Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * be-secure-openssl.c
4 : * functions for OpenSSL support in the backend.
5 : *
6 : *
7 : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
8 : * Portions Copyright (c) 1994, Regents of the University of California
9 : *
10 : *
11 : * IDENTIFICATION
12 : * src/backend/libpq/be-secure-openssl.c
13 : *
14 : *-------------------------------------------------------------------------
15 : */
16 :
17 : #include "postgres.h"
18 :
19 : #include <sys/stat.h>
20 : #include <signal.h>
21 : #include <fcntl.h>
22 : #include <ctype.h>
23 : #include <sys/socket.h>
24 : #include <unistd.h>
25 : #include <netdb.h>
26 : #include <netinet/in.h>
27 : #include <netinet/tcp.h>
28 : #include <arpa/inet.h>
29 :
30 : #include "common/hashfn.h"
31 : #include "common/string.h"
32 : #include "libpq/libpq.h"
33 : #include "miscadmin.h"
34 : #include "pgstat.h"
35 : #include "storage/fd.h"
36 : #include "storage/latch.h"
37 : #include "utils/guc.h"
38 : #include "utils/memutils.h"
39 : #include "utils/wait_event.h"
40 :
41 : /*
42 : * These SSL-related #includes must come after all system-provided headers.
43 : * This ensures that OpenSSL can take care of conflicts with Windows'
44 : * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly
45 : * include <wincrypt.h>, but some other Windows headers do.)
46 : */
47 : #include "common/openssl.h"
48 : #include <openssl/bn.h>
49 : #include <openssl/conf.h>
50 : #include <openssl/dh.h>
51 : #include <openssl/ec.h>
52 : #include <openssl/x509v3.h>
53 :
54 : /*
55 : * Simplehash for tracking configured hostnames to guard against duplicate
56 : * entries. Each list of hosts is traversed and added to the hash during
57 : * parsing and if a duplicate error is detected an error will be thrown.
58 : */
59 : typedef struct
60 : {
61 : uint32 status;
62 : const char *hostname;
63 : } HostCacheEntry;
64 : static uint32 host_cache_pointer(const char *key);
65 : #define SH_PREFIX host_cache
66 : #define SH_ELEMENT_TYPE HostCacheEntry
67 : #define SH_KEY_TYPE const char *
68 : #define SH_KEY hostname
69 : #define SH_HASH_KEY(tb, key) host_cache_pointer(key)
70 : #define SH_EQUAL(tb, a, b) (pg_strcasecmp(a, b) == 0)
71 : #define SH_SCOPE static inline
72 : #define SH_DECLARE
73 : #define SH_DEFINE
74 : #include "lib/simplehash.h"
75 :
76 : /* default init hook can be overridden by a shared library */
77 : static void default_openssl_tls_init(SSL_CTX *context, bool isServerStart);
78 : openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init;
79 :
80 : static int port_bio_read(BIO *h, char *buf, int size);
81 : static int port_bio_write(BIO *h, const char *buf, int size);
82 : static BIO_METHOD *port_bio_method(void);
83 : static int ssl_set_port_bio(Port *port);
84 :
85 : static DH *load_dh_file(char *filename, bool isServerStart);
86 : static DH *load_dh_buffer(const char *buffer, size_t len);
87 : static int ssl_external_passwd_cb(char *buf, int size, int rwflag, void *userdata);
88 : static int dummy_ssl_passwd_cb(char *buf, int size, int rwflag, void *userdata);
89 : static int verify_cb(int ok, X509_STORE_CTX *ctx);
90 : static void info_cb(const SSL *ssl, int type, int args);
91 : static int alpn_cb(SSL *ssl,
92 : const unsigned char **out,
93 : unsigned char *outlen,
94 : const unsigned char *in,
95 : unsigned int inlen,
96 : void *userdata);
97 : static bool initialize_dh(SSL_CTX *context, bool isServerStart);
98 : static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);
99 : static const char *SSLerrmessageExt(unsigned long ecode, const char *replacement);
100 : static const char *SSLerrmessage(unsigned long ecode);
101 : static bool init_host_context(HostsLine *host, bool isServerStart);
102 : static void host_context_cleanup_cb(void *arg);
103 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
104 : static int sni_clienthello_cb(SSL *ssl, int *al, void *arg);
105 : #endif
106 :
107 : static char *X509_NAME_to_cstring(const X509_NAME *name);
108 :
109 : static SSL_CTX *SSL_context = NULL;
110 : static MemoryContext SSL_hosts_memcxt = NULL;
111 : static struct hosts
112 : {
113 : /*
114 : * List of HostsLine structures containing SSL configurations for
115 : * connections with hostnames defined in the SNI extension.
116 : */
117 : List *sni;
118 :
119 : /* The SSL configuration to use for connections without SNI */
120 : HostsLine *no_sni;
121 :
122 : /*
123 : * The default SSL configuration to use as a fallback in case no hostname
124 : * matches the supplied hostname in the SNI extension.
125 : */
126 : HostsLine *default_host;
127 : } *SSL_hosts;
128 :
129 : static bool dummy_ssl_passwd_cb_called = false;
130 : static bool ssl_is_server_start;
131 :
132 : static int ssl_protocol_version_to_openssl(int v);
133 : static const char *ssl_protocol_version_to_string(int v);
134 :
135 : struct CallbackErr
136 : {
137 : /*
138 : * Storage for passing certificate verification error logging from the
139 : * callback.
140 : */
141 : char *cert_errdetail;
142 : };
143 :
144 : /* ------------------------------------------------------------ */
145 : /* Public interface */
146 : /* ------------------------------------------------------------ */
147 :
148 : int
149 65 : be_tls_init(bool isServerStart)
150 : {
151 65 : List *pg_hosts = NIL;
152 : ListCell *line;
153 : MemoryContext oldcxt;
154 65 : MemoryContext host_memcxt = NULL;
155 : MemoryContextCallback *host_memcxt_cb;
156 65 : char *err_msg = NULL;
157 : HostsFileLoadResult res;
158 : struct hosts *new_hosts;
159 65 : SSL_CTX *context = NULL;
160 65 : int ssl_ver_min = -1;
161 65 : int ssl_ver_max = -1;
162 65 : host_cache_hash *host_cache = NULL;
163 :
164 : /*
165 : * Since we don't know which host we're using until the ClientHello is
166 : * sent, ssl_loaded_verify_locations *always* starts out as false. The
167 : * only place it's set to true is in sni_clienthello_cb().
168 : */
169 65 : ssl_loaded_verify_locations = false;
170 :
171 65 : host_memcxt = AllocSetContextCreate(CurrentMemoryContext,
172 : "hosts file parser context",
173 : ALLOCSET_SMALL_SIZES);
174 65 : oldcxt = MemoryContextSwitchTo(host_memcxt);
175 :
176 : /* Allocate a tentative replacement for SSL_hosts. */
177 65 : new_hosts = palloc0_object(struct hosts);
178 :
179 : /*
180 : * Register a reset callback for the memory context which is responsible
181 : * for freeing OpenSSL managed allocations upon context deletion. The
182 : * callback is allocated here to make sure it gets cleaned up along with
183 : * the memory context it's registered for.
184 : */
185 65 : host_memcxt_cb = palloc0_object(MemoryContextCallback);
186 65 : host_memcxt_cb->func = host_context_cleanup_cb;
187 65 : host_memcxt_cb->arg = new_hosts;
188 65 : MemoryContextRegisterResetCallback(host_memcxt, host_memcxt_cb);
189 :
190 : /*
191 : * If ssl_sni is enabled, attempt to load and parse TLS configuration from
192 : * the pg_hosts.conf file with the set of hosts returned as a list. If
193 : * there are hosts configured they take precedence over the configuration
194 : * in postgresql.conf. Make sure to allocate the parsed rows in their own
195 : * memory context so that we can delete them easily in case parsing fails.
196 : * If ssl_sni is disabled then set the state accordingly to make sure we
197 : * instead parse the config from postgresql.conf.
198 : *
199 : * The reason for not doing everything in this if-else conditional is that
200 : * we want to use the same processing of postgresql.conf for when ssl_sni
201 : * is off as well as when it's on but the hosts file is missing etc. Thus
202 : * we set res to the state and continue with a new conditional instead of
203 : * duplicating logic and risk it diverging over time.
204 : */
205 65 : if (ssl_sni)
206 : {
207 : /*
208 : * The GUC check hook should have already blocked this but to be on
209 : * the safe side we double-check here.
210 : */
211 : #ifndef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
212 : ereport(isServerStart ? FATAL : LOG,
213 : errcode(ERRCODE_CONFIG_FILE_ERROR),
214 : errmsg("ssl_sni is not supported with LibreSSL"));
215 : goto error;
216 : #endif
217 :
218 : /* Attempt to load configuration from pg_hosts.conf */
219 25 : res = load_hosts(&pg_hosts, &err_msg);
220 :
221 : /*
222 : * pg_hosts.conf is not required to contain configuration, but if it
223 : * does we error out in case it fails to load rather than continue to
224 : * try the postgresql.conf configuration to avoid silently falling
225 : * back on an undesired configuration.
226 : */
227 25 : if (res == HOSTSFILE_LOAD_FAILED)
228 : {
229 3 : ereport(isServerStart ? FATAL : LOG,
230 : errcode(ERRCODE_CONFIG_FILE_ERROR),
231 : errmsg("could not load \"%s\": %s", "pg_hosts.conf",
232 : err_msg ? err_msg : "unknown error"));
233 0 : goto error;
234 : }
235 : }
236 : else
237 40 : res = HOSTSFILE_DISABLED;
238 :
239 : /*
240 : * Loading and parsing the hosts file was successful, create configs for
241 : * each host entry and add to the list of hosts to be checked during
242 : * login.
243 : */
244 62 : if (res == HOSTSFILE_LOAD_OK)
245 : {
246 : Assert(ssl_sni);
247 :
248 49 : foreach(line, pg_hosts)
249 : {
250 34 : HostsLine *host = lfirst(line);
251 :
252 34 : if (!init_host_context(host, isServerStart))
253 1 : goto error;
254 :
255 : /*
256 : * The hostname in the config will be set to NULL for the default
257 : * host as well as in configs used for non-SNI connections. Lists
258 : * of hostnames in pg_hosts.conf are not allowed to contain the
259 : * default '*' entry or a '/no_sni/' entry and this is checked
260 : * during parsing. Thus we can inspect the head of the hostnames
261 : * list for these since they will never be anywhere else.
262 : */
263 32 : if (strcmp(linitial(host->hostnames), "*") == 0)
264 : {
265 6 : if (new_hosts->default_host)
266 : {
267 1 : ereport(isServerStart ? FATAL : LOG,
268 : errcode(ERRCODE_CONFIG_FILE_ERROR),
269 : errmsg("multiple default hosts specified"),
270 : errcontext("line %d of configuration file \"%s\"",
271 : host->linenumber, host->sourcefile));
272 0 : goto error;
273 : }
274 :
275 5 : new_hosts->default_host = host;
276 : }
277 26 : else if (strcmp(linitial(host->hostnames), "/no_sni/") == 0)
278 : {
279 3 : if (new_hosts->no_sni)
280 : {
281 1 : ereport(isServerStart ? FATAL : LOG,
282 : errcode(ERRCODE_CONFIG_FILE_ERROR),
283 : errmsg("multiple no_sni hosts specified"),
284 : errcontext("line %d of configuration file \"%s\"",
285 : host->linenumber, host->sourcefile));
286 0 : goto error;
287 : }
288 :
289 2 : new_hosts->no_sni = host;
290 : }
291 : else
292 : {
293 : /* Check the hostnames for duplicates */
294 23 : if (!host_cache)
295 15 : host_cache = host_cache_create(host_memcxt, 32, NULL);
296 :
297 71 : foreach_ptr(char, hostname, host->hostnames)
298 : {
299 : HostCacheEntry *entry;
300 : bool found;
301 :
302 29 : entry = host_cache_insert(host_cache, hostname, &found);
303 29 : if (found)
304 : {
305 2 : ereport(isServerStart ? FATAL : LOG,
306 : errcode(ERRCODE_CONFIG_FILE_ERROR),
307 : errmsg("multiple entries for host \"%s\" specified",
308 : hostname),
309 : errcontext("line %d of configuration file \"%s\"",
310 : host->linenumber, host->sourcefile));
311 0 : goto error;
312 : }
313 : else
314 27 : entry->hostname = pstrdup(hostname);
315 : }
316 :
317 : /*
318 : * At this point we know we have a configuration with a list
319 : * of distinct 1..n hostnames for literal string matching with
320 : * the SNI extension from the user.
321 : */
322 21 : new_hosts->sni = lappend(new_hosts->sni, host);
323 : }
324 : }
325 : }
326 :
327 : /*
328 : * If SNI is disabled, then we load configuration from postgresql.conf. If
329 : * SNI is enabled but the pg_hosts.conf file doesn't exist, or is empty,
330 : * then we also load the config from postgresql.conf.
331 : */
332 41 : else if (res == HOSTSFILE_DISABLED || res == HOSTSFILE_EMPTY || res == HOSTSFILE_MISSING)
333 : {
334 41 : HostsLine *pgconf = palloc0(sizeof(HostsLine));
335 :
336 : #ifdef USE_ASSERT_CHECKING
337 : if (res == HOSTSFILE_DISABLED)
338 : Assert(ssl_sni == false);
339 : #endif
340 :
341 41 : pgconf->ssl_cert = ssl_cert_file;
342 41 : pgconf->ssl_key = ssl_key_file;
343 41 : pgconf->ssl_ca = ssl_ca_file;
344 41 : pgconf->ssl_passphrase_cmd = ssl_passphrase_command;
345 41 : pgconf->ssl_passphrase_reload = ssl_passphrase_command_supports_reload;
346 :
347 41 : if (!init_host_context(pgconf, isServerStart))
348 1 : goto error;
349 :
350 : /*
351 : * If postgresql.conf is used to configure SSL then by definition it
352 : * will be the default context as we don't have per-host config.
353 : */
354 38 : new_hosts->default_host = pgconf;
355 : }
356 :
357 : /*
358 : * Make sure we have at least one configuration loaded to use, without
359 : * that we cannot drive a connection so exit.
360 : */
361 53 : if (new_hosts->sni == NIL && !new_hosts->default_host && !new_hosts->no_sni)
362 : {
363 0 : ereport(isServerStart ? FATAL : LOG,
364 : errcode(ERRCODE_CONFIG_FILE_ERROR),
365 : errmsg("no SSL configurations loaded"),
366 : /*- translator: The two %s contain filenames */
367 : errhint("If ssl_sni is enabled then add configuration to \"%s\", else \"%s\"",
368 : "pg_hosts.conf", "postgresql.conf"));
369 0 : goto error;
370 : }
371 :
372 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
373 :
374 : /*
375 : * Create a new SSL context into which we'll load all the configuration
376 : * settings. If we fail partway through, we can avoid memory leakage by
377 : * freeing this context; we don't install it as active until the end.
378 : *
379 : * We use SSLv23_method() because it can negotiate use of the highest
380 : * mutually supported protocol version, while alternatives like
381 : * TLSv1_2_method() permit only one specific version. Note that we don't
382 : * actually allow SSL v2 or v3, only TLS protocols (see below).
383 : */
384 53 : context = SSL_CTX_new(SSLv23_method());
385 53 : if (!context)
386 : {
387 0 : ereport(isServerStart ? FATAL : LOG,
388 : (errmsg("could not create SSL context: %s",
389 : SSLerrmessage(ERR_get_error()))));
390 0 : goto error;
391 : }
392 : #else
393 :
394 : /*
395 : * If the client hello callback isn't supported we want to use the default
396 : * context as the one to drive the handshake so avoid creating a new one
397 : * and use the already existing default one instead.
398 : */
399 : context = new_hosts->default_host->ssl_ctx;
400 :
401 : /*
402 : * Since we don't allocate a new SSL_CTX here like we do when SNI has been
403 : * enabled we need to bump the reference count on context to avoid double
404 : * free of the context when using the same cleanup logic across the cases.
405 : */
406 : SSL_CTX_up_ref(context);
407 : #endif
408 :
409 : /*
410 : * Disable OpenSSL's moving-write-buffer sanity check, because it causes
411 : * unnecessary failures in nonblocking send cases.
412 : */
413 53 : SSL_CTX_set_mode(context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
414 :
415 53 : if (ssl_min_protocol_version)
416 : {
417 53 : ssl_ver_min = ssl_protocol_version_to_openssl(ssl_min_protocol_version);
418 :
419 53 : if (ssl_ver_min == -1)
420 : {
421 0 : ereport(isServerStart ? FATAL : LOG,
422 : /*- translator: first %s is a GUC option name, second %s is its value */
423 : (errmsg("\"%s\" setting \"%s\" not supported by this build",
424 : "ssl_min_protocol_version",
425 : GetConfigOption("ssl_min_protocol_version",
426 : false, false))));
427 0 : goto error;
428 : }
429 :
430 53 : if (!SSL_CTX_set_min_proto_version(context, ssl_ver_min))
431 : {
432 0 : ereport(isServerStart ? FATAL : LOG,
433 : (errmsg("could not set minimum SSL protocol version")));
434 0 : goto error;
435 : }
436 : }
437 :
438 53 : if (ssl_max_protocol_version)
439 : {
440 1 : ssl_ver_max = ssl_protocol_version_to_openssl(ssl_max_protocol_version);
441 :
442 1 : if (ssl_ver_max == -1)
443 : {
444 0 : ereport(isServerStart ? FATAL : LOG,
445 : /*- translator: first %s is a GUC option name, second %s is its value */
446 : (errmsg("\"%s\" setting \"%s\" not supported by this build",
447 : "ssl_max_protocol_version",
448 : GetConfigOption("ssl_max_protocol_version",
449 : false, false))));
450 0 : goto error;
451 : }
452 :
453 1 : if (!SSL_CTX_set_max_proto_version(context, ssl_ver_max))
454 : {
455 0 : ereport(isServerStart ? FATAL : LOG,
456 : (errmsg("could not set maximum SSL protocol version")));
457 0 : goto error;
458 : }
459 : }
460 :
461 : /* Check compatibility of min/max protocols */
462 53 : if (ssl_min_protocol_version &&
463 : ssl_max_protocol_version)
464 : {
465 : /*
466 : * No need to check for invalid values (-1) for each protocol number
467 : * as the code above would have already generated an error.
468 : */
469 1 : if (ssl_ver_min > ssl_ver_max)
470 : {
471 1 : ereport(isServerStart ? FATAL : LOG,
472 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
473 : errmsg("could not set SSL protocol version range"),
474 : errdetail("\"%s\" cannot be higher than \"%s\"",
475 : "ssl_min_protocol_version",
476 : "ssl_max_protocol_version")));
477 0 : goto error;
478 : }
479 : }
480 :
481 : /*
482 : * Disallow SSL session tickets. OpenSSL use both stateful and stateless
483 : * tickets for TLSv1.3, and stateless ticket for TLSv1.2. SSL_OP_NO_TICKET
484 : * is available since 0.9.8f but only turns off stateless tickets. In
485 : * order to turn off stateful tickets we need SSL_CTX_set_num_tickets,
486 : * which is available since OpenSSL 1.1.1. LibreSSL 3.5.4 (from OpenBSD
487 : * 7.1) introduced this API for compatibility, but doesn't support session
488 : * tickets at all so it's a no-op there.
489 : */
490 : #ifdef HAVE_SSL_CTX_SET_NUM_TICKETS
491 52 : SSL_CTX_set_num_tickets(context, 0);
492 : #endif
493 52 : SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
494 :
495 : /* disallow SSL session caching, too */
496 52 : SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
497 :
498 : /* disallow SSL compression */
499 52 : SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
500 :
501 : /*
502 : * Disallow SSL renegotiation. This concerns only TLSv1.2 and older
503 : * protocol versions, as TLSv1.3 has no support for renegotiation.
504 : * SSL_OP_NO_RENEGOTIATION is available in OpenSSL since 1.1.0h (via a
505 : * backport from 1.1.1). SSL_OP_NO_CLIENT_RENEGOTIATION is available in
506 : * LibreSSL since 2.5.1 disallowing all client-initiated renegotiation
507 : * (this is usually on by default).
508 : */
509 : #ifdef SSL_OP_NO_RENEGOTIATION
510 52 : SSL_CTX_set_options(context, SSL_OP_NO_RENEGOTIATION);
511 : #endif
512 : #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
513 : SSL_CTX_set_options(context, SSL_OP_NO_CLIENT_RENEGOTIATION);
514 : #endif
515 :
516 : /* set up ephemeral DH and ECDH keys */
517 52 : if (!initialize_dh(context, isServerStart))
518 0 : goto error;
519 52 : if (!initialize_ecdh(context, isServerStart))
520 0 : goto error;
521 :
522 : /* set up the allowed cipher list for TLSv1.2 and below */
523 50 : if (SSL_CTX_set_cipher_list(context, SSLCipherList) != 1)
524 : {
525 0 : ereport(isServerStart ? FATAL : LOG,
526 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
527 : errmsg("could not set the TLSv1.2 cipher list (no valid ciphers available)")));
528 0 : goto error;
529 : }
530 :
531 : /*
532 : * Set up the allowed cipher suites for TLSv1.3. If the GUC is an empty
533 : * string we leave the allowed suites to be the OpenSSL default value.
534 : */
535 50 : if (SSLCipherSuites[0])
536 : {
537 : /* set up the allowed cipher suites */
538 43 : if (SSL_CTX_set_ciphersuites(context, SSLCipherSuites) != 1)
539 : {
540 0 : ereport(isServerStart ? FATAL : LOG,
541 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
542 : errmsg("could not set the TLSv1.3 cipher suites (no valid ciphers available)")));
543 0 : goto error;
544 : }
545 : }
546 :
547 : /* Let server choose order */
548 50 : if (SSLPreferServerCiphers)
549 50 : SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
550 :
551 : /*
552 : * Success! Replace any existing SSL_context and host configurations.
553 : */
554 50 : if (SSL_context)
555 : {
556 11 : SSL_CTX_free(SSL_context);
557 11 : SSL_context = NULL;
558 : }
559 :
560 50 : MemoryContextSwitchTo(oldcxt);
561 :
562 50 : if (SSL_hosts_memcxt)
563 11 : MemoryContextDelete(SSL_hosts_memcxt);
564 :
565 50 : SSL_hosts_memcxt = host_memcxt;
566 50 : SSL_hosts = new_hosts;
567 50 : SSL_context = context;
568 :
569 50 : return 0;
570 :
571 : /*
572 : * Clean up by releasing working SSL contexts as well as allocations
573 : * performed during parsing. Since all our allocations are done in a
574 : * local memory context all we need to do is delete it.
575 : */
576 2 : error:
577 2 : if (context)
578 0 : SSL_CTX_free(context);
579 :
580 2 : MemoryContextSwitchTo(oldcxt);
581 2 : MemoryContextDelete(host_memcxt);
582 2 : return -1;
583 : }
584 :
585 : /*
586 : * host_context_cleanup_cb
587 : *
588 : * Memory context reset callback for clearing OpenSSL managed resources when
589 : * hosts are reloaded and the previous set of configured hosts are freed. As
590 : * all hosts are allocated in a single context we don't need to free each host
591 : * individually, just resources managed by OpenSSL.
592 : */
593 : static void
594 408 : host_context_cleanup_cb(void *arg)
595 : {
596 408 : struct hosts *hosts = arg;
597 :
598 927 : foreach_ptr(HostsLine, host, hosts->sni)
599 : {
600 111 : if (host->ssl_ctx != NULL)
601 111 : SSL_CTX_free(host->ssl_ctx);
602 : }
603 :
604 408 : if (hosts->no_sni && hosts->no_sni->ssl_ctx)
605 9 : SSL_CTX_free(hosts->no_sni->ssl_ctx);
606 :
607 408 : if (hosts->default_host && hosts->default_host->ssl_ctx)
608 349 : SSL_CTX_free(hosts->default_host->ssl_ctx);
609 408 : }
610 :
611 : static bool
612 75 : init_host_context(HostsLine *host, bool isServerStart)
613 : {
614 75 : SSL_CTX *ctx = SSL_CTX_new(SSLv23_method());
615 : static bool init_warned = false;
616 :
617 75 : if (!ctx)
618 : {
619 0 : ereport(isServerStart ? FATAL : LOG,
620 : (errmsg("could not create SSL context: %s",
621 : SSLerrmessage(ERR_get_error()))));
622 0 : goto error;
623 : }
624 :
625 : /*
626 : * Call init hook (usually to set password callback) in case SNI hasn't
627 : * been enabled. If SNI is enabled the hook won't operate on the actual
628 : * TLS context used so it cannot function properly; we warn if one has
629 : * been installed.
630 : *
631 : * If SNI is enabled, we set password callback based what was configured.
632 : */
633 75 : if (!ssl_sni)
634 40 : (*openssl_tls_init_hook) (ctx, isServerStart);
635 : else
636 : {
637 35 : if (openssl_tls_init_hook != default_openssl_tls_init && !init_warned)
638 : {
639 1 : ereport(WARNING,
640 : errcode(ERRCODE_CONFIG_FILE_ERROR),
641 : errmsg("SNI is enabled; installed TLS init hook will be ignored"),
642 : /*- translator: first %s is a GUC, second %s contains a filename */
643 : errhint("TLS init hooks are incompatible with SNI. "
644 : "Set \"%s\" to \"off\" to make use of the hook "
645 : "that is currently installed, or remove the hook "
646 : "and use per-host passphrase commands in \"%s\".",
647 : "ssl_sni", "pg_hosts.conf"));
648 1 : init_warned = true;
649 : }
650 :
651 : /*
652 : * Set up the password callback, if configured.
653 : */
654 35 : if (isServerStart)
655 : {
656 24 : if (host->ssl_passphrase_cmd && host->ssl_passphrase_cmd[0])
657 : {
658 5 : SSL_CTX_set_default_passwd_cb(ctx, ssl_external_passwd_cb);
659 5 : SSL_CTX_set_default_passwd_cb_userdata(ctx, host->ssl_passphrase_cmd);
660 : }
661 : }
662 : else
663 : {
664 : /*
665 : * If ssl_passphrase_reload is true then ssl_passphrase_cmd cannot
666 : * be NULL due to their parsing order, but just in case and to
667 : * self-document the code we replicate the nullness checks.
668 : */
669 11 : if (host->ssl_passphrase_reload &&
670 4 : (host->ssl_passphrase_cmd && host->ssl_passphrase_cmd[0]))
671 : {
672 4 : SSL_CTX_set_default_passwd_cb(ctx, ssl_external_passwd_cb);
673 4 : SSL_CTX_set_default_passwd_cb_userdata(ctx, host->ssl_passphrase_cmd);
674 : }
675 : else
676 : {
677 : /*
678 : * If reloading and no external command is configured,
679 : * override OpenSSL's default handling of passphrase-protected
680 : * files, because we don't want to prompt for a passphrase in
681 : * an already-running server.
682 : */
683 7 : SSL_CTX_set_default_passwd_cb(ctx, dummy_ssl_passwd_cb);
684 : }
685 : }
686 : }
687 :
688 : /*
689 : * Load and verify server's certificate and private key
690 : */
691 75 : if (SSL_CTX_use_certificate_chain_file(ctx, host->ssl_cert) != 1)
692 : {
693 0 : ereport(isServerStart ? FATAL : LOG,
694 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
695 : errmsg("could not load server certificate file \"%s\": %s",
696 : host->ssl_cert, SSLerrmessage(ERR_get_error()))));
697 0 : goto error;
698 : }
699 :
700 75 : if (!check_ssl_key_file_permissions(host->ssl_key, isServerStart))
701 0 : goto error;
702 :
703 :
704 : /* used by the callback */
705 75 : ssl_is_server_start = isServerStart;
706 :
707 : /*
708 : * OK, try to load the private key file.
709 : */
710 75 : dummy_ssl_passwd_cb_called = false;
711 :
712 75 : if (SSL_CTX_use_PrivateKey_file(ctx,
713 75 : host->ssl_key,
714 : SSL_FILETYPE_PEM) != 1)
715 : {
716 5 : if (dummy_ssl_passwd_cb_called)
717 2 : ereport(isServerStart ? FATAL : LOG,
718 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
719 : errmsg("private key file \"%s\" cannot be reloaded because it requires a passphrase",
720 : host->ssl_key)));
721 : else
722 3 : ereport(isServerStart ? FATAL : LOG,
723 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
724 : errmsg("could not load private key file \"%s\": %s",
725 : host->ssl_key, SSLerrmessage(ERR_get_error()))));
726 2 : goto error;
727 : }
728 :
729 70 : if (SSL_CTX_check_private_key(ctx) != 1)
730 : {
731 0 : ereport(isServerStart ? FATAL : LOG,
732 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
733 : errmsg("check of private key failed: %s",
734 : SSLerrmessage(ERR_get_error()))));
735 0 : goto error;
736 : }
737 :
738 : /*
739 : * Load CA store, so we can verify client certificates if needed.
740 : */
741 70 : if (host->ssl_ca && host->ssl_ca[0])
742 : {
743 : STACK_OF(X509_NAME) * root_cert_list;
744 :
745 94 : if (SSL_CTX_load_verify_locations(ctx, host->ssl_ca, NULL) != 1 ||
746 47 : (root_cert_list = SSL_load_client_CA_file(host->ssl_ca)) == NULL)
747 : {
748 0 : ereport(isServerStart ? FATAL : LOG,
749 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
750 : errmsg("could not load root certificate file \"%s\": %s",
751 : host->ssl_ca, SSLerrmessage(ERR_get_error()))));
752 0 : goto error;
753 : }
754 :
755 : /*
756 : * Tell OpenSSL to send the list of root certs we trust to clients in
757 : * CertificateRequests. This lets a client with a keystore select the
758 : * appropriate client certificate to send to us. Also, this ensures
759 : * that the SSL context will "own" the root_cert_list and remember to
760 : * free it when no longer needed.
761 : */
762 47 : SSL_CTX_set_client_CA_list(ctx, root_cert_list);
763 : }
764 :
765 : /*----------
766 : * Load the Certificate Revocation List (CRL).
767 : * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
768 : *----------
769 : */
770 70 : if (ssl_crl_file[0] || ssl_crl_dir[0])
771 : {
772 62 : X509_STORE *cvstore = SSL_CTX_get_cert_store(ctx);
773 :
774 62 : if (cvstore)
775 : {
776 : /* Set the flags to check against the complete CRL chain */
777 124 : if (X509_STORE_load_locations(cvstore,
778 62 : ssl_crl_file[0] ? ssl_crl_file : NULL,
779 62 : ssl_crl_dir[0] ? ssl_crl_dir : NULL)
780 : == 1)
781 : {
782 62 : X509_STORE_set_flags(cvstore,
783 : X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
784 : }
785 0 : else if (ssl_crl_dir[0] == 0)
786 : {
787 0 : ereport(isServerStart ? FATAL : LOG,
788 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
789 : errmsg("could not load SSL certificate revocation list file \"%s\": %s",
790 : ssl_crl_file, SSLerrmessage(ERR_get_error()))));
791 0 : goto error;
792 : }
793 0 : else if (ssl_crl_file[0] == 0)
794 : {
795 0 : ereport(isServerStart ? FATAL : LOG,
796 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
797 : errmsg("could not load SSL certificate revocation list directory \"%s\": %s",
798 : ssl_crl_dir, SSLerrmessage(ERR_get_error()))));
799 0 : goto error;
800 : }
801 : else
802 : {
803 0 : ereport(isServerStart ? FATAL : LOG,
804 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
805 : errmsg("could not load SSL certificate revocation list file \"%s\" or directory \"%s\": %s",
806 : ssl_crl_file, ssl_crl_dir,
807 : SSLerrmessage(ERR_get_error()))));
808 0 : goto error;
809 : }
810 : }
811 : }
812 :
813 70 : host->ssl_ctx = ctx;
814 70 : return true;
815 :
816 2 : error:
817 2 : if (ctx)
818 2 : SSL_CTX_free(ctx);
819 2 : return false;
820 : }
821 :
822 : void
823 151 : be_tls_destroy(void)
824 : {
825 151 : if (SSL_context)
826 1 : SSL_CTX_free(SSL_context);
827 151 : SSL_context = NULL;
828 151 : ssl_loaded_verify_locations = false;
829 151 : }
830 :
831 : int
832 170 : be_tls_open_server(Port *port)
833 : {
834 : int r;
835 : int err;
836 : int waitfor;
837 : unsigned long ecode;
838 : bool give_proto_hint;
839 : static struct CallbackErr err_context;
840 :
841 : Assert(!port->ssl);
842 : Assert(!port->peer);
843 :
844 170 : if (!SSL_context)
845 : {
846 0 : ereport(COMMERROR,
847 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
848 : errmsg("could not initialize SSL connection: SSL context not set up")));
849 0 : return -1;
850 : }
851 :
852 : /* set up debugging/info callback */
853 170 : SSL_CTX_set_info_callback(SSL_context, info_cb);
854 :
855 : /* enable ALPN */
856 170 : SSL_CTX_set_alpn_select_cb(SSL_context, alpn_cb, port);
857 :
858 170 : if (!(port->ssl = SSL_new(SSL_context)))
859 : {
860 0 : ereport(COMMERROR,
861 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
862 : errmsg("could not initialize SSL connection: %s",
863 : SSLerrmessage(ERR_get_error()))));
864 0 : return -1;
865 : }
866 170 : if (!ssl_set_port_bio(port))
867 : {
868 0 : ereport(COMMERROR,
869 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
870 : errmsg("could not set SSL socket: %s",
871 : SSLerrmessage(ERR_get_error()))));
872 0 : return -1;
873 : }
874 :
875 : /*
876 : * If the underlying TLS library supports the client hello callback we use
877 : * that in order to support host based configuration using the SNI TLS
878 : * extension. If the user has disabled SNI via the ssl_sni GUC we still
879 : * make use of the callback in order to have consistent handling of
880 : * OpenSSL contexts, except in that case the callback will install the
881 : * default configuration regardless of the hostname sent by the user in
882 : * the handshake.
883 : *
884 : * In case the TLS library does not support the client hello callback, as
885 : * of this writing LibreSSL does not, we need to install the client cert
886 : * verification callback here (if the user configured a CA) since we
887 : * cannot use the OpenSSL context update functionality.
888 : */
889 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
890 170 : SSL_CTX_set_client_hello_cb(SSL_context, sni_clienthello_cb, NULL);
891 : #else
892 : if (SSL_hosts->default_host->ssl_ca && SSL_hosts->default_host->ssl_ca[0])
893 : {
894 : /*
895 : * Always ask for SSL client cert, but don't fail if it's not
896 : * presented. We might fail such connections later, depending on what
897 : * we find in pg_hba.conf.
898 : */
899 : SSL_set_verify(port->ssl,
900 : (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
901 : verify_cb);
902 :
903 : ssl_loaded_verify_locations = true;
904 : }
905 : #endif
906 :
907 170 : err_context.cert_errdetail = NULL;
908 170 : SSL_set_ex_data(port->ssl, 0, &err_context);
909 :
910 170 : port->ssl_in_use = true;
911 :
912 619 : aloop:
913 :
914 : /*
915 : * Prepare to call SSL_get_error() by clearing thread's OpenSSL error
916 : * queue. In general, the current thread's error queue must be empty
917 : * before the TLS/SSL I/O operation is attempted, or SSL_get_error() will
918 : * not work reliably. An extension may have failed to clear the
919 : * per-thread error queue following another call to an OpenSSL I/O
920 : * routine.
921 : */
922 619 : errno = 0;
923 619 : ERR_clear_error();
924 619 : r = SSL_accept(port->ssl);
925 619 : if (r <= 0)
926 : {
927 481 : err = SSL_get_error(port->ssl, r);
928 :
929 : /*
930 : * Other clients of OpenSSL in the backend may fail to call
931 : * ERR_get_error(), but we always do, so as to not cause problems for
932 : * OpenSSL clients that don't call ERR_clear_error() defensively. Be
933 : * sure that this happens by calling now. SSL_get_error() relies on
934 : * the OpenSSL per-thread error queue being intact, so this is the
935 : * earliest possible point ERR_get_error() may be called.
936 : */
937 481 : ecode = ERR_get_error();
938 481 : switch (err)
939 : {
940 449 : case SSL_ERROR_WANT_READ:
941 : case SSL_ERROR_WANT_WRITE:
942 : /* not allowed during connection establishment */
943 : Assert(!port->noblock);
944 :
945 : /*
946 : * No need to care about timeouts/interrupts here. At this
947 : * point authentication_timeout still employs
948 : * StartupPacketTimeoutHandler() which directly exits.
949 : */
950 449 : if (err == SSL_ERROR_WANT_READ)
951 449 : waitfor = WL_SOCKET_READABLE | WL_EXIT_ON_PM_DEATH;
952 : else
953 0 : waitfor = WL_SOCKET_WRITEABLE | WL_EXIT_ON_PM_DEATH;
954 :
955 449 : (void) WaitLatchOrSocket(NULL, waitfor, port->sock, 0,
956 : WAIT_EVENT_SSL_OPEN_SERVER);
957 449 : goto aloop;
958 0 : case SSL_ERROR_SYSCALL:
959 0 : if (r < 0 && errno != 0)
960 0 : ereport(COMMERROR,
961 : (errcode_for_socket_access(),
962 : errmsg("could not accept SSL connection: %m")));
963 : else
964 0 : ereport(COMMERROR,
965 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
966 : errmsg("could not accept SSL connection: EOF detected")));
967 0 : break;
968 32 : case SSL_ERROR_SSL:
969 32 : switch (ERR_GET_REASON(ecode))
970 : {
971 : /*
972 : * UNSUPPORTED_PROTOCOL, WRONG_VERSION_NUMBER, and
973 : * TLSV1_ALERT_PROTOCOL_VERSION have been observed
974 : * when trying to communicate with an old OpenSSL
975 : * library, or when the client and server specify
976 : * disjoint protocol ranges. NO_PROTOCOLS_AVAILABLE
977 : * occurs if there's a local misconfiguration (which
978 : * can happen despite our checks, if openssl.cnf
979 : * injects a limit we didn't account for). It's not
980 : * very clear what would make OpenSSL return the other
981 : * codes listed here, but a hint about protocol
982 : * versions seems like it's appropriate for all.
983 : */
984 0 : case SSL_R_NO_PROTOCOLS_AVAILABLE:
985 : case SSL_R_UNSUPPORTED_PROTOCOL:
986 : case SSL_R_BAD_PROTOCOL_VERSION_NUMBER:
987 : case SSL_R_UNKNOWN_PROTOCOL:
988 : case SSL_R_UNKNOWN_SSL_VERSION:
989 : case SSL_R_UNSUPPORTED_SSL_VERSION:
990 : case SSL_R_WRONG_SSL_VERSION:
991 : case SSL_R_WRONG_VERSION_NUMBER:
992 : case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
993 : #ifdef SSL_R_VERSION_TOO_HIGH
994 : case SSL_R_VERSION_TOO_HIGH:
995 : #endif
996 : #ifdef SSL_R_VERSION_TOO_LOW
997 : case SSL_R_VERSION_TOO_LOW:
998 : #endif
999 0 : give_proto_hint = true;
1000 0 : break;
1001 32 : default:
1002 32 : give_proto_hint = false;
1003 32 : break;
1004 : }
1005 32 : ereport(COMMERROR,
1006 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1007 : errmsg("could not accept SSL connection: %s",
1008 : SSLerrmessage(ecode)),
1009 : err_context.cert_errdetail ? errdetail_internal("%s", err_context.cert_errdetail) : 0,
1010 : give_proto_hint ?
1011 : errhint("This may indicate that the client does not support any SSL protocol version between %s and %s.",
1012 : ssl_min_protocol_version ?
1013 : ssl_protocol_version_to_string(ssl_min_protocol_version) :
1014 : MIN_OPENSSL_TLS_VERSION,
1015 : ssl_max_protocol_version ?
1016 : ssl_protocol_version_to_string(ssl_max_protocol_version) :
1017 : MAX_OPENSSL_TLS_VERSION) : 0));
1018 32 : if (err_context.cert_errdetail)
1019 9 : pfree(err_context.cert_errdetail);
1020 32 : break;
1021 0 : case SSL_ERROR_ZERO_RETURN:
1022 0 : ereport(COMMERROR,
1023 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1024 : errmsg("could not accept SSL connection: EOF detected")));
1025 0 : break;
1026 0 : default:
1027 0 : ereport(COMMERROR,
1028 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1029 : errmsg("unrecognized SSL error code: %d",
1030 : err)));
1031 0 : break;
1032 : }
1033 32 : return -1;
1034 : }
1035 :
1036 : /* Get the protocol selected by ALPN */
1037 138 : port->alpn_used = false;
1038 : {
1039 : const unsigned char *selected;
1040 : unsigned int len;
1041 :
1042 138 : SSL_get0_alpn_selected(port->ssl, &selected, &len);
1043 :
1044 : /* If ALPN is used, check that we negotiated the expected protocol */
1045 138 : if (selected != NULL)
1046 : {
1047 138 : if (len == strlen(PG_ALPN_PROTOCOL) &&
1048 138 : memcmp(selected, PG_ALPN_PROTOCOL, strlen(PG_ALPN_PROTOCOL)) == 0)
1049 : {
1050 138 : port->alpn_used = true;
1051 : }
1052 : else
1053 : {
1054 : /* shouldn't happen */
1055 0 : ereport(COMMERROR,
1056 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1057 : errmsg("received SSL connection request with unexpected ALPN protocol")));
1058 : }
1059 : }
1060 : }
1061 :
1062 : /* Get client certificate, if available. */
1063 138 : port->peer = SSL_get_peer_certificate(port->ssl);
1064 :
1065 : /* and extract the Common Name and Distinguished Name from it. */
1066 138 : port->peer_cn = NULL;
1067 138 : port->peer_dn = NULL;
1068 138 : port->peer_cert_valid = false;
1069 138 : if (port->peer != NULL)
1070 : {
1071 : int len;
1072 32 : const X509_NAME *x509name = X509_get_subject_name(port->peer);
1073 : char *peer_dn;
1074 32 : BIO *bio = NULL;
1075 32 : BUF_MEM *bio_buf = NULL;
1076 :
1077 32 : len = X509_NAME_get_text_by_NID(unconstify(X509_NAME *, x509name), NID_commonName, NULL, 0);
1078 32 : if (len != -1)
1079 : {
1080 : char *peer_cn;
1081 :
1082 32 : peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1);
1083 32 : r = X509_NAME_get_text_by_NID(unconstify(X509_NAME *, x509name), NID_commonName, peer_cn,
1084 : len + 1);
1085 32 : peer_cn[len] = '\0';
1086 32 : if (r != len)
1087 : {
1088 : /* shouldn't happen */
1089 0 : pfree(peer_cn);
1090 0 : return -1;
1091 : }
1092 :
1093 : /*
1094 : * Reject embedded NULLs in certificate common name to prevent
1095 : * attacks like CVE-2009-4034.
1096 : */
1097 32 : if (len != strlen(peer_cn))
1098 : {
1099 0 : ereport(COMMERROR,
1100 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1101 : errmsg("SSL certificate's common name contains embedded null")));
1102 0 : pfree(peer_cn);
1103 0 : return -1;
1104 : }
1105 :
1106 32 : port->peer_cn = peer_cn;
1107 : }
1108 :
1109 32 : bio = BIO_new(BIO_s_mem());
1110 32 : if (!bio)
1111 : {
1112 0 : if (port->peer_cn != NULL)
1113 : {
1114 0 : pfree(port->peer_cn);
1115 0 : port->peer_cn = NULL;
1116 : }
1117 0 : return -1;
1118 : }
1119 :
1120 : /*
1121 : * RFC2253 is the closest thing to an accepted standard format for
1122 : * DNs. We have documented how to produce this format from a
1123 : * certificate. It uses commas instead of slashes for delimiters,
1124 : * which make regular expression matching a bit easier. Also note that
1125 : * it prints the Subject fields in reverse order.
1126 : */
1127 64 : if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1 ||
1128 32 : BIO_get_mem_ptr(bio, &bio_buf) <= 0)
1129 : {
1130 0 : BIO_free(bio);
1131 0 : if (port->peer_cn != NULL)
1132 : {
1133 0 : pfree(port->peer_cn);
1134 0 : port->peer_cn = NULL;
1135 : }
1136 0 : return -1;
1137 : }
1138 32 : peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
1139 32 : memcpy(peer_dn, bio_buf->data, bio_buf->length);
1140 32 : len = bio_buf->length;
1141 32 : BIO_free(bio);
1142 32 : peer_dn[len] = '\0';
1143 32 : if (len != strlen(peer_dn))
1144 : {
1145 0 : ereport(COMMERROR,
1146 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1147 : errmsg("SSL certificate's distinguished name contains embedded null")));
1148 0 : pfree(peer_dn);
1149 0 : if (port->peer_cn != NULL)
1150 : {
1151 0 : pfree(port->peer_cn);
1152 0 : port->peer_cn = NULL;
1153 : }
1154 0 : return -1;
1155 : }
1156 :
1157 32 : port->peer_dn = peer_dn;
1158 :
1159 32 : port->peer_cert_valid = true;
1160 : }
1161 :
1162 138 : return 0;
1163 : }
1164 :
1165 : void
1166 170 : be_tls_close(Port *port)
1167 : {
1168 170 : if (port->ssl)
1169 : {
1170 170 : SSL_shutdown(port->ssl);
1171 170 : SSL_free(port->ssl);
1172 170 : port->ssl = NULL;
1173 170 : port->ssl_in_use = false;
1174 : }
1175 :
1176 170 : if (port->peer)
1177 : {
1178 32 : X509_free(port->peer);
1179 32 : port->peer = NULL;
1180 : }
1181 :
1182 170 : if (port->peer_cn)
1183 : {
1184 32 : pfree(port->peer_cn);
1185 32 : port->peer_cn = NULL;
1186 : }
1187 :
1188 170 : if (port->peer_dn)
1189 : {
1190 32 : pfree(port->peer_dn);
1191 32 : port->peer_dn = NULL;
1192 : }
1193 170 : }
1194 :
1195 : ssize_t
1196 753 : be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
1197 : {
1198 : ssize_t n;
1199 : int err;
1200 : unsigned long ecode;
1201 :
1202 753 : errno = 0;
1203 753 : ERR_clear_error();
1204 753 : n = SSL_read(port->ssl, ptr, len);
1205 753 : err = SSL_get_error(port->ssl, n);
1206 753 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
1207 753 : switch (err)
1208 : {
1209 353 : case SSL_ERROR_NONE:
1210 : /* a-ok */
1211 353 : break;
1212 383 : case SSL_ERROR_WANT_READ:
1213 383 : *waitfor = WL_SOCKET_READABLE;
1214 383 : errno = EWOULDBLOCK;
1215 383 : n = -1;
1216 383 : break;
1217 0 : case SSL_ERROR_WANT_WRITE:
1218 0 : *waitfor = WL_SOCKET_WRITEABLE;
1219 0 : errno = EWOULDBLOCK;
1220 0 : n = -1;
1221 0 : break;
1222 0 : case SSL_ERROR_SYSCALL:
1223 : /* leave it to caller to ereport the value of errno */
1224 0 : if (n != -1 || errno == 0)
1225 : {
1226 0 : errno = ECONNRESET;
1227 0 : n = -1;
1228 : }
1229 0 : break;
1230 0 : case SSL_ERROR_SSL:
1231 0 : ereport(COMMERROR,
1232 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1233 : errmsg("SSL error: %s", SSLerrmessage(ecode))));
1234 0 : errno = ECONNRESET;
1235 0 : n = -1;
1236 0 : break;
1237 17 : case SSL_ERROR_ZERO_RETURN:
1238 : /* connection was cleanly shut down by peer */
1239 17 : n = 0;
1240 17 : break;
1241 0 : default:
1242 0 : ereport(COMMERROR,
1243 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1244 : errmsg("unrecognized SSL error code: %d",
1245 : err)));
1246 0 : errno = ECONNRESET;
1247 0 : n = -1;
1248 0 : break;
1249 : }
1250 :
1251 753 : return n;
1252 : }
1253 :
1254 : ssize_t
1255 246 : be_tls_write(Port *port, const void *ptr, size_t len, int *waitfor)
1256 : {
1257 : ssize_t n;
1258 : int err;
1259 : unsigned long ecode;
1260 :
1261 246 : errno = 0;
1262 246 : ERR_clear_error();
1263 246 : n = SSL_write(port->ssl, ptr, len);
1264 246 : err = SSL_get_error(port->ssl, n);
1265 246 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
1266 246 : switch (err)
1267 : {
1268 246 : case SSL_ERROR_NONE:
1269 : /* a-ok */
1270 246 : break;
1271 0 : case SSL_ERROR_WANT_READ:
1272 0 : *waitfor = WL_SOCKET_READABLE;
1273 0 : errno = EWOULDBLOCK;
1274 0 : n = -1;
1275 0 : break;
1276 0 : case SSL_ERROR_WANT_WRITE:
1277 0 : *waitfor = WL_SOCKET_WRITEABLE;
1278 0 : errno = EWOULDBLOCK;
1279 0 : n = -1;
1280 0 : break;
1281 0 : case SSL_ERROR_SYSCALL:
1282 :
1283 : /*
1284 : * Leave it to caller to ereport the value of errno. However, if
1285 : * errno is still zero then assume it's a read EOF situation, and
1286 : * report ECONNRESET. (This seems possible because SSL_write can
1287 : * also do reads.)
1288 : */
1289 0 : if (n != -1 || errno == 0)
1290 : {
1291 0 : errno = ECONNRESET;
1292 0 : n = -1;
1293 : }
1294 0 : break;
1295 0 : case SSL_ERROR_SSL:
1296 0 : ereport(COMMERROR,
1297 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1298 : errmsg("SSL error: %s", SSLerrmessage(ecode))));
1299 0 : errno = ECONNRESET;
1300 0 : n = -1;
1301 0 : break;
1302 0 : case SSL_ERROR_ZERO_RETURN:
1303 :
1304 : /*
1305 : * the SSL connection was closed, leave it to the caller to
1306 : * ereport it
1307 : */
1308 0 : errno = ECONNRESET;
1309 0 : n = -1;
1310 0 : break;
1311 0 : default:
1312 0 : ereport(COMMERROR,
1313 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1314 : errmsg("unrecognized SSL error code: %d",
1315 : err)));
1316 0 : errno = ECONNRESET;
1317 0 : n = -1;
1318 0 : break;
1319 : }
1320 :
1321 246 : return n;
1322 : }
1323 :
1324 : /* ------------------------------------------------------------ */
1325 : /* Internal functions */
1326 : /* ------------------------------------------------------------ */
1327 :
1328 : /*
1329 : * Private substitute BIO: this does the sending and receiving using send() and
1330 : * recv() instead. This is so that we can enable and disable interrupts
1331 : * just while calling recv(). We cannot have interrupts occurring while
1332 : * the bulk of OpenSSL runs, because it uses malloc() and possibly other
1333 : * non-reentrant libc facilities. We also need to call send() and recv()
1334 : * directly so it gets passed through the socket/signals layer on Win32.
1335 : *
1336 : * These functions are closely modelled on the standard socket BIO in OpenSSL;
1337 : * see sock_read() and sock_write() in OpenSSL's crypto/bio/bss_sock.c.
1338 : */
1339 :
1340 : static BIO_METHOD *port_bio_method_ptr = NULL;
1341 :
1342 : static int
1343 3151 : port_bio_read(BIO *h, char *buf, int size)
1344 : {
1345 3151 : int res = 0;
1346 3151 : Port *port = (Port *) BIO_get_data(h);
1347 :
1348 3151 : if (buf != NULL)
1349 : {
1350 3151 : res = secure_raw_read(port, buf, size);
1351 3151 : BIO_clear_retry_flags(h);
1352 3151 : port->last_read_was_eof = res == 0;
1353 3151 : if (res <= 0)
1354 : {
1355 : /* If we were interrupted, tell caller to retry */
1356 837 : if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN)
1357 : {
1358 832 : BIO_set_retry_read(h);
1359 : }
1360 : }
1361 : }
1362 :
1363 3151 : return res;
1364 : }
1365 :
1366 : static int
1367 712 : port_bio_write(BIO *h, const char *buf, int size)
1368 : {
1369 712 : int res = 0;
1370 :
1371 712 : res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
1372 712 : BIO_clear_retry_flags(h);
1373 712 : if (res <= 0)
1374 : {
1375 : /* If we were interrupted, tell caller to retry */
1376 0 : if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN)
1377 : {
1378 0 : BIO_set_retry_write(h);
1379 : }
1380 : }
1381 :
1382 712 : return res;
1383 : }
1384 :
1385 : static long
1386 811 : port_bio_ctrl(BIO *h, int cmd, long num, void *ptr)
1387 : {
1388 : long res;
1389 811 : Port *port = (Port *) BIO_get_data(h);
1390 :
1391 811 : switch (cmd)
1392 : {
1393 5 : case BIO_CTRL_EOF:
1394 :
1395 : /*
1396 : * This should not be needed. port_bio_read already has a way to
1397 : * signal EOF to OpenSSL. However, OpenSSL made an undocumented,
1398 : * backwards-incompatible change and now expects EOF via BIO_ctrl.
1399 : * See https://github.com/openssl/openssl/issues/8208
1400 : */
1401 5 : res = port->last_read_was_eof;
1402 5 : break;
1403 466 : case BIO_CTRL_FLUSH:
1404 : /* libssl expects all BIOs to support BIO_flush. */
1405 466 : res = 1;
1406 466 : break;
1407 340 : default:
1408 340 : res = 0;
1409 340 : break;
1410 : }
1411 :
1412 811 : return res;
1413 : }
1414 :
1415 : static BIO_METHOD *
1416 170 : port_bio_method(void)
1417 : {
1418 170 : if (!port_bio_method_ptr)
1419 : {
1420 : int my_bio_index;
1421 :
1422 170 : my_bio_index = BIO_get_new_index();
1423 170 : if (my_bio_index == -1)
1424 0 : return NULL;
1425 170 : my_bio_index |= BIO_TYPE_SOURCE_SINK;
1426 170 : port_bio_method_ptr = BIO_meth_new(my_bio_index, "PostgreSQL backend socket");
1427 170 : if (!port_bio_method_ptr)
1428 0 : return NULL;
1429 340 : if (!BIO_meth_set_write(port_bio_method_ptr, port_bio_write) ||
1430 340 : !BIO_meth_set_read(port_bio_method_ptr, port_bio_read) ||
1431 170 : !BIO_meth_set_ctrl(port_bio_method_ptr, port_bio_ctrl))
1432 : {
1433 0 : BIO_meth_free(port_bio_method_ptr);
1434 0 : port_bio_method_ptr = NULL;
1435 0 : return NULL;
1436 : }
1437 : }
1438 170 : return port_bio_method_ptr;
1439 : }
1440 :
1441 : static int
1442 170 : ssl_set_port_bio(Port *port)
1443 : {
1444 : BIO *bio;
1445 : BIO_METHOD *bio_method;
1446 :
1447 170 : bio_method = port_bio_method();
1448 170 : if (bio_method == NULL)
1449 0 : return 0;
1450 :
1451 170 : bio = BIO_new(bio_method);
1452 170 : if (bio == NULL)
1453 0 : return 0;
1454 :
1455 170 : BIO_set_data(bio, port);
1456 170 : BIO_set_init(bio, 1);
1457 :
1458 170 : SSL_set_bio(port->ssl, bio, bio);
1459 170 : return 1;
1460 : }
1461 :
1462 : /*
1463 : * Load precomputed DH parameters.
1464 : *
1465 : * To prevent "downgrade" attacks, we perform a number of checks
1466 : * to verify that the DBA-generated DH parameters file contains
1467 : * what we expect it to contain.
1468 : */
1469 : static DH *
1470 0 : load_dh_file(char *filename, bool isServerStart)
1471 : {
1472 : FILE *fp;
1473 0 : DH *dh = NULL;
1474 : int codes;
1475 :
1476 : /* attempt to open file. It's not an error if it doesn't exist. */
1477 0 : if ((fp = AllocateFile(filename, "r")) == NULL)
1478 : {
1479 0 : ereport(isServerStart ? FATAL : LOG,
1480 : (errcode_for_file_access(),
1481 : errmsg("could not open DH parameters file \"%s\": %m",
1482 : filename)));
1483 0 : return NULL;
1484 : }
1485 :
1486 0 : dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
1487 0 : FreeFile(fp);
1488 :
1489 0 : if (dh == NULL)
1490 : {
1491 0 : ereport(isServerStart ? FATAL : LOG,
1492 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1493 : errmsg("could not load DH parameters file: %s",
1494 : SSLerrmessage(ERR_get_error()))));
1495 0 : return NULL;
1496 : }
1497 :
1498 : /* make sure the DH parameters are usable */
1499 0 : if (DH_check(dh, &codes) == 0)
1500 : {
1501 0 : ereport(isServerStart ? FATAL : LOG,
1502 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1503 : errmsg("invalid DH parameters: %s",
1504 : SSLerrmessage(ERR_get_error()))));
1505 0 : DH_free(dh);
1506 0 : return NULL;
1507 : }
1508 0 : if (codes & DH_CHECK_P_NOT_PRIME)
1509 : {
1510 0 : ereport(isServerStart ? FATAL : LOG,
1511 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1512 : errmsg("invalid DH parameters: p is not prime")));
1513 0 : DH_free(dh);
1514 0 : return NULL;
1515 : }
1516 0 : if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
1517 0 : (codes & DH_CHECK_P_NOT_SAFE_PRIME))
1518 : {
1519 0 : ereport(isServerStart ? FATAL : LOG,
1520 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
1521 : errmsg("invalid DH parameters: neither suitable generator or safe prime")));
1522 0 : DH_free(dh);
1523 0 : return NULL;
1524 : }
1525 :
1526 0 : return dh;
1527 : }
1528 :
1529 : /*
1530 : * Load hardcoded DH parameters.
1531 : *
1532 : * If DH parameters cannot be loaded from a specified file, we can load
1533 : * the hardcoded DH parameters supplied with the backend to prevent
1534 : * problems.
1535 : */
1536 : static DH *
1537 52 : load_dh_buffer(const char *buffer, size_t len)
1538 : {
1539 : BIO *bio;
1540 52 : DH *dh = NULL;
1541 :
1542 52 : bio = BIO_new_mem_buf(buffer, len);
1543 52 : if (bio == NULL)
1544 0 : return NULL;
1545 52 : dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1546 52 : if (dh == NULL)
1547 0 : ereport(DEBUG2,
1548 : (errmsg_internal("DH load buffer: %s",
1549 : SSLerrmessage(ERR_get_error()))));
1550 52 : BIO_free(bio);
1551 :
1552 52 : return dh;
1553 : }
1554 :
1555 : /*
1556 : * Passphrase collection callback using ssl_passphrase_command
1557 : */
1558 : static int
1559 17 : ssl_external_passwd_cb(char *buf, int size, int rwflag, void *userdata)
1560 : {
1561 : /* same prompt as OpenSSL uses internally */
1562 17 : const char *prompt = "Enter PEM pass phrase:";
1563 17 : const char *cmd = userdata;
1564 :
1565 : Assert(rwflag == 0);
1566 :
1567 17 : return run_ssl_passphrase_command(cmd, prompt, ssl_is_server_start, buf, size);
1568 : }
1569 :
1570 : /*
1571 : * Dummy passphrase callback
1572 : *
1573 : * If OpenSSL is told to use a passphrase-protected server key, by default
1574 : * it will issue a prompt on /dev/tty and try to read a key from there.
1575 : * That's no good during a postmaster SIGHUP cycle, not to mention SSL context
1576 : * reload in an EXEC_BACKEND postmaster child. So override it with this dummy
1577 : * function that just returns an empty passphrase, guaranteeing failure.
1578 : */
1579 : static int
1580 2 : dummy_ssl_passwd_cb(char *buf, int size, int rwflag, void *userdata)
1581 : {
1582 : /* Set flag to change the error message we'll report */
1583 2 : dummy_ssl_passwd_cb_called = true;
1584 : /* And return empty string */
1585 : Assert(size > 0);
1586 2 : buf[0] = '\0';
1587 2 : return 0;
1588 : }
1589 :
1590 : /*
1591 : * Examines the provided certificate name, and if it's too long to log or
1592 : * contains unprintable ASCII, escapes and truncates it. The return value is
1593 : * always a new palloc'd string. (The input string is still modified in place,
1594 : * for ease of implementation.)
1595 : */
1596 : static char *
1597 18 : prepare_cert_name(char *name)
1598 : {
1599 18 : size_t namelen = strlen(name);
1600 18 : char *truncated = name;
1601 :
1602 : /*
1603 : * Common Names are 64 chars max, so for a common case where the CN is the
1604 : * last field, we can still print the longest possible CN with a
1605 : * 7-character prefix (".../CN=[64 chars]"), for a reasonable limit of 71
1606 : * characters.
1607 : */
1608 : #define MAXLEN 71
1609 :
1610 18 : if (namelen > MAXLEN)
1611 : {
1612 : /*
1613 : * Keep the end of the name, not the beginning, since the most
1614 : * specific field is likely to give users the most information.
1615 : */
1616 1 : truncated = name + namelen - MAXLEN;
1617 1 : truncated[0] = truncated[1] = truncated[2] = '.';
1618 1 : namelen = MAXLEN;
1619 : }
1620 :
1621 : #undef MAXLEN
1622 :
1623 18 : return pg_clean_ascii(truncated, 0);
1624 : }
1625 :
1626 : /*
1627 : * Certificate verification callback
1628 : *
1629 : * This callback allows us to examine intermediate problems during
1630 : * verification, for later logging.
1631 : *
1632 : * This callback also allows us to override the default acceptance
1633 : * criteria (e.g., accepting self-signed or expired certs), but
1634 : * for now we accept the default checks.
1635 : */
1636 : static int
1637 105 : verify_cb(int ok, X509_STORE_CTX *ctx)
1638 : {
1639 : int depth;
1640 : int errcode;
1641 : const char *errstring;
1642 : StringInfoData str;
1643 : X509 *cert;
1644 : SSL *ssl;
1645 : struct CallbackErr *cb_err;
1646 :
1647 105 : if (ok)
1648 : {
1649 : /* Nothing to do for the successful case. */
1650 96 : return ok;
1651 : }
1652 :
1653 : /* Pull all the information we have on the verification failure. */
1654 9 : depth = X509_STORE_CTX_get_error_depth(ctx);
1655 9 : errcode = X509_STORE_CTX_get_error(ctx);
1656 9 : errstring = X509_verify_cert_error_string(errcode);
1657 :
1658 : /*
1659 : * Extract the current SSL and CallbackErr object to use for passing error
1660 : * detail back from the callback.
1661 : */
1662 9 : ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1663 9 : cb_err = (struct CallbackErr *) SSL_get_ex_data(ssl, 0);
1664 :
1665 9 : initStringInfo(&str);
1666 9 : appendStringInfo(&str,
1667 9 : _("Client certificate verification failed at depth %d: %s."),
1668 : depth, errstring);
1669 :
1670 9 : cert = X509_STORE_CTX_get_current_cert(ctx);
1671 9 : if (cert)
1672 : {
1673 : char *subject,
1674 : *issuer;
1675 : char *sub_prepared,
1676 : *iss_prepared;
1677 : char *serialno;
1678 : ASN1_INTEGER *sn;
1679 : BIGNUM *b;
1680 :
1681 : /*
1682 : * Get the Subject and Issuer for logging, but don't let maliciously
1683 : * huge certs flood the logs, and don't reflect non-ASCII bytes into
1684 : * it either.
1685 : */
1686 9 : subject = X509_NAME_to_cstring(X509_get_subject_name(cert));
1687 9 : sub_prepared = prepare_cert_name(subject);
1688 9 : pfree(subject);
1689 :
1690 9 : issuer = X509_NAME_to_cstring(X509_get_issuer_name(cert));
1691 9 : iss_prepared = prepare_cert_name(issuer);
1692 9 : pfree(issuer);
1693 :
1694 : /*
1695 : * Pull the serial number, too, in case a Subject is still ambiguous.
1696 : * This mirrors be_tls_get_peer_serial().
1697 : */
1698 9 : sn = X509_get_serialNumber(cert);
1699 9 : b = ASN1_INTEGER_to_BN(sn, NULL);
1700 9 : serialno = BN_bn2dec(b);
1701 :
1702 9 : appendStringInfoChar(&str, '\n');
1703 9 : appendStringInfo(&str,
1704 9 : _("Failed certificate data (unverified): subject \"%s\", serial number %s, issuer \"%s\"."),
1705 0 : sub_prepared, serialno ? serialno : _("unknown"),
1706 : iss_prepared);
1707 :
1708 9 : BN_free(b);
1709 9 : OPENSSL_free(serialno);
1710 9 : pfree(iss_prepared);
1711 9 : pfree(sub_prepared);
1712 : }
1713 :
1714 : /* Store our detail message to be logged later. */
1715 9 : cb_err->cert_errdetail = str.data;
1716 :
1717 9 : return ok;
1718 : }
1719 :
1720 : /*
1721 : * This callback is used to copy SSL information messages
1722 : * into the PostgreSQL log.
1723 : */
1724 : static void
1725 3893 : info_cb(const SSL *ssl, int type, int args)
1726 : {
1727 : const char *desc;
1728 :
1729 3893 : desc = SSL_state_string_long(ssl);
1730 :
1731 3893 : switch (type)
1732 : {
1733 170 : case SSL_CB_HANDSHAKE_START:
1734 170 : ereport(DEBUG4,
1735 : (errmsg_internal("SSL: handshake start: \"%s\"", desc)));
1736 170 : break;
1737 138 : case SSL_CB_HANDSHAKE_DONE:
1738 138 : ereport(DEBUG4,
1739 : (errmsg_internal("SSL: handshake done: \"%s\"", desc)));
1740 138 : break;
1741 2779 : case SSL_CB_ACCEPT_LOOP:
1742 2779 : ereport(DEBUG4,
1743 : (errmsg_internal("SSL: accept loop: \"%s\"", desc)));
1744 2779 : break;
1745 619 : case SSL_CB_ACCEPT_EXIT:
1746 619 : ereport(DEBUG4,
1747 : (errmsg_internal("SSL: accept exit (%d): \"%s\"", args, desc)));
1748 619 : break;
1749 0 : case SSL_CB_CONNECT_LOOP:
1750 0 : ereport(DEBUG4,
1751 : (errmsg_internal("SSL: connect loop: \"%s\"", desc)));
1752 0 : break;
1753 0 : case SSL_CB_CONNECT_EXIT:
1754 0 : ereport(DEBUG4,
1755 : (errmsg_internal("SSL: connect exit (%d): \"%s\"", args, desc)));
1756 0 : break;
1757 29 : case SSL_CB_READ_ALERT:
1758 29 : ereport(DEBUG4,
1759 : (errmsg_internal("SSL: read alert (0x%04x): \"%s\"", args, desc)));
1760 29 : break;
1761 158 : case SSL_CB_WRITE_ALERT:
1762 158 : ereport(DEBUG4,
1763 : (errmsg_internal("SSL: write alert (0x%04x): \"%s\"", args, desc)));
1764 158 : break;
1765 : }
1766 3893 : }
1767 :
1768 : /* See pqcomm.h comments on OpenSSL implementation of ALPN (RFC 7301) */
1769 : static const unsigned char alpn_protos[] = PG_ALPN_PROTOCOL_VECTOR;
1770 :
1771 : /*
1772 : * Server callback for ALPN negotiation. We use the standard "helper" function
1773 : * even though currently we only accept one value.
1774 : */
1775 : static int
1776 306 : alpn_cb(SSL *ssl,
1777 : const unsigned char **out,
1778 : unsigned char *outlen,
1779 : const unsigned char *in,
1780 : unsigned int inlen,
1781 : void *userdata)
1782 : {
1783 : /*
1784 : * Why does OpenSSL provide a helper function that requires a nonconst
1785 : * vector when the callback is declared to take a const vector? What are
1786 : * we to do with that?
1787 : */
1788 : int retval;
1789 :
1790 : Assert(userdata != NULL);
1791 : Assert(out != NULL);
1792 : Assert(outlen != NULL);
1793 : Assert(in != NULL);
1794 :
1795 306 : retval = SSL_select_next_proto((unsigned char **) out, outlen,
1796 : alpn_protos, sizeof(alpn_protos),
1797 : in, inlen);
1798 306 : if (*out == NULL || *outlen > sizeof(alpn_protos) || *outlen <= 0)
1799 0 : return SSL_TLSEXT_ERR_NOACK; /* can't happen */
1800 :
1801 306 : if (retval == OPENSSL_NPN_NEGOTIATED)
1802 306 : return SSL_TLSEXT_ERR_OK;
1803 : else
1804 : {
1805 : /*
1806 : * The client doesn't support our protocol. Reject the connection
1807 : * with TLS "no_application_protocol" alert, per RFC 7301.
1808 : */
1809 0 : return SSL_TLSEXT_ERR_ALERT_FATAL;
1810 : }
1811 : }
1812 :
1813 : #ifdef HAVE_SSL_CTX_SET_CLIENT_HELLO_CB
1814 : /*
1815 : * ssl_update_ssl
1816 : *
1817 : * Replace certificate/key and CA in an SSL object to match the, via the SNI
1818 : * extension, selected host configuration for the connection. The SSL_CTX
1819 : * object to use should be passed in as ctx. This function will update the
1820 : * SSL object in-place.
1821 : */
1822 : static bool
1823 306 : ssl_update_ssl(SSL *ssl, HostsLine *host_config)
1824 : {
1825 306 : SSL_CTX *ctx = host_config->ssl_ctx;
1826 :
1827 : X509 *cert;
1828 : EVP_PKEY *key;
1829 :
1830 : STACK_OF(X509) * chain;
1831 :
1832 : Assert(ctx != NULL);
1833 : /*-
1834 : * Make use of the already-loaded certificate chain and key. At first
1835 : * glance, SSL_set_SSL_CTX() looks like the easiest way to do this, but
1836 : * beware -- it has very odd behavior:
1837 : *
1838 : * https://github.com/openssl/openssl/issues/6109
1839 : */
1840 306 : cert = SSL_CTX_get0_certificate(ctx);
1841 306 : key = SSL_CTX_get0_privatekey(ctx);
1842 :
1843 : Assert(cert && key);
1844 :
1845 306 : if (!SSL_CTX_get0_chain_certs(ctx, &chain)
1846 306 : || !SSL_use_cert_and_key(ssl, cert, key, chain, 1 /* override */ )
1847 306 : || !SSL_check_private_key(ssl))
1848 : {
1849 : /*
1850 : * This shouldn't really be possible, since the inputs came from a
1851 : * SSL_CTX that was already populated by OpenSSL.
1852 : */
1853 0 : ereport(COMMERROR,
1854 : errcode(ERRCODE_INTERNAL_ERROR),
1855 : errmsg_internal("could not update certificate chain: %s",
1856 : SSLerrmessage(ERR_get_error())));
1857 0 : return false;
1858 : }
1859 :
1860 306 : if (host_config->ssl_ca && host_config->ssl_ca[0])
1861 : {
1862 : /*
1863 : * Copy the trust store and list of roots over from the SSL_CTX.
1864 : */
1865 282 : X509_STORE *ca_store = SSL_CTX_get_cert_store(ctx);
1866 :
1867 : STACK_OF(X509_NAME) * roots;
1868 :
1869 : /*
1870 : * The trust store appears to be the only setting that this function
1871 : * can't override via the (SSL *) pointer directly. Instead, share it
1872 : * with the active SSL_CTX (this should always be SSL_context).
1873 : */
1874 : Assert(SSL_context == SSL_get_SSL_CTX(ssl));
1875 282 : SSL_CTX_set1_cert_store(SSL_context, ca_store);
1876 :
1877 : /*
1878 : * SSL_set_client_CA_list() will take ownership of its argument, so we
1879 : * need to duplicate it.
1880 : */
1881 282 : if ((roots = SSL_CTX_get_client_CA_list(ctx)) == NULL
1882 282 : || (roots = SSL_dup_CA_list(roots)) == NULL)
1883 : {
1884 0 : ereport(COMMERROR,
1885 : errcode(ERRCODE_INTERNAL_ERROR),
1886 : errmsg_internal("could not duplicate SSL_CTX CA list: %s",
1887 : SSLerrmessage(ERR_get_error())));
1888 0 : return false;
1889 : }
1890 :
1891 282 : SSL_set_client_CA_list(ssl, roots);
1892 :
1893 : /*
1894 : * Always ask for SSL client cert, but don't fail if it's not
1895 : * presented. We might fail such connections later, depending on what
1896 : * we find in pg_hba.conf.
1897 : */
1898 282 : SSL_set_verify(ssl,
1899 : (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
1900 : verify_cb);
1901 :
1902 282 : ssl_loaded_verify_locations = true;
1903 : }
1904 :
1905 306 : return true;
1906 : }
1907 :
1908 : /*
1909 : * sni_clienthello_cb
1910 : *
1911 : * Callback for extracting the servername extension from the TLS handshake
1912 : * during ClientHello. There is a callback in OpenSSL for the servername
1913 : * specifically but OpenSSL themselves advice against using it as it is more
1914 : * dependent on ordering for execution.
1915 : */
1916 : static int
1917 312 : sni_clienthello_cb(SSL *ssl, int *al, void *arg)
1918 : {
1919 : const char *tlsext_hostname;
1920 : const unsigned char *tlsext;
1921 : size_t left,
1922 : len;
1923 312 : HostsLine *install_config = NULL;
1924 :
1925 312 : if (!ssl_sni)
1926 : {
1927 256 : install_config = SSL_hosts->default_host;
1928 256 : goto found;
1929 : }
1930 :
1931 56 : if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &tlsext, &left))
1932 : {
1933 53 : if (left <= 2)
1934 : {
1935 0 : *al = SSL_AD_DECODE_ERROR;
1936 0 : return 0;
1937 : }
1938 53 : len = (*(tlsext++) << 8);
1939 53 : len += *(tlsext)++;
1940 53 : if (len + 2 != left)
1941 : {
1942 0 : *al = SSL_AD_DECODE_ERROR;
1943 0 : return 0;
1944 : }
1945 :
1946 53 : left = len;
1947 :
1948 53 : if (left == 0 || *tlsext++ != TLSEXT_NAMETYPE_host_name)
1949 : {
1950 0 : *al = SSL_AD_DECODE_ERROR;
1951 0 : return 0;
1952 : }
1953 :
1954 53 : left--;
1955 :
1956 : /*
1957 : * Now we can finally pull out the byte array with the actual
1958 : * hostname.
1959 : */
1960 53 : if (left <= 2)
1961 : {
1962 0 : *al = SSL_AD_DECODE_ERROR;
1963 0 : return 0;
1964 : }
1965 53 : len = (*(tlsext++) << 8);
1966 53 : len += *(tlsext++);
1967 53 : if (len + 2 > left)
1968 : {
1969 0 : *al = SSL_AD_DECODE_ERROR;
1970 0 : return 0;
1971 : }
1972 53 : left = len;
1973 53 : tlsext_hostname = (const char *) tlsext;
1974 :
1975 : /*
1976 : * We have a requested hostname from the client, match against all
1977 : * entries in the pg_hosts configuration and attempt to find a match.
1978 : * Matching is done case insensitive as per RFC 952 and RFC 921.
1979 : */
1980 90 : foreach_ptr(HostsLine, host, SSL_hosts->sni)
1981 : {
1982 120 : foreach_ptr(char, hostname, host->hostnames)
1983 : {
1984 141 : if (strlen(hostname) == len &&
1985 65 : pg_strncasecmp(hostname, tlsext_hostname, len) == 0)
1986 : {
1987 38 : install_config = host;
1988 38 : goto found;
1989 : }
1990 : }
1991 : }
1992 :
1993 : /*
1994 : * If no host specific match was found, and there is a default config,
1995 : * then fall back to using that.
1996 : */
1997 15 : if (!install_config && SSL_hosts->default_host)
1998 10 : install_config = SSL_hosts->default_host;
1999 : }
2000 :
2001 : /*
2002 : * No hostname TLS extension in the handshake, use the default or no_sni
2003 : * configurations if available.
2004 : */
2005 : else
2006 : {
2007 3 : tlsext_hostname = NULL;
2008 :
2009 3 : if (SSL_hosts->no_sni)
2010 2 : install_config = SSL_hosts->no_sni;
2011 1 : else if (SSL_hosts->default_host)
2012 0 : install_config = SSL_hosts->default_host;
2013 : else
2014 : {
2015 : /*
2016 : * Reaching here means that we didn't get a hostname in the TLS
2017 : * extension and the server has been configured to not allow any
2018 : * connections without a specified hostname.
2019 : *
2020 : * The error message for a missing server_name should, according
2021 : * to RFC 8446, be missing_extension. This isn't entirely ideal
2022 : * since the user won't be able to tell which extension the server
2023 : * considered missing. Sending unrecognized_name would be a more
2024 : * helpful error, but for now we stick to the RFC.
2025 : */
2026 1 : *al = SSL_AD_MISSING_EXTENSION;
2027 :
2028 1 : ereport(COMMERROR,
2029 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2030 : errmsg("no hostname provided in callback, and no fallback configured")));
2031 1 : return SSL_CLIENT_HELLO_ERROR;
2032 : }
2033 : }
2034 :
2035 : /*
2036 : * If we reach here without a context chosen as the session context then
2037 : * fail the handshake and terminate the connection.
2038 : */
2039 17 : if (install_config == NULL)
2040 : {
2041 5 : if (tlsext_hostname)
2042 5 : *al = SSL_AD_UNRECOGNIZED_NAME;
2043 : else
2044 0 : *al = SSL_AD_MISSING_EXTENSION;
2045 5 : return SSL_CLIENT_HELLO_ERROR;
2046 : }
2047 :
2048 12 : found:
2049 306 : if (!ssl_update_ssl(ssl, install_config))
2050 : {
2051 0 : *al = SSL_AD_INTERNAL_ERROR;
2052 0 : ereport(COMMERROR,
2053 : errcode(ERRCODE_PROTOCOL_VIOLATION),
2054 : errmsg("failed to switch to SSL configuration for host, terminating connection"));
2055 0 : return SSL_CLIENT_HELLO_ERROR;
2056 : }
2057 :
2058 306 : return SSL_CLIENT_HELLO_SUCCESS;
2059 : }
2060 : #endif /* HAVE_SSL_CTX_SET_CLIENT_HELLO_CB */
2061 :
2062 : /*
2063 : * Set DH parameters for generating ephemeral DH keys. The
2064 : * DH parameters can take a long time to compute, so they must be
2065 : * precomputed.
2066 : *
2067 : * Since few sites will bother to create a parameter file, we also
2068 : * provide a fallback to the parameters provided by the OpenSSL
2069 : * project.
2070 : *
2071 : * These values can be static (once loaded or computed) since the
2072 : * OpenSSL library can efficiently generate random keys from the
2073 : * information provided.
2074 : */
2075 : static bool
2076 52 : initialize_dh(SSL_CTX *context, bool isServerStart)
2077 : {
2078 52 : DH *dh = NULL;
2079 :
2080 52 : SSL_CTX_set_options(context, SSL_OP_SINGLE_DH_USE);
2081 :
2082 52 : if (ssl_dh_params_file[0])
2083 0 : dh = load_dh_file(ssl_dh_params_file, isServerStart);
2084 52 : if (!dh)
2085 52 : dh = load_dh_buffer(FILE_DH2048, sizeof(FILE_DH2048));
2086 52 : if (!dh)
2087 : {
2088 0 : ereport(isServerStart ? FATAL : LOG,
2089 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
2090 : errmsg("DH: could not load DH parameters")));
2091 0 : return false;
2092 : }
2093 :
2094 52 : if (SSL_CTX_set_tmp_dh(context, dh) != 1)
2095 : {
2096 0 : ereport(isServerStart ? FATAL : LOG,
2097 : (errcode(ERRCODE_CONFIG_FILE_ERROR),
2098 : errmsg("DH: could not set DH parameters: %s",
2099 : SSLerrmessage(ERR_get_error()))));
2100 0 : DH_free(dh);
2101 0 : return false;
2102 : }
2103 :
2104 52 : DH_free(dh);
2105 52 : return true;
2106 : }
2107 :
2108 : /*
2109 : * Set ECDH parameters for generating ephemeral Elliptic Curve DH
2110 : * keys. This is much simpler than the DH parameters, as we just
2111 : * need to provide the name of the curve to OpenSSL.
2112 : */
2113 : static bool
2114 52 : initialize_ecdh(SSL_CTX *context, bool isServerStart)
2115 : {
2116 52 : if (SSL_CTX_set1_groups_list(context, SSLECDHCurve) != 1)
2117 : {
2118 : /*
2119 : * OpenSSL 3.3.0 introduced proper error messages for group parsing
2120 : * errors, earlier versions returns "no SSL error reported" which is
2121 : * far from helpful. For older versions, we replace with a better
2122 : * error message. Injecting the error into the OpenSSL error queue
2123 : * need APIs from OpenSSL 3.0.
2124 : */
2125 2 : ereport(isServerStart ? FATAL : LOG,
2126 : errcode(ERRCODE_CONFIG_FILE_ERROR),
2127 : errmsg("could not set group names specified in ssl_groups: %s",
2128 : SSLerrmessageExt(ERR_get_error(),
2129 : _("No valid groups found"))),
2130 : errhint("Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL."));
2131 0 : return false;
2132 : }
2133 :
2134 50 : return true;
2135 : }
2136 :
2137 : /*
2138 : * Obtain reason string for passed SSL errcode with replacement
2139 : *
2140 : * The error message supplied in replacement will be used in case the error
2141 : * code from OpenSSL is 0, else the error message from SSLerrmessage() will
2142 : * be returned.
2143 : *
2144 : * Not all versions of OpenSSL place an error on the queue even for failing
2145 : * operations, which will yield "no SSL error reported" by SSLerrmessage. This
2146 : * function can be used to ensure that a proper error message is displayed for
2147 : * versions reporting no error, while using the OpenSSL error via SSLerrmessage
2148 : * for versions where there is one.
2149 : */
2150 : static const char *
2151 2 : SSLerrmessageExt(unsigned long ecode, const char *replacement)
2152 : {
2153 2 : if (ecode == 0)
2154 2 : return replacement;
2155 : else
2156 0 : return SSLerrmessage(ecode);
2157 : }
2158 :
2159 : /*
2160 : * Obtain reason string for passed SSL errcode
2161 : *
2162 : * ERR_get_error() is used by caller to get errcode to pass here.
2163 : *
2164 : * Some caution is needed here since ERR_reason_error_string will return NULL
2165 : * if it doesn't recognize the error code, or (in OpenSSL >= 3) if the code
2166 : * represents a system errno value. We don't want to return NULL ever.
2167 : */
2168 : static const char *
2169 35 : SSLerrmessage(unsigned long ecode)
2170 : {
2171 : const char *errreason;
2172 : static char errbuf[36];
2173 :
2174 35 : if (ecode == 0)
2175 0 : return _("no SSL error reported");
2176 35 : errreason = ERR_reason_error_string(ecode);
2177 35 : if (errreason != NULL)
2178 35 : return errreason;
2179 :
2180 : /*
2181 : * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system
2182 : * errno values anymore. (See OpenSSL source code for the explanation.)
2183 : * We can cover that shortcoming with this bit of code. Older OpenSSL
2184 : * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because
2185 : * they don't have the shortcoming either.
2186 : */
2187 : #ifdef ERR_SYSTEM_ERROR
2188 0 : if (ERR_SYSTEM_ERROR(ecode))
2189 0 : return strerror(ERR_GET_REASON(ecode));
2190 : #endif
2191 :
2192 : /* No choice but to report the numeric ecode */
2193 0 : snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
2194 0 : return errbuf;
2195 : }
2196 :
2197 : int
2198 220 : be_tls_get_cipher_bits(Port *port)
2199 : {
2200 : int bits;
2201 :
2202 220 : if (port->ssl)
2203 : {
2204 220 : SSL_get_cipher_bits(port->ssl, &bits);
2205 220 : return bits;
2206 : }
2207 : else
2208 0 : return 0;
2209 : }
2210 :
2211 : const char *
2212 221 : be_tls_get_version(Port *port)
2213 : {
2214 221 : if (port->ssl)
2215 221 : return SSL_get_version(port->ssl);
2216 : else
2217 0 : return NULL;
2218 : }
2219 :
2220 : const char *
2221 221 : be_tls_get_cipher(Port *port)
2222 : {
2223 221 : if (port->ssl)
2224 221 : return SSL_get_cipher(port->ssl);
2225 : else
2226 0 : return NULL;
2227 : }
2228 :
2229 : void
2230 110 : be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len)
2231 : {
2232 110 : if (port->peer)
2233 30 : strlcpy(ptr, X509_NAME_to_cstring(X509_get_subject_name(port->peer)), len);
2234 : else
2235 80 : ptr[0] = '\0';
2236 110 : }
2237 :
2238 : void
2239 111 : be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
2240 : {
2241 111 : if (port->peer)
2242 31 : strlcpy(ptr, X509_NAME_to_cstring(X509_get_issuer_name(port->peer)), len);
2243 : else
2244 80 : ptr[0] = '\0';
2245 111 : }
2246 :
2247 : void
2248 111 : be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
2249 : {
2250 111 : if (port->peer)
2251 : {
2252 : ASN1_INTEGER *serial;
2253 : BIGNUM *b;
2254 : char *decimal;
2255 :
2256 31 : serial = X509_get_serialNumber(port->peer);
2257 31 : b = ASN1_INTEGER_to_BN(serial, NULL);
2258 31 : decimal = BN_bn2dec(b);
2259 :
2260 31 : BN_free(b);
2261 31 : strlcpy(ptr, decimal, len);
2262 31 : OPENSSL_free(decimal);
2263 : }
2264 : else
2265 80 : ptr[0] = '\0';
2266 111 : }
2267 :
2268 : char *
2269 4 : be_tls_get_certificate_hash(Port *port, size_t *len)
2270 : {
2271 : X509 *server_cert;
2272 : char *cert_hash;
2273 4 : const EVP_MD *algo_type = NULL;
2274 : unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */
2275 : unsigned int hash_size;
2276 : int algo_nid;
2277 :
2278 4 : *len = 0;
2279 4 : server_cert = SSL_get_certificate(port->ssl);
2280 4 : if (server_cert == NULL)
2281 0 : return NULL;
2282 :
2283 : /*
2284 : * Get the signature algorithm of the certificate to determine the hash
2285 : * algorithm to use for the result. Prefer X509_get_signature_info(),
2286 : * introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
2287 : */
2288 : #if HAVE_X509_GET_SIGNATURE_INFO
2289 4 : if (!X509_get_signature_info(server_cert, &algo_nid, NULL, NULL, NULL))
2290 : #else
2291 : if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert),
2292 : &algo_nid, NULL))
2293 : #endif
2294 0 : elog(ERROR, "could not determine server certificate signature algorithm");
2295 :
2296 : /*
2297 : * The TLS server's certificate bytes need to be hashed with SHA-256 if
2298 : * its signature algorithm is MD5 or SHA-1 as per RFC 5929
2299 : * (https://tools.ietf.org/html/rfc5929#section-4.1). If something else
2300 : * is used, the same hash as the signature algorithm is used.
2301 : */
2302 4 : switch (algo_nid)
2303 : {
2304 0 : case NID_md5:
2305 : case NID_sha1:
2306 0 : algo_type = EVP_sha256();
2307 0 : break;
2308 4 : default:
2309 4 : algo_type = EVP_get_digestbynid(algo_nid);
2310 4 : if (algo_type == NULL)
2311 0 : elog(ERROR, "could not find digest for NID %s",
2312 : OBJ_nid2sn(algo_nid));
2313 4 : break;
2314 : }
2315 :
2316 : /* generate and save the certificate hash */
2317 4 : if (!X509_digest(server_cert, algo_type, hash, &hash_size))
2318 0 : elog(ERROR, "could not generate server certificate hash");
2319 :
2320 4 : cert_hash = palloc(hash_size);
2321 4 : memcpy(cert_hash, hash, hash_size);
2322 4 : *len = hash_size;
2323 :
2324 4 : return cert_hash;
2325 : }
2326 :
2327 : /*
2328 : * Convert an X509 subject name to a cstring.
2329 : *
2330 : */
2331 : static char *
2332 79 : X509_NAME_to_cstring(const X509_NAME *name)
2333 : {
2334 79 : BIO *membuf = BIO_new(BIO_s_mem());
2335 : int i,
2336 : nid,
2337 79 : count = X509_NAME_entry_count(name);
2338 : const X509_NAME_ENTRY *e;
2339 : const ASN1_STRING *v;
2340 : const char *field_name;
2341 : size_t size;
2342 : char nullterm;
2343 : char *sp;
2344 : char *dp;
2345 : char *result;
2346 :
2347 79 : if (membuf == NULL)
2348 0 : ereport(ERROR,
2349 : (errcode(ERRCODE_OUT_OF_MEMORY),
2350 : errmsg("could not create BIO")));
2351 :
2352 79 : (void) BIO_set_close(membuf, BIO_CLOSE);
2353 169 : for (i = 0; i < count; i++)
2354 : {
2355 90 : e = X509_NAME_get_entry(name, i);
2356 90 : nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
2357 90 : if (nid == NID_undef)
2358 0 : ereport(ERROR,
2359 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2360 : errmsg("could not get NID for ASN1_OBJECT object")));
2361 90 : v = X509_NAME_ENTRY_get_data(e);
2362 90 : field_name = OBJ_nid2sn(nid);
2363 90 : if (field_name == NULL)
2364 0 : field_name = OBJ_nid2ln(nid);
2365 90 : if (field_name == NULL)
2366 0 : ereport(ERROR,
2367 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2368 : errmsg("could not convert NID %d to an ASN1_OBJECT structure", nid)));
2369 90 : BIO_printf(membuf, "/%s=", field_name);
2370 90 : ASN1_STRING_print_ex(membuf, v,
2371 : ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
2372 : | ASN1_STRFLGS_UTF8_CONVERT));
2373 : }
2374 :
2375 : /* ensure null termination of the BIO's content */
2376 79 : nullterm = '\0';
2377 79 : BIO_write(membuf, &nullterm, 1);
2378 79 : size = BIO_get_mem_data(membuf, &sp);
2379 79 : dp = pg_any_to_server(sp, size - 1, PG_UTF8);
2380 :
2381 79 : result = pstrdup(dp);
2382 79 : if (dp != sp)
2383 0 : pfree(dp);
2384 79 : if (BIO_free(membuf) != 1)
2385 0 : elog(ERROR, "could not free OpenSSL BIO structure");
2386 :
2387 79 : return result;
2388 : }
2389 :
2390 : /*
2391 : * Convert TLS protocol version GUC enum to OpenSSL values
2392 : *
2393 : * This is a straightforward one-to-one mapping, but doing it this way makes
2394 : * the definitions of ssl_min_protocol_version and ssl_max_protocol_version
2395 : * independent of OpenSSL availability and version.
2396 : *
2397 : * If a version is passed that is not supported by the current OpenSSL
2398 : * version, then we return -1. If a nonnegative value is returned,
2399 : * subsequent code can assume it's working with a supported version.
2400 : *
2401 : * Note: this is rather similar to libpq's routine in fe-secure-openssl.c,
2402 : * so make sure to update both routines if changing this one.
2403 : */
2404 : static int
2405 54 : ssl_protocol_version_to_openssl(int v)
2406 : {
2407 54 : switch (v)
2408 : {
2409 0 : case PG_TLS_ANY:
2410 0 : return 0;
2411 0 : case PG_TLS1_VERSION:
2412 0 : return TLS1_VERSION;
2413 1 : case PG_TLS1_1_VERSION:
2414 : #ifdef TLS1_1_VERSION
2415 1 : return TLS1_1_VERSION;
2416 : #else
2417 : break;
2418 : #endif
2419 53 : case PG_TLS1_2_VERSION:
2420 : #ifdef TLS1_2_VERSION
2421 53 : return TLS1_2_VERSION;
2422 : #else
2423 : break;
2424 : #endif
2425 0 : case PG_TLS1_3_VERSION:
2426 : #ifdef TLS1_3_VERSION
2427 0 : return TLS1_3_VERSION;
2428 : #else
2429 : break;
2430 : #endif
2431 : }
2432 :
2433 0 : return -1;
2434 : }
2435 :
2436 : /*
2437 : * Likewise provide a mapping to strings.
2438 : */
2439 : static const char *
2440 0 : ssl_protocol_version_to_string(int v)
2441 : {
2442 0 : switch (v)
2443 : {
2444 0 : case PG_TLS_ANY:
2445 0 : return "any";
2446 0 : case PG_TLS1_VERSION:
2447 0 : return "TLSv1";
2448 0 : case PG_TLS1_1_VERSION:
2449 0 : return "TLSv1.1";
2450 0 : case PG_TLS1_2_VERSION:
2451 0 : return "TLSv1.2";
2452 0 : case PG_TLS1_3_VERSION:
2453 0 : return "TLSv1.3";
2454 : }
2455 :
2456 0 : return "(unrecognized)";
2457 : }
2458 :
2459 : static uint32
2460 29 : host_cache_pointer(const char *key)
2461 : {
2462 : uint32 hash;
2463 29 : char *lkey = pstrdup(key);
2464 29 : int len = strlen(key);
2465 :
2466 336 : for (int i = 0; i < len; i++)
2467 307 : lkey[i] = pg_tolower(lkey[i]);
2468 :
2469 29 : hash = string_hash((const void *) lkey, len);
2470 29 : pfree(lkey);
2471 29 : return hash;
2472 : }
2473 :
2474 : static void
2475 37 : default_openssl_tls_init(SSL_CTX *context, bool isServerStart)
2476 : {
2477 37 : if (isServerStart)
2478 : {
2479 33 : if (ssl_passphrase_command[0])
2480 : {
2481 7 : SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
2482 7 : SSL_CTX_set_default_passwd_cb_userdata(context, ssl_passphrase_command);
2483 : }
2484 : }
2485 : else
2486 : {
2487 4 : if (ssl_passphrase_command[0] && ssl_passphrase_command_supports_reload)
2488 : {
2489 1 : SSL_CTX_set_default_passwd_cb(context, ssl_external_passwd_cb);
2490 1 : SSL_CTX_set_default_passwd_cb_userdata(context, ssl_passphrase_command);
2491 : }
2492 : else
2493 :
2494 : /*
2495 : * If reloading and no external command is configured, override
2496 : * OpenSSL's default handling of passphrase-protected files,
2497 : * because we don't want to prompt for a passphrase in an
2498 : * already-running server.
2499 : */
2500 3 : SSL_CTX_set_default_passwd_cb(context, dummy_ssl_passwd_cb);
2501 : }
2502 37 : }
|
