfree(err_context.cert_errdetail);
1022 32 : break;
1023 0 : case SSL_ERROR_ZERO_RETURN:
1024 0 : ereport(COMMERROR,
1025 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1026 : errmsg("could not accept SSL connection: EOF detected")));
1027 0 : break;
1028 0 : default:
1029 0 : ereport(COMMERROR,
1030 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1031 : errmsg("unrecognized SSL error code: %d",
1032 : err)));
1033 0 : break;
1034 : }
1035 32 : return -1;
1036 : }
1037 :
1038 : /* Get the protocol selected by ALPN */
1039 139 : port->alpn_used = false;
1040 : {
1041 : const unsigned char *selected;
1042 : unsigned int len;
1043 :
1044 139 : SSL_get0_alpn_selected(port->ssl, &selected, &len);
1045 :
1046 : /* If ALPN is used, check that we negotiated the expected protocol */
1047 139 : if (selected != NULL)
1048 : {
1049 139 : if (len == strlen(PG_ALPN_PROTOCOL) &&
1050 139 : memcmp(selected, PG_ALPN_PROTOCOL, strlen(PG_ALPN_PROTOCOL)) == 0)
1051 : {
1052 139 : port->alpn_used = true;
1053 : }
1054 : else
1055 : {
1056 : /* shouldn't happen */
1057 0 : ereport(COMMERROR,
1058 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1059 : errmsg("received SSL connection request with unexpected ALPN protocol")));
1060 : }
1061 : }
1062 : }
1063 :
1064 : /* Get client certificate, if available. */
1065 139 : port->peer = SSL_get_peer_certificate(port->ssl);
1066 :
1067 : /* and extract the Common Name and Distinguished Name from it. */
1068 139 : port->peer_cn = NULL;
1069 139 : port->peer_dn = NULL;
1070 139 : port->peer_cert_valid = false;
1071 139 : if (port->peer != NULL)
1072 : {
1073 : int len;
1074 32 : X509_NAME *x509name = X509_get_subject_name(port->peer);
1075 : char *peer_dn;
1076 32 : BIO *bio = NULL;
1077 32 : BUF_MEM *bio_buf = NULL;
1078 :
1079 32 : len = X509_NAME_get_text_by_NID(x509name, NID_commonName, NULL, 0);
1080 32 : if (len != -1)
1081 : {
1082 : char *peer_cn;
1083 :
1084 32 : peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1);
1085 32 : r = X509_NAME_get_text_by_NID(x509name, NID_commonName, peer_cn,
1086 : len + 1);
1087 32 : peer_cn[len] = '\0';
1088 32 : if (r != len)
1089 : {
1090 : /* shouldn't happen */
1091 0 : pfree(peer_cn);
1092 0 : return -1;
1093 : }
1094 :
1095 : /*
1096 : * Reject embedded NULLs in certificate common name to prevent
1097 : * attacks like CVE-2009-4034.
1098 : */
1099 32 : if (len != strlen(peer_cn))
1100 : {
1101 0 : ereport(COMMERROR,
1102 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1103 : errmsg("SSL certificate's common name contains embedded null")));
1104 0 : pfree(peer_cn);
1105 0 : return -1;
1106 : }
1107 :
1108 32 : port->peer_cn = peer_cn;
1109 : }
1110 :
1111 32 : bio = BIO_new(BIO_s_mem());
1112 32 : if (!bio)
1113 : {
1114 0 : if (port->peer_cn != NULL)
1115 : {
1116 0 : pfree(port->peer_cn);
1117 0 : port->peer_cn = NULL;
1118 : }
1119 0 : return -1;
1120 : }
1121 :
1122 : /*
1123 : * RFC2253 is the closest thing to an accepted standard format for
1124 : * DNs. We have documented how to produce this format from a
1125 : * certificate. It uses commas instead of slashes for delimiters,
1126 : * which make regular expression matching a bit easier. Also note that
1127 : * it prints the Subject fields in reverse order.
1128 : */
1129 64 : if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1 ||
1130 32 : BIO_get_mem_ptr(bio, &bio_buf) <= 0)
1131 : {
1132 0 : BIO_free(bio);
1133 0 : if (port->peer_cn != NULL)
1134 : {
1135 0 : pfree(port->peer_cn);
1136 0 : port->peer_cn = NULL;
1137 : }
1138 0 : return -1;
1139 : }
1140 32 : peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
1141 32 : memcpy(peer_dn, bio_buf->data, bio_buf->length);
1142 32 : len = bio_buf->length;
1143 32 : BIO_free(bio);
1144 32 : peer_dn[len] = '\0';
1145 32 : if (len != strlen(peer_dn))
1146 : {
1147 0 : ereport(COMMERROR,
1148 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1149 : errmsg("SSL certificate's distinguished name contains embedded null")));
1150 0 : pfree(peer_dn);
1151 0 : if (port->peer_cn != NULL)
1152 : {
1153 0 : pfree(port->peer_cn);
1154 0 : port->peer_cn = NULL;
1155 : }
1156 0 : return -1;
1157 : }
1158 :
1159 32 : port->peer_dn = peer_dn;
1160 :
1161 32 : port->peer_cert_valid = true;
1162 : }
1163 :
1164 139 : return 0;
1165 : }
1166 :
1167 : void
1168 171 : be_tls_close(Port *port)
1169 : {
1170 171 : if (port->ssl)
1171 : {
1172 171 : SSL_shutdown(port->ssl);
1173 171 : SSL_free(port->ssl);
1174 171 : port->ssl = NULL;
1175 171 : port->ssl_in_use = false;
1176 : }
1177 :
1178 171 : if (port->peer)
1179 : {
1180 32 : X509_free(port->peer);
1181 32 : port->peer = NULL;
1182 : }
1183 :
1184 171 : if (port->peer_cn)
1185 : {
1186 32 : pfree(port->peer_cn);
1187 32 : port->peer_cn = NULL;
1188 : }
1189 :
1190 171 : if (port->peer_dn)
1191 : {
1192 32 : pfree(port->peer_dn);
1193 32 : port->peer_dn = NULL;
1194 : }
1195 171 : }
1196 :
1197 : ssize_t
1198 756 : be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
1199 : {
1200 : ssize_t n;
1201 : int err;
1202 : unsigned long ecode;
1203 :
1204 756 : errno = 0;
1205 756 : ERR_clear_error();
1206 756 : n = SSL_read(port->ssl, ptr, len);
1207 756 : err = SSL_get_error(port->ssl, n);
1208 756 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
1209 756 : switch (err)
1210 : {
1211 358 : case SSL_ERROR_NONE:
1212 : /* a-ok */
1213 358 : break;
1214 381 : case SSL_ERROR_WANT_READ:
1215 381 : *waitfor = WL_SOCKET_READABLE;
1216 381 : errno = EWOULDBLOCK;
1217 381 : n = -1;
1218 381 : break;
1219 0 : case SSL_ERROR_WANT_WRITE:
1220 0 : *waitfor = WL_SOCKET_WRITEABLE;
1221 0 : errno = EWOULDBLOCK;
1222 0 : n = -1;
1223 0 : break;
1224 0 : case SSL_ERROR_SYSCALL:
1225 : /* leave it to caller to ereport the value of errno */
1226 0 : if (n != -1 || errno == 0)
1227 : {
1228 0 : errno = ECONNRESET;
1229 0 : n = -1;
1230 : }
1231 0 : break;
1232 0 : case SSL_ERROR_SSL:
1233 0 : ereport(COMMERROR,
1234 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1235 : errmsg("SSL error: %s", SSLerrmessage(ecode))));
1236 0 : errno = ECONNRESET;
1237 0 : n = -1;
1238 0 : break;
1239 17 : case SSL_ERROR_ZERO_RETURN:
1240 : /* connection was cleanly shut down by peer */
1241 17 : n = 0;
1242 17 : break;
1243 0 : default:
1244 0 : ereport(COMMERROR,
1245 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1246 : errmsg("unrecognized SSL error code: %d",
1247 : err)));
1248 0 : errno = ECONNRESET;
1249 0 : n = -1;
1250 0 : break;
1251 : }
1252 :
1253 756 : return n;
1254 : }
1255 :
1256 : ssize_t
1257 250 : be_tls_write(Port *port, const void *ptr, size_t len, int *waitfor)
1258 : {
1259 : ssize_t n;
1260 : int err;
1261 : unsigned long ecode;
1262 :
1263 250 : errno = 0;
1264 250 : ERR_clear_error();
1265 250 : n = SSL_write(port->ssl, ptr, len);
1266 250 : err = SSL_get_error(port->ssl, n);
1267 250 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
1268 250 : switch (err)
1269 : {
1270 250 : case SSL_ERROR_NONE:
1271 : /* a-ok */
1272 250 : break;
1273 0 : case SSL_ERROR_WANT_READ:
1274 0 : *waitfor = WL_SOCKET_READABLE;
1275 0 : errno = EWOULDBLOCK;
1276 0 : n = -1;
1277 0 : break;
1278 0 : case SSL_ERROR_WANT_WRITE:
1279 0 : *waitfor = WL_SOCKET_WRITEABLE;
1280 0 : errno = EWOULDBLOCK;
1281 0 : n = -1;
1282 0 : break;
1283 0 : case SSL_ERROR_SYSCALL:
1284 :
1285 : /*
1286 : * Leave it to caller to ereport the value of errno. However, if
1287 : * errno is still zero then assume it's a read EOF situation, and
1288 : * report ECONNRESET. (This seems possible because SSL_write can
1289 : * also do reads.)
1290 : */
1291 0 : if (n != -1 || errno == 0)
1292 : {
1293 0 : errno = ECONNRESET;
1294 0 : n = -1;
1295 : }
1296 0 : break;
1297 0 : case SSL_ERROR_SSL:
1298 0 : ereport(COMMERROR,
1299 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1300 : errmsg("SSL error: %s", SSLerrmessage(ecode))));
1301 0 : errno = ECONNRESET;
1302 0 : n = -1;
1303 0 : break;
1304 0 : case SSL_ERROR_ZERO_RETURN:
1305 :
1306 : /*
1307 : * the SSL connection was closed, leave it to the caller to
1308 : * ereport it
1309 : */
1310 0 : errno = ECONNRESET;
1311 0 : n = -1;
1312 0 : break;
1313 0 : default:
1314 0 : ereport(COMMERROR,
1315 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1316 : errmsg("unrecognized SSL error code: %d",
1317 : err)));
1318 0 : errno = ECONNRESET;
1319 0 : n = -1;
1320 0 : break;
1321 : }
1322 :
1323 250 : return n;
1324 : }
1325 :
1326 : /* ------------------------------------------------------------ */
1327 : /* Internal functions */
1328 : /* ------------------------------------------------------------ */
1329 :
1330 : /*
1331 : * Private substitute BIO: this does the sending and receiving using send() and
1332 : * recv() instead. This is so that we can enable and disable interrupts
1333 : * just while calling recv(). We cannot have interrupts occurring while
1334 : * the bulk of OpenSSL runs, because it uses malloc() and possibly other
1335 : * non-reentrant libc facilities. We also need to call send() and recv()
1336 : * directly so it gets passed through the socket/signals layer on Win32.
1337 : *
1338 : * These functions are closely modelled on the standard socket BIO in OpenSSL;
1339 : * see sock_read() and sock_write() in OpenSSL's crypto/bio/bss_sock.c.
1340 : */
1341 :
1342 : static BIO_METHOD *port_bio_method_ptr = NULL;
1343 :
1344 : static int
1345 3162 : port_bio_read(BIO *h, char *buf, int size)
1346 : {
1347 3162 : int res = 0;
1348 3162 : Port *port = (Port *) BIO_get_data(h);
1349 :
1350 3162 : if (buf != NULL)
1351 : {
1352 3162 : res = secure_raw_read(port, buf, size);
1353 3162 : BIO_clear_retry_flags(h);
1354 3162 : port->last_read_was_eof = res == 0;
1355 3162 : if (res <= 0)
1356 : {
1357 : /* If we were interrupted, tell caller to retry */
1358 828 : if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN)
1359 : {
1360 823 : BIO_set_retry_read(h);
1361 : }
1362 : }
1363 : }
1364 :
1365 3162 : return res;
1366 : }
1367 :
1368 : static int
1369 719 : port_bio_write(BIO *h, const char *buf, int size)
1370 : {
1371 719 : int res = 0;
1372 :
1373 719 : res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
1374 719 : BIO_clear_retry_flags(h);
1375 719 : if (res <= 0)
1376 : {
1377 : /* If we were interrupted, tell caller to retry */
1378 0 : if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN)
1379 : {
1380 0 : BIO_set_retry_write(h);
1381 : }
1382 : }
1383 :
1384 719 : return res;
1385 : }
1386 :
1387 : static long
1388 816 : port_bio_ctrl(BIO *h, int cmd, long num, void *ptr)
1389 : {
1390 : long res;
1391 816 : Port *port = (Port *) BIO_get_data(h);
1392 :
1393 816 : switch (cmd)
1394 : {
1395 5 : case BIO_CTRL_EOF:
1396 :
1397 : /*
1398 : * This should not be needed. port_bio_read already has a way to
1399 : * signal EOF to OpenSSL. However, OpenSSL made an undocumented,
1400 : * backwards-incompatible change and now expects EOF via BIO_ctrl.
1401 : * See https://github.com/openssl/openssl/issues/8208
1402 : */
1403 5 : res = port->last_read_was_eof;
1404 5 : break;
1405 469 : case BIO_CTRL_FLUSH:
1406 : /* libssl expects all BIOs to support BIO_flush. */
1407 469 : res = 1;
1408 469 : break;
1409 342 : default:
1410 342 : res = 0;
1411 342 : break;
1412 : }
1413 :
1414 816 : return res;
1415 : }
1416 :
1417 : static BIO_METHOD *
1418 171 : port_bio_method(void)
1419 : {
1420 171 : if (!port_bio_method_ptr)
1421 : {
1422 : int my_bio_index;
1423 :
1424 171 : my_bio_index = BIO_get_new_index();
1425 171 : if (my_bio_index == -1)
1426 0 : return NULL;
1427 171 : my_bio_index |= BIO_TYPE_SOURCE_SINK;
1428 171 : port_bio_method_ptr = BIO_meth_new(my_bio_index, "PostgreSQL backend socket");
1429 171 : if (!port_bio_method_ptr)
1430 0 : return NULL;
1431 342 : if (!BIO_meth_set_write(port_bio_method_ptr, port_bio_write) ||
1432 342 : !BIO_meth_set_read(port_bio_method_ptr, port_bio_read) ||
1433 171 : !BIO_meth_set_ctrl(port_bio_method_ptr, port_bio_ctrl))
1434 : {
1435 0 : BIO_meth_free(port_bio_method_ptr);
1436 0 : port_bio_method_ptr = NULL;
1437 0 : return NULL;
1438 : }
1439 : }
1440 171 : return port_bio_method_ptr;
1441 : }
1442 :
1443 : static int
1444 171 : ssl_set_port_bio(Port *port)
1445 : {
1446 : BIO *bio;
1447 : BIO_METHOD *bio_method;
1448 :
1449 171 : bio_method = port_bio_method();
1450 171 : if (bio_method == NULL)
1451 0 : return 0;
1452 :
1453 171 : bio = BIO_new(bio_method);
1454 171 : if (bio == NULL)
1455 0 : return 0;
1456 :
1457 171 : BIO_set_data(bio, port);
1458 171 : BIO_set_init(bio, 1);
1459 :
1460 171 : SSL_set_bio(port->ssl, bio, bio);
1461 171 : return 1;
1462 : }
1463 :
1464 : /*
1465 : * Load precomputed DH parameters.
1466 : *
1467 : * To prevent "downgrade" attacks, we perform a number of checks
1468 : * to verify that the DBA-generated DH parameters file contains
1469 : * what we expect it to contain.
1470 : */
1471 : static DH *
1472 0 : load_dh_file(char *filename, bool isServerStart)
1473 : {
1474 : FILE *fp;
1475 0 : DH *dh = NULL;
1476 : int codes;
1477 :
1478 : /* attempt to open file. It's not an error if it doesn't exist. */
1479 0 : if ((fp = AllocateFile(filename, "r")) == NULL)
1480 : {
1481 0 : ereport(isServerStart ? FATAL : LOG,
1482 : (errcode_for_file_access(),
1483 : errmsg("could not open DH parameters file \"%s\": %m",
1484 : filename)));
1485 0 : return NULL;
1486 : }
1487 :
1488 0 : dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
1489 0 : FreeFile(fp);
1490 :
1491 0 : if (dh == NULL)
1492 : {
1493 0 : ereport(isServerStart ? FATAL : LOG,
1494 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1495 : errmsg("could not load DH parameters file: %s",
1496 : SSLerrmessage(ERR_get_error()))));
1497 0 : return NULL;
1498 : }
1499 :
1500 : /* make sure the DH parameters are usable */
1501 0 : if (DH_check(dh, &codes) == 0)
1502 : {
1503 0 : ereport(isServerStart ? FATAL : LOG,
1504 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1505 : errmsg("invalid DH parameters: %s",
1506 : SSLerrmessage(ERR_get_error()))));
1507 0 : DH_free(dh);
1508 0 : return NULL;
1509 : }
1510 0 : if (codes & DH_CHECK_P_NOT_PRIME)
1511 : {
1512 0 : ereport(isServerStart ? FATAL : LOG,
1513 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1514 : errmsg("invalid DH parameters: p is not prime")));
1515 0 : DH_free(dh);
1516 0 : return NULL;
1517 : }
1518 0 : if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
1519 0 : (codes & DH_CHECK_P_NOT_SAFE_PRIME))
1520 : {
1521 0 : ereport(isServerStart ? FATAL : LOG,
1522 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1523 : errmsg("invalid DH parameters: neither suitable generator or safe prime")));
1524 0 : DH_free(dh);
1525 0 : return NULL;
1526 : }
1527 :
1528 0 : return dh;
1529 : }
1530 :
1531 : /*
1532 : * Load hardcoded DH parameters.
1533 : *
1534 : * If DH parameters cannot be loaded from a specified file, we can load
1535 : * the hardcoded DH parameters supplied with the backend to prevent
1536 : * problems.
1537 : */
1538 : static DH *
1539 52 : load_dh_buffer(const char *buffer, size_t len)
1540 : {
1541 : BIO *bio;
1542 52 : DH *dh = NULL;
1543 :
1544 52 : bio = BIO_new_mem_buf(buffer, len);
1545 52 : if (bio == NULL)
1546 0 : return NULL;
1547 52 : dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1548 52 : if (dh == NULL)
1549 0 : ereport(DEBUG2,
1550 : (errmsg_internal("DH load buffer: %s",
1551 : SSLerrmessage(ERR_get_error()))));
1552 52 : BIO_free(bio);
1553 :
1554 52 : return dh;
1555 : }
1556 :
1557 : /*
1558 : * Passphrase collection callback using ssl_passphrase_command
1559 : */
1560 : static int
1561 17 : ssl_external_passwd_cb(char *buf, int size, int rwflag, void *userdata)
1562 : {
1563 : /* same prompt as OpenSSL uses internally */
1564 17 : const char *prompt = "Enter PEM pass phrase:";
1565 17 : const char *cmd = userdata;
1566 :
1567 : Assert(rwflag == 0);
1568 :
1569 17 : return run_ssl_passphrase_command(cmd, prompt, ssl_is_server_start, buf, size);
1570 : }
1571 :
1572 : /*
1573 : * Dummy passphrase callback
1574 : *
1575 : * If OpenSSL is told to use a passphrase-protected server key, by default
1576 : * it will issue a prompt on /dev/tty and try to read a key from there.
1577 : * That's no good during a postmaster SIGHUP cycle, not to mention SSL context
1578 : * reload in an EXEC_BACKEND postmaster child. So override it with this dummy
1579 : * function that just returns an empty passphrase, guaranteeing failure.
1580 : */
1581 : static int
1582 2 : dummy_ssl_passwd_cb(char *buf, int size, int rwflag, void *userdata)
1583 : {
1584 : /* Set flag to change the error message we'll report */
1585 2 : dummy_ssl_passwd_cb_called = true;
1586 : /* And return empty string */
1587 : Assert(size > 0);
1588 2 : buf[0] = '\0';
1589 2 : return 0;
1590 : }
1591 :
1592 : /*
1593 : * Examines the provided certificate name, and if it's too long to log or
1594 : * contains unprintable ASCII, escapes and truncates it. The return value is
1595 : * always a new palloc'd string. (The input string is still modified in place,
1596 : * for ease of implementation.)
1597 : */
1598 : static char *
1599 18 : prepare_cert_name(char *name)
1600 : {
1601 18 : size_t namelen = strlen(name);
1602 18 : char *truncated = name;
1603 :
1604 : /*
1605 : * Common Names are 64 chars max, so for a common case where the CN is the
1606 : * last field, we can still print the longest possible CN with a
1607 : * 7-character prefix (".../CN=[64 chars]"), for a reasonable limit of 71
1608 : * characters.
1609 : */
1610 : #define MAXLEN 71
1611 :
1612 18 : if (namelen > MAXLEN)
1613 : {
1614 : /*
1615 : * Keep the end of the name, not the beginning, since the most
1616 : * specific field is likely to give users the most information.
1617 : */
1618 1 : truncated = name + namelen - MAXLEN;
1619 1 : truncated[0] = truncated[1] = truncated[2] = '.';
1620 1 : namelen = MAXLEN;
1621 : }
1622 :
1623 : #undef MAXLEN
1624 :
1625 18 : return pg_clean_ascii(truncated, 0);
1626 : }
1627 :
1628 : /*
1629 : * Certificate verification callback
1630 : *
1631 : * This callback allows us to examine intermediate problems during
1632 : * verification, for later logging.
1633 : *
1634 : * This callback also allows us to override the default acceptance
1635 : * criteria (e.g., accepting self-signed or expired certs), but
1636 : * for now we accept the default checks.
1637 : */
1638 : static int
1639 105 : verify_cb(int ok, X509_STORE_CTX *ctx)
1640 : {
1641 : int depth;
1642 : int errcode;
1643 : const char *errstring;
1644 : StringInfoData str;
1645 : X509 *cert;
1646 : SSL *ssl;
1647 : struct CallbackErr *cb_err;
1648 :
1649 105 : if (ok)
1650 : {
1651 : /* Nothing to do for the successful case. */
1652 96 : return ok;
1653 : }
1654 :
1655 : /* Pull all the information we have on the verification failure. */
1656 9 : depth = X509_STORE_CTX_get_error_depth(ctx);
1657 9 : errcode = X509_STORE_CTX_get_error(ctx);
1658 9 : errstring = X509_verify_cert_error_string(errcode);
1659 :
1660 : /*
1661 : * Extract the current SSL and CallbackErr object to use for passing error
1662 : * detail back from the callback.
1663 : */
1664 9 : ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1665 9 : cb_err = (struct CallbackErr *) SSL_get_ex_data(ssl, 0);
1666 :
1667 9 : initStringInfo(&str);
1668 9 : appendStringInfo(&str,
1669 9 : _("Client certificate verification failed at depth %d: %s."),
1670 : depth, errstring);
1671 :
1672 9 : cert = X509_STORE_CTX_get_current_cert(ctx);
1673 9 : if (cert)
1674 : {
1675 : char *subject,
1676 : *issuer;
1677 : char *sub_prepared,
1678 : *iss_prepared;
1679 : char *serialno;
1680 : ASN1_INTEGER *sn;
1681 : BIGNUM *b;
1682 :
1683 : /*
1684 : * Get the Subject and Issuer for logging, but don't let maliciously
1685 : * huge certs flood the logs, and don't reflect non-ASCII bytes into
1686 : * it either.
1687 : */
1688 9 : subject = X509_NAME_to_cstring(X509_get_subject_name(cert));
1689 9 : sub_prepared = prepare_cert_name(subject);
1690 9 : pfree(subject);
1691 :
1692 9 : issuer = X509_NAME_to_cstring(X509_get_issuer_name(cert));
1693 9 : iss_prepared = prepare_cert_name(issuer);
1694 9 : pfree(issuer);
1695 :
1696 : /*
1697 : * Pull the serial number, too, in case a Subject is still ambiguous.
1698 : * This mirrors be_tls_get_peer_serial().
1699 : */
1700 9 : sn = X509_get_serialNumber(cert);
1701 9 : b = ASN1_INTEGER_to_BN(sn, NULL);
1702 9 : serialno = BN_bn2dec(b);
1703 :
1704 9 : appendStringInfoChar(&str, '\n');
1705 9 : appendStringInfo(&str,
1706 9 : _("Failed certificate data (unverified): subject \"%s\", serial number %s, issuer \"%s\"."),
1707 0 : sub_prepared, serialno ? serialno : _("unknown"),
1708 : iss_prepared);
1709 :
1710 9 : BN_free(b);
1711 9 : OPENSSL_free(serialno);
1712 9 : pfree(iss_prepared);
1713 9 : pfree(sub_prepared);
1714 : }
1715 :
1716 : /* Store our detail message to be logged later. */
1717 9 : cb_err->cert_errdetail = str.data;
1718 :
1719 9 : return ok;
1720 : }
1721 :
1722 : /*
1723 : * This callback is used to copy SSL information messages
1724 : * into the PostgreSQL log.
1725 : */
1726 : static void
1727 3908 : info_cb(const SSL *ssl, int type, int args)
1728 : {
1729 : const char *desc;
1730 :
1731 3908 : desc = SSL_state_string_long(ssl);
1732 :
1733 3908 : switch (type)
1734 : {
1735 171 : case SSL_CB_HANDSHAKE_START:
1736 171 : ereport(DEBUG4,
1737 : (errmsg_internal("SSL: handshake start: \"%s\"", desc)));
1738 171 : break;
1739 139 : case SSL_CB_HANDSHAKE_DONE:
1740 139 : ereport(DEBUG4,
1741 : (errmsg_internal("SSL: handshake done: \"%s\"", desc)));
1742 139 : break;
1743 2797 : case SSL_CB_ACCEPT_LOOP:
1744 2797 : ereport(DEBUG4,
1745 : (errmsg_internal("SSL: accept loop: \"%s\"", desc)));
1746 2797 : break;
1747 613 : case SSL_CB_ACCEPT_EXIT:
1748 613 : ereport(DEBUG4,
1749 : (errmsg_internal("SSL: accept exit (%d): \"%s\"", args, desc)));
1750 613 : break;
1751 0 : case SSL_CB_CONNECT_LOOP:
1752 0 : ereport(DEBUG4,
1753 : (errmsg_internal("SSL: connect loop: \"%s\"", desc)));
1754 0 : break;
1755 0 : case SSL_CB_CONNECT_EXIT:
1756 0 : ereport(DEBUG4,
1757 : (errmsg_internal("SSL: connect exit (%d): \"%s\"", args, desc)));
1758 0 : break;
1759 29 : case SSL_CB_READ_ALERT:
1760 29 : ereport(DEBUG4,
1761 : (errmsg_internal("SSL: read alert (0x%04x): \"%s\"", args, desc)));
1762 29 : break;
1763 159 : case SSL_CB_WRITE_ALERT:
1764 159 : ereport(DEBUG4,
1765 : (errmsg_internal("SSL: write alert (0x%04x): \"%s\"", args, desc)));
1766 159 : break;
1767 : }
1768 3908 : }
1769 :
1770 : /* See pqcomm.h comments on OpenSSL implementation of ALPN (RFC 7301) */
1771 : static const unsigned char alpn_protos[] = PG_ALPN_PROTOCOL_VECTOR;
1772 :
1773 : /*
1774 : * Server callback for ALPN negotiation. We use the standard "helper" function
1775 : * even though currently we only accept one value.
1776 : */
1777 : static int
1778 308 : alpn_cb(SSL *ssl,
1779 : const unsigned char **out,
1780 : unsigned char *outlen,
1781 : const unsigned char *in,
1782 : unsigned int inlen,
1783 : void *userdata)
1784 : {
1785 : /*
1786 : * Why does OpenSSL provide a helper function that requires a nonconst
1787 : * vector when the callback is declared to take a const vector? What are
1788 : * we to do with that?
1789 : */
1790 : int retval;
1791 :
1792 : Assert(userdata != NULL);
1793 : Assert(out != NULL);
1794 : Assert(outlen != NULL);
1795 : Assert(in != NULL);
1796 :
1797 308 : retval = SSL_select_next_proto((unsigned char **) out, outlen,
1798 : alpn_protos, sizeof(alpn_protos),
1799 : in, inlen);
1800 308 : if (*out == NULL || *outlen > sizeof(alpn_protos) || *outlen <= 0)
1801 0 : return SSL_TLSEXT_ERR_NOACK; /* can't happen */
1802 :
1803 308 : if (retval == OPENSSL_NPN_NEGOTIATED)
1804 308 : return SSL_TLSEXT_ERR_OK;
1805 : else
1806 : {
1807 : /*
1808 : * The client doesn't support our protocol. Reject the connection
1809 : * with TLS "no_application_protocol" alert, per RFC 7301.
1810 : */
1811 0 : return SSL_TLSEXT_ERR_ALERT_FATAL;
1812 : }
1813 : }
1814 :
1815 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
1816 : /*
1817 : * ssl_update_ssl
1818 : *
1819 : * Replace certificate/key and CA in an SSL object to match the, via the SNI
1820 : * extension, selected host configuration for the connection. The SSL_CTX
1821 : * object to use should be passed in as ctx. This function will update the
1822 : * SSL object in-place.
1823 : */
1824 : static bool
1825 308 : ssl_update_ssl(SSL *ssl, HostsLine *host_config)
1826 : {
1827 308 : SSL_CTX *ctx = host_config->ssl_ctx;
1828 :
1829 : X509 *cert;
1830 : EVP_PKEY *key;
1831 :
1832 : STACK_OF(X509) * chain;
1833 :
1834 : Assert(ctx != NULL);
1835 : /*-
1836 : * Make use of the already-loaded certificate chain and key. At first
1837 : * glance, SSL_set_SSL_CTX() looks like the easiest way to do this, but
1838 : * beware -- it has very odd behavior:
1839 : *
1840 : * https://github.com/openssl/openssl/issues/6109
1841 : */
1842 308 : cert = SSL_CTX_get0_certificate(ctx);
1843 308 : key = SSL_CTX_get0_privatekey(ctx);
1844 :
1845 : Assert(cert && key);
1846 :
1847 308 : if (!SSL_CTX_get0_chain_certs(ctx, &chain)
1848 308 : || !SSL_use_cert_and_key(ssl, cert, key, chain, 1 /* override */ )
1849 308 : || !SSL_check_private_key(ssl))
1850 : {
1851 : /*
1852 : * This shouldn't really be possible, since the inputs came from a
1853 : * SSL_CTX that was already populated by OpenSSL.
1854 : */
1855 0 : ereport(COMMERROR,
1856 : errcode(ERRCODE_INTERNAL_ERROR),
1857 : errmsg_internal("could not update certificate chain: %s",
1858 : SSLerrmessage(ERR_get_error())));
1859 0 : return false;
1860 : }
1861 :
1862 308 : if (host_config->ssl_ca && host_config->ssl_ca[0])
1863 : {
1864 : /*
1865 : * Copy the trust store and list of roots over from the SSL_CTX.
1866 : */
1867 284 : X509_STORE *ca_store = SSL_CTX_get_cert_store(ctx);
1868 :
1869 : STACK_OF(X509_NAME) * roots;
1870 :
1871 : /*
1872 : * The trust store appears to be the only setting that this function
1873 : * can't override via the (SSL *) pointer directly. Instead, share it
1874 : * with the active SSL_CTX (this should always be SSL_context).
1875 : */
1876 : Assert(SSL_context == SSL_get_SSL_CTX(ssl));
1877 284 : SSL_CTX_set1_cert_store(SSL_context, ca_store);
1878 :
1879 : /*
1880 : * SSL_set_client_CA_list() will take ownership of its argument, so we
1881 : * need to duplicate it.
1882 : */
1883 284 : if ((roots = SSL_CTX_get_client_CA_list(ctx)) == NULL
1884 284 : || (roots = SSL_dup_CA_list(roots)) == NULL)
1885 : {
1886 0 : ereport(COMMERROR,
1887 : errcode(ERRCODE_INTERNAL_ERROR),
1888 : errmsg_internal("could not duplicate SSL_CTX CA list: %s",
1889 : SSLerrmessage(ERR_get_error())));
1890 0 : return false;
1891 : }
1892 :
1893 284 : SSL_set_client_CA_list(ssl, roots);
1894 :
1895 : /*
1896 : * Always ask for SSL client cert, but don't fail if it's not
1897 : * presented. We might fail such connections later, depending on what
1898 : * we find in pg_hba.conf.
1899 : */
1900 284 : SSL_set_verify(ssl,
1901 : (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
1902 : verify_cb);
1903 :
1904 284 : ssl_loaded_verify_locations = true;
1905 : }
1906 :
1907 308 : return true;
1908 : }
1909 :
1910 : /*
1911 : * sni_clienthello_cb
1912 : *
1913 : * Callback for extracting the servername extension from the TLS handshake
1914 : * during ClientHello. There is a callback in OpenSSL for the servername
1915 : * specifically but OpenSSL themselves advice against using it as it is more
1916 : * dependent on ordering for execution.
1917 : */
1918 : static int
1919 314 : sni_clienthello_cb(SSL *ssl, int *al, void *arg)
1920 : {
1921 : const char *tlsext_hostname;
1922 : const unsigned char *tlsext;
1923 : size_t left,
1924 : len;
1925 314 : HostsLine *install_config = NULL;
1926 :
1927 314 : if (!ssl_sni)
1928 : {
1929 258 : install_config = SSL_hosts->default_host;
1930 258 : goto found;
1931 : }
1932 :
1933 56 : if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &tlsext, &left))
1934 : {
1935 53 : if (left <= 2)
1936 : {
1937 0 : *al = SSL_AD_DECODE_ERROR;
1938 0 : return 0;
1939 : }
1940 53 : len = (*(tlsext++) << 8);
1941 53 : len += *(tlsext)++;
1942 53 : if (len + 2 != left)
1943 : {
1944 0 : *al = SSL_AD_DECODE_ERROR;
1945 0 : return 0;
1946 : }
1947 :
1948 53 : left = len;
1949 :
1950 53 : if (left == 0 || *tlsext++ != TLSEXT_NAMETYPE_host_name)
1951 : {
1952 0 : *al = SSL_AD_DECODE_ERROR;
1953 0 : return 0;
1954 : }
1955 :
1956 53 : left--;
1957 :
1958 : /*
1959 : * Now we can finally pull out the byte array with the actual
1960 : * hostname.
1961 : */
1962 53 : if (left <= 2)
1963 : {
1964 0 : *al = SSL_AD_DECODE_ERROR;
1965 0 : return 0;
1966 : }
1967 53 : len = (*(tlsext++) << 8);
1968 53 : len += *(tlsext++);
1969 53 : if (len + 2 > left)
1970 : {
1971 0 : *al = SSL_AD_DECODE_ERROR;
1972 0 : return 0;
1973 : }
1974 53 : left = len;
1975 53 : tlsext_hostname = (const char *) tlsext;
1976 :
1977 : /*
1978 : * We have a requested hostname from the client, match against all
1979 : * entries in the pg_hosts configuration and attempt to find a match.
1980 : * Matching is done case insensitive as per RFC 952 and RFC 921.
1981 : */
1982 90 : foreach_ptr(HostsLine, host, SSL_hosts->sni)
1983 : {
1984 120 : foreach_ptr(char, hostname, host->hostnames)
1985 : {
1986 141 : if (strlen(hostname) == len &&
1987 65 : pg_strncasecmp(hostname, tlsext_hostname, len) == 0)
1988 : {
1989 38 : install_config = host;
1990 38 : goto found;
1991 : }
1992 : }
1993 : }
1994 :
1995 : /*
1996 : * If no host specific match was found, and there is a default config,
1997 : * then fall back to using that.
1998 : */
1999 15 : if (!install_config && SSL_hosts->default_host)
2000 10 : install_config = SSL_hosts->default_host;
2001 : }
2002 :
2003 : /*
2004 : * No hostname TLS extension in the handshake, use the default or no_sni
2005 : * configurations if available.
2006 : */
2007 : else
2008 : {
2009 3 : tlsext_hostname = NULL;
2010 :
2011 3 : if (SSL_hosts->no_sni)
2012 2 : install_config = SSL_hosts->no_sni;
2013 1 : else if (SSL_hosts->default_host)
2014 0 : install_config = SSL_hosts->default_host;
2015 : else
2016 : {
2017 : /*
2018 : * Reaching here means that we didn't get a hostname in the TLS
2019 : * extension and the server has been configured to not allow any
2020 : * connections without a specified hostname.
2021 : *
2022 : * The error message for a missing server_name should, according
2023 : * to RFC 8446, be missing_extension. This isn't entirely ideal
2024 : * since the user won't be able to tell which extension the server
2025 : * considered missing. Sending unrecognized_name would be a more
2026 : * helpful error, but for now we stick to the RFC.
2027 : */
2028 1 : *al = SSL_AD_MISSING_EXTENSION;
2029 :
2030 1 : ereport(COMMERROR,
2031 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2032 : errmsg("no hostname provided in callback, and no fallback configured")));
2033 1 : return SSL_CLIENT_HELLO_ERROR;
2034 : }
2035 : }
2036 :
2037 : /*
2038 : * If we reach here without a context chosen as the session context then
2039 : * fail the handshake and terminate the connection.
2040 : */
2041 17 : if (install_config == NULL)
2042 : {
2043 5 : if (tlsext_hostname)
2044 5 : *al = SSL_AD_UNRECOGNIZED_NAME;
2045 : else
2046 0 : *al = SSL_AD_MISSING_EXTENSION;
2047 5 : return SSL_CLIENT_HELLO_ERROR;
2048 : }
2049 :
2050 12 : found:
2051 308 : if (!ssl_update_ssl(ssl, install_config))
2052 : {
2053 0 : *al = SSL_AD_INTERNAL_ERROR;
2054 0 : ereport(COMMERROR,
2055 : errcode(ERRCODE_PROTOCOL_VIOLATION),
2056 : errmsg("failed to switch to SSL configuration for host, terminating connection"));
2057 0 : return SSL_CLIENT_HELLO_ERROR;
2058 : }
2059 :
2060 308 : return SSL_CLIENT_HELLO_SUCCESS;
2061 : }
2062 : #endif /* HAVE_SSL_CTX_SET_CLIENT_HELLO_CB */
2063 :
2064 : /*
2065 : * Set DH parameters for generating ephemeral DH keys. The
2066 : * DH parameters can take a long time to compute, so they must be
2067 : * precomputed.
2068 : *
2069 : * Since few sites will bother to create a parameter file, we also
2070 : * provide a fallback to the parameters provided by the OpenSSL
2071 : * project.
2072 : *
2073 : * These values can be static (once loaded or computed) since the
2074 : * OpenSSL library can efficiently generate random keys from the
2075 : * information provided.
2076 : */
2077 : static bool
2078 52 : initialize_dh(SSL_CTX *context, bool isServerStart)
2079 : {
2080 52 : DH *dh = NULL;
2081 :
2082 52 : SSL_CTX_set_options(context, SSL_OP_SINGLE_DH_USE);
2083 :
2084 52 : if (ssl_dh_params_file[0])
2085 0 : dh = load_dh_file(ssl_dh_params_file, isServerStart);
2086 52 : if (!dh)
2087 52 : dh = load_dh_buffer(FILE_DH2048, sizeof(FILE_DH2048));
2088 52 : if (!dh)
2089 : {
2090 0 : ereport(isServerStart ? FATAL : LOG,
2091 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
2092 : errmsg("DH: could not load DH parameters")));
2093 0 : return false;
2094 : }
2095 :
2096 52 : if (SSL_CTX_set_tmp_dh(context, dh) != 1)
2097 : {
2098 0 : ereport(isServerStart ? FATAL : LOG,
2099 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
2100 : errmsg("DH: could not set DH parameters: %s",
2101 : SSLerrmessage(ERR_get_error()))));
2102 0 : DH_free(dh);
2103 0 : return false;
2104 : }
2105 :
2106 52 : DH_free(dh);
2107 52 : return true;
2108 : }
2109 :
2110 : /*
2111 : * Set ECDH parameters for generating ephemeral Elliptic Curve DH
2112 : * keys. This is much simpler than the DH parameters, as we just
2113 : * need to provide the name of the curve to OpenSSL.
2114 : */
2115 : static bool
2116 52 : initialize_ecdh(SSL_CTX *context, bool isServerStart)
2117 : {
2118 : #ifndef OPENSSL_NO_ECDH
2119 52 : if (SSL_CTX_set1_groups_list(context, SSLECDHCurve) != 1)
2120 : {
2121 : /*
2122 : * OpenSSL 3.3.0 introduced proper error messages for group parsing
2123 : * errors, earlier versions returns "no SSL error reported" which is
2124 : * far from helpful. For older versions, we replace with a better
2125 : * error message. Injecting the error into the OpenSSL error queue
2126 : * need APIs from OpenSSL 3.0.
2127 : */
2128 2 : ereport(isServerStart ? FATAL : LOG,
2129 : errcode(ERRCODE_CONFIG_FILE_ERROR),
2130 : errmsg("could not set group names specified in ssl_groups: %s",
2131 : SSLerrmessageExt(ERR_get_error(),
2132 : _("No valid groups found"))),
2133 : errhint("Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL."));
2134 0 : return false;
2135 : }
2136 : #endif
2137 :
2138 50 : return true;
2139 : }
2140 :
2141 : /*
2142 : * Obtain reason string for passed SSL errcode with replacement
2143 : *
2144 : * The error message supplied in replacement will be used in case the error
2145 : * code from OpenSSL is 0, else the error message from SSLerrmessage() will
2146 : * be returned.
2147 : *
2148 : * Not all versions of OpenSSL place an error on the queue even for failing
2149 : * operations, which will yield "no SSL error reported" by SSLerrmessage. This
2150 : * function can be used to ensure that a proper error message is displayed for
2151 : * versions reporting no error, while using the OpenSSL error via SSLerrmessage
2152 : * for versions where there is one.
2153 : */
2154 : static const char *
2155 2 : SSLerrmessageExt(unsigned long ecode, const char *replacement)
2156 : {
2157 2 : if (ecode == 0)
2158 2 : return replacement;
2159 : else
2160 0 : return SSLerrmessage(ecode);
2161 : }
2162 :
2163 : /*
2164 : * Obtain reason string for passed SSL errcode
2165 : *
2166 : * ERR_get_error() is used by caller to get errcode to pass here.
2167 : *
2168 : * Some caution is needed here since ERR_reason_error_string will return NULL
2169 : * if it doesn't recognize the error code, or (in OpenSSL >= 3) if the code
2170 : * represents a system errno value. We don't want to return NULL ever.
2171 : */
2172 : static const char *
2173 35 : SSLerrmessage(unsigned long ecode)
2174 : {
2175 : const char *errreason;
2176 : static char errbuf[36];
2177 :
2178 35 : if (ecode == 0)
2179 0 : return _("no SSL error reported");
2180 35 : errreason = ERR_reason_error_string(ecode);
2181 35 : if (errreason != NULL)
2182 35 : return errreason;
2183 :
2184 : /*
2185 : * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system
2186 : * errno values anymore. (See OpenSSL source code for the explanation.)
2187 : * We can cover that shortcoming with this bit of code. Older OpenSSL
2188 : * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because
2189 : * they don't have the shortcoming either.
2190 : */
2191 : #ifdef ERR_SYSTEM_ERROR
2192 0 : if (ERR_SYSTEM_ERROR(ecode))
2193 0 : return strerror(ERR_GET_REASON(ecode));
2194 : #endif
2195 :
2196 : /* No choice but to report the numeric ecode */
2197 0 : snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
2198 0 : return errbuf;
2199 : }
2200 :
2201 : int
2202 222 : be_tls_get_cipher_bits(Port *port)
2203 : {
2204 : int bits;
2205 :
2206 222 : if (port->ssl)
2207 : {
2208 222 : SSL_get_cipher_bits(port->ssl, &bits);
2209 222 : return bits;
2210 : }
2211 : else
2212 0 : return 0;
2213 : }
2214 :
2215 : const char *
2216 223 : be_tls_get_version(Port *port)
2217 : {
2218 223 : if (port->ssl)
2219 223 : return SSL_get_version(port->ssl);
2220 : else
2221 0 : return NULL;
2222 : }
2223 :
2224 : const char *
2225 223 : be_tls_get_cipher(Port *port)
2226 : {
2227 223 : if (port->ssl)
2228 223 : return SSL_get_cipher(port->ssl);
2229 : else
2230 0 : return NULL;
2231 : }
2232 :
2233 : void
2234 111 : be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len)
2235 : {
2236 111 : if (port->peer)
2237 30 : strlcpy(ptr, X509_NAME_to_cstring(X509_get_subject_name(port->peer)), len);
2238 : else
2239 81 : ptr[0] = '\0';
2240 111 : }
2241 :
2242 : void
2243 112 : be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
2244 : {
2245 112 : if (port->peer)
2246 31 : strlcpy(ptr, X509_NAME_to_cstring(X509_get_issuer_name(port->peer)), len);
2247 : else
2248 81 : ptr[0] = '\0';
2249 112 : }
2250 :
2251 : void
2252 112 : be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
2253 : {
2254 112 : if (port->peer)
2255 : {
2256 : ASN1_INTEGER *serial;
2257 : BIGNUM *b;
2258 : char *decimal;
2259 :
2260 31 : serial = X509_get_serialNumber(port->peer);
2261 31 : b = ASN1_INTEGER_to_BN(serial, NULL);
2262 31 : decimal = BN_bn2dec(b);
2263 :
2264 31 : BN_free(b);
2265 31 : strlcpy(ptr, decimal, len);
2266 31 : OPENSSL_free(decimal);
2267 : }
2268 : else
2269 81 : ptr[0] = '\0';
2270 112 : }
2271 :
2272 : char *
2273 5 : be_tls_get_certificate_hash(Port *port, size_t *len)
2274 : {
2275 : X509 *server_cert;
2276 : char *cert_hash;
2277 5 : const EVP_MD *algo_type = NULL;
2278 : unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */
2279 : unsigned int hash_size;
2280 : int algo_nid;
2281 :
2282 5 : *len = 0;
2283 5 : server_cert = SSL_get_certificate(port->ssl);
2284 5 : if (server_cert == NULL)
2285 0 : return NULL;
2286 :
2287 : /*
2288 : * Get the signature algorithm of the certificate to determine the hash
2289 : * algorithm to use for the result. Prefer X509_get_signature_info(),
2290 : * introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
2291 : */
2292 : #if HAVE_X509_GET_SIGNATURE_INFO
2293 5 : if (!X509_get_signature_info(server_cert, &algo_nid, NULL, NULL, NULL))
2294 : #else
2295 : if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
2296 : &algo_nid, NULL))
2297 : #endif
2298 0 : elog(ERROR, "could not determine server certificate signature algorithm");
2299 :
2300 : /*
2301 : * The TLS server's certificate bytes need to be hashed with SHA-256 if
2302 : * its signature algorithm is MD5 or SHA-1 as per RFC 5929
2303 : * (https://tools.ietf.org/html/rfc5929#section-4.1). If something else
2304 : * is used, the same hash as the signature algorithm is used.
2305 : */
2306 5 : switch (algo_nid)
2307 : {
2308 0 : case NID_md5:
2309 : case NID_sha1:
2310 0 : algo_type = EVP_sha256();
2311 0 : break;
2312 5 : default:
2313 5 : algo_type = EVP_get_digestbynid(algo_nid);
2314 5 : if (algo_type == NULL)
2315 0 : elog(ERROR, "could not find digest for NID %s",
2316 : OBJ_nid2sn(algo_nid));
2317 5 : break;
2318 : }
2319 :
2320 : /* generate and save the certificate hash */
2321 5 : if (!X509_digest(server_cert, algo_type, hash, &hash_size))
2322 0 : elog(ERROR, "could not generate server certificate hash");
2323 :
2324 5 : cert_hash = palloc(hash_size);
2325 5 : memcpy(cert_hash, hash, hash_size);
2326 5 : *len = hash_size;
2327 :
2328 5 : return cert_hash;
2329 : }
2330 :
2331 : /*
2332 : * Convert an X509 subject name to a cstring.
2333 : *
2334 : */
2335 : static char *
2336 79 : X509_NAME_to_cstring(X509_NAME *name)
2337 : {
2338 79 : BIO *membuf = BIO_new(BIO_s_mem());
2339 : int i,
2340 : nid,
2341 79 : count = X509_NAME_entry_count(name);
2342 : X509_NAME_ENTRY *e;
2343 : ASN1_STRING *v;
2344 : const char *field_name;
2345 : size_t size;
2346 : char nullterm;
2347 : char *sp;
2348 : char *dp;
2349 : char *result;
2350 :
2351 79 : if (membuf == NULL)
2352 0 : ereport(ERROR,
2353 : (errcode(ERRCODE_OUT_OF_MEMORY),
2354 : errmsg("could not create BIO")));
2355 :
2356 79 : (void) BIO_set_close(membuf, BIO_CLOSE);
2357 169 : for (i = 0; i < count; i++)
2358 : {
2359 90 : e = X509_NAME_get_entry(name, i);
2360 90 : nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
2361 90 : if (nid == NID_undef)
2362 0 : ereport(ERROR,
2363 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2364 : errmsg("could not get NID for ASN1_OBJECT object")));
2365 90 : v = X509_NAME_ENTRY_get_data(e);
2366 90 : field_name = OBJ_nid2sn(nid);
2367 90 : if (field_name == NULL)
2368 0 : field_name = OBJ_nid2ln(nid);
2369 90 : if (field_name == NULL)
2370 0 : ereport(ERROR,
2371 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2372 : errmsg("could not convert NID %d to an ASN1_OBJECT structure", nid)));
2373 90 : BIO_printf(membuf, "/%s=", field_name);
2374 90 : ASN1_STRING_print_ex(membuf, v,
2375 : ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
2376 : | ASN1_STRFLGS_UTF8_CONVERT));
2377 : }
2378 :
2379 : /* ensure null termination of the BIO's content */
2380 79 : nullterm = '\0';
2381 79 : BIO_write(membuf, &nullterm, 1);
2382 79 : size = BIO_get_mem_data(membuf, &sp);
2383 79 : dp = pg_any_to_server(sp, size - 1, PG_UTF8);
2384 :
2385 79 : result = pstrdup(dp);
2386 79 : if (dp != sp)
2387 0 : pfree(dp);
2388 79 : if (BIO_free(membuf) != 1)
2389 0 : elog(ERROR, "could not free OpenSSL BIO structure");
2390 :
2391 79 : return result;
2392 : }
2393 :
2394 : /*
2395 : * Convert TLS protocol version GUC enum to OpenSSL values
2396 : *
2397 : * This is a straightforward one-to-one mapping, but doing it this way makes
2398 : * the definitions of ssl_min_protocol_version and ssl_max_protocol_version
2399 : * independent of OpenSSL availability and version.
2400 : *
2401 : * If a version is passed that is not supported by the current OpenSSL
2402 : * version, then we return -1. If a nonnegative value is returned,
2403 : * subsequent code can assume it's working with a supported version.
2404 : *
2405 : * Note: this is rather similar to libpq's routine in fe-secure-openssl.c,
2406 : * so make sure to update both routines if changing this one.
2407 : */
2408 : static int
2409 54 : ssl_protocol_version_to_openssl(int v)
2410 : {
2411 54 : switch (v)
2412 : {
2413 0 : case PG_TLS_ANY:
2414 0 : return 0;
2415 0 : case PG_TLS1_VERSION:
2416 0 : return TLS1_VERSION;
2417 1 : case PG_TLS1_1_VERSION:
2418 : #ifdef TLS1_1_VERSION
2419 1 : return TLS1_1_VERSION;
2420 : #else
2421 : break;
2422 : #endif
2423 53 : case PG_TLS1_2_VERSION:
2424 : #ifdef TLS1_2_VERSION
2425 53 : return TLS1_2_VERSION;
2426 : #else
2427 : break;
2428 : #endif
2429 0 : case PG_TLS1_3_VERSION:
2430 : #ifdef TLS1_3_VERSION
2431 0 : return TLS1_3_VERSION;
2432 : #else
2433 : break;
2434 : #endif
2435 : }
2436 :
2437 0 : return -1;
2438 : }
2439 :
2440 : /*
2441 : * Likewise provide a mapping to strings.
2442 : */
2443 : static const char *
2444 0 : ssl_protocol_version_to_string(int v)
2445 : {
2446 0 : switch (v)
2447 : {
2448 0 : case PG_TLS_ANY:
2449 0 : return "any";
2450 0 : case PG_TLS1_VERSION:
2451 0 : return "TLSv1";
2452 0 : case PG_TLS1_1_VERSION:
2453 0 : return "TLSv1.1";
2454 0 : case PG_TLS1_2_VERSION:
2455 0 : return "TLSv1.2";
2456 0 : case PG_TLS1_3_VERSION:
2457 0 : return "TLSv1.3";
2458 : }
2459 :
2460 0 : return "(unrecognized)";
2461 : }
2462 :
2463 : static uint32
2464 29 : host_cache_pointer(const char *key)
2465 : {
2466 : uint32 hash;
2467 29 : char *lkey = pstrdup(key);
2468 29 : int len = strlen(key);
2469 :
2470 336 : for (int i = 0; i < len; i++)
2471 307 : lkey[i] = pg_tolower(lkey[i]);
2472 :
2473 29 : hash = string_hash((const void *) lkey, len);
2474 29 : pfree(lkey);
2475 29 : return hash;
2476 : }
2477 :
2478 : static void
2479 37 : default_openssl_tls_init(SSL_CTX *context, bool isServerStart)
2480 : {
2481 37 : if (isServerStart)
2482 : {
2483 33 : if (ssl_passphrase_command[0])
2484 : {
2485 7 : SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
2486 7 : SSL_CTX_set_default_passwd_cb_userdata(context, ssl_passphrase_command);
2487 : }
2488 : }
2489 : else
2490 : {
2491 4 : if (ssl_passphrase_command[0] && ssl_passphrase_command_supports_reload)
2492 : {
2493 1 : SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
2494 1 : SSL_CTX_set_default_passwd_cb_userdata(context, ssl_passphrase_command);
2495 : }
2496 : else
2497 :
2498 : /*
2499 : * If reloading and no external command is configured, override
2500 : * OpenSSL's default handling of passphrase-protected files,
2501 : * because we don't want to prompt for a passphrase in an
2502 : * already-running server.
2503 : */
2504 3 : SSL_CTX_set_default_passwd_cb(context, dummy_ssl_passwd_cb);
2505 : }
2506 37 : }
|
