Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * fe-secure-openssl.c
4 : * OpenSSL support
5 : *
6 : *
7 : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
8 : * Portions Copyright (c) 1994, Regents of the University of California
9 : *
10 : *
11 : * IDENTIFICATION
12 : * src/interfaces/libpq/fe-secure-openssl.c
13 : *
14 : * NOTES
15 : *
16 : * We don't provide informational callbacks here (like
17 : * info_cb() in be-secure-openssl.c), since there's no good mechanism to
18 : * display such information to the user.
19 : *
20 : *-------------------------------------------------------------------------
21 : */
22 :
23 : #include "postgres_fe.h"
24 :
25 : #include <signal.h>
26 : #include <fcntl.h>
27 : #include <ctype.h>
28 :
29 : #include "libpq-fe.h"
30 : #include "fe-auth.h"
31 : #include "fe-secure-common.h"
32 : #include "libpq-int.h"
33 :
34 : #ifdef WIN32
35 : #include "win32.h"
36 : #else
37 : #include <sys/socket.h>
38 : #include <unistd.h>
39 : #include <netdb.h>
40 : #include <netinet/in.h>
41 : #include <netinet/tcp.h>
42 : #include <arpa/inet.h>
43 : #endif
44 :
45 : #include <sys/stat.h>
46 :
47 : #ifdef WIN32
48 : #include "pthread-win32.h"
49 : #else
50 : #include <pthread.h>
51 : #endif
52 :
53 : /*
54 : * These SSL-related #includes must come after all system-provided headers.
55 : * This ensures that OpenSSL can take care of conflicts with Windows'
56 : * <wincrypt.h> by #undef'ing the conflicting macros. (We don't directly
57 : * include <wincrypt.h>, but some other Windows headers do.)
58 : */
59 : #include "common/openssl.h"
60 : #include <openssl/ssl.h>
61 : #include <openssl/conf.h>
62 : #ifdef USE_SSL_ENGINE
63 : #include <openssl/engine.h>
64 : #endif
65 : #include <openssl/x509v3.h>
66 :
67 :
68 : static int verify_cb(int ok, X509_STORE_CTX *ctx);
69 : static int openssl_verify_peer_name_matches_certificate_name(PGconn *conn,
70 : const ASN1_STRING *name_entry,
71 : char **store_name);
72 : static int openssl_verify_peer_name_matches_certificate_ip(PGconn *conn,
73 : ASN1_OCTET_STRING *addr_entry,
74 : char **store_name);
75 : static int initialize_SSL(PGconn *conn);
76 : static PostgresPollingStatusType open_client_SSL(PGconn *conn);
77 : static char *SSLerrmessage(unsigned long ecode);
78 : static void SSLerrfree(char *buf);
79 : static int PQssl_passwd_cb(char *buf, int size, int rwflag, void *userdata);
80 :
81 : static int pgconn_bio_read(BIO *h, char *buf, int size);
82 : static int pgconn_bio_write(BIO *h, const char *buf, int size);
83 : static BIO_METHOD *pgconn_bio_method(void);
84 : static int ssl_set_pgconn_bio(PGconn *conn);
85 :
86 : static pthread_mutex_t ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER;
87 :
88 : static PQsslKeyPassHook_OpenSSL_type PQsslKeyPassHook = NULL;
89 : static int ssl_protocol_version_to_openssl(const char *protocol);
90 :
91 : /* ------------------------------------------------------------ */
92 : /* Procedures common to all secure sessions */
93 : /* ------------------------------------------------------------ */
94 :
95 : PostgresPollingStatusType
96 298 : pgtls_open_client(PGconn *conn)
97 : {
98 : /* First time through? */
99 298 : if (conn->ssl == NULL)
100 : {
101 : /*
102 : * Create a connection-specific SSL object, and load client
103 : * certificate, private key, and trusted CA certs.
104 : */
105 174 : if (initialize_SSL(conn) != 0)
106 : {
107 : /* initialize_SSL already put a message in conn->errorMessage */
108 5 : pgtls_close(conn);
109 5 : return PGRES_POLLING_FAILED;
110 : }
111 : }
112 :
113 : /* Begin or continue the actual handshake */
114 293 : return open_client_SSL(conn);
115 : }
116 :
117 : ssize_t
118 368 : pgtls_read(PGconn *conn, void *ptr, size_t len)
119 : {
120 : ssize_t n;
121 368 : int result_errno = 0;
122 : char sebuf[PG_STRERROR_R_BUFLEN];
123 : int err;
124 : unsigned long ecode;
125 :
126 368 : rloop:
127 :
128 : /*
129 : * Prepare to call SSL_get_error() by clearing thread's OpenSSL error
130 : * queue. In general, the current thread's error queue must be empty
131 : * before the TLS/SSL I/O operation is attempted, or SSL_get_error() will
132 : * not work reliably. Since the possibility exists that other OpenSSL
133 : * clients running in the same thread but not under our control will fail
134 : * to call ERR_get_error() themselves (after their own I/O operations),
135 : * pro-actively clear the per-thread error queue now.
136 : */
137 368 : SOCK_ERRNO_SET(0);
138 368 : ERR_clear_error();
139 368 : n = SSL_read(conn->ssl, ptr, len);
140 368 : err = SSL_get_error(conn->ssl, n);
141 :
142 : /*
143 : * Other clients of OpenSSL may fail to call ERR_get_error(), but we
144 : * always do, so as to not cause problems for OpenSSL clients that don't
145 : * call ERR_clear_error() defensively. Be sure that this happens by
146 : * calling now. SSL_get_error() relies on the OpenSSL per-thread error
147 : * queue being intact, so this is the earliest possible point
148 : * ERR_get_error() may be called.
149 : */
150 368 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
151 368 : switch (err)
152 : {
153 250 : case SSL_ERROR_NONE:
154 250 : if (n < 0)
155 : {
156 : /* Not supposed to happen, so we don't translate the msg */
157 0 : appendPQExpBufferStr(&conn->errorMessage,
158 : "SSL_read failed but did not provide error information\n");
159 : /* assume the connection is broken */
160 0 : result_errno = ECONNRESET;
161 : }
162 250 : break;
163 109 : case SSL_ERROR_WANT_READ:
164 109 : n = 0;
165 109 : break;
166 0 : case SSL_ERROR_WANT_WRITE:
167 :
168 : /*
169 : * Returning 0 here would cause caller to wait for read-ready,
170 : * which is not correct since what SSL wants is wait for
171 : * write-ready. The former could get us stuck in an infinite
172 : * wait, so don't risk it; busy-loop instead.
173 : */
174 0 : goto rloop;
175 0 : case SSL_ERROR_SYSCALL:
176 0 : if (n < 0 && SOCK_ERRNO != 0)
177 : {
178 0 : result_errno = SOCK_ERRNO;
179 0 : if (result_errno == EPIPE ||
180 : result_errno == ECONNRESET)
181 0 : libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
182 : "\tThis probably means the server terminated abnormally\n"
183 : "\tbefore or while processing the request.");
184 : else
185 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
186 : SOCK_STRERROR(result_errno,
187 : sebuf, sizeof(sebuf)));
188 : }
189 : else
190 : {
191 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
192 : /* assume the connection is broken */
193 0 : result_errno = ECONNRESET;
194 0 : n = -1;
195 : }
196 0 : break;
197 9 : case SSL_ERROR_SSL:
198 : {
199 9 : char *errm = SSLerrmessage(ecode);
200 :
201 9 : libpq_append_conn_error(conn, "SSL error: %s", errm);
202 9 : SSLerrfree(errm);
203 : /* assume the connection is broken */
204 9 : result_errno = ECONNRESET;
205 9 : n = -1;
206 9 : break;
207 : }
208 0 : case SSL_ERROR_ZERO_RETURN:
209 :
210 : /*
211 : * Per OpenSSL documentation, this error code is only returned for
212 : * a clean connection closure, so we should not report it as a
213 : * server crash.
214 : */
215 0 : libpq_append_conn_error(conn, "SSL connection has been closed unexpectedly");
216 0 : result_errno = ECONNRESET;
217 0 : n = -1;
218 0 : break;
219 0 : default:
220 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
221 : /* assume the connection is broken */
222 0 : result_errno = ECONNRESET;
223 0 : n = -1;
224 0 : break;
225 : }
226 :
227 : /* ensure we return the intended errno to caller */
228 368 : SOCK_ERRNO_SET(result_errno);
229 :
230 368 : return n;
231 : }
232 :
233 : bool
234 383 : pgtls_read_pending(PGconn *conn)
235 : {
236 383 : return SSL_pending(conn->ssl) > 0;
237 : }
238 :
239 : ssize_t
240 367 : pgtls_write(PGconn *conn, const void *ptr, size_t len)
241 : {
242 : ssize_t n;
243 367 : int result_errno = 0;
244 : char sebuf[PG_STRERROR_R_BUFLEN];
245 : int err;
246 : unsigned long ecode;
247 :
248 367 : SOCK_ERRNO_SET(0);
249 367 : ERR_clear_error();
250 367 : n = SSL_write(conn->ssl, ptr, len);
251 367 : err = SSL_get_error(conn->ssl, n);
252 367 : ecode = (err != SSL_ERROR_NONE || n < 0) ? ERR_get_error() : 0;
253 367 : switch (err)
254 : {
255 367 : case SSL_ERROR_NONE:
256 367 : if (n < 0)
257 : {
258 : /* Not supposed to happen, so we don't translate the msg */
259 0 : appendPQExpBufferStr(&conn->errorMessage,
260 : "SSL_write failed but did not provide error information\n");
261 : /* assume the connection is broken */
262 0 : result_errno = ECONNRESET;
263 : }
264 367 : break;
265 0 : case SSL_ERROR_WANT_READ:
266 :
267 : /*
268 : * Returning 0 here causes caller to wait for write-ready, which
269 : * is not really the right thing, but it's the best we can do.
270 : */
271 0 : n = 0;
272 0 : break;
273 0 : case SSL_ERROR_WANT_WRITE:
274 0 : n = 0;
275 0 : break;
276 0 : case SSL_ERROR_SYSCALL:
277 :
278 : /*
279 : * If errno is still zero then assume it's a read EOF situation,
280 : * and report EOF. (This seems possible because SSL_write can
281 : * also do reads.)
282 : */
283 0 : if (n < 0 && SOCK_ERRNO != 0)
284 : {
285 0 : result_errno = SOCK_ERRNO;
286 0 : if (result_errno == EPIPE || result_errno == ECONNRESET)
287 0 : libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
288 : "\tThis probably means the server terminated abnormally\n"
289 : "\tbefore or while processing the request.");
290 : else
291 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
292 : SOCK_STRERROR(result_errno,
293 : sebuf, sizeof(sebuf)));
294 : }
295 : else
296 : {
297 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
298 : /* assume the connection is broken */
299 0 : result_errno = ECONNRESET;
300 0 : n = -1;
301 : }
302 0 : break;
303 0 : case SSL_ERROR_SSL:
304 : {
305 0 : char *errm = SSLerrmessage(ecode);
306 :
307 0 : libpq_append_conn_error(conn, "SSL error: %s", errm);
308 0 : SSLerrfree(errm);
309 : /* assume the connection is broken */
310 0 : result_errno = ECONNRESET;
311 0 : n = -1;
312 0 : break;
313 : }
314 0 : case SSL_ERROR_ZERO_RETURN:
315 :
316 : /*
317 : * Per OpenSSL documentation, this error code is only returned for
318 : * a clean connection closure, so we should not report it as a
319 : * server crash.
320 : */
321 0 : libpq_append_conn_error(conn, "SSL connection has been closed unexpectedly");
322 0 : result_errno = ECONNRESET;
323 0 : n = -1;
324 0 : break;
325 0 : default:
326 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
327 : /* assume the connection is broken */
328 0 : result_errno = ECONNRESET;
329 0 : n = -1;
330 0 : break;
331 : }
332 :
333 : /* ensure we return the intended errno to caller */
334 367 : SOCK_ERRNO_SET(result_errno);
335 :
336 367 : return n;
337 : }
338 :
339 : char *
340 5 : pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
341 : {
342 : X509 *peer_cert;
343 : const EVP_MD *algo_type;
344 : unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */
345 : unsigned int hash_size;
346 : int algo_nid;
347 : char *cert_hash;
348 :
349 5 : *len = 0;
350 :
351 5 : if (!conn->peer)
352 0 : return NULL;
353 :
354 5 : peer_cert = conn->peer;
355 :
356 : /*
357 : * Get the signature algorithm of the certificate to determine the hash
358 : * algorithm to use for the result. Prefer X509_get_signature_info(),
359 : * introduced in OpenSSL 1.1.1, which can handle RSA-PSS signatures.
360 : */
361 : #if HAVE_X509_GET_SIGNATURE_INFO
362 5 : if (!X509_get_signature_info(peer_cert, &algo_nid, NULL, NULL, NULL))
363 : #else
364 : if (!OBJ_find_sigid_algs(X509_get_signature_nid(peer_cert),
365 : &algo_nid, NULL))
366 : #endif
367 : {
368 0 : libpq_append_conn_error(conn, "could not determine server certificate signature algorithm");
369 0 : return NULL;
370 : }
371 :
372 : /*
373 : * The TLS server's certificate bytes need to be hashed with SHA-256 if
374 : * its signature algorithm is MD5 or SHA-1 as per RFC 5929
375 : * (https://tools.ietf.org/html/rfc5929#section-4.1). If something else
376 : * is used, the same hash as the signature algorithm is used.
377 : */
378 5 : switch (algo_nid)
379 : {
380 0 : case NID_md5:
381 : case NID_sha1:
382 0 : algo_type = EVP_sha256();
383 0 : break;
384 5 : default:
385 5 : algo_type = EVP_get_digestbynid(algo_nid);
386 5 : if (algo_type == NULL)
387 : {
388 0 : libpq_append_conn_error(conn, "could not find digest for NID %s",
389 : OBJ_nid2sn(algo_nid));
390 0 : return NULL;
391 : }
392 5 : break;
393 : }
394 :
395 5 : if (!X509_digest(peer_cert, algo_type, hash, &hash_size))
396 : {
397 0 : libpq_append_conn_error(conn, "could not generate peer certificate hash");
398 0 : return NULL;
399 : }
400 :
401 : /* save result */
402 5 : cert_hash = malloc(hash_size);
403 5 : if (cert_hash == NULL)
404 : {
405 0 : libpq_append_conn_error(conn, "out of memory");
406 0 : return NULL;
407 : }
408 5 : memcpy(cert_hash, hash, hash_size);
409 5 : *len = hash_size;
410 :
411 5 : return cert_hash;
412 : }
413 :
414 : /* ------------------------------------------------------------ */
415 : /* OpenSSL specific code */
416 : /* ------------------------------------------------------------ */
417 :
418 : /*
419 : * Certificate verification callback
420 : *
421 : * This callback allows us to log intermediate problems during
422 : * verification, but there doesn't seem to be a clean way to get
423 : * our PGconn * structure. So we can't log anything!
424 : *
425 : * This callback also allows us to override the default acceptance
426 : * criteria (e.g., accepting self-signed or expired certs), but
427 : * for now we accept the default checks.
428 : */
429 : static int
430 357 : verify_cb(int ok, X509_STORE_CTX *ctx)
431 : {
432 357 : return ok;
433 : }
434 :
435 : #ifdef HAVE_SSL_CTX_SET_CERT_CB
436 : /*
437 : * Certificate selection callback
438 : *
439 : * This callback lets us choose the client certificate we send to the server
440 : * after seeing its CertificateRequest. We only support sending a single
441 : * hard-coded certificate via sslcert, so we don't actually set any certificates
442 : * here; we just use it to record whether or not the server has actually asked
443 : * for one and whether we have one to send.
444 : */
445 : static int
446 133 : cert_cb(SSL *ssl, void *arg)
447 : {
448 133 : PGconn *conn = arg;
449 :
450 133 : conn->ssl_cert_requested = true;
451 :
452 : /* Do we have a certificate loaded to send back? */
453 133 : if (SSL_get_certificate(ssl))
454 41 : conn->ssl_cert_sent = true;
455 :
456 : /*
457 : * Tell OpenSSL that the callback succeeded; we're not required to
458 : * actually make any changes to the SSL handle.
459 : */
460 133 : return 1;
461 : }
462 : #endif
463 :
464 : /*
465 : * OpenSSL-specific wrapper around
466 : * pq_verify_peer_name_matches_certificate_name(), converting the ASN1_STRING
467 : * into a plain C string.
468 : */
469 : static int
470 34 : openssl_verify_peer_name_matches_certificate_name(PGconn *conn,
471 : const ASN1_STRING *name_entry,
472 : char **store_name)
473 : {
474 : int len;
475 : const unsigned char *namedata;
476 :
477 : /* Should not happen... */
478 34 : if (name_entry == NULL)
479 : {
480 0 : libpq_append_conn_error(conn, "SSL certificate's name entry is missing");
481 0 : return -1;
482 : }
483 :
484 : /*
485 : * GEN_DNS can be only IA5String, equivalent to US ASCII.
486 : */
487 34 : namedata = ASN1_STRING_get0_data(name_entry);
488 34 : len = ASN1_STRING_length(name_entry);
489 :
490 : /* OK to cast from unsigned to plain char, since it's all ASCII. */
491 34 : return pq_verify_peer_name_matches_certificate_name(conn, (const char *) namedata, len, store_name);
492 : }
493 :
494 : /*
495 : * OpenSSL-specific wrapper around
496 : * pq_verify_peer_name_matches_certificate_ip(), converting the
497 : * ASN1_OCTET_STRING into a plain C string.
498 : */
499 : static int
500 24 : openssl_verify_peer_name_matches_certificate_ip(PGconn *conn,
501 : ASN1_OCTET_STRING *addr_entry,
502 : char **store_name)
503 : {
504 : int len;
505 : const unsigned char *addrdata;
506 :
507 : /* Should not happen... */
508 24 : if (addr_entry == NULL)
509 : {
510 0 : libpq_append_conn_error(conn, "SSL certificate's address entry is missing");
511 0 : return -1;
512 : }
513 :
514 : /*
515 : * GEN_IPADD is an OCTET STRING containing an IP address in network byte
516 : * order.
517 : */
518 24 : addrdata = ASN1_STRING_get0_data(addr_entry);
519 24 : len = ASN1_STRING_length(addr_entry);
520 :
521 24 : return pq_verify_peer_name_matches_certificate_ip(conn, addrdata, len, store_name);
522 : }
523 :
524 : static bool
525 36 : is_ip_address(const char *host)
526 : {
527 : struct in_addr dummy4;
528 : #ifdef HAVE_INET_PTON
529 : struct in6_addr dummy6;
530 : #endif
531 :
532 36 : return inet_aton(host, &dummy4)
533 : #ifdef HAVE_INET_PTON
534 36 : || (inet_pton(AF_INET6, host, &dummy6) == 1)
535 : #endif
536 : ;
537 : }
538 :
539 : /*
540 : * Verify that the server certificate matches the hostname we connected to.
541 : *
542 : * The certificate's Common Name and Subject Alternative Names are considered.
543 : */
544 : int
545 36 : pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn,
546 : int *names_examined,
547 : char **first_name)
548 : {
549 : STACK_OF(GENERAL_NAME) * peer_san;
550 : int i;
551 36 : int rc = 0;
552 36 : char *host = conn->connhost[conn->whichhost].host;
553 : int host_type;
554 36 : bool check_cn = true;
555 :
556 : Assert(host && host[0]); /* should be guaranteed by caller */
557 :
558 : /*
559 : * We try to match the NSS behavior here, which is a slight departure from
560 : * the spec but seems to make more intuitive sense:
561 : *
562 : * If connhost contains a DNS name, and the certificate's SANs contain any
563 : * dNSName entries, then we'll ignore the Subject Common Name entirely;
564 : * otherwise, we fall back to checking the CN. (This behavior matches the
565 : * RFC.)
566 : *
567 : * If connhost contains an IP address, and the SANs contain iPAddress
568 : * entries, we again ignore the CN. Otherwise, we allow the CN to match,
569 : * EVEN IF there is a dNSName in the SANs. (RFC 6125 prohibits this: "A
570 : * client MUST NOT seek a match for a reference identifier of CN-ID if the
571 : * presented identifiers include a DNS-ID, SRV-ID, URI-ID, or any
572 : * application-specific identifier types supported by the client.")
573 : *
574 : * NOTE: Prior versions of libpq did not consider iPAddress entries at
575 : * all, so this new behavior might break a certificate that has different
576 : * IP addresses in the Subject CN and the SANs.
577 : */
578 36 : if (is_ip_address(host))
579 16 : host_type = GEN_IPADD;
580 : else
581 20 : host_type = GEN_DNS;
582 :
583 : /*
584 : * First, get the Subject Alternative Names (SANs) from the certificate,
585 : * and compare them against the originally given hostname.
586 : */
587 : peer_san = (STACK_OF(GENERAL_NAME) *)
588 36 : X509_get_ext_d2i(conn->peer, NID_subject_alt_name, NULL, NULL);
589 :
590 36 : if (peer_san)
591 : {
592 29 : int san_len = sk_GENERAL_NAME_num(peer_san);
593 :
594 61 : for (i = 0; i < san_len; i++)
595 : {
596 50 : const GENERAL_NAME *name = sk_GENERAL_NAME_value(peer_san, i);
597 50 : char *alt_name = NULL;
598 :
599 50 : if (name->type == host_type)
600 : {
601 : /*
602 : * This SAN is of the same type (IP or DNS) as our host name,
603 : * so don't allow a fallback check of the CN.
604 : */
605 43 : check_cn = false;
606 : }
607 :
608 50 : if (name->type == GEN_DNS)
609 : {
610 26 : (*names_examined)++;
611 26 : rc = openssl_verify_peer_name_matches_certificate_name(conn,
612 26 : name->d.dNSName,
613 : &alt_name);
614 : }
615 24 : else if (name->type == GEN_IPADD)
616 : {
617 24 : (*names_examined)++;
618 24 : rc = openssl_verify_peer_name_matches_certificate_ip(conn,
619 24 : name->d.iPAddress,
620 : &alt_name);
621 : }
622 :
623 50 : if (alt_name)
624 : {
625 50 : if (!*first_name)
626 29 : *first_name = alt_name;
627 : else
628 21 : free(alt_name);
629 : }
630 :
631 50 : if (rc != 0)
632 : {
633 : /*
634 : * Either we hit an error or a match, and either way we should
635 : * not fall back to the CN.
636 : */
637 18 : check_cn = false;
638 18 : break;
639 : }
640 : }
641 29 : sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
642 : }
643 :
644 : /*
645 : * If there is no subjectAltName extension of the matching type, check the
646 : * Common Name.
647 : *
648 : * (Per RFC 2818 and RFC 6125, if the subjectAltName extension of type
649 : * dNSName is present, the CN must be ignored. We break this rule if host
650 : * is an IP address; see the comment above.)
651 : */
652 36 : if (check_cn)
653 : {
654 : const X509_NAME *subject_name;
655 :
656 10 : subject_name = X509_get_subject_name(conn->peer);
657 10 : if (subject_name != NULL)
658 : {
659 : int cn_index;
660 :
661 10 : cn_index = X509_NAME_get_index_by_NID(unconstify(X509_NAME *, subject_name),
662 : NID_commonName, -1);
663 10 : if (cn_index >= 0)
664 : {
665 8 : char *common_name = NULL;
666 :
667 8 : (*names_examined)++;
668 8 : rc = openssl_verify_peer_name_matches_certificate_name(conn,
669 8 : X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, cn_index)),
670 : &common_name);
671 :
672 8 : if (common_name)
673 : {
674 8 : if (!*first_name)
675 6 : *first_name = common_name;
676 : else
677 2 : free(common_name);
678 : }
679 : }
680 : }
681 : }
682 :
683 36 : return rc;
684 : }
685 :
686 : /* See pqcomm.h comments on OpenSSL implementation of ALPN (RFC 7301) */
687 : static unsigned char alpn_protos[] = PG_ALPN_PROTOCOL_VECTOR;
688 :
689 : #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
690 : /*
691 : * SSL Key Logging callback
692 : *
693 : * This callback lets the user store all key material to a file for debugging
694 : * purposes. The file will be written using the NSS keylog format. LibreSSL
695 : * 3.5 introduced stub function to set the callback for OpenSSL compatibility
696 : * but the callback is never invoked.
697 : *
698 : * Error messages added to the connection object won't be printed anywhere if
699 : * the connection is successful. Errors in processing keylogging are printed
700 : * to stderr to overcome this.
701 : */
702 : static void
703 10 : SSL_CTX_keylog_cb(const SSL *ssl, const char *line)
704 : {
705 : int fd;
706 : ssize_t rc;
707 10 : PGconn *conn = SSL_get_app_data(ssl);
708 :
709 10 : if (conn == NULL)
710 0 : return;
711 :
712 10 : fd = open(conn->sslkeylogfile, O_WRONLY | O_APPEND | O_CREAT, 0600);
713 :
714 10 : if (fd == -1)
715 : {
716 5 : fprintf(stderr, libpq_gettext("WARNING: could not open SSL key logging file \"%s\": %m\n"),
717 : conn->sslkeylogfile);
718 5 : return;
719 : }
720 :
721 : /* line is guaranteed by OpenSSL to be NUL terminated */
722 5 : rc = write(fd, line, strlen(line));
723 5 : if (rc < 0)
724 0 : fprintf(stderr, libpq_gettext("WARNING: could not write to SSL key logging file \"%s\": %m\n"),
725 : conn->sslkeylogfile);
726 : else
727 5 : rc = write(fd, "\n", 1);
728 : (void) rc; /* silence compiler warnings */
729 5 : close(fd);
730 : }
731 : #endif
732 :
733 : /*
734 : * Create per-connection SSL object, and load the client certificate,
735 : * private key, and trusted CA certs.
736 : *
737 : * Returns 0 if OK, -1 on failure (with a message in conn->errorMessage).
738 : */
739 : static int
740 174 : initialize_SSL(PGconn *conn)
741 : {
742 : SSL_CTX *SSL_context;
743 : struct stat buf;
744 : char homedir[MAXPGPATH];
745 : char fnbuf[MAXPGPATH];
746 : char sebuf[PG_STRERROR_R_BUFLEN];
747 : bool have_homedir;
748 : bool have_cert;
749 : bool have_rootcert;
750 :
751 : /*
752 : * We'll need the home directory if any of the relevant parameters are
753 : * defaulted. If pqGetHomeDirectory fails, act as though none of the
754 : * files could be found.
755 : */
756 174 : if (!(conn->sslcert && strlen(conn->sslcert) > 0) ||
757 128 : !(conn->sslkey && strlen(conn->sslkey) > 0) ||
758 120 : !(conn->sslrootcert && strlen(conn->sslrootcert) > 0) ||
759 113 : !((conn->sslcrl && strlen(conn->sslcrl) > 0) ||
760 4 : (conn->sslcrldir && strlen(conn->sslcrldir) > 0)))
761 63 : have_homedir = pqGetHomeDirectory(homedir, sizeof(homedir));
762 : else /* won't need it */
763 111 : have_homedir = false;
764 :
765 : /*
766 : * Create a new SSL_CTX object.
767 : *
768 : * We used to share a single SSL_CTX between all connections, but it was
769 : * complicated if connections used different certificates. So now we
770 : * create a separate context for each connection, and accept the overhead.
771 : */
772 174 : SSL_context = SSL_CTX_new(SSLv23_method());
773 174 : if (!SSL_context)
774 : {
775 0 : char *err = SSLerrmessage(ERR_get_error());
776 :
777 0 : libpq_append_conn_error(conn, "could not create SSL context: %s", err);
778 0 : SSLerrfree(err);
779 0 : return -1;
780 : }
781 :
782 : /*
783 : * Delegate the client cert password prompt to the libpq wrapper callback
784 : * if any is defined.
785 : *
786 : * If the application hasn't installed its own and the sslpassword
787 : * parameter is non-null, we install ours now to make sure we supply
788 : * PGconn->sslpassword to OpenSSL instead of letting it prompt on stdin.
789 : *
790 : * This will replace OpenSSL's default PEM_def_callback (which prompts on
791 : * stdin), but we're only setting it for this SSL context so it's
792 : * harmless.
793 : */
794 174 : if (PQsslKeyPassHook
795 174 : || (conn->sslpassword && strlen(conn->sslpassword) > 0))
796 : {
797 3 : SSL_CTX_set_default_passwd_cb(SSL_context, PQssl_passwd_cb);
798 3 : SSL_CTX_set_default_passwd_cb_userdata(SSL_context, conn);
799 : }
800 :
801 : #ifdef HAVE_SSL_CTX_SET_CERT_CB
802 : /* Set up a certificate selection callback. */
803 174 : SSL_CTX_set_cert_cb(SSL_context, cert_cb, conn);
804 : #endif
805 :
806 : /* Disable old protocol versions */
807 174 : SSL_CTX_set_options(SSL_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
808 :
809 : /* Set the minimum and maximum protocol versions if necessary */
810 174 : if (conn->ssl_min_protocol_version &&
811 174 : strlen(conn->ssl_min_protocol_version) != 0)
812 : {
813 : int ssl_min_ver;
814 :
815 174 : ssl_min_ver = ssl_protocol_version_to_openssl(conn->ssl_min_protocol_version);
816 :
817 174 : if (ssl_min_ver == -1)
818 : {
819 0 : libpq_append_conn_error(conn, "invalid value \"%s\" for minimum SSL protocol version",
820 : conn->ssl_min_protocol_version);
821 0 : SSL_CTX_free(SSL_context);
822 0 : return -1;
823 : }
824 :
825 174 : if (!SSL_CTX_set_min_proto_version(SSL_context, ssl_min_ver))
826 : {
827 0 : char *err = SSLerrmessage(ERR_get_error());
828 :
829 0 : libpq_append_conn_error(conn, "could not set minimum SSL protocol version: %s", err);
830 0 : SSLerrfree(err);
831 0 : SSL_CTX_free(SSL_context);
832 0 : return -1;
833 : }
834 : }
835 :
836 174 : if (conn->ssl_max_protocol_version &&
837 2 : strlen(conn->ssl_max_protocol_version) != 0)
838 : {
839 : int ssl_max_ver;
840 :
841 2 : ssl_max_ver = ssl_protocol_version_to_openssl(conn->ssl_max_protocol_version);
842 :
843 2 : if (ssl_max_ver == -1)
844 : {
845 0 : libpq_append_conn_error(conn, "invalid value \"%s\" for maximum SSL protocol version",
846 : conn->ssl_max_protocol_version);
847 0 : SSL_CTX_free(SSL_context);
848 0 : return -1;
849 : }
850 :
851 2 : if (!SSL_CTX_set_max_proto_version(SSL_context, ssl_max_ver))
852 : {
853 0 : char *err = SSLerrmessage(ERR_get_error());
854 :
855 0 : libpq_append_conn_error(conn, "could not set maximum SSL protocol version: %s", err);
856 0 : SSLerrfree(err);
857 0 : SSL_CTX_free(SSL_context);
858 0 : return -1;
859 : }
860 : }
861 :
862 : /*
863 : * Disable OpenSSL's moving-write-buffer sanity check, because it causes
864 : * unnecessary failures in nonblocking send cases.
865 : */
866 174 : SSL_CTX_set_mode(SSL_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
867 :
868 : /*
869 : * If the root cert file exists, load it so we can perform certificate
870 : * verification. If sslmode is "verify-full" we will also do further
871 : * verification after the connection has been completed.
872 : */
873 174 : if (conn->sslrootcert && strlen(conn->sslrootcert) > 0)
874 150 : strlcpy(fnbuf, conn->sslrootcert, sizeof(fnbuf));
875 24 : else if (have_homedir)
876 24 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CERT_FILE);
877 : else
878 0 : fnbuf[0] = '\0';
879 :
880 174 : if (strcmp(fnbuf, "system") == 0)
881 : {
882 : /*
883 : * The "system" sentinel value indicates that we should load whatever
884 : * root certificates are installed for use by OpenSSL; these locations
885 : * differ by platform. Note that the default system locations may be
886 : * further overridden by the SSL_CERT_DIR and SSL_CERT_FILE
887 : * environment variables.
888 : */
889 3 : if (SSL_CTX_set_default_verify_paths(SSL_context) != 1)
890 : {
891 0 : char *err = SSLerrmessage(ERR_get_error());
892 :
893 0 : libpq_append_conn_error(conn, "could not load system root certificate paths: %s",
894 : err);
895 0 : SSLerrfree(err);
896 0 : SSL_CTX_free(SSL_context);
897 0 : return -1;
898 : }
899 3 : have_rootcert = true;
900 : }
901 342 : else if (fnbuf[0] != '\0' &&
902 171 : stat(fnbuf, &buf) == 0)
903 132 : {
904 : X509_STORE *cvstore;
905 :
906 132 : if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1)
907 : {
908 0 : char *err = SSLerrmessage(ERR_get_error());
909 :
910 0 : libpq_append_conn_error(conn, "could not read root certificate file \"%s\": %s",
911 : fnbuf, err);
912 0 : SSLerrfree(err);
913 0 : SSL_CTX_free(SSL_context);
914 0 : return -1;
915 : }
916 :
917 132 : if ((cvstore = SSL_CTX_get_cert_store(SSL_context)) != NULL)
918 : {
919 132 : char *fname = NULL;
920 132 : char *dname = NULL;
921 :
922 132 : if (conn->sslcrl && strlen(conn->sslcrl) > 0)
923 102 : fname = conn->sslcrl;
924 132 : if (conn->sslcrldir && strlen(conn->sslcrldir) > 0)
925 104 : dname = conn->sslcrldir;
926 :
927 : /* defaults to use the default CRL file */
928 132 : if (!fname && !dname && have_homedir)
929 : {
930 28 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);
931 28 : fname = fnbuf;
932 : }
933 :
934 : /* Set the flags to check against the complete CRL chain */
935 264 : if ((fname || dname) &&
936 132 : X509_STORE_load_locations(cvstore, fname, dname) == 1)
937 : {
938 5 : X509_STORE_set_flags(cvstore,
939 : X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
940 : }
941 :
942 : /* if not found, silently ignore; we do not require CRL */
943 132 : ERR_clear_error();
944 : }
945 132 : have_rootcert = true;
946 : }
947 : else
948 : {
949 : /*
950 : * stat() failed; assume root file doesn't exist. If sslmode is
951 : * verify-ca or verify-full, this is an error. Otherwise, continue
952 : * without performing any server cert verification.
953 : */
954 39 : if (conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */
955 : {
956 : /*
957 : * The only way to reach here with an empty filename is if
958 : * pqGetHomeDirectory failed. That's a sufficiently unusual case
959 : * that it seems worth having a specialized error message for it.
960 : */
961 3 : if (fnbuf[0] == '\0')
962 0 : libpq_append_conn_error(conn, "could not get home directory to locate root certificate file\n"
963 : "Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.");
964 : else
965 3 : libpq_append_conn_error(conn, "root certificate file \"%s\" does not exist\n"
966 : "Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.", fnbuf);
967 3 : SSL_CTX_free(SSL_context);
968 3 : return -1;
969 : }
970 36 : have_rootcert = false;
971 : }
972 :
973 : /* Read the client certificate file */
974 171 : if (conn->sslcert && strlen(conn->sslcert) > 0)
975 126 : strlcpy(fnbuf, conn->sslcert, sizeof(fnbuf));
976 45 : else if (have_homedir)
977 45 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
978 : else
979 0 : fnbuf[0] = '\0';
980 :
981 171 : if (conn->sslcertmode[0] == 'd') /* disable */
982 : {
983 : /* don't send a client cert even if we have one */
984 7 : have_cert = false;
985 : }
986 164 : else if (fnbuf[0] == '\0')
987 : {
988 : /* no home directory, proceed without a client cert */
989 0 : have_cert = false;
990 : }
991 164 : else if (stat(fnbuf, &buf) != 0)
992 : {
993 : /*
994 : * If file is not present, just go on without a client cert; server
995 : * might or might not accept the connection. Any other error,
996 : * however, is grounds for complaint.
997 : */
998 119 : if (errno != ENOENT && errno != ENOTDIR)
999 : {
1000 0 : libpq_append_conn_error(conn, "could not open certificate file \"%s\": %s",
1001 0 : fnbuf, strerror_r(errno, sebuf, sizeof(sebuf)));
1002 0 : SSL_CTX_free(SSL_context);
1003 0 : return -1;
1004 : }
1005 119 : have_cert = false;
1006 : }
1007 : else
1008 : {
1009 : /*
1010 : * Cert file exists, so load it. Since OpenSSL doesn't provide the
1011 : * equivalent of "SSL_use_certificate_chain_file", we have to load it
1012 : * into the SSL context, rather than the SSL object.
1013 : */
1014 45 : if (SSL_CTX_use_certificate_chain_file(SSL_context, fnbuf) != 1)
1015 : {
1016 0 : char *err = SSLerrmessage(ERR_get_error());
1017 :
1018 0 : libpq_append_conn_error(conn, "could not read certificate file \"%s\": %s",
1019 : fnbuf, err);
1020 0 : SSLerrfree(err);
1021 0 : SSL_CTX_free(SSL_context);
1022 0 : return -1;
1023 : }
1024 :
1025 : /* need to load the associated private key, too */
1026 45 : have_cert = true;
1027 : }
1028 :
1029 : /*
1030 : * The SSL context is now loaded with the correct root and client
1031 : * certificates. Create a connection-specific SSL object. The private key
1032 : * is loaded directly into the SSL object. (We could load the private key
1033 : * into the context, too, but we have done it this way historically, and
1034 : * it doesn't really matter.)
1035 : */
1036 342 : if (!(conn->ssl = SSL_new(SSL_context)) ||
1037 342 : !SSL_set_app_data(conn->ssl, conn) ||
1038 171 : !ssl_set_pgconn_bio(conn))
1039 : {
1040 0 : char *err = SSLerrmessage(ERR_get_error());
1041 :
1042 0 : libpq_append_conn_error(conn, "could not establish SSL connection: %s", err);
1043 0 : SSLerrfree(err);
1044 0 : SSL_CTX_free(SSL_context);
1045 0 : return -1;
1046 : }
1047 171 : conn->ssl_in_use = true;
1048 :
1049 : /*
1050 : * If SSL key logging is requested, set up the callback if a compatible
1051 : * version of OpenSSL is used and libpq was compiled to support it.
1052 : */
1053 171 : if (conn->sslkeylogfile && strlen(conn->sslkeylogfile) > 0)
1054 : {
1055 : #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
1056 2 : SSL_CTX_set_keylog_callback(SSL_context, SSL_CTX_keylog_cb);
1057 : #else
1058 : #ifdef LIBRESSL_VERSION_NUMBER
1059 : fprintf(stderr, libpq_gettext("WARNING: sslkeylogfile support requires OpenSSL\n"));
1060 : #else
1061 : fprintf(stderr, libpq_gettext("WARNING: libpq was not built with sslkeylogfile support\n"));
1062 : #endif
1063 : #endif
1064 : }
1065 :
1066 : /*
1067 : * SSL contexts are reference counted by OpenSSL. We can free it as soon
1068 : * as we have created the SSL object, and it will stick around for as long
1069 : * as it's actually needed.
1070 : */
1071 171 : SSL_CTX_free(SSL_context);
1072 171 : SSL_context = NULL;
1073 :
1074 : /*
1075 : * Set Server Name Indication (SNI), if enabled by connection parameters.
1076 : * Per RFC 6066, do not set it if the host is a literal IP address (IPv4
1077 : * or IPv6).
1078 : */
1079 171 : if (conn->sslsni && conn->sslsni[0] == '1')
1080 : {
1081 166 : const char *host = conn->connhost[conn->whichhost].host;
1082 :
1083 166 : if (host && host[0] &&
1084 166 : !(strspn(host, "0123456789.") == strlen(host) ||
1085 159 : strchr(host, ':')))
1086 : {
1087 152 : if (SSL_set_tlsext_host_name(conn->ssl, host) != 1)
1088 : {
1089 0 : char *err = SSLerrmessage(ERR_get_error());
1090 :
1091 0 : libpq_append_conn_error(conn, "could not set SSL Server Name Indication (SNI): %s", err);
1092 0 : SSLerrfree(err);
1093 0 : return -1;
1094 : }
1095 : }
1096 : }
1097 :
1098 : /* Set ALPN */
1099 : {
1100 : int retval;
1101 :
1102 171 : retval = SSL_set_alpn_protos(conn->ssl, alpn_protos, sizeof(alpn_protos));
1103 :
1104 171 : if (retval != 0)
1105 : {
1106 0 : char *err = SSLerrmessage(ERR_get_error());
1107 :
1108 0 : libpq_append_conn_error(conn, "could not set SSL ALPN extension: %s", err);
1109 0 : SSLerrfree(err);
1110 0 : return -1;
1111 : }
1112 : }
1113 :
1114 : /*
1115 : * Read the SSL key. If a key is specified, treat it as an engine:key
1116 : * combination if there is colon present - we don't support files with
1117 : * colon in the name. The exception is if the second character is a colon,
1118 : * in which case it can be a Windows filename with drive specification.
1119 : */
1120 171 : if (have_cert && conn->sslkey && strlen(conn->sslkey) > 0)
1121 : {
1122 : #ifdef USE_SSL_ENGINE
1123 90 : if (strchr(conn->sslkey, ':')
1124 : #ifdef WIN32
1125 : && conn->sslkey[1] != ':'
1126 : #endif
1127 : )
1128 : {
1129 : /* Colon, but not in second character, treat as engine:key */
1130 0 : char *engine_str = strdup(conn->sslkey);
1131 : char *engine_colon;
1132 : EVP_PKEY *pkey;
1133 :
1134 0 : if (engine_str == NULL)
1135 : {
1136 0 : libpq_append_conn_error(conn, "out of memory");
1137 0 : return -1;
1138 : }
1139 :
1140 : /* cannot return NULL because we already checked before strdup */
1141 0 : engine_colon = strchr(engine_str, ':');
1142 :
1143 0 : *engine_colon = '\0'; /* engine_str now has engine name */
1144 0 : engine_colon++; /* engine_colon now has key name */
1145 :
1146 0 : conn->engine = ENGINE_by_id(engine_str);
1147 0 : if (conn->engine == NULL)
1148 : {
1149 0 : char *err = SSLerrmessage(ERR_get_error());
1150 :
1151 0 : libpq_append_conn_error(conn, "could not load SSL engine \"%s\": %s",
1152 : engine_str, err);
1153 0 : SSLerrfree(err);
1154 0 : free(engine_str);
1155 0 : return -1;
1156 : }
1157 :
1158 0 : if (ENGINE_init(conn->engine) == 0)
1159 : {
1160 0 : char *err = SSLerrmessage(ERR_get_error());
1161 :
1162 0 : libpq_append_conn_error(conn, "could not initialize SSL engine \"%s\": %s",
1163 : engine_str, err);
1164 0 : SSLerrfree(err);
1165 0 : ENGINE_free(conn->engine);
1166 0 : conn->engine = NULL;
1167 0 : free(engine_str);
1168 0 : return -1;
1169 : }
1170 :
1171 0 : pkey = ENGINE_load_private_key(conn->engine, engine_colon,
1172 : NULL, NULL);
1173 0 : if (pkey == NULL)
1174 : {
1175 0 : char *err = SSLerrmessage(ERR_get_error());
1176 :
1177 0 : libpq_append_conn_error(conn, "could not read private SSL key \"%s\" from engine \"%s\": %s",
1178 : engine_colon, engine_str, err);
1179 0 : SSLerrfree(err);
1180 0 : ENGINE_finish(conn->engine);
1181 0 : ENGINE_free(conn->engine);
1182 0 : conn->engine = NULL;
1183 0 : free(engine_str);
1184 0 : return -1;
1185 : }
1186 0 : if (SSL_use_PrivateKey(conn->ssl, pkey) != 1)
1187 : {
1188 0 : char *err = SSLerrmessage(ERR_get_error());
1189 :
1190 0 : libpq_append_conn_error(conn, "could not load private SSL key \"%s\" from engine \"%s\": %s",
1191 : engine_colon, engine_str, err);
1192 0 : SSLerrfree(err);
1193 0 : ENGINE_finish(conn->engine);
1194 0 : ENGINE_free(conn->engine);
1195 0 : conn->engine = NULL;
1196 0 : free(engine_str);
1197 0 : return -1;
1198 : }
1199 :
1200 0 : free(engine_str);
1201 :
1202 0 : fnbuf[0] = '\0'; /* indicate we're not going to load from a
1203 : * file */
1204 : }
1205 : else
1206 : #endif /* USE_SSL_ENGINE */
1207 : {
1208 : /* PGSSLKEY is not an engine, treat it as a filename */
1209 45 : strlcpy(fnbuf, conn->sslkey, sizeof(fnbuf));
1210 : }
1211 : }
1212 126 : else if (have_homedir)
1213 : {
1214 : /* No PGSSLKEY specified, load default file */
1215 53 : snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
1216 : }
1217 : else
1218 73 : fnbuf[0] = '\0';
1219 :
1220 171 : if (have_cert && fnbuf[0] != '\0')
1221 : {
1222 : /* read the client key from file */
1223 :
1224 45 : if (stat(fnbuf, &buf) != 0)
1225 : {
1226 0 : if (errno == ENOENT)
1227 0 : libpq_append_conn_error(conn, "certificate present, but not private key file \"%s\"",
1228 : fnbuf);
1229 : else
1230 0 : libpq_append_conn_error(conn, "could not stat private key file \"%s\": %m",
1231 : fnbuf);
1232 0 : return -1;
1233 : }
1234 :
1235 : /* Key file must be a regular file */
1236 45 : if (!S_ISREG(buf.st_mode))
1237 : {
1238 0 : libpq_append_conn_error(conn, "private key file \"%s\" is not a regular file",
1239 : fnbuf);
1240 0 : return -1;
1241 : }
1242 :
1243 : /*
1244 : * Refuse to load world-readable key files. We accept root-owned
1245 : * files with mode 0640 or less, so that we can access system-wide
1246 : * certificates if we have a supplementary group membership that
1247 : * allows us to read 'em. For files with non-root ownership, require
1248 : * mode 0600 or less. We need not check the file's ownership exactly;
1249 : * if we're able to read it despite it having such restrictive
1250 : * permissions, it must have the right ownership.
1251 : *
1252 : * Note: be very careful about tightening these rules. Some people
1253 : * expect, for example, that a client process running as root should
1254 : * be able to use a non-root-owned key file.
1255 : *
1256 : * Note that roughly similar checks are performed in
1257 : * src/backend/libpq/be-secure-common.c so any changes here may need
1258 : * to be made there as well. However, this code caters for the case
1259 : * of current user == root, while that code does not.
1260 : *
1261 : * Ideally we would do similar permissions checks on Windows, but it
1262 : * is not clear how that would work since Unix-style permissions may
1263 : * not be available.
1264 : */
1265 : #if !defined(WIN32) && !defined(__CYGWIN__)
1266 90 : if (buf.st_uid == 0 ?
1267 0 : buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO) :
1268 45 : buf.st_mode & (S_IRWXG | S_IRWXO))
1269 : {
1270 1 : libpq_append_conn_error(conn,
1271 : "private key file \"%s\" has group or world access; file must have permissions u=rw (0600) or less if owned by the current user, or permissions u=rw,g=r (0640) or less if owned by root",
1272 : fnbuf);
1273 1 : return -1;
1274 : }
1275 : #endif
1276 :
1277 44 : if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_PEM) != 1)
1278 : {
1279 3 : char *err = SSLerrmessage(ERR_get_error());
1280 :
1281 : /*
1282 : * We'll try to load the file in DER (binary ASN.1) format, and if
1283 : * that fails too, report the original error. This could mask
1284 : * issues where there's something wrong with a DER-format cert,
1285 : * but we'd have to duplicate openssl's format detection to be
1286 : * smarter than this. We can't just probe for a leading -----BEGIN
1287 : * because PEM can have leading non-matching lines and blanks.
1288 : * OpenSSL doesn't expose its get_name(...) and its PEM routines
1289 : * don't differentiate between failure modes in enough detail to
1290 : * let us tell the difference between "not PEM, try DER" and
1291 : * "wrong password".
1292 : */
1293 3 : if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_ASN1) != 1)
1294 : {
1295 1 : libpq_append_conn_error(conn, "could not load private key file \"%s\": %s",
1296 : fnbuf, err);
1297 1 : SSLerrfree(err);
1298 1 : return -1;
1299 : }
1300 :
1301 2 : SSLerrfree(err);
1302 : }
1303 : }
1304 :
1305 : /* verify that the cert and key go together */
1306 212 : if (have_cert &&
1307 43 : SSL_check_private_key(conn->ssl) != 1)
1308 : {
1309 0 : char *err = SSLerrmessage(ERR_get_error());
1310 :
1311 0 : libpq_append_conn_error(conn, "certificate does not match private key file \"%s\": %s",
1312 : fnbuf, err);
1313 0 : SSLerrfree(err);
1314 0 : return -1;
1315 : }
1316 :
1317 : /*
1318 : * If a root cert was loaded, also set our certificate verification
1319 : * callback.
1320 : */
1321 169 : if (have_rootcert)
1322 133 : SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb);
1323 :
1324 : /*
1325 : * Set compression option if necessary.
1326 : */
1327 169 : if (conn->sslcompression && conn->sslcompression[0] == '0')
1328 169 : SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1329 : else
1330 0 : SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
1331 :
1332 169 : return 0;
1333 : }
1334 :
1335 : /*
1336 : * Attempt to negotiate SSL connection.
1337 : */
1338 : static PostgresPollingStatusType
1339 293 : open_client_SSL(PGconn *conn)
1340 : {
1341 : int r;
1342 :
1343 293 : SOCK_ERRNO_SET(0);
1344 293 : ERR_clear_error();
1345 293 : r = SSL_connect(conn->ssl);
1346 293 : if (r <= 0)
1347 : {
1348 145 : int save_errno = SOCK_ERRNO;
1349 145 : int err = SSL_get_error(conn->ssl, r);
1350 : unsigned long ecode;
1351 :
1352 145 : ecode = ERR_get_error();
1353 145 : switch (err)
1354 : {
1355 124 : case SSL_ERROR_WANT_READ:
1356 124 : return PGRES_POLLING_READING;
1357 :
1358 0 : case SSL_ERROR_WANT_WRITE:
1359 0 : return PGRES_POLLING_WRITING;
1360 :
1361 1 : case SSL_ERROR_SYSCALL:
1362 : {
1363 : char sebuf[PG_STRERROR_R_BUFLEN];
1364 : unsigned long vcode;
1365 :
1366 1 : vcode = SSL_get_verify_result(conn->ssl);
1367 :
1368 : /*
1369 : * If we get an X509 error here for failing to load the
1370 : * local issuer cert, without an error in the socket layer
1371 : * it means that verification failed due to a missing
1372 : * system CA pool without it being a protocol error. We
1373 : * inspect the sslrootcert setting to ensure that the user
1374 : * was using the system CA pool. For other errors, log
1375 : * them using the normal SYSCALL logging.
1376 : */
1377 1 : if (save_errno == 0 &&
1378 0 : vcode == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY &&
1379 0 : strcmp(conn->sslrootcert, "system") == 0)
1380 0 : libpq_append_conn_error(conn, "SSL error: certificate verify failed: %s",
1381 : X509_verify_cert_error_string(vcode));
1382 1 : else if (r == -1 && save_errno != 0)
1383 1 : libpq_append_conn_error(conn, "SSL SYSCALL error: %s",
1384 : SOCK_STRERROR(save_errno, sebuf, sizeof(sebuf)));
1385 : else
1386 0 : libpq_append_conn_error(conn, "SSL SYSCALL error: EOF detected");
1387 1 : pgtls_close(conn);
1388 1 : return PGRES_POLLING_FAILED;
1389 : }
1390 20 : case SSL_ERROR_SSL:
1391 : {
1392 20 : char *err = SSLerrmessage(ecode);
1393 :
1394 20 : libpq_append_conn_error(conn, "SSL error: %s", err);
1395 20 : SSLerrfree(err);
1396 20 : switch (ERR_GET_REASON(ecode))
1397 : {
1398 : /*
1399 : * UNSUPPORTED_PROTOCOL, WRONG_VERSION_NUMBER, and
1400 : * TLSV1_ALERT_PROTOCOL_VERSION have been observed
1401 : * when trying to communicate with an old OpenSSL
1402 : * library, or when the client and server specify
1403 : * disjoint protocol ranges.
1404 : * NO_PROTOCOLS_AVAILABLE occurs if there's a
1405 : * local misconfiguration (which can happen
1406 : * despite our checks, if openssl.cnf injects a
1407 : * limit we didn't account for). It's not very
1408 : * clear what would make OpenSSL return the other
1409 : * codes listed here, but a hint about protocol
1410 : * versions seems like it's appropriate for all.
1411 : */
1412 0 : case SSL_R_NO_PROTOCOLS_AVAILABLE:
1413 : case SSL_R_UNSUPPORTED_PROTOCOL:
1414 : case SSL_R_BAD_PROTOCOL_VERSION_NUMBER:
1415 : case SSL_R_UNKNOWN_PROTOCOL:
1416 : case SSL_R_UNKNOWN_SSL_VERSION:
1417 : case SSL_R_UNSUPPORTED_SSL_VERSION:
1418 : case SSL_R_WRONG_SSL_VERSION:
1419 : case SSL_R_WRONG_VERSION_NUMBER:
1420 : case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:
1421 : #ifdef SSL_R_VERSION_TOO_HIGH
1422 : case SSL_R_VERSION_TOO_HIGH:
1423 : case SSL_R_VERSION_TOO_LOW:
1424 : #endif
1425 0 : libpq_append_conn_error(conn, "This may indicate that the server does not support any SSL protocol version between %s and %s.",
1426 0 : conn->ssl_min_protocol_version ?
1427 : conn->ssl_min_protocol_version :
1428 : MIN_OPENSSL_TLS_VERSION,
1429 0 : conn->ssl_max_protocol_version ?
1430 : conn->ssl_max_protocol_version :
1431 : MAX_OPENSSL_TLS_VERSION);
1432 0 : break;
1433 20 : default:
1434 20 : break;
1435 : }
1436 20 : pgtls_close(conn);
1437 20 : return PGRES_POLLING_FAILED;
1438 : }
1439 :
1440 0 : default:
1441 0 : libpq_append_conn_error(conn, "unrecognized SSL error code: %d", err);
1442 0 : pgtls_close(conn);
1443 0 : return PGRES_POLLING_FAILED;
1444 : }
1445 : }
1446 :
1447 : /* ALPN is mandatory with direct SSL connections */
1448 148 : if (conn->current_enc_method == ENC_SSL && conn->sslnegotiation[0] == 'd')
1449 : {
1450 : const unsigned char *selected;
1451 : unsigned int len;
1452 :
1453 3 : SSL_get0_alpn_selected(conn->ssl, &selected, &len);
1454 :
1455 3 : if (selected == NULL)
1456 : {
1457 0 : libpq_append_conn_error(conn, "direct SSL connection was established without ALPN protocol negotiation extension");
1458 0 : pgtls_close(conn);
1459 0 : return PGRES_POLLING_FAILED;
1460 : }
1461 :
1462 : /*
1463 : * We only support one protocol so that's what the negotiation should
1464 : * always choose, but doesn't hurt to check.
1465 : */
1466 3 : if (len != strlen(PG_ALPN_PROTOCOL) ||
1467 3 : memcmp(selected, PG_ALPN_PROTOCOL, strlen(PG_ALPN_PROTOCOL)) != 0)
1468 : {
1469 0 : libpq_append_conn_error(conn, "SSL connection was established with unexpected ALPN protocol");
1470 0 : pgtls_close(conn);
1471 0 : return PGRES_POLLING_FAILED;
1472 : }
1473 : }
1474 :
1475 : /*
1476 : * We already checked the server certificate in initialize_SSL() using
1477 : * SSL_CTX_set_verify(), if root.crt exists.
1478 : */
1479 :
1480 : /* get server certificate */
1481 148 : conn->peer = SSL_get_peer_certificate(conn->ssl);
1482 148 : if (conn->peer == NULL)
1483 : {
1484 0 : char *err = SSLerrmessage(ERR_get_error());
1485 :
1486 0 : libpq_append_conn_error(conn, "certificate could not be obtained: %s", err);
1487 0 : SSLerrfree(err);
1488 0 : pgtls_close(conn);
1489 0 : return PGRES_POLLING_FAILED;
1490 : }
1491 :
1492 148 : if (!pq_verify_peer_name_matches_certificate(conn))
1493 : {
1494 13 : pgtls_close(conn);
1495 13 : return PGRES_POLLING_FAILED;
1496 : }
1497 :
1498 : /* SSL handshake is complete */
1499 135 : return PGRES_POLLING_OK;
1500 : }
1501 :
1502 : void
1503 32566 : pgtls_close(PGconn *conn)
1504 : {
1505 32566 : if (conn->ssl_in_use)
1506 : {
1507 171 : if (conn->ssl)
1508 : {
1509 : /*
1510 : * We can't destroy everything SSL-related here due to the
1511 : * possible later calls to OpenSSL routines which may need our
1512 : * thread callbacks, so set a flag here and check at the end.
1513 : */
1514 :
1515 171 : SSL_shutdown(conn->ssl);
1516 171 : SSL_free(conn->ssl);
1517 171 : conn->ssl = NULL;
1518 171 : conn->ssl_in_use = false;
1519 171 : conn->ssl_handshake_started = false;
1520 : }
1521 :
1522 171 : if (conn->peer)
1523 : {
1524 148 : X509_free(conn->peer);
1525 148 : conn->peer = NULL;
1526 : }
1527 :
1528 : #ifdef USE_SSL_ENGINE
1529 171 : if (conn->engine)
1530 : {
1531 0 : ENGINE_finish(conn->engine);
1532 0 : ENGINE_free(conn->engine);
1533 0 : conn->engine = NULL;
1534 : }
1535 : #endif
1536 : }
1537 32566 : }
1538 :
1539 :
1540 : /*
1541 : * Obtain reason string for passed SSL errcode
1542 : *
1543 : * ERR_get_error() is used by caller to get errcode to pass here.
1544 : * The result must be freed after use, using SSLerrfree.
1545 : *
1546 : * Some caution is needed here since ERR_reason_error_string will return NULL
1547 : * if it doesn't recognize the error code, or (in OpenSSL >= 3) if the code
1548 : * represents a system errno value. We don't want to return NULL ever.
1549 : */
1550 : static char ssl_nomem[] = "out of memory allocating error description";
1551 :
1552 : #define SSL_ERR_LEN 128
1553 :
1554 : static char *
1555 32 : SSLerrmessage(unsigned long ecode)
1556 : {
1557 : const char *errreason;
1558 : char *errbuf;
1559 :
1560 32 : errbuf = malloc(SSL_ERR_LEN);
1561 32 : if (!errbuf)
1562 0 : return ssl_nomem;
1563 32 : if (ecode == 0)
1564 : {
1565 0 : snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("no SSL error reported"));
1566 0 : return errbuf;
1567 : }
1568 32 : errreason = ERR_reason_error_string(ecode);
1569 32 : if (errreason != NULL)
1570 : {
1571 32 : strlcpy(errbuf, errreason, SSL_ERR_LEN);
1572 32 : return errbuf;
1573 : }
1574 :
1575 : /*
1576 : * Server aborted the connection with TLS "no_application_protocol" alert.
1577 : * The ERR_reason_error_string() function doesn't give any error string
1578 : * for that for some reason, so do it ourselves. See
1579 : * https://github.com/openssl/openssl/issues/24300. This is available in
1580 : * OpenSSL 1.1.0 and later, as well as in LibreSSL 3.4.3 (OpenBSD 7.0) and
1581 : * later.
1582 : */
1583 : #ifdef SSL_AD_NO_APPLICATION_PROTOCOL
1584 0 : if (ERR_GET_LIB(ecode) == ERR_LIB_SSL &&
1585 0 : ERR_GET_REASON(ecode) == SSL_AD_REASON_OFFSET + SSL_AD_NO_APPLICATION_PROTOCOL)
1586 : {
1587 0 : snprintf(errbuf, SSL_ERR_LEN, "no application protocol");
1588 0 : return errbuf;
1589 : }
1590 : #endif
1591 :
1592 : /*
1593 : * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system
1594 : * errno values anymore. (See OpenSSL source code for the explanation.)
1595 : * We can cover that shortcoming with this bit of code. Older OpenSSL
1596 : * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because
1597 : * they don't have the shortcoming either.
1598 : */
1599 : #ifdef ERR_SYSTEM_ERROR
1600 0 : if (ERR_SYSTEM_ERROR(ecode))
1601 : {
1602 0 : strerror_r(ERR_GET_REASON(ecode), errbuf, SSL_ERR_LEN);
1603 0 : return errbuf;
1604 : }
1605 : #endif
1606 :
1607 : /* No choice but to report the numeric ecode */
1608 0 : snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("SSL error code %lu"), ecode);
1609 0 : return errbuf;
1610 : }
1611 :
1612 : static void
1613 32 : SSLerrfree(char *buf)
1614 : {
1615 32 : if (buf != ssl_nomem)
1616 32 : free(buf);
1617 32 : }
1618 :
1619 : /* ------------------------------------------------------------ */
1620 : /* SSL information functions */
1621 : /* ------------------------------------------------------------ */
1622 :
1623 : /*
1624 : * Return pointer to OpenSSL object.
1625 : */
1626 : void *
1627 0 : PQgetssl(PGconn *conn)
1628 : {
1629 0 : if (!conn)
1630 0 : return NULL;
1631 0 : return conn->ssl;
1632 : }
1633 :
1634 : void *
1635 0 : PQsslStruct(PGconn *conn, const char *struct_name)
1636 : {
1637 0 : if (!conn)
1638 0 : return NULL;
1639 0 : if (strcmp(struct_name, "OpenSSL") == 0)
1640 0 : return conn->ssl;
1641 0 : return NULL;
1642 : }
1643 :
1644 : const char *const *
1645 0 : PQsslAttributeNames(PGconn *conn)
1646 : {
1647 : static const char *const openssl_attrs[] = {
1648 : "library",
1649 : "key_bits",
1650 : "cipher",
1651 : "compression",
1652 : "protocol",
1653 : "alpn",
1654 : NULL
1655 : };
1656 : static const char *const empty_attrs[] = {NULL};
1657 :
1658 0 : if (!conn)
1659 : {
1660 : /* Return attributes of default SSL library */
1661 0 : return openssl_attrs;
1662 : }
1663 :
1664 : /* No attrs for unencrypted connection */
1665 0 : if (conn->ssl == NULL)
1666 0 : return empty_attrs;
1667 :
1668 0 : return openssl_attrs;
1669 : }
1670 :
1671 : const char *
1672 1 : PQsslAttribute(PGconn *conn, const char *attribute_name)
1673 : {
1674 1 : if (!conn)
1675 : {
1676 : /* PQsslAttribute(NULL, "library") reports the default SSL library */
1677 1 : if (strcmp(attribute_name, "library") == 0)
1678 1 : return "OpenSSL";
1679 0 : return NULL;
1680 : }
1681 :
1682 : /* All attributes read as NULL for a non-encrypted connection */
1683 0 : if (conn->ssl == NULL)
1684 0 : return NULL;
1685 :
1686 0 : if (strcmp(attribute_name, "library") == 0)
1687 0 : return "OpenSSL";
1688 :
1689 0 : if (strcmp(attribute_name, "key_bits") == 0)
1690 : {
1691 : static char sslbits_str[12];
1692 : int sslbits;
1693 :
1694 0 : SSL_get_cipher_bits(conn->ssl, &sslbits);
1695 0 : snprintf(sslbits_str, sizeof(sslbits_str), "%d", sslbits);
1696 0 : return sslbits_str;
1697 : }
1698 :
1699 0 : if (strcmp(attribute_name, "cipher") == 0)
1700 0 : return SSL_get_cipher(conn->ssl);
1701 :
1702 0 : if (strcmp(attribute_name, "compression") == 0)
1703 0 : return SSL_get_current_compression(conn->ssl) ? "on" : "off";
1704 :
1705 0 : if (strcmp(attribute_name, "protocol") == 0)
1706 0 : return SSL_get_version(conn->ssl);
1707 :
1708 0 : if (strcmp(attribute_name, "alpn") == 0)
1709 : {
1710 : const unsigned char *data;
1711 : unsigned int len;
1712 : static char alpn_str[256]; /* alpn doesn't support longer than 255
1713 : * bytes */
1714 :
1715 0 : SSL_get0_alpn_selected(conn->ssl, &data, &len);
1716 0 : if (data == NULL || len == 0 || len > sizeof(alpn_str) - 1)
1717 0 : return "";
1718 0 : memcpy(alpn_str, data, len);
1719 0 : alpn_str[len] = 0;
1720 0 : return alpn_str;
1721 : }
1722 :
1723 0 : return NULL; /* unknown attribute */
1724 : }
1725 :
1726 : /*
1727 : * Private substitute BIO: this does the sending and receiving using
1728 : * pqsecure_raw_write() and pqsecure_raw_read() instead, to allow those
1729 : * functions to disable SIGPIPE and give better error messages on I/O errors.
1730 : *
1731 : * These functions are closely modelled on the standard socket BIO in OpenSSL;
1732 : * see sock_read() and sock_write() in OpenSSL's crypto/bio/bss_sock.c.
1733 : */
1734 :
1735 : /* protected by ssl_config_mutex */
1736 : static BIO_METHOD *pgconn_bio_method_ptr;
1737 :
1738 : static int
1739 3220 : pgconn_bio_read(BIO *h, char *buf, int size)
1740 : {
1741 3220 : PGconn *conn = (PGconn *) BIO_get_data(h);
1742 : int res;
1743 :
1744 3220 : res = pqsecure_raw_read(conn, buf, size);
1745 3220 : BIO_clear_retry_flags(h);
1746 3220 : conn->last_read_was_eof = res == 0;
1747 3220 : if (res < 0)
1748 : {
1749 : /* If we were interrupted, tell caller to retry */
1750 234 : switch (SOCK_ERRNO)
1751 : {
1752 : #ifdef EAGAIN
1753 233 : case EAGAIN:
1754 : #endif
1755 : #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
1756 : case EWOULDBLOCK:
1757 : #endif
1758 : case EINTR:
1759 233 : BIO_set_retry_read(h);
1760 233 : break;
1761 :
1762 1 : default:
1763 1 : break;
1764 : }
1765 : }
1766 :
1767 3220 : if (res > 0)
1768 2984 : conn->ssl_handshake_started = true;
1769 :
1770 3220 : return res;
1771 : }
1772 :
1773 : static int
1774 985 : pgconn_bio_write(BIO *h, const char *buf, int size)
1775 : {
1776 : int res;
1777 :
1778 985 : res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
1779 985 : BIO_clear_retry_flags(h);
1780 985 : if (res < 0)
1781 : {
1782 : /* If we were interrupted, tell caller to retry */
1783 0 : switch (SOCK_ERRNO)
1784 : {
1785 : #ifdef EAGAIN
1786 0 : case EAGAIN:
1787 : #endif
1788 : #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
1789 : case EWOULDBLOCK:
1790 : #endif
1791 : case EINTR:
1792 0 : BIO_set_retry_write(h);
1793 0 : break;
1794 :
1795 0 : default:
1796 0 : break;
1797 : }
1798 : }
1799 :
1800 985 : return res;
1801 : }
1802 :
1803 : static long
1804 959 : pgconn_bio_ctrl(BIO *h, int cmd, long num, void *ptr)
1805 : {
1806 : long res;
1807 959 : PGconn *conn = (PGconn *) BIO_get_data(h);
1808 :
1809 959 : switch (cmd)
1810 : {
1811 3 : case BIO_CTRL_EOF:
1812 :
1813 : /*
1814 : * This should not be needed. pgconn_bio_read already has a way to
1815 : * signal EOF to OpenSSL. However, OpenSSL made an undocumented,
1816 : * backwards-incompatible change and now expects EOF via BIO_ctrl.
1817 : * See https://github.com/openssl/openssl/issues/8208
1818 : */
1819 3 : res = conn->last_read_was_eof;
1820 3 : break;
1821 618 : case BIO_CTRL_FLUSH:
1822 : /* libssl expects all BIOs to support BIO_flush. */
1823 618 : res = 1;
1824 618 : break;
1825 338 : default:
1826 338 : res = 0;
1827 338 : break;
1828 : }
1829 :
1830 959 : return res;
1831 : }
1832 :
1833 : static BIO_METHOD *
1834 171 : pgconn_bio_method(void)
1835 : {
1836 : BIO_METHOD *res;
1837 :
1838 171 : if (pthread_mutex_lock(&ssl_config_mutex))
1839 0 : return NULL;
1840 :
1841 171 : res = pgconn_bio_method_ptr;
1842 :
1843 171 : if (!pgconn_bio_method_ptr)
1844 : {
1845 : int my_bio_index;
1846 :
1847 171 : my_bio_index = BIO_get_new_index();
1848 171 : if (my_bio_index == -1)
1849 0 : goto err;
1850 171 : my_bio_index |= BIO_TYPE_SOURCE_SINK;
1851 171 : res = BIO_meth_new(my_bio_index, "libpq socket");
1852 171 : if (!res)
1853 0 : goto err;
1854 :
1855 : /*
1856 : * As of this writing, these functions never fail. But check anyway,
1857 : * like OpenSSL's own examples do.
1858 : */
1859 342 : if (!BIO_meth_set_write(res, pgconn_bio_write) ||
1860 342 : !BIO_meth_set_read(res, pgconn_bio_read) ||
1861 171 : !BIO_meth_set_ctrl(res, pgconn_bio_ctrl))
1862 : {
1863 0 : goto err;
1864 : }
1865 : }
1866 :
1867 171 : pgconn_bio_method_ptr = res;
1868 171 : pthread_mutex_unlock(&ssl_config_mutex);
1869 171 : return res;
1870 :
1871 0 : err:
1872 0 : if (res)
1873 0 : BIO_meth_free(res);
1874 0 : pthread_mutex_unlock(&ssl_config_mutex);
1875 0 : return NULL;
1876 : }
1877 :
1878 : static int
1879 171 : ssl_set_pgconn_bio(PGconn *conn)
1880 : {
1881 : BIO *bio;
1882 : BIO_METHOD *bio_method;
1883 :
1884 171 : bio_method = pgconn_bio_method();
1885 171 : if (bio_method == NULL)
1886 0 : return 0;
1887 :
1888 171 : bio = BIO_new(bio_method);
1889 171 : if (bio == NULL)
1890 0 : return 0;
1891 :
1892 171 : BIO_set_data(bio, conn);
1893 171 : BIO_set_init(bio, 1);
1894 :
1895 171 : SSL_set_bio(conn->ssl, bio, bio);
1896 171 : return 1;
1897 : }
1898 :
1899 : /*
1900 : * This is the default handler to return a client cert password from
1901 : * conn->sslpassword. Apps may install it explicitly if they want to
1902 : * prevent openssl from ever prompting on stdin.
1903 : */
1904 : int
1905 2 : PQdefaultSSLKeyPassHook_OpenSSL(char *buf, int size, PGconn *conn)
1906 : {
1907 2 : if (conn && conn->sslpassword)
1908 : {
1909 2 : if (strlen(conn->sslpassword) + 1 > size)
1910 0 : fprintf(stderr, libpq_gettext("WARNING: sslpassword truncated\n"));
1911 2 : strncpy(buf, conn->sslpassword, size);
1912 2 : buf[size - 1] = '\0';
1913 2 : return strlen(buf);
1914 : }
1915 : else
1916 : {
1917 0 : buf[0] = '\0';
1918 0 : return 0;
1919 : }
1920 : }
1921 :
1922 : PQsslKeyPassHook_OpenSSL_type
1923 0 : PQgetSSLKeyPassHook_OpenSSL(void)
1924 : {
1925 0 : return PQsslKeyPassHook;
1926 : }
1927 :
1928 : void
1929 0 : PQsetSSLKeyPassHook_OpenSSL(PQsslKeyPassHook_OpenSSL_type hook)
1930 : {
1931 0 : PQsslKeyPassHook = hook;
1932 0 : }
1933 :
1934 : /*
1935 : * Supply a password to decrypt a client certificate.
1936 : *
1937 : * This must match OpenSSL type pem_password_cb.
1938 : */
1939 : static int
1940 2 : PQssl_passwd_cb(char *buf, int size, int rwflag, void *userdata)
1941 : {
1942 2 : PGconn *conn = userdata;
1943 :
1944 2 : if (PQsslKeyPassHook)
1945 0 : return PQsslKeyPassHook(buf, size, conn);
1946 : else
1947 2 : return PQdefaultSSLKeyPassHook_OpenSSL(buf, size, conn);
1948 : }
1949 :
1950 : /*
1951 : * Convert TLS protocol version string to OpenSSL values
1952 : *
1953 : * If a version is passed that is not supported by the current OpenSSL version,
1954 : * then we return -1. If a non-negative value is returned, subsequent code can
1955 : * assume it is working with a supported version.
1956 : *
1957 : * Note: this is rather similar to the backend routine in be-secure-openssl.c,
1958 : * so make sure to update both routines if changing this one.
1959 : */
1960 : static int
1961 176 : ssl_protocol_version_to_openssl(const char *protocol)
1962 : {
1963 176 : if (pg_strcasecmp("TLSv1", protocol) == 0)
1964 0 : return TLS1_VERSION;
1965 :
1966 : #ifdef TLS1_1_VERSION
1967 176 : if (pg_strcasecmp("TLSv1.1", protocol) == 0)
1968 0 : return TLS1_1_VERSION;
1969 : #endif
1970 :
1971 : #ifdef TLS1_2_VERSION
1972 176 : if (pg_strcasecmp("TLSv1.2", protocol) == 0)
1973 176 : return TLS1_2_VERSION;
1974 : #endif
1975 :
1976 : #ifdef TLS1_3_VERSION
1977 0 : if (pg_strcasecmp("TLSv1.3", protocol) == 0)
1978 0 : return TLS1_3_VERSION;
1979 : #endif
1980 :
1981 0 : return -1;
1982 : }
|
