Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * fe-secure-openssl.c
4 : * OpenSSL support
5 : *
6 : *
7 : * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
8 : * Portions Copyright (c) 1994, Regents of the University of California
9 : *
10 : *
11 : * IDENTIFICATION
12 : * src/interfaces/libpq/fe-secure-openssl.c
13 : *
14 : * NOTES
15 : *
16 : * We don't provide informational callbacks here (like
17 : * info_cb() in be-secure-openssl.c), since there's no good mechanism to
18 : * display such information to the user.
19 : *
20 : *-------------------------------------------------------------------------
21 : */
22 :
23 : #include "postgres_fe.h"
24 :
25 : #include <signal.h>
26 : #include <fcntl.h>
27 : #include <ctype.h>
28 :
29 : #include "libpq-fe.h"
30 : #include "fe-auth.h"
31 : #include "fe-secure-common.h"
32 : #include "libpq-int.h"
33 :
34 : #ifdef WIN32
35 : #include "win32.h"
36 : #else
37 : #include <sys/socket.h>
38 : #include <unistd.h>
39 : #include <netdb.h>
40 : #include <netinet/in.h>
41 : #include <netinet/tcp.h>
42 : #include <arpa/inet.h>
43 : #endif
44 :
45 : #include <sys/stat.h>
46 :
47 : #ifdef WIN32
48 : #include "pthread-win32.h"
49 : #else
50 : #include <pthread.h>
51 : #endif
52 :
53 : /*
54 : * These SSL-related #includes must come after all system-provided headers.
55 : * This ensures that OpenSSL can take care of conflicts with Windows'
56 : * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly
57 : * include <wincrypt.h>, but some other Windows headers do.)
58 : */
59 : #include "common/openssl.h"
60 : #include <openssl/conf.h>
61 : #ifdef USE_SSL_ENGINE
62 : #include <openssl/engine.h>
63 : #endif
64 : #include <openssl/x509v3.h>
65 :
66 :
67 : static int verify_cb(int ok, X509_STORE_CTX *ctx);
68 : static int openssl_verify_peer_name_matches_certificate_name(PGconn *conn,
69 : ASN1_STRING *name_entry,
70 : char **store_name);
71 : static int openssl_verify_peer_name_matches_certificate_ip(PGconn *conn,
72 : ASN1_OCTET_STRING *addr_entry,
73 : char **store_name);
74 : static void destroy_ssl_system(void);
75 : static int initialize_SSL(PGconn *conn);
76 : static PostgresPollingStatusType open_client_SSL(PGconn *conn);
77 : static char *SSLerrmessage(unsigned long ecode);
78 : static void SSLerrfree(char *buf);
79 : static int PQssl_passwd_cb(char *buf, int size, int rwflag, void *userdata);
80 :
81 : static int my_sock_read(BIO *h, char *buf, int size);
82 : static int my_sock_write(BIO *h, const char *buf, int size);
83 : static BIO_METHOD *my_BIO_s_socket(void);
84 : static int my_SSL_set_fd(PGconn *conn, int fd);
85 :
86 :
87 : static bool pq_init_ssl_lib = true;
88 : static bool pq_init_crypto_lib = true;
89 :
90 : static bool ssl_lib_initialized = false;
91 :
92 : static long crypto_open_connections = 0;
93 :
94 : static pthread_mutex_t ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER;
95 :
96 : static PQsslKeyPassHook_OpenSSL_type PQsslKeyPassHook = NULL;
97 : static int ssl_protocol_version_to_openssl(const char *protocol);
98 :
99 : /* ------------------------------------------------------------ */
100 : /* Procedures common to all secure sessions */
101 : /* ------------------------------------------------------------ */
102 :
103 : void
104 0 : pgtls_init_library(bool do_ssl, int do_crypto)
105 : {
106 : /*
107 : * Disallow changing the flags while we have open connections, else we'd
108 : * get completely confused.
109 : */
110 0 : if (crypto_open_connections != 0)
111 0 : return;
112 :
113 0 : pq_init_ssl_lib = do_ssl;
114 0 : pq_init_crypto_lib = do_crypto;
115 : }
116 :
117 : PostgresPollingStatusType
118 680 : pgtls_open_client(PGconn *conn)
119 : {
120 : /* First time through? */
121 680 : if (conn->ssl == NULL)
122 : {
123 : /*
124 : * Create a connection-specific SSL object, and load client
125 : * certificate, private key, and trusted CA certs.
126 : */
127 232 : if (initialize_SSL(conn) != 0)
128 : {
129 : /* initialize_SSL already put a message in conn->errorMessage */
130 8 : pgtls_close(conn);
131 8 : return PGRES_POLLING_FAILED;
132 : }
133 : }
134 :
135 : /* Begin or continue the actual handshake */
136 672 : return open_client_SSL(conn);
137 : }
138 :
139 : ssize_t
140 792 : pgtls_read(PGconn *conn, void *ptr, size_t len)
141 : {
142 : ssize_t n;
143 792 : int result_errno = 0;
144 : char sebuf[PG_STRERROR_R_BUFLEN];
145 : int err;
146 : unsigned long ecode;
147 :
148 792 : rloop:
149 :
150 : /*
151 : * Prepare to call SSL_get_error() by clearing thread's OpenSSL error
152 : * queue. In general, the current thread's error queue must be empty
153 : * before the TLS/SSL I/O operation is attempted, or SSL_get_error() will
154 : * not work reliably. Since the possibility exists that other OpenSSL
155 : * clients running in the same thread but not under our control will fail
156 : * to call ERR_get_error() themselves (after their own I/O operations),
157 : * pro-actively clear the per-thread error queue now.
158 : */
159 792 : SOCK_ERRNO_SET(0);
160 792 : ERR_clear_error();
161 792 : n = SSL_read(conn->ssl, ptr, len);
162 792 : err = SSL_get_error(conn->ssl, n);
163 :
164 : /*
165 : * Other clients of OpenSSL may fail to call ERR_get_error(), but we
166 : * always do, so as to not cause problems for OpenSSL clients that don't
167 : * call ERR_clear_error() defensively. Be sure that this happens by
168 : * calling now. SSL_get_error() relies on the OpenSSL per-thread error
169 : * queue being intact, so this is the earliest possible point
170 : * ERR_get_error() may be called.
171 : */
172 792 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
173 792 : switch (err)
174 : {
175 350 : case SSL_ERROR_NONE:
176 350 : if (n < 0)
177 : {
178 : /* Not supposed to happen, so we don't translate the msg */
179 0 : appendPQExpBufferStr(&conn->errorMessage,
180 : "SSL_read failed but did not provide error information\n");
181 : /* assume the connection is broken */
182 0 : result_errno = ECONNRESET;
183 : }
184 350 : break;
185 430 : case SSL_ERROR_WANT_READ:
186 430 : n = 0;
187 430 : break;
188 0 : case SSL_ERROR_WANT_WRITE:
189 :
190 : /*
191 : * Returning 0 here would cause caller to wait for read-ready,
192 : * which is not correct since what SSL wants is wait for
193 : * write-ready. The former could get us stuck in an infinite
194 : * wait, so don't risk it; busy-loop instead.
195 : */
196 0 : goto rloop;
197 0 : case SSL_ERROR_SYSCALL:
198 0 : if (n < 0 && SOCK_ERRNO != 0)
199 : {
200 0 : result_errno = SOCK_ERRNO;
201 0 : if (result_errno == EPIPE ||
202 : result_errno == ECONNRESET)
203 0 : libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
204 : "\tThis probably means the server terminated abnormally\n"
205 : "\tbefore or while processing the request.");
206 : else
207 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
208 : SOCK_STRERROR(result_errno,
209 : sebuf, sizeof(sebuf)));
210 : }
211 : else
212 : {
213 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
214 : /* assume the connection is broken */
215 0 : result_errno = ECONNRESET;
216 0 : n = -1;
217 : }
218 0 : break;
219 12 : case SSL_ERROR_SSL:
220 : {
221 12 : char *errm = SSLerrmessage(ecode);
222 :
223 12 : libpq_append_conn_error(conn, "SSL error: %s", errm);
224 12 : SSLerrfree(errm);
225 : /* assume the connection is broken */
226 12 : result_errno = ECONNRESET;
227 12 : n = -1;
228 12 : break;
229 : }
230 0 : case SSL_ERROR_ZERO_RETURN:
231 :
232 : /*
233 : * Per OpenSSL documentation, this error code is only returned for
234 : * a clean connection closure, so we should not report it as a
235 : * server crash.
236 : */
237 0 : libpq_append_conn_error(conn, "SSL connection has been closed unexpectedly");
238 0 : result_errno = ECONNRESET;
239 0 : n = -1;
240 0 : break;
241 0 : default:
242 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
243 : /* assume the connection is broken */
244 0 : result_errno = ECONNRESET;
245 0 : n = -1;
246 0 : break;
247 : }
248 :
249 : /* ensure we return the intended errno to caller */
250 792 : SOCK_ERRNO_SET(result_errno);
251 :
252 792 : return n;
253 : }
254 :
255 : bool
256 1088 : pgtls_read_pending(PGconn *conn)
257 : {
258 1088 : return SSL_pending(conn->ssl) > 0;
259 : }
260 :
261 : ssize_t
262 512 : pgtls_write(PGconn *conn, const void *ptr, size_t len)
263 : {
264 : ssize_t n;
265 512 : int result_errno = 0;
266 : char sebuf[PG_STRERROR_R_BUFLEN];
267 : int err;
268 : unsigned long ecode;
269 :
270 512 : SOCK_ERRNO_SET(0);
271 512 : ERR_clear_error();
272 512 : n = SSL_write(conn->ssl, ptr, len);
273 512 : err = SSL_get_error(conn->ssl, n);
274 512 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
275 512 : switch (err)
276 : {
277 512 : case SSL_ERROR_NONE:
278 512 : if (n < 0)
279 : {
280 : /* Not supposed to happen, so we don't translate the msg */
281 0 : appendPQExpBufferStr(&conn->errorMessage,
282 : "SSL_write failed but did not provide error information\n");
283 : /* assume the connection is broken */
284 0 : result_errno = ECONNRESET;
285 : }
286 512 : break;
287 0 : case SSL_ERROR_WANT_READ:
288 :
289 : /*
290 : * Returning 0 here causes caller to wait for write-ready, which
291 : * is not really the right thing, but it's the best we can do.
292 : */
293 0 : n = 0;
294 0 : break;
295 0 : case SSL_ERROR_WANT_WRITE:
296 0 : n = 0;
297 0 : break;
298 0 : case SSL_ERROR_SYSCALL:
299 :
300 : /*
301 : * If errno is still zero then assume it's a read EOF situation,
302 : * and report EOF. (This seems possible because SSL_write can
303 : * also do reads.)
304 : */
305 0 : if (n < 0 && SOCK_ERRNO != 0)
306 : {
307 0 : result_errno = SOCK_ERRNO;
308 0 : if (result_errno == EPIPE || result_errno == ECONNRESET)
309 0 : libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
310 : "\tThis probably means the server terminated abnormally\n"
311 : "\tbefore or while processing the request.");
312 : else
313 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
314 : SOCK_STRERROR(result_errno,
315 : sebuf, sizeof(sebuf)));
316 : }
317 : else
318 : {
319 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
320 : /* assume the connection is broken */
321 0 : result_errno = ECONNRESET;
322 0 : n = -1;
323 : }
324 0 : break;
325 0 : case SSL_ERROR_SSL:
326 : {
327 0 : char *errm = SSLerrmessage(ecode);
328 :
329 0 : libpq_append_conn_error(conn, "SSL error: %s", errm);
330 0 : SSLerrfree(errm);
331 : /* assume the connection is broken */
332 0 : result_errno = ECONNRESET;
333 0 : n = -1;
334 0 : break;
335 : }
336 0 : case SSL_ERROR_ZERO_RETURN:
337 :
338 : /*
339 : * Per OpenSSL documentation, this error code is only returned for
340 : * a clean connection closure, so we should not report it as a
341 : * server crash.
342 : */
343 0 : libpq_append_conn_error(conn, "SSL connection has been closed unexpectedly");
344 0 : result_errno = ECONNRESET;
345 0 : n = -1;
346 0 : break;
347 0 : default:
348 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
349 : /* assume the connection is broken */
350 0 : result_errno = ECONNRESET;
351 0 : n = -1;
352 0 : break;
353 : }
354 :
355 : /* ensure we return the intended errno to caller */
356 512 : SOCK_ERRNO_SET(result_errno);
357 :
358 512 : return n;
359 : }
360 :
361 : char *
362 10 : pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
363 : {
364 : X509 *peer_cert;
365 : const EVP_MD *algo_type;
366 : unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */
367 : unsigned int hash_size;
368 : int algo_nid;
369 : char *cert_hash;
370 :
371 10 : *len = 0;
372 :
373 10 : if (!conn->peer)
374 0 : return NULL;
375 :
376 10 : peer_cert = conn->peer;
377 :
378 : /*
379 : * Get the signature algorithm of the certificate to determine the hash
380 : * algorithm to use for the result. Prefer X509_get_signature_info(),
381 : * introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
382 : */
383 : #if HAVE_X509_GET_SIGNATURE_INFO
384 10 : if (!X509_get_signature_info(peer_cert, &algo_nid, NULL, NULL, NULL))
385 : #else
386 : if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
387 : &algo_nid, NULL))
388 : #endif
389 : {
390 0 : libpq_append_conn_error(conn, "could not determine server certificate signature algorithm");
391 0 : return NULL;
392 : }
393 :
394 : /*
395 : * The TLS server's certificate bytes need to be hashed with SHA-256 if
396 : * its signature algorithm is MD5 or SHA-1 as per RFC 5929
397 : * (https://tools.ietf.org/html/rfc5929#section-4.1). If something else
398 : * is used, the same hash as the signature algorithm is used.
399 : */
400 10 : switch (algo_nid)
401 : {
402 0 : case NID_md5:
403 : case NID_sha1:
404 0 : algo_type = EVP_sha256();
405 0 : break;
406 10 : default:
407 10 : algo_type = EVP_get_digestbynid(algo_nid);
408 10 : if (algo_type == NULL)
409 : {
410 0 : libpq_append_conn_error(conn, "could not find digest for NID %s",
411 : OBJ_nid2sn(algo_nid));
412 0 : return NULL;
413 : }
414 10 : break;
415 : }
416 :
417 10 : if (!X509_digest(peer_cert, algo_type, hash, &hash_size))
418 : {
419 0 : libpq_append_conn_error(conn, "could not generate peer certificate hash");
420 0 : return NULL;
421 : }
422 :
423 : /* save result */
424 10 : cert_hash = malloc(hash_size);
425 10 : if (cert_hash == NULL)
426 : {
427 0 : libpq_append_conn_error(conn, "out of memory");
428 0 : return NULL;
429 : }
430 10 : memcpy(cert_hash, hash, hash_size);
431 10 : *len = hash_size;
432 :
433 10 : return cert_hash;
434 : }
435 :
436 : /* ------------------------------------------------------------ */
437 : /* OpenSSL specific code */
438 : /* ------------------------------------------------------------ */
439 :
440 : /*
441 : * Certificate verification callback
442 : *
443 : * This callback allows us to log intermediate problems during
444 : * verification, but there doesn't seem to be a clean way to get
445 : * our PGconn * structure. So we can't log anything!
446 : *
447 : * This callback also allows us to override the default acceptance
448 : * criteria (e.g., accepting self-signed or expired certs), but
449 : * for now we accept the default checks.
450 : */
451 : static int
452 564 : verify_cb(int ok, X509_STORE_CTX *ctx)
453 : {
454 564 : return ok;
455 : }
456 :
457 : #ifdef HAVE_SSL_CTX_SET_CERT_CB
458 : /*
459 : * Certificate selection callback
460 : *
461 : * This callback lets us choose the client certificate we send to the server
462 : * after seeing its CertificateRequest. We only support sending a single
463 : * hard-coded certificate via sslcert, so we don't actually set any certificates
464 : * here; we just use it to record whether or not the server has actually asked
465 : * for one and whether we have one to send.
466 : */
467 : static int
468 206 : cert_cb(SSL *ssl, void *arg)
469 : {
470 206 : PGconn *conn = arg;
471 :
472 206 : conn->ssl_cert_requested = true;
473 :
474 : /* Do we have a certificate loaded to send back? */
475 206 : if (SSL_get_certificate(ssl))
476 72 : conn->ssl_cert_sent = true;
477 :
478 : /*
479 : * Tell OpenSSL that the callback succeeded; we're not required to
480 : * actually make any changes to the SSL handle.
481 : */
482 206 : return 1;
483 : }
484 : #endif
485 :
486 : /*
487 : * OpenSSL-specific wrapper around
488 : * pq_verify_peer_name_matches_certificate_name(), converting the ASN1_STRING
489 : * into a plain C string.
490 : */
491 : static int
492 68 : openssl_verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name_entry,
493 : char **store_name)
494 : {
495 : int len;
496 : const unsigned char *namedata;
497 :
498 : /* Should not happen... */
499 68 : if (name_entry == NULL)
500 : {
501 0 : libpq_append_conn_error(conn, "SSL certificate's name entry is missing");
502 0 : return -1;
503 : }
504 :
505 : /*
506 : * GEN_DNS can be only IA5String, equivalent to US ASCII.
507 : */
508 : #ifdef HAVE_ASN1_STRING_GET0_DATA
509 68 : namedata = ASN1_STRING_get0_data(name_entry);
510 : #else
511 : namedata = ASN1_STRING_data(name_entry);
512 : #endif
513 68 : len = ASN1_STRING_length(name_entry);
514 :
515 : /* OK to cast from unsigned to plain char, since it's all ASCII. */
516 68 : return pq_verify_peer_name_matches_certificate_name(conn, (const char *) namedata, len, store_name);
517 : }
518 :
519 : /*
520 : * OpenSSL-specific wrapper around
521 : * pq_verify_peer_name_matches_certificate_ip(), converting the
522 : * ASN1_OCTET_STRING into a plain C string.
523 : */
524 : static int
525 48 : openssl_verify_peer_name_matches_certificate_ip(PGconn *conn,
526 : ASN1_OCTET_STRING *addr_entry,
527 : char **store_name)
528 : {
529 : int len;
530 : const unsigned char *addrdata;
531 :
532 : /* Should not happen... */
533 48 : if (addr_entry == NULL)
534 : {
535 0 : libpq_append_conn_error(conn, "SSL certificate's address entry is missing");
536 0 : return -1;
537 : }
538 :
539 : /*
540 : * GEN_IPADD is an OCTET STRING containing an IP address in network byte
541 : * order.
542 : */
543 : #ifdef HAVE_ASN1_STRING_GET0_DATA
544 48 : addrdata = ASN1_STRING_get0_data(addr_entry);
545 : #else
546 : addrdata = ASN1_STRING_data(addr_entry);
547 : #endif
548 48 : len = ASN1_STRING_length(addr_entry);
549 :
550 48 : return pq_verify_peer_name_matches_certificate_ip(conn, addrdata, len, store_name);
551 : }
552 :
553 : static bool
554 72 : is_ip_address(const char *host)
555 : {
556 : struct in_addr dummy4;
557 : #ifdef HAVE_INET_PTON
558 : struct in6_addr dummy6;
559 : #endif
560 :
561 72 : return inet_aton(host, &dummy4)
562 : #ifdef HAVE_INET_PTON
563 72 : || (inet_pton(AF_INET6, host, &dummy6) == 1)
564 : #endif
565 : ;
566 : }
567 :
568 : /*
569 : * Verify that the server certificate matches the hostname we connected to.
570 : *
571 : * The certificate's Common Name and Subject Alternative Names are considered.
572 : */
573 : int
574 72 : pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn,
575 : int *names_examined,
576 : char **first_name)
577 : {
578 : STACK_OF(GENERAL_NAME) * peer_san;
579 : int i;
580 72 : int rc = 0;
581 72 : char *host = conn->connhost[conn->whichhost].host;
582 : int host_type;
583 72 : bool check_cn = true;
584 :
585 : Assert(host && host[0]); /* should be guaranteed by caller */
586 :
587 : /*
588 : * We try to match the NSS behavior here, which is a slight departure from
589 : * the spec but seems to make more intuitive sense:
590 : *
591 : * If connhost contains a DNS name, and the certificate's SANs contain any
592 : * dNSName entries, then we'll ignore the Subject Common Name entirely;
593 : * otherwise, we fall back to checking the CN. (This behavior matches the
594 : * RFC.)
595 : *
596 : * If connhost contains an IP address, and the SANs contain iPAddress
597 : * entries, we again ignore the CN. Otherwise, we allow the CN to match,
598 : * EVEN IF there is a dNSName in the SANs. (RFC 6125 prohibits this: "A
599 : * client MUST NOT seek a match for a reference identifier of CN-ID if the
600 : * presented identifiers include a DNS-ID, SRV-ID, URI-ID, or any
601 : * application-specific identifier types supported by the client.")
602 : *
603 : * NOTE: Prior versions of libpq did not consider iPAddress entries at
604 : * all, so this new behavior might break a certificate that has different
605 : * IP addresses in the Subject CN and the SANs.
606 : */
607 72 : if (is_ip_address(host))
608 32 : host_type = GEN_IPADD;
609 : else
610 40 : host_type = GEN_DNS;
611 :
612 : /*
613 : * First, get the Subject Alternative Names (SANs) from the certificate,
614 : * and compare them against the originally given hostname.
615 : */
616 : peer_san = (STACK_OF(GENERAL_NAME) *)
617 72 : X509_get_ext_d2i(conn->peer, NID_subject_alt_name, NULL, NULL);
618 :
619 72 : if (peer_san)
620 : {
621 58 : int san_len = sk_GENERAL_NAME_num(peer_san);
622 :
623 122 : for (i = 0; i < san_len; i++)
624 : {
625 100 : const GENERAL_NAME *name = sk_GENERAL_NAME_value(peer_san, i);
626 100 : char *alt_name = NULL;
627 :
628 100 : if (name->type == host_type)
629 : {
630 : /*
631 : * This SAN is of the same type (IP or DNS) as our host name,
632 : * so don't allow a fallback check of the CN.
633 : */
634 86 : check_cn = false;
635 : }
636 :
637 100 : if (name->type == GEN_DNS)
638 : {
639 52 : (*names_examined)++;
640 52 : rc = openssl_verify_peer_name_matches_certificate_name(conn,
641 52 : name->d.dNSName,
642 : &alt_name);
643 : }
644 48 : else if (name->type == GEN_IPADD)
645 : {
646 48 : (*names_examined)++;
647 48 : rc = openssl_verify_peer_name_matches_certificate_ip(conn,
648 : name->d.iPAddress,
649 : &alt_name);
650 : }
651 :
652 100 : if (alt_name)
653 : {
654 100 : if (!*first_name)
655 58 : *first_name = alt_name;
656 : else
657 42 : free(alt_name);
658 : }
659 :
660 100 : if (rc != 0)
661 : {
662 : /*
663 : * Either we hit an error or a match, and either way we should
664 : * not fall back to the CN.
665 : */
666 36 : check_cn = false;
667 36 : break;
668 : }
669 : }
670 58 : sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
671 : }
672 :
673 : /*
674 : * If there is no subjectAltName extension of the matching type, check the
675 : * Common Name.
676 : *
677 : * (Per RFC 2818 and RFC 6125, if the subjectAltName extension of type
678 : * dNSName is present, the CN must be ignored. We break this rule if host
679 : * is an IP address; see the comment above.)
680 : */
681 72 : if (check_cn)
682 : {
683 : X509_NAME *subject_name;
684 :
685 20 : subject_name = X509_get_subject_name(conn->peer);
686 20 : if (subject_name != NULL)
687 : {
688 : int cn_index;
689 :
690 20 : cn_index = X509_NAME_get_index_by_NID(subject_name,
691 : NID_commonName, -1);
692 20 : if (cn_index >= 0)
693 : {
694 16 : char *common_name = NULL;
695 :
696 16 : (*names_examined)++;
697 16 : rc = openssl_verify_peer_name_matches_certificate_name(conn,
698 16 : X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, cn_index)),
699 : &common_name);
700 :
701 16 : if (common_name)
702 : {
703 16 : if (!*first_name)
704 12 : *first_name = common_name;
705 : else
706 4 : free(common_name);
707 : }
708 : }
709 : }
710 : }
711 :
712 72 : return rc;
713 : }
714 :
715 : #if defined(HAVE_CRYPTO_LOCK)
716 : /*
717 : * Callback functions for OpenSSL internal locking. (OpenSSL 1.1.0
718 : * does its own locking, and doesn't need these anymore. The
719 : * CRYPTO_lock() function was removed in 1.1.0, when the callbacks
720 : * were made obsolete, so we assume that if CRYPTO_lock() exists,
721 : * the callbacks are still required.)
722 : */
723 :
724 : static unsigned long
725 : pq_threadidcallback(void)
726 : {
727 : /*
728 : * This is not standards-compliant. pthread_self() returns pthread_t, and
729 : * shouldn't be cast to unsigned long, but CRYPTO_set_id_callback requires
730 : * it, so we have to do it.
731 : */
732 : return (unsigned long) pthread_self();
733 : }
734 :
735 : static pthread_mutex_t *pq_lockarray;
736 :
737 : static void
738 : pq_lockingcallback(int mode, int n, const char *file, int line)
739 : {
740 : /*
741 : * There's no way to report a mutex-primitive failure, so we just Assert
742 : * in development builds, and ignore any errors otherwise. Fortunately
743 : * this is all obsolete in modern OpenSSL.
744 : */
745 : if (mode & CRYPTO_LOCK)
746 : {
747 : if (pthread_mutex_lock(&pq_lockarray[n]))
748 : Assert(false);
749 : }
750 : else
751 : {
752 : if (pthread_mutex_unlock(&pq_lockarray[n]))
753 : Assert(false);
754 : }
755 : }
756 : #endif /* HAVE_CRYPTO_LOCK */
757 :
758 : /*
759 : * Initialize SSL library.
760 : *
761 : * In threadsafe mode, this includes setting up libcrypto callback functions
762 : * to do thread locking.
763 : *
764 : * If the caller has told us (through PQinitOpenSSL) that he's taking care
765 : * of libcrypto, we expect that callbacks are already set, and won't try to
766 : * override it.
767 : */
768 : int
769 22994 : pgtls_init(PGconn *conn, bool do_ssl, bool do_crypto)
770 : {
771 22994 : if (pthread_mutex_lock(&ssl_config_mutex))
772 0 : return -1;
773 :
774 : #ifdef HAVE_CRYPTO_LOCK
775 : if (pq_init_crypto_lib)
776 : {
777 : /*
778 : * If necessary, set up an array to hold locks for libcrypto.
779 : * libcrypto will tell us how big to make this array.
780 : */
781 : if (pq_lockarray == NULL)
782 : {
783 : int i;
784 :
785 : pq_lockarray = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
786 : if (!pq_lockarray)
787 : {
788 : pthread_mutex_unlock(&ssl_config_mutex);
789 : return -1;
790 : }
791 : for (i = 0; i < CRYPTO_num_locks(); i++)
792 : {
793 : if (pthread_mutex_init(&pq_lockarray[i], NULL))
794 : {
795 : free(pq_lockarray);
796 : pq_lockarray = NULL;
797 : pthread_mutex_unlock(&ssl_config_mutex);
798 : return -1;
799 : }
800 : }
801 : }
802 :
803 : if (do_crypto && !conn->crypto_loaded)
804 : {
805 : if (crypto_open_connections++ == 0)
806 : {
807 : /*
808 : * These are only required for threaded libcrypto
809 : * applications, but make sure we don't stomp on them if
810 : * they're already set.
811 : */
812 : if (CRYPTO_get_id_callback() == NULL)
813 : CRYPTO_set_id_callback(pq_threadidcallback);
814 : if (CRYPTO_get_locking_callback() == NULL)
815 : CRYPTO_set_locking_callback(pq_lockingcallback);
816 : }
817 :
818 : conn->crypto_loaded = true;
819 : }
820 : }
821 : #endif /* HAVE_CRYPTO_LOCK */
822 :
823 22994 : if (!ssl_lib_initialized && do_ssl)
824 : {
825 232 : if (pq_init_ssl_lib)
826 : {
827 : #ifdef HAVE_OPENSSL_INIT_SSL
828 232 : OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
829 : #else
830 : OPENSSL_config(NULL);
831 : SSL_library_init();
832 : SSL_load_error_strings();
833 : #endif
834 : }
835 232 : ssl_lib_initialized = true;
836 : }
837 :
838 22994 : pthread_mutex_unlock(&ssl_config_mutex);
839 22994 : return 0;
840 : }
841 :
842 : /*
843 : * This function is needed because if the libpq library is unloaded
844 : * from the application, the callback functions will no longer exist when
845 : * libcrypto is used by other parts of the system. For this reason,
846 : * we unregister the callback functions when the last libpq
847 : * connection is closed. (The same would apply for OpenSSL callbacks
848 : * if we had any.)
849 : *
850 : * Callbacks are only set when we're compiled in threadsafe mode, so
851 : * we only need to remove them in this case. They are also not needed
852 : * with OpenSSL 1.1.0 anymore.
853 : */
854 : static void
855 228 : destroy_ssl_system(void)
856 : {
857 : #if defined(HAVE_CRYPTO_LOCK)
858 : if (pthread_mutex_lock(&ssl_config_mutex))
859 : return;
860 :
861 : if (pq_init_crypto_lib && crypto_open_connections > 0)
862 : --crypto_open_connections;
863 :
864 : if (pq_init_crypto_lib && crypto_open_connections == 0)
865 : {
866 : /*
867 : * No connections left, unregister libcrypto callbacks, if no one
868 : * registered different ones in the meantime.
869 : */
870 : if (CRYPTO_get_locking_callback() == pq_lockingcallback)
871 : CRYPTO_set_locking_callback(NULL);
872 : if (CRYPTO_get_id_callback() == pq_threadidcallback)
873 : CRYPTO_set_id_callback(NULL);
874 :
875 : /*
876 : * We don't free the lock array. If we get another connection in this
877 : * process, we will just re-use them with the existing mutexes.
878 : *
879 : * This means we leak a little memory on repeated load/unload of the
880 : * library.
881 : */
882 : }
883 :
884 : pthread_mutex_unlock(&ssl_config_mutex);
885 : #endif
886 228 : }
887 :
888 : /* See pqcomm.h comments on OpenSSL implementation of ALPN (RFC 7301) */
889 : static unsigned char alpn_protos[] = PG_ALPN_PROTOCOL_VECTOR;
890 :
891 : /*
892 : * Create per-connection SSL object, and load the client certificate,
893 : * private key, and trusted CA certs.
894 : *
895 : * Returns 0 if OK, -1 on failure (with a message in conn->errorMessage).
896 : */
897 : static int
898 232 : initialize_SSL(PGconn *conn)
899 : {
900 : SSL_CTX *SSL_context;
901 : struct stat buf;
902 : char homedir[MAXPGPATH];
903 : char fnbuf[MAXPGPATH];
904 : char sebuf[PG_STRERROR_R_BUFLEN];
905 : bool have_homedir;
906 : bool have_cert;
907 : bool have_rootcert;
908 :
909 : /*
910 : * We'll need the home directory if any of the relevant parameters are
911 : * defaulted. If pqGetHomeDirectory fails, act as though none of the
912 : * files could be found.
913 : */
914 232 : if (!(conn->sslcert && strlen(conn->sslcert) > 0) ||
915 232 : !(conn->sslkey && strlen(conn->sslkey) > 0) ||
916 216 : !(conn->sslrootcert && strlen(conn->sslrootcert) > 0) ||
917 216 : !((conn->sslcrl && strlen(conn->sslcrl) > 0) ||
918 8 : (conn->sslcrldir && strlen(conn->sslcrldir) > 0)))
919 20 : have_homedir = pqGetHomeDirectory(homedir, sizeof(homedir));
920 : else /* won't need it */
921 212 : have_homedir = false;
922 :
923 : /*
924 : * Create a new SSL_CTX object.
925 : *
926 : * We used to share a single SSL_CTX between all connections, but it was
927 : * complicated if connections used different certificates. So now we
928 : * create a separate context for each connection, and accept the overhead.
929 : */
930 232 : SSL_context = SSL_CTX_new(SSLv23_method());
931 232 : if (!SSL_context)
932 : {
933 0 : char *err = SSLerrmessage(ERR_get_error());
934 :
935 0 : libpq_append_conn_error(conn, "could not create SSL context: %s", err);
936 0 : SSLerrfree(err);
937 0 : return -1;
938 : }
939 :
940 : /*
941 : * Delegate the client cert password prompt to the libpq wrapper callback
942 : * if any is defined.
943 : *
944 : * If the application hasn't installed its own and the sslpassword
945 : * parameter is non-null, we install ours now to make sure we supply
946 : * PGconn->sslpassword to OpenSSL instead of letting it prompt on stdin.
947 : *
948 : * This will replace OpenSSL's default PEM_def_callback (which prompts on
949 : * stdin), but we're only setting it for this SSL context so it's
950 : * harmless.
951 : */
952 232 : if (PQsslKeyPassHook
953 232 : || (conn->sslpassword && strlen(conn->sslpassword) > 0))
954 : {
955 6 : SSL_CTX_set_default_passwd_cb(SSL_context, PQssl_passwd_cb);
956 6 : SSL_CTX_set_default_passwd_cb_userdata(SSL_context, conn);
957 : }
958 :
959 : #ifdef HAVE_SSL_CTX_SET_CERT_CB
960 : /* Set up a certificate selection callback. */
961 232 : SSL_CTX_set_cert_cb(SSL_context, cert_cb, conn);
962 : #endif
963 :
964 : /* Disable old protocol versions */
965 232 : SSL_CTX_set_options(SSL_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
966 :
967 : /* Set the minimum and maximum protocol versions if necessary */
968 232 : if (conn->ssl_min_protocol_version &&
969 232 : strlen(conn->ssl_min_protocol_version) != 0)
970 : {
971 : int ssl_min_ver;
972 :
973 232 : ssl_min_ver = ssl_protocol_version_to_openssl(conn->ssl_min_protocol_version);
974 :
975 232 : if (ssl_min_ver == -1)
976 : {
977 0 : libpq_append_conn_error(conn, "invalid value \"%s\" for minimum SSL protocol version",
978 : conn->ssl_min_protocol_version);
979 0 : SSL_CTX_free(SSL_context);
980 0 : return -1;
981 : }
982 :
983 232 : if (!SSL_CTX_set_min_proto_version(SSL_context, ssl_min_ver))
984 : {
985 0 : char *err = SSLerrmessage(ERR_get_error());
986 :
987 0 : libpq_append_conn_error(conn, "could not set minimum SSL protocol version: %s", err);
988 0 : SSLerrfree(err);
989 0 : SSL_CTX_free(SSL_context);
990 0 : return -1;
991 : }
992 : }
993 :
994 232 : if (conn->ssl_max_protocol_version &&
995 4 : strlen(conn->ssl_max_protocol_version) != 0)
996 : {
997 : int ssl_max_ver;
998 :
999 4 : ssl_max_ver = ssl_protocol_version_to_openssl(conn->ssl_max_protocol_version);
1000 :
1001 4 : if (ssl_max_ver == -1)
1002 : {
1003 0 : libpq_append_conn_error(conn, "invalid value \"%s\" for maximum SSL protocol version",
1004 : conn->ssl_max_protocol_version);
1005 0 : SSL_CTX_free(SSL_context);
1006 0 : return -1;
1007 : }
1008 :
1009 4 : if (!SSL_CTX_set_max_proto_version(SSL_context, ssl_max_ver))
1010 : {
1011 0 : char *err = SSLerrmessage(ERR_get_error());
1012 :
1013 0 : libpq_append_conn_error(conn, "could not set maximum SSL protocol version: %s", err);
1014 0 : SSLerrfree(err);
1015 0 : SSL_CTX_free(SSL_context);
1016 0 : return -1;
1017 : }
1018 : }
1019 :
1020 : /*
1021 : * Disable OpenSSL's moving-write-buffer sanity check, because it causes
1022 : * unnecessary failures in nonblocking send cases.
1023 : */
1024 232 : SSL_CTX_set_mode(SSL_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1025 :
1026 : /*
1027 : * If the root cert file exists, load it so we can perform certificate
1028 : * verification. If sslmode is "verify-full" we will also do further
1029 : * verification after the connection has been completed.
1030 : */
1031 232 : if (conn->sslrootcert && strlen(conn->sslrootcert) > 0)
1032 232 : strlcpy(fnbuf, conn->sslrootcert, sizeof(fnbuf));
1033 0 : else if (have_homedir)
1034 0 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CERT_FILE);
1035 : else
1036 0 : fnbuf[0] = '\0';
1037 :
1038 232 : if (strcmp(fnbuf, "system") == 0)
1039 : {
1040 : /*
1041 : * The "system" sentinel value indicates that we should load whatever
1042 : * root certificates are installed for use by OpenSSL; these locations
1043 : * differ by platform. Note that the default system locations may be
1044 : * further overridden by the SSL_CERT_DIR and SSL_CERT_FILE
1045 : * environment variables.
1046 : */
1047 6 : if (SSL_CTX_set_default_verify_paths(SSL_context) != 1)
1048 : {
1049 0 : char *err = SSLerrmessage(ERR_get_error());
1050 :
1051 0 : libpq_append_conn_error(conn, "could not load system root certificate paths: %s",
1052 : err);
1053 0 : SSLerrfree(err);
1054 0 : SSL_CTX_free(SSL_context);
1055 0 : return -1;
1056 : }
1057 6 : have_rootcert = true;
1058 : }
1059 452 : else if (fnbuf[0] != '\0' &&
1060 226 : stat(fnbuf, &buf) == 0)
1061 198 : {
1062 : X509_STORE *cvstore;
1063 :
1064 198 : if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1)
1065 : {
1066 0 : char *err = SSLerrmessage(ERR_get_error());
1067 :
1068 0 : libpq_append_conn_error(conn, "could not read root certificate file \"%s\": %s",
1069 : fnbuf, err);
1070 0 : SSLerrfree(err);
1071 0 : SSL_CTX_free(SSL_context);
1072 0 : return -1;
1073 : }
1074 :
1075 198 : if ((cvstore = SSL_CTX_get_cert_store(SSL_context)) != NULL)
1076 : {
1077 198 : char *fname = NULL;
1078 198 : char *dname = NULL;
1079 :
1080 198 : if (conn->sslcrl && strlen(conn->sslcrl) > 0)
1081 194 : fname = conn->sslcrl;
1082 198 : if (conn->sslcrldir && strlen(conn->sslcrldir) > 0)
1083 198 : dname = conn->sslcrldir;
1084 :
1085 : /* defaults to use the default CRL file */
1086 198 : if (!fname && !dname && have_homedir)
1087 : {
1088 0 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);
1089 0 : fname = fnbuf;
1090 : }
1091 :
1092 : /* Set the flags to check against the complete CRL chain */
1093 396 : if ((fname || dname) &&
1094 198 : X509_STORE_load_locations(cvstore, fname, dname) == 1)
1095 : {
1096 10 : X509_STORE_set_flags(cvstore,
1097 : X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
1098 : }
1099 :
1100 : /* if not found, silently ignore; we do not require CRL */
1101 198 : ERR_clear_error();
1102 : }
1103 198 : have_rootcert = true;
1104 : }
1105 : else
1106 : {
1107 : /*
1108 : * stat() failed; assume root file doesn't exist. If sslmode is
1109 : * verify-ca or verify-full, this is an error. Otherwise, continue
1110 : * without performing any server cert verification.
1111 : */
1112 28 : if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
1113 : {
1114 : /*
1115 : * The only way to reach here with an empty filename is if
1116 : * pqGetHomeDirectory failed. That's a sufficiently unusual case
1117 : * that it seems worth having a specialized error message for it.
1118 : */
1119 4 : if (fnbuf[0] == '\0')
1120 0 : libpq_append_conn_error(conn, "could not get home directory to locate root certificate file\n"
1121 : "Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.");
1122 : else
1123 4 : libpq_append_conn_error(conn, "root certificate file \"%s\" does not exist\n"
1124 : "Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.", fnbuf);
1125 4 : SSL_CTX_free(SSL_context);
1126 4 : return -1;
1127 : }
1128 24 : have_rootcert = false;
1129 : }
1130 :
1131 : /* Read the client certificate file */
1132 228 : if (conn->sslcert && strlen(conn->sslcert) > 0)
1133 228 : strlcpy(fnbuf, conn->sslcert, sizeof(fnbuf));
1134 0 : else if (have_homedir)
1135 0 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
1136 : else
1137 0 : fnbuf[0] = '\0';
1138 :
1139 228 : if (conn->sslcertmode[0] == 'd') /* disable */
1140 : {
1141 : /* don't send a client cert even if we have one */
1142 6 : have_cert = false;
1143 : }
1144 222 : else if (fnbuf[0] == '\0')
1145 : {
1146 : /* no home directory, proceed without a client cert */
1147 0 : have_cert = false;
1148 : }
1149 222 : else if (stat(fnbuf, &buf) != 0)
1150 : {
1151 : /*
1152 : * If file is not present, just go on without a client cert; server
1153 : * might or might not accept the connection. Any other error,
1154 : * however, is grounds for complaint.
1155 : */
1156 146 : if (errno != ENOENT && errno != ENOTDIR)
1157 : {
1158 0 : libpq_append_conn_error(conn, "could not open certificate file \"%s\": %s",
1159 0 : fnbuf, strerror_r(errno, sebuf, sizeof(sebuf)));
1160 0 : SSL_CTX_free(SSL_context);
1161 0 : return -1;
1162 : }
1163 146 : have_cert = false;
1164 : }
1165 : else
1166 : {
1167 : /*
1168 : * Cert file exists, so load it. Since OpenSSL doesn't provide the
1169 : * equivalent of "SSL_use_certificate_chain_file", we have to load it
1170 : * into the SSL context, rather than the SSL object.
1171 : */
1172 76 : if (SSL_CTX_use_certificate_chain_file(SSL_context, fnbuf) != 1)
1173 : {
1174 0 : char *err = SSLerrmessage(ERR_get_error());
1175 :
1176 0 : libpq_append_conn_error(conn, "could not read certificate file \"%s\": %s",
1177 : fnbuf, err);
1178 0 : SSLerrfree(err);
1179 0 : SSL_CTX_free(SSL_context);
1180 0 : return -1;
1181 : }
1182 :
1183 : /* need to load the associated private key, too */
1184 76 : have_cert = true;
1185 : }
1186 :
1187 : /*
1188 : * The SSL context is now loaded with the correct root and client
1189 : * certificates. Create a connection-specific SSL object. The private key
1190 : * is loaded directly into the SSL object. (We could load the private key
1191 : * into the context, too, but we have done it this way historically, and
1192 : * it doesn't really matter.)
1193 : */
1194 456 : if (!(conn->ssl = SSL_new(SSL_context)) ||
1195 456 : !SSL_set_app_data(conn->ssl, conn) ||
1196 228 : !my_SSL_set_fd(conn, conn->sock))
1197 : {
1198 0 : char *err = SSLerrmessage(ERR_get_error());
1199 :
1200 0 : libpq_append_conn_error(conn, "could not establish SSL connection: %s", err);
1201 0 : SSLerrfree(err);
1202 0 : SSL_CTX_free(SSL_context);
1203 0 : return -1;
1204 : }
1205 228 : conn->ssl_in_use = true;
1206 :
1207 : /*
1208 : * SSL contexts are reference counted by OpenSSL. We can free it as soon
1209 : * as we have created the SSL object, and it will stick around for as long
1210 : * as it's actually needed.
1211 : */
1212 228 : SSL_CTX_free(SSL_context);
1213 228 : SSL_context = NULL;
1214 :
1215 : /*
1216 : * Set Server Name Indication (SNI), if enabled by connection parameters.
1217 : * Per RFC 6066, do not set it if the host is a literal IP address (IPv4
1218 : * or IPv6).
1219 : */
1220 228 : if (conn->sslsni && conn->sslsni[0] == '1')
1221 : {
1222 228 : const char *host = conn->connhost[conn->whichhost].host;
1223 :
1224 228 : if (host && host[0] &&
1225 228 : !(strspn(host, "0123456789.") == strlen(host) ||
1226 208 : strchr(host, ':')))
1227 : {
1228 194 : if (SSL_set_tlsext_host_name(conn->ssl, host) != 1)
1229 : {
1230 0 : char *err = SSLerrmessage(ERR_get_error());
1231 :
1232 0 : libpq_append_conn_error(conn, "could not set SSL Server Name Indication (SNI): %s", err);
1233 0 : SSLerrfree(err);
1234 0 : return -1;
1235 : }
1236 : }
1237 : }
1238 :
1239 : /* Set ALPN */
1240 : {
1241 : int retval;
1242 :
1243 228 : retval = SSL_set_alpn_protos(conn->ssl, alpn_protos, sizeof(alpn_protos));
1244 :
1245 228 : if (retval != 0)
1246 : {
1247 0 : char *err = SSLerrmessage(ERR_get_error());
1248 :
1249 0 : libpq_append_conn_error(conn, "could not set SSL ALPN extension: %s", err);
1250 0 : SSLerrfree(err);
1251 0 : return -1;
1252 : }
1253 : }
1254 :
1255 : /*
1256 : * Read the SSL key. If a key is specified, treat it as an engine:key
1257 : * combination if there is colon present - we don't support files with
1258 : * colon in the name. The exception is if the second character is a colon,
1259 : * in which case it can be a Windows filename with drive specification.
1260 : */
1261 228 : if (have_cert && conn->sslkey && strlen(conn->sslkey) > 0)
1262 : {
1263 : #ifdef USE_SSL_ENGINE
1264 76 : if (strchr(conn->sslkey, ':')
1265 : #ifdef WIN32
1266 : && conn->sslkey[1] != ':'
1267 : #endif
1268 : )
1269 : {
1270 : /* Colon, but not in second character, treat as engine:key */
1271 0 : char *engine_str = strdup(conn->sslkey);
1272 : char *engine_colon;
1273 : EVP_PKEY *pkey;
1274 :
1275 0 : if (engine_str == NULL)
1276 : {
1277 0 : libpq_append_conn_error(conn, "out of memory");
1278 0 : return -1;
1279 : }
1280 :
1281 : /* cannot return NULL because we already checked before strdup */
1282 0 : engine_colon = strchr(engine_str, ':');
1283 :
1284 0 : *engine_colon = '\0'; /* engine_str now has engine name */
1285 0 : engine_colon++; /* engine_colon now has key name */
1286 :
1287 0 : conn->engine = ENGINE_by_id(engine_str);
1288 0 : if (conn->engine == NULL)
1289 : {
1290 0 : char *err = SSLerrmessage(ERR_get_error());
1291 :
1292 0 : libpq_append_conn_error(conn, "could not load SSL engine \"%s\": %s",
1293 : engine_str, err);
1294 0 : SSLerrfree(err);
1295 0 : free(engine_str);
1296 0 : return -1;
1297 : }
1298 :
1299 0 : if (ENGINE_init(conn->engine) == 0)
1300 : {
1301 0 : char *err = SSLerrmessage(ERR_get_error());
1302 :
1303 0 : libpq_append_conn_error(conn, "could not initialize SSL engine \"%s\": %s",
1304 : engine_str, err);
1305 0 : SSLerrfree(err);
1306 0 : ENGINE_free(conn->engine);
1307 0 : conn->engine = NULL;
1308 0 : free(engine_str);
1309 0 : return -1;
1310 : }
1311 :
1312 0 : pkey = ENGINE_load_private_key(conn->engine, engine_colon,
1313 : NULL, NULL);
1314 0 : if (pkey == NULL)
1315 : {
1316 0 : char *err = SSLerrmessage(ERR_get_error());
1317 :
1318 0 : libpq_append_conn_error(conn, "could not read private SSL key \"%s\" from engine \"%s\": %s",
1319 : engine_colon, engine_str, err);
1320 0 : SSLerrfree(err);
1321 0 : ENGINE_finish(conn->engine);
1322 0 : ENGINE_free(conn->engine);
1323 0 : conn->engine = NULL;
1324 0 : free(engine_str);
1325 0 : return -1;
1326 : }
1327 0 : if (SSL_use_PrivateKey(conn->ssl, pkey) != 1)
1328 : {
1329 0 : char *err = SSLerrmessage(ERR_get_error());
1330 :
1331 0 : libpq_append_conn_error(conn, "could not load private SSL key \"%s\" from engine \"%s\": %s",
1332 : engine_colon, engine_str, err);
1333 0 : SSLerrfree(err);
1334 0 : ENGINE_finish(conn->engine);
1335 0 : ENGINE_free(conn->engine);
1336 0 : conn->engine = NULL;
1337 0 : free(engine_str);
1338 0 : return -1;
1339 : }
1340 :
1341 0 : free(engine_str);
1342 :
1343 0 : fnbuf[0] = '\0'; /* indicate we're not going to load from a
1344 : * file */
1345 : }
1346 : else
1347 : #endif /* USE_SSL_ENGINE */
1348 : {
1349 : /* PGSSLKEY is not an engine, treat it as a filename */
1350 76 : strlcpy(fnbuf, conn->sslkey, sizeof(fnbuf));
1351 : }
1352 : }
1353 152 : else if (have_homedir)
1354 : {
1355 : /* No PGSSLKEY specified, load default file */
1356 16 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
1357 : }
1358 : else
1359 136 : fnbuf[0] = '\0';
1360 :
1361 228 : if (have_cert && fnbuf[0] != '\0')
1362 : {
1363 : /* read the client key from file */
1364 :
1365 76 : if (stat(fnbuf, &buf) != 0)
1366 : {
1367 0 : if (errno == ENOENT)
1368 0 : libpq_append_conn_error(conn, "certificate present, but not private key file \"%s\"",
1369 : fnbuf);
1370 : else
1371 0 : libpq_append_conn_error(conn, "could not stat private key file \"%s\": %m",
1372 : fnbuf);
1373 0 : return -1;
1374 : }
1375 :
1376 : /* Key file must be a regular file */
1377 76 : if (!S_ISREG(buf.st_mode))
1378 : {
1379 0 : libpq_append_conn_error(conn, "private key file \"%s\" is not a regular file",
1380 : fnbuf);
1381 0 : return -1;
1382 : }
1383 :
1384 : /*
1385 : * Refuse to load world-readable key files. We accept root-owned
1386 : * files with mode 0640 or less, so that we can access system-wide
1387 : * certificates if we have a supplementary group membership that
1388 : * allows us to read 'em. For files with non-root ownership, require
1389 : * mode 0600 or less. We need not check the file's ownership exactly;
1390 : * if we're able to read it despite it having such restrictive
1391 : * permissions, it must have the right ownership.
1392 : *
1393 : * Note: be very careful about tightening these rules. Some people
1394 : * expect, for example, that a client process running as root should
1395 : * be able to use a non-root-owned key file.
1396 : *
1397 : * Note that roughly similar checks are performed in
1398 : * src/backend/libpq/be-secure-common.c so any changes here may need
1399 : * to be made there as well. However, this code caters for the case
1400 : * of current user == root, while that code does not.
1401 : *
1402 : * Ideally we would do similar permissions checks on Windows, but it
1403 : * is not clear how that would work since Unix-style permissions may
1404 : * not be available.
1405 : */
1406 : #if !defined(WIN32) && !defined(__CYGWIN__)
1407 152 : if (buf.st_uid == 0 ?
1408 0 : buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO) :
1409 76 : buf.st_mode & (S_IRWXG | S_IRWXO))
1410 : {
1411 2 : libpq_append_conn_error(conn,
1412 : "private key file \"%s\" has group or world access; file must have permissions u=rw (0600) or less if owned by the current user, or permissions u=rw,g=r (0640) or less if owned by root",
1413 : fnbuf);
1414 2 : return -1;
1415 : }
1416 : #endif
1417 :
1418 74 : if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_PEM) != 1)
1419 : {
1420 6 : char *err = SSLerrmessage(ERR_get_error());
1421 :
1422 : /*
1423 : * We'll try to load the file in DER (binary ASN.1) format, and if
1424 : * that fails too, report the original error. This could mask
1425 : * issues where there's something wrong with a DER-format cert,
1426 : * but we'd have to duplicate openssl's format detection to be
1427 : * smarter than this. We can't just probe for a leading -----BEGIN
1428 : * because PEM can have leading non-matching lines and blanks.
1429 : * OpenSSL doesn't expose its get_name(...) and its PEM routines
1430 : * don't differentiate between failure modes in enough detail to
1431 : * let us tell the difference between "not PEM, try DER" and
1432 : * "wrong password".
1433 : */
1434 6 : if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_ASN1) != 1)
1435 : {
1436 2 : libpq_append_conn_error(conn, "could not load private key file \"%s\": %s",
1437 : fnbuf, err);
1438 2 : SSLerrfree(err);
1439 2 : return -1;
1440 : }
1441 :
1442 4 : SSLerrfree(err);
1443 : }
1444 : }
1445 :
1446 : /* verify that the cert and key go together */
1447 296 : if (have_cert &&
1448 72 : SSL_check_private_key(conn->ssl) != 1)
1449 : {
1450 0 : char *err = SSLerrmessage(ERR_get_error());
1451 :
1452 0 : libpq_append_conn_error(conn, "certificate does not match private key file \"%s\": %s",
1453 : fnbuf, err);
1454 0 : SSLerrfree(err);
1455 0 : return -1;
1456 : }
1457 :
1458 : /*
1459 : * If a root cert was loaded, also set our certificate verification
1460 : * callback.
1461 : */
1462 224 : if (have_rootcert)
1463 200 : SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb);
1464 :
1465 : /*
1466 : * Set compression option if necessary.
1467 : */
1468 224 : if (conn->sslcompression && conn->sslcompression[0] == '0')
1469 224 : SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1470 : else
1471 0 : SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1472 :
1473 224 : return 0;
1474 : }
1475 :
1476 : /*
1477 : * Attempt to negotiate SSL connection.
1478 : */
1479 : static PostgresPollingStatusType
1480 672 : open_client_SSL(PGconn *conn)
1481 : {
1482 : int r;
1483 :
1484 672 : SOCK_ERRNO_SET(0);
1485 672 : ERR_clear_error();
1486 672 : r = SSL_connect(conn->ssl);
1487 672 : if (r <= 0)
1488 : {
1489 466 : int save_errno = SOCK_ERRNO;
1490 466 : int err = SSL_get_error(conn->ssl, r);
1491 : unsigned long ecode;
1492 :
1493 466 : ecode = ERR_get_error();
1494 466 : switch (err)
1495 : {
1496 448 : case SSL_ERROR_WANT_READ:
1497 448 : return PGRES_POLLING_READING;
1498 :
1499 0 : case SSL_ERROR_WANT_WRITE:
1500 0 : return PGRES_POLLING_WRITING;
1501 :
1502 0 : case SSL_ERROR_SYSCALL:
1503 : {
1504 : char sebuf[PG_STRERROR_R_BUFLEN];
1505 : unsigned long vcode;
1506 :
1507 0 : vcode = SSL_get_verify_result(conn->ssl);
1508 :
1509 : /*
1510 : * If we get an X509 error here for failing to load the
1511 : * local issuer cert, without an error in the socket layer
1512 : * it means that verification failed due to a missing
1513 : * system CA pool without it being a protocol error. We
1514 : * inspect the sslrootcert setting to ensure that the user
1515 : * was using the system CA pool. For other errors, log
1516 : * them using the normal SYSCALL logging.
1517 : */
1518 0 : if (save_errno == 0 &&
1519 0 : vcode == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY &&
1520 0 : strcmp(conn->sslrootcert, "system") == 0)
1521 0 : libpq_append_conn_error(conn, "SSL error: certificate verify failed: %s",
1522 : X509_verify_cert_error_string(vcode));
1523 0 : else if (r == -1 && save_errno != 0)
1524 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
1525 : SOCK_STRERROR(save_errno, sebuf, sizeof(sebuf)));
1526 : else
1527 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
1528 0 : pgtls_close(conn);
1529 0 : return PGRES_POLLING_FAILED;
1530 : }
1531 18 : case SSL_ERROR_SSL:
1532 : {
1533 18 : char *err = SSLerrmessage(ecode);
1534 :
1535 18 : libpq_append_conn_error(conn, "SSL error: %s", err);
1536 18 : SSLerrfree(err);
1537 18 : switch (ERR_GET_REASON(ecode))
1538 : {
1539 : /*
1540 : * UNSUPPORTED_PROTOCOL, WRONG_VERSION_NUMBER, and
1541 : * TLSV1_ALERT_PROTOCOL_VERSION have been observed
1542 : * when trying to communicate with an old OpenSSL
1543 : * library, or when the client and server specify
1544 : * disjoint protocol ranges.
1545 : * NO_PROTOCOLS_AVAILABLE occurs if there's a
1546 : * local misconfiguration (which can happen
1547 : * despite our checks, if openssl.cnf injects a
1548 : * limit we didn't account for). It's not very
1549 : * clear what would make OpenSSL return the other
1550 : * codes listed here, but a hint about protocol
1551 : * versions seems like it's appropriate for all.
1552 : */
1553 0 : case SSL_R_NO_PROTOCOLS_AVAILABLE:
1554 : case SSL_R_UNSUPPORTED_PROTOCOL:
1555 : case SSL_R_BAD_PROTOCOL_VERSION_NUMBER:
1556 : case SSL_R_UNKNOWN_PROTOCOL:
1557 : case SSL_R_UNKNOWN_SSL_VERSION:
1558 : case SSL_R_UNSUPPORTED_SSL_VERSION:
1559 : case SSL_R_WRONG_SSL_VERSION:
1560 : case SSL_R_WRONG_VERSION_NUMBER:
1561 : case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
1562 : #ifdef SSL_R_VERSION_TOO_HIGH
1563 : case SSL_R_VERSION_TOO_HIGH:
1564 : case SSL_R_VERSION_TOO_LOW:
1565 : #endif
1566 0 : libpq_append_conn_error(conn, "This may indicate that the server does not support any SSL protocol version between %s and %s.",
1567 0 : conn->ssl_min_protocol_version ?
1568 : conn->ssl_min_protocol_version :
1569 : MIN_OPENSSL_TLS_VERSION,
1570 0 : conn->ssl_max_protocol_version ?
1571 : conn->ssl_max_protocol_version :
1572 : MAX_OPENSSL_TLS_VERSION);
1573 0 : break;
1574 18 : default:
1575 18 : break;
1576 : }
1577 18 : pgtls_close(conn);
1578 18 : return PGRES_POLLING_FAILED;
1579 : }
1580 :
1581 0 : default:
1582 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
1583 0 : pgtls_close(conn);
1584 0 : return PGRES_POLLING_FAILED;
1585 : }
1586 : }
1587 :
1588 : /*
1589 : * We already checked the server certificate in initialize_SSL() using
1590 : * SSL_CTX_set_verify(), if root.crt exists.
1591 : */
1592 :
1593 : /* get server certificate */
1594 206 : conn->peer = SSL_get_peer_certificate(conn->ssl);
1595 206 : if (conn->peer == NULL)
1596 : {
1597 0 : char *err = SSLerrmessage(ERR_get_error());
1598 :
1599 0 : libpq_append_conn_error(conn, "certificate could not be obtained: %s", err);
1600 0 : SSLerrfree(err);
1601 0 : pgtls_close(conn);
1602 0 : return PGRES_POLLING_FAILED;
1603 : }
1604 :
1605 206 : if (!pq_verify_peer_name_matches_certificate(conn))
1606 : {
1607 26 : pgtls_close(conn);
1608 26 : return PGRES_POLLING_FAILED;
1609 : }
1610 :
1611 : /* SSL handshake is complete */
1612 180 : return PGRES_POLLING_OK;
1613 : }
1614 :
1615 : void
1616 45252 : pgtls_close(PGconn *conn)
1617 : {
1618 45252 : bool destroy_needed = false;
1619 :
1620 45252 : if (conn->ssl_in_use)
1621 : {
1622 228 : if (conn->ssl)
1623 : {
1624 : /*
1625 : * We can't destroy everything SSL-related here due to the
1626 : * possible later calls to OpenSSL routines which may need our
1627 : * thread callbacks, so set a flag here and check at the end.
1628 : */
1629 :
1630 228 : SSL_shutdown(conn->ssl);
1631 228 : SSL_free(conn->ssl);
1632 228 : conn->ssl = NULL;
1633 228 : conn->ssl_in_use = false;
1634 228 : conn->ssl_handshake_started = false;
1635 :
1636 228 : destroy_needed = true;
1637 : }
1638 :
1639 228 : if (conn->peer)
1640 : {
1641 206 : X509_free(conn->peer);
1642 206 : conn->peer = NULL;
1643 : }
1644 :
1645 : #ifdef USE_SSL_ENGINE
1646 228 : if (conn->engine)
1647 : {
1648 0 : ENGINE_finish(conn->engine);
1649 0 : ENGINE_free(conn->engine);
1650 0 : conn->engine = NULL;
1651 : }
1652 : #endif
1653 : }
1654 : else
1655 : {
1656 : /*
1657 : * In the non-SSL case, just remove the crypto callbacks if the
1658 : * connection has them loaded. This code path has no dependency on
1659 : * any pending SSL calls.
1660 : */
1661 45024 : if (conn->crypto_loaded)
1662 0 : destroy_needed = true;
1663 : }
1664 :
1665 : /*
1666 : * This will remove our crypto locking hooks if this is the last
1667 : * connection using libcrypto which means we must wait to call it until
1668 : * after all the potential SSL calls have been made, otherwise we can end
1669 : * up with a race condition and possible deadlocks.
1670 : *
1671 : * See comments above destroy_ssl_system().
1672 : */
1673 45252 : if (destroy_needed)
1674 : {
1675 228 : destroy_ssl_system();
1676 228 : conn->crypto_loaded = false;
1677 : }
1678 45252 : }
1679 :
1680 :
1681 : /*
1682 : * Obtain reason string for passed SSL errcode
1683 : *
1684 : * ERR_get_error() is used by caller to get errcode to pass here.
1685 : * The result must be freed after use, using SSLerrfree.
1686 : *
1687 : * Some caution is needed here since ERR_reason_error_string will return NULL
1688 : * if it doesn't recognize the error code, or (in OpenSSL >= 3) if the code
1689 : * represents a system errno value. We don't want to return NULL ever.
1690 : */
1691 : static char ssl_nomem[] = "out of memory allocating error description";
1692 :
1693 : #define SSL_ERR_LEN 128
1694 :
1695 : static char *
1696 36 : SSLerrmessage(unsigned long ecode)
1697 : {
1698 : const char *errreason;
1699 : char *errbuf;
1700 :
1701 36 : errbuf = malloc(SSL_ERR_LEN);
1702 36 : if (!errbuf)
1703 0 : return ssl_nomem;
1704 36 : if (ecode == 0)
1705 : {
1706 0 : snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("no SSL error reported"));
1707 0 : return errbuf;
1708 : }
1709 36 : errreason = ERR_reason_error_string(ecode);
1710 36 : if (errreason != NULL)
1711 : {
1712 36 : strlcpy(errbuf, errreason, SSL_ERR_LEN);
1713 36 : return errbuf;
1714 : }
1715 :
1716 : /*
1717 : * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to
1718 : * map system errno values. We can cover that shortcoming with this bit
1719 : * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro,
1720 : * but that's okay because they don't have the shortcoming either.
1721 : */
1722 : #ifdef ERR_SYSTEM_ERROR
1723 : if (ERR_SYSTEM_ERROR(ecode))
1724 : {
1725 : strlcpy(errbuf, strerror(ERR_GET_REASON(ecode)), SSL_ERR_LEN);
1726 : return errbuf;
1727 : }
1728 : #endif
1729 :
1730 : /* No choice but to report the numeric ecode */
1731 0 : snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("SSL error code %lu"), ecode);
1732 0 : return errbuf;
1733 : }
1734 :
1735 : static void
1736 36 : SSLerrfree(char *buf)
1737 : {
1738 36 : if (buf != ssl_nomem)
1739 36 : free(buf);
1740 36 : }
1741 :
1742 : /* ------------------------------------------------------------ */
1743 : /* SSL information functions */
1744 : /* ------------------------------------------------------------ */
1745 :
1746 : /*
1747 : * Return pointer to OpenSSL object.
1748 : */
1749 : void *
1750 0 : PQgetssl(PGconn *conn)
1751 : {
1752 0 : if (!conn)
1753 0 : return NULL;
1754 0 : return conn->ssl;
1755 : }
1756 :
1757 : void *
1758 0 : PQsslStruct(PGconn *conn, const char *struct_name)
1759 : {
1760 0 : if (!conn)
1761 0 : return NULL;
1762 0 : if (strcmp(struct_name, "OpenSSL") == 0)
1763 0 : return conn->ssl;
1764 0 : return NULL;
1765 : }
1766 :
1767 : const char *const *
1768 0 : PQsslAttributeNames(PGconn *conn)
1769 : {
1770 : static const char *const openssl_attrs[] = {
1771 : "library",
1772 : "key_bits",
1773 : "cipher",
1774 : "compression",
1775 : "protocol",
1776 : "alpn",
1777 : NULL
1778 : };
1779 : static const char *const empty_attrs[] = {NULL};
1780 :
1781 0 : if (!conn)
1782 : {
1783 : /* Return attributes of default SSL library */
1784 0 : return openssl_attrs;
1785 : }
1786 :
1787 : /* No attrs for unencrypted connection */
1788 0 : if (conn->ssl == NULL)
1789 0 : return empty_attrs;
1790 :
1791 0 : return openssl_attrs;
1792 : }
1793 :
1794 : const char *
1795 2 : PQsslAttribute(PGconn *conn, const char *attribute_name)
1796 : {
1797 2 : if (!conn)
1798 : {
1799 : /* PQsslAttribute(NULL, "library") reports the default SSL library */
1800 2 : if (strcmp(attribute_name, "library") == 0)
1801 2 : return "OpenSSL";
1802 0 : return NULL;
1803 : }
1804 :
1805 : /* All attributes read as NULL for a non-encrypted connection */
1806 0 : if (conn->ssl == NULL)
1807 0 : return NULL;
1808 :
1809 0 : if (strcmp(attribute_name, "library") == 0)
1810 0 : return "OpenSSL";
1811 :
1812 0 : if (strcmp(attribute_name, "key_bits") == 0)
1813 : {
1814 : static char sslbits_str[12];
1815 : int sslbits;
1816 :
1817 0 : SSL_get_cipher_bits(conn->ssl, &sslbits);
1818 0 : snprintf(sslbits_str, sizeof(sslbits_str), "%d", sslbits);
1819 0 : return sslbits_str;
1820 : }
1821 :
1822 0 : if (strcmp(attribute_name, "cipher") == 0)
1823 0 : return SSL_get_cipher(conn->ssl);
1824 :
1825 0 : if (strcmp(attribute_name, "compression") == 0)
1826 0 : return SSL_get_current_compression(conn->ssl) ? "on" : "off";
1827 :
1828 0 : if (strcmp(attribute_name, "protocol") == 0)
1829 0 : return SSL_get_version(conn->ssl);
1830 :
1831 0 : if (strcmp(attribute_name, "alpn") == 0)
1832 : {
1833 : const unsigned char *data;
1834 : unsigned int len;
1835 : static char alpn_str[256]; /* alpn doesn't support longer than 255
1836 : * bytes */
1837 :
1838 0 : SSL_get0_alpn_selected(conn->ssl, &data, &len);
1839 0 : if (data == NULL || len == 0 || len > sizeof(alpn_str) - 1)
1840 0 : return NULL;
1841 0 : memcpy(alpn_str, data, len);
1842 0 : alpn_str[len] = 0;
1843 0 : return alpn_str;
1844 : }
1845 :
1846 0 : return NULL; /* unknown attribute */
1847 : }
1848 :
1849 : /*
1850 : * Private substitute BIO: this does the sending and receiving using
1851 : * pqsecure_raw_write() and pqsecure_raw_read() instead, to allow those
1852 : * functions to disable SIGPIPE and give better error messages on I/O errors.
1853 : *
1854 : * These functions are closely modelled on the standard socket BIO in OpenSSL;
1855 : * see sock_read() and sock_write() in OpenSSL's crypto/bio/bss_sock.c.
1856 : */
1857 :
1858 : /* protected by ssl_config_mutex */
1859 : static BIO_METHOD *my_bio_methods;
1860 :
1861 : static int
1862 5762 : my_sock_read(BIO *h, char *buf, int size)
1863 : {
1864 5762 : PGconn *conn = (PGconn *) BIO_get_app_data(h);
1865 : int res;
1866 :
1867 5762 : res = pqsecure_raw_read(conn, buf, size);
1868 5762 : BIO_clear_retry_flags(h);
1869 5762 : if (res < 0)
1870 : {
1871 : /* If we were interrupted, tell caller to retry */
1872 878 : switch (SOCK_ERRNO)
1873 : {
1874 : #ifdef EAGAIN
1875 878 : case EAGAIN:
1876 : #endif
1877 : #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
1878 : case EWOULDBLOCK:
1879 : #endif
1880 : case EINTR:
1881 878 : BIO_set_retry_read(h);
1882 878 : break;
1883 :
1884 0 : default:
1885 0 : break;
1886 : }
1887 4884 : }
1888 :
1889 5762 : if (res > 0)
1890 4884 : conn->ssl_handshake_started = true;
1891 :
1892 5762 : return res;
1893 : }
1894 :
1895 : static int
1896 1374 : my_sock_write(BIO *h, const char *buf, int size)
1897 : {
1898 : int res;
1899 :
1900 1374 : res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
1901 1374 : BIO_clear_retry_flags(h);
1902 1374 : if (res < 0)
1903 : {
1904 : /* If we were interrupted, tell caller to retry */
1905 0 : switch (SOCK_ERRNO)
1906 : {
1907 : #ifdef EAGAIN
1908 0 : case EAGAIN:
1909 : #endif
1910 : #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
1911 : case EWOULDBLOCK:
1912 : #endif
1913 : case EINTR:
1914 0 : BIO_set_retry_write(h);
1915 0 : break;
1916 :
1917 0 : default:
1918 0 : break;
1919 : }
1920 1374 : }
1921 :
1922 1374 : return res;
1923 : }
1924 :
1925 : static BIO_METHOD *
1926 228 : my_BIO_s_socket(void)
1927 : {
1928 : BIO_METHOD *res;
1929 :
1930 228 : if (pthread_mutex_lock(&ssl_config_mutex))
1931 0 : return NULL;
1932 :
1933 228 : res = my_bio_methods;
1934 :
1935 228 : if (!my_bio_methods)
1936 : {
1937 228 : BIO_METHOD *biom = (BIO_METHOD *) BIO_s_socket();
1938 : #ifdef HAVE_BIO_METH_NEW
1939 : int my_bio_index;
1940 :
1941 228 : my_bio_index = BIO_get_new_index();
1942 228 : if (my_bio_index == -1)
1943 0 : goto err;
1944 228 : my_bio_index |= (BIO_TYPE_DESCRIPTOR | BIO_TYPE_SOURCE_SINK);
1945 228 : res = BIO_meth_new(my_bio_index, "libpq socket");
1946 228 : if (!res)
1947 0 : goto err;
1948 :
1949 : /*
1950 : * As of this writing, these functions never fail. But check anyway,
1951 : * like OpenSSL's own examples do.
1952 : */
1953 456 : if (!BIO_meth_set_write(res, my_sock_write) ||
1954 456 : !BIO_meth_set_read(res, my_sock_read) ||
1955 456 : !BIO_meth_set_gets(res, BIO_meth_get_gets(biom)) ||
1956 456 : !BIO_meth_set_puts(res, BIO_meth_get_puts(biom)) ||
1957 456 : !BIO_meth_set_ctrl(res, BIO_meth_get_ctrl(biom)) ||
1958 456 : !BIO_meth_set_create(res, BIO_meth_get_create(biom)) ||
1959 456 : !BIO_meth_set_destroy(res, BIO_meth_get_destroy(biom)) ||
1960 228 : !BIO_meth_set_callback_ctrl(res, BIO_meth_get_callback_ctrl(biom)))
1961 : {
1962 0 : goto err;
1963 : }
1964 : #else
1965 : res = malloc(sizeof(BIO_METHOD));
1966 : if (!res)
1967 : goto err;
1968 : memcpy(res, biom, sizeof(BIO_METHOD));
1969 : res->bread = my_sock_read;
1970 : res->bwrite = my_sock_write;
1971 : #endif
1972 : }
1973 :
1974 228 : my_bio_methods = res;
1975 228 : pthread_mutex_unlock(&ssl_config_mutex);
1976 228 : return res;
1977 :
1978 0 : err:
1979 : #ifdef HAVE_BIO_METH_NEW
1980 0 : if (res)
1981 0 : BIO_meth_free(res);
1982 : #else
1983 : if (res)
1984 : free(res);
1985 : #endif
1986 0 : pthread_mutex_unlock(&ssl_config_mutex);
1987 0 : return NULL;
1988 : }
1989 :
1990 : /* This should exactly match OpenSSL's SSL_set_fd except for using my BIO */
1991 : static int
1992 228 : my_SSL_set_fd(PGconn *conn, int fd)
1993 : {
1994 228 : int ret = 0;
1995 : BIO *bio;
1996 : BIO_METHOD *bio_method;
1997 :
1998 228 : bio_method = my_BIO_s_socket();
1999 228 : if (bio_method == NULL)
2000 : {
2001 0 : SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
2002 0 : goto err;
2003 : }
2004 228 : bio = BIO_new(bio_method);
2005 228 : if (bio == NULL)
2006 : {
2007 0 : SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
2008 0 : goto err;
2009 : }
2010 228 : BIO_set_app_data(bio, conn);
2011 :
2012 228 : SSL_set_bio(conn->ssl, bio, bio);
2013 228 : BIO_set_fd(bio, fd, BIO_NOCLOSE);
2014 228 : ret = 1;
2015 228 : err:
2016 228 : return ret;
2017 : }
2018 :
2019 : /*
2020 : * This is the default handler to return a client cert password from
2021 : * conn->sslpassword. Apps may install it explicitly if they want to
2022 : * prevent openssl from ever prompting on stdin.
2023 : */
2024 : int
2025 4 : PQdefaultSSLKeyPassHook_OpenSSL(char *buf, int size, PGconn *conn)
2026 : {
2027 4 : if (conn && conn->sslpassword)
2028 : {
2029 4 : if (strlen(conn->sslpassword) + 1 > size)
2030 0 : fprintf(stderr, libpq_gettext("WARNING: sslpassword truncated\n"));
2031 4 : strncpy(buf, conn->sslpassword, size);
2032 4 : buf[size - 1] = '\0';
2033 4 : return strlen(buf);
2034 : }
2035 : else
2036 : {
2037 0 : buf[0] = '\0';
2038 0 : return 0;
2039 : }
2040 : }
2041 :
2042 : PQsslKeyPassHook_OpenSSL_type
2043 0 : PQgetSSLKeyPassHook_OpenSSL(void)
2044 : {
2045 0 : return PQsslKeyPassHook;
2046 : }
2047 :
2048 : void
2049 0 : PQsetSSLKeyPassHook_OpenSSL(PQsslKeyPassHook_OpenSSL_type hook)
2050 : {
2051 0 : PQsslKeyPassHook = hook;
2052 0 : }
2053 :
2054 : /*
2055 : * Supply a password to decrypt a client certificate.
2056 : *
2057 : * This must match OpenSSL type pem_password_cb.
2058 : */
2059 : static int
2060 4 : PQssl_passwd_cb(char *buf, int size, int rwflag, void *userdata)
2061 : {
2062 4 : PGconn *conn = userdata;
2063 :
2064 4 : if (PQsslKeyPassHook)
2065 0 : return PQsslKeyPassHook(buf, size, conn);
2066 : else
2067 4 : return PQdefaultSSLKeyPassHook_OpenSSL(buf, size, conn);
2068 : }
2069 :
2070 : /*
2071 : * Convert TLS protocol version string to OpenSSL values
2072 : *
2073 : * If a version is passed that is not supported by the current OpenSSL version,
2074 : * then we return -1. If a non-negative value is returned, subsequent code can
2075 : * assume it is working with a supported version.
2076 : *
2077 : * Note: this is rather similar to the backend routine in be-secure-openssl.c,
2078 : * so make sure to update both routines if changing this one.
2079 : */
2080 : static int
2081 236 : ssl_protocol_version_to_openssl(const char *protocol)
2082 : {
2083 236 : if (pg_strcasecmp("TLSv1", protocol) == 0)
2084 0 : return TLS1_VERSION;
2085 :
2086 : #ifdef TLS1_1_VERSION
2087 236 : if (pg_strcasecmp("TLSv1.1", protocol) == 0)
2088 0 : return TLS1_1_VERSION;
2089 : #endif
2090 :
2091 : #ifdef TLS1_2_VERSION
2092 236 : if (pg_strcasecmp("TLSv1.2", protocol) == 0)
2093 236 : return TLS1_2_VERSION;
2094 : #endif
2095 :
2096 : #ifdef TLS1_3_VERSION
2097 0 : if (pg_strcasecmp("TLSv1.3", protocol) == 0)
2098 0 : return TLS1_3_VERSION;
2099 : #endif
2100 :
2101 0 : return -1;
2102 : }
|