PostgreSQL Source Code git master
|
#include "postgres.h"
#include <sys/stat.h>
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "common/string.h"
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "pgstat.h"
#include "storage/fd.h"
#include "storage/latch.h"
#include "utils/guc.h"
#include "utils/memutils.h"
#include "common/openssl.h"
#include <openssl/bn.h>
#include <openssl/conf.h>
#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/x509v3.h>
Go to the source code of this file.
Macros | |
#define | MAXLEN 71 |
Functions | |
static void | default_openssl_tls_init (SSL_CTX *context, bool isServerStart) |
static int | port_bio_read (BIO *h, char *buf, int size) |
static int | port_bio_write (BIO *h, const char *buf, int size) |
static BIO_METHOD * | port_bio_method (void) |
static int | ssl_set_port_bio (Port *port) |
static DH * | load_dh_file (char *filename, bool isServerStart) |
static DH * | load_dh_buffer (const char *buffer, size_t len) |
static int | ssl_external_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | dummy_ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | verify_cb (int ok, X509_STORE_CTX *ctx) |
static void | info_cb (const SSL *ssl, int type, int args) |
static int | alpn_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *userdata) |
static bool | initialize_dh (SSL_CTX *context, bool isServerStart) |
static bool | initialize_ecdh (SSL_CTX *context, bool isServerStart) |
static const char * | SSLerrmessageExt (unsigned long ecode, const char *replacement) |
static const char * | SSLerrmessage (unsigned long ecode) |
static char * | X509_NAME_to_cstring (X509_NAME *name) |
static int | ssl_protocol_version_to_openssl (int v) |
static const char * | ssl_protocol_version_to_string (int v) |
int | be_tls_init (bool isServerStart) |
void | be_tls_destroy (void) |
int | be_tls_open_server (Port *port) |
void | be_tls_close (Port *port) |
ssize_t | be_tls_read (Port *port, void *ptr, size_t len, int *waitfor) |
ssize_t | be_tls_write (Port *port, void *ptr, size_t len, int *waitfor) |
static long | port_bio_ctrl (BIO *h, int cmd, long num, void *ptr) |
static char * | prepare_cert_name (char *name) |
int | be_tls_get_cipher_bits (Port *port) |
const char * | be_tls_get_version (Port *port) |
const char * | be_tls_get_cipher (Port *port) |
void | be_tls_get_peer_subject_name (Port *port, char *ptr, size_t len) |
void | be_tls_get_peer_issuer_name (Port *port, char *ptr, size_t len) |
void | be_tls_get_peer_serial (Port *port, char *ptr, size_t len) |
char * | be_tls_get_certificate_hash (Port *port, size_t *len) |
Variables | |
openssl_tls_init_hook_typ | openssl_tls_init_hook = default_openssl_tls_init |
static SSL_CTX * | SSL_context = NULL |
static bool | dummy_ssl_passwd_cb_called = false |
static bool | ssl_is_server_start |
static const char * | cert_errdetail |
static BIO_METHOD * | port_bio_method_ptr = NULL |
static const unsigned char | alpn_protos [] = PG_ALPN_PROTOCOL_VECTOR |
#define MAXLEN 71 |
|
static |
Definition at line 1335 of file be-secure-openssl.c.
References alpn_protos, and Assert.
Referenced by be_tls_open_server().
void be_tls_close | ( | Port * | port | ) |
Definition at line 735 of file be-secure-openssl.c.
Referenced by secure_close().
void be_tls_destroy | ( | void | ) |
Definition at line 430 of file be-secure-openssl.c.
References SSL_context.
Referenced by secure_destroy().
char * be_tls_get_certificate_hash | ( | Port * | port, |
size_t * | len | ||
) |
Definition at line 1582 of file be-secure-openssl.c.
References elog, ERROR, hash(), len, palloc(), and port.
Referenced by read_client_final_message().
const char * be_tls_get_cipher | ( | Port * | port | ) |
Definition at line 1534 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), pgstat_bestart(), and ssl_cipher().
int be_tls_get_cipher_bits | ( | Port * | port | ) |
Definition at line 1511 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), and pgstat_bestart().
void be_tls_get_peer_issuer_name | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1552 of file be-secure-openssl.c.
References len, port, strlcpy(), and X509_NAME_to_cstring().
Referenced by pgstat_bestart(), and ssl_issuer_dn().
void be_tls_get_peer_serial | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1561 of file be-secure-openssl.c.
References b, len, port, and strlcpy().
Referenced by pgstat_bestart(), and ssl_client_serial().
void be_tls_get_peer_subject_name | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1543 of file be-secure-openssl.c.
References len, port, strlcpy(), and X509_NAME_to_cstring().
Referenced by pgstat_bestart(), and ssl_client_dn().
const char * be_tls_get_version | ( | Port * | port | ) |
Definition at line 1525 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), pgstat_bestart(), and ssl_version().
int be_tls_init | ( | bool | isServerStart | ) |
Definition at line 98 of file be-secure-openssl.c.
References check_ssl_key_file_permissions(), dummy_ssl_passwd_cb_called, ereport, errcode(), errdetail(), errmsg(), error(), FATAL, GetConfigOption(), initialize_dh(), initialize_ecdh(), LOG, ssl_ca_file, ssl_cert_file, SSL_context, ssl_crl_dir, ssl_crl_file, ssl_is_server_start, ssl_key_file, ssl_max_protocol_version, ssl_min_protocol_version, ssl_protocol_version_to_openssl(), SSLCipherList, SSLCipherSuites, SSLerrmessage(), SSLPreferServerCiphers, and verify_cb().
Referenced by secure_initialize().
int be_tls_open_server | ( | Port * | port | ) |
Definition at line 439 of file be-secure-openssl.c.
References alpn_cb(), Assert, cert_errdetail, COMMERROR, ereport, err(), errcode(), errcode_for_socket_access(), errdetail_internal(), errhint(), errmsg(), info_cb(), len, MemoryContextAlloc(), pfree(), PG_ALPN_PROTOCOL, port, SSL_context, ssl_max_protocol_version, ssl_min_protocol_version, ssl_protocol_version_to_string(), ssl_set_port_bio(), SSLerrmessage(), TopMemoryContext, WaitLatchOrSocket(), WL_EXIT_ON_PM_DEATH, WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_open_server().
ssize_t be_tls_read | ( | Port * | port, |
void * | ptr, | ||
size_t | len, | ||
int * | waitfor | ||
) |
Definition at line 765 of file be-secure-openssl.c.
References COMMERROR, ECONNRESET, ereport, err(), errcode(), errmsg(), EWOULDBLOCK, len, port, SSLerrmessage(), WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_read().
ssize_t be_tls_write | ( | Port * | port, |
void * | ptr, | ||
size_t | len, | ||
int * | waitfor | ||
) |
Definition at line 824 of file be-secure-openssl.c.
References COMMERROR, ECONNRESET, ereport, err(), errcode(), errmsg(), EWOULDBLOCK, len, port, SSLerrmessage(), WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_write().
|
static |
Definition at line 1774 of file be-secure-openssl.c.
References dummy_ssl_passwd_cb(), ssl_external_passwd_cb(), ssl_passphrase_command, and ssl_passphrase_command_supports_reload.
|
static |
Definition at line 1148 of file be-secure-openssl.c.
References Assert, buf, dummy_ssl_passwd_cb_called, and size.
Referenced by default_openssl_tls_init().
|
static |
Definition at line 1284 of file be-secure-openssl.c.
References generate_unaccent_rules::args, DEBUG4, ereport, errmsg_internal(), and type.
Referenced by be_tls_open_server().
|
static |
Definition at line 1387 of file be-secure-openssl.c.
References ereport, errcode(), errmsg(), FATAL, load_dh_buffer(), load_dh_file(), LOG, ssl_dh_params_file, and SSLerrmessage().
Referenced by be_tls_init().
|
static |
Definition at line 1425 of file be-secure-openssl.c.
References _, ereport, errcode(), errhint(), errmsg(), FATAL, LOG, SSLECDHCurve, and SSLerrmessageExt().
Referenced by be_tls_init().
|
static |
Definition at line 1106 of file be-secure-openssl.c.
References DEBUG2, ereport, errmsg_internal(), len, and SSLerrmessage().
Referenced by initialize_dh().
|
static |
Definition at line 1039 of file be-secure-openssl.c.
References AllocateFile(), ereport, errcode(), errcode_for_file_access(), errmsg(), FATAL, filename, FreeFile(), LOG, and SSLerrmessage().
Referenced by initialize_dh().
|
static |
Definition at line 955 of file be-secure-openssl.c.
Referenced by port_bio_method().
|
static |
Definition at line 985 of file be-secure-openssl.c.
References port_bio_ctrl(), port_bio_method_ptr, port_bio_read(), and port_bio_write().
Referenced by ssl_set_port_bio().
|
static |
Definition at line 912 of file be-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, port, res, secure_raw_read(), and size.
Referenced by port_bio_method().
|
static |
Definition at line 936 of file be-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, res, secure_raw_write(), and size.
Referenced by port_bio_method().
|
static |
Definition at line 1165 of file be-secure-openssl.c.
References MAXLEN, name, and pg_clean_ascii().
Referenced by verify_cb().
|
static |
Definition at line 1128 of file be-secure-openssl.c.
References Assert, buf, run_ssl_passphrase_command(), size, and ssl_is_server_start.
Referenced by default_openssl_tls_init().
|
static |
Definition at line 1718 of file be-secure-openssl.c.
References PG_TLS1_1_VERSION, PG_TLS1_2_VERSION, PG_TLS1_3_VERSION, PG_TLS1_VERSION, and PG_TLS_ANY.
Referenced by be_tls_init().
|
static |
Definition at line 1753 of file be-secure-openssl.c.
References PG_TLS1_1_VERSION, PG_TLS1_2_VERSION, PG_TLS1_3_VERSION, PG_TLS1_VERSION, and PG_TLS_ANY.
Referenced by be_tls_open_server().
|
static |
Definition at line 1011 of file be-secure-openssl.c.
References port, and port_bio_method().
Referenced by be_tls_open_server().
|
static |
Definition at line 1482 of file be-secure-openssl.c.
References _, snprintf, and strerror.
Referenced by be_tls_init(), be_tls_open_server(), be_tls_read(), be_tls_write(), initialize_dh(), load_dh_buffer(), load_dh_file(), and SSLerrmessageExt().
|
static |
Definition at line 1464 of file be-secure-openssl.c.
References SSLerrmessage().
Referenced by initialize_ecdh().
|
static |
Definition at line 1205 of file be-secure-openssl.c.
References _, appendStringInfo(), appendStringInfoChar(), b, cert_errdetail, errcode(), initStringInfo(), pfree(), prepare_cert_name(), str, and X509_NAME_to_cstring().
Referenced by be_tls_init().
|
static |
Definition at line 1645 of file be-secure-openssl.c.
References elog, ereport, errcode(), errmsg(), ERROR, i, name, pfree(), pg_any_to_server(), PG_UTF8, pstrdup(), and size.
Referenced by be_tls_get_peer_issuer_name(), be_tls_get_peer_subject_name(), and verify_cb().
|
static |
Definition at line 1328 of file be-secure-openssl.c.
Referenced by alpn_cb().
|
static |
Definition at line 91 of file be-secure-openssl.c.
Referenced by be_tls_open_server(), and verify_cb().
|
static |
Definition at line 84 of file be-secure-openssl.c.
Referenced by be_tls_init(), and dummy_ssl_passwd_cb().
openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init |
Definition at line 57 of file be-secure-openssl.c.
Referenced by _PG_init().
|
static |
Definition at line 909 of file be-secure-openssl.c.
Referenced by port_bio_method().
|
static |
Definition at line 83 of file be-secure-openssl.c.
Referenced by be_tls_destroy(), be_tls_init(), be_tls_open_server(), and initialize_SSL().
|
static |
Definition at line 85 of file be-secure-openssl.c.
Referenced by be_tls_init(), and ssl_external_passwd_cb().