PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <sys/stat.h>
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "common/string.h"
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "pgstat.h"
#include "storage/fd.h"
#include "storage/latch.h"
#include "tcop/tcopprot.h"
#include "utils/builtins.h"
#include "utils/memutils.h"
#include "common/openssl.h"
#include <openssl/bn.h>
#include <openssl/conf.h>
#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/x509v3.h>
Go to the source code of this file.
Macros | |
#define | MAXLEN 71 |
Functions | |
static void | default_openssl_tls_init (SSL_CTX *context, bool isServerStart) |
static int | my_sock_read (BIO *h, char *buf, int size) |
static int | my_sock_write (BIO *h, const char *buf, int size) |
static BIO_METHOD * | my_BIO_s_socket (void) |
static int | my_SSL_set_fd (Port *port, int fd) |
static DH * | load_dh_file (char *filename, bool isServerStart) |
static DH * | load_dh_buffer (const char *buffer, size_t len) |
static int | ssl_external_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | dummy_ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | verify_cb (int ok, X509_STORE_CTX *ctx) |
static void | info_cb (const SSL *ssl, int type, int args) |
static int | alpn_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *userdata) |
static bool | initialize_dh (SSL_CTX *context, bool isServerStart) |
static bool | initialize_ecdh (SSL_CTX *context, bool isServerStart) |
static const char * | SSLerrmessage (unsigned long ecode) |
static char * | X509_NAME_to_cstring (X509_NAME *name) |
static int | ssl_protocol_version_to_openssl (int v) |
static const char * | ssl_protocol_version_to_string (int v) |
int | be_tls_init (bool isServerStart) |
void | be_tls_destroy (void) |
int | be_tls_open_server (Port *port) |
void | be_tls_close (Port *port) |
ssize_t | be_tls_read (Port *port, void *ptr, size_t len, int *waitfor) |
ssize_t | be_tls_write (Port *port, void *ptr, size_t len, int *waitfor) |
static char * | prepare_cert_name (char *name) |
int | be_tls_get_cipher_bits (Port *port) |
const char * | be_tls_get_version (Port *port) |
const char * | be_tls_get_cipher (Port *port) |
void | be_tls_get_peer_subject_name (Port *port, char *ptr, size_t len) |
void | be_tls_get_peer_issuer_name (Port *port, char *ptr, size_t len) |
void | be_tls_get_peer_serial (Port *port, char *ptr, size_t len) |
char * | be_tls_get_certificate_hash (Port *port, size_t *len) |
Variables | |
openssl_tls_init_hook_typ | openssl_tls_init_hook = default_openssl_tls_init |
static SSL_CTX * | SSL_context = NULL |
static bool | dummy_ssl_passwd_cb_called = false |
static bool | ssl_is_server_start |
static const char * | cert_errdetail |
static BIO_METHOD * | my_bio_methods = NULL |
static const unsigned char | alpn_protos [] = PG_ALPN_PROTOCOL_VECTOR |
#define MAXLEN 71 |
|
static |
Definition at line 1302 of file be-secure-openssl.c.
References alpn_protos, and Assert.
Referenced by be_tls_open_server().
void be_tls_close | ( | Port * | port | ) |
void be_tls_destroy | ( | void | ) |
Definition at line 414 of file be-secure-openssl.c.
References SSL_context.
Referenced by secure_destroy().
char* be_tls_get_certificate_hash | ( | Port * | port, |
size_t * | len | ||
) |
Definition at line 1534 of file be-secure-openssl.c.
References elog, ERROR, hash(), len, palloc(), and port.
Referenced by read_client_final_message().
const char* be_tls_get_cipher | ( | Port * | port | ) |
Definition at line 1486 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), pgstat_bestart(), and ssl_cipher().
int be_tls_get_cipher_bits | ( | Port * | port | ) |
Definition at line 1463 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), and pgstat_bestart().
void be_tls_get_peer_issuer_name | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1504 of file be-secure-openssl.c.
References len, port, strlcpy(), and X509_NAME_to_cstring().
Referenced by pgstat_bestart(), and ssl_issuer_dn().
void be_tls_get_peer_serial | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1513 of file be-secure-openssl.c.
References b, len, port, and strlcpy().
Referenced by pgstat_bestart(), and ssl_client_serial().
void be_tls_get_peer_subject_name | ( | Port * | port, |
char * | ptr, | ||
size_t | len | ||
) |
Definition at line 1495 of file be-secure-openssl.c.
References len, port, strlcpy(), and X509_NAME_to_cstring().
Referenced by pgstat_bestart(), and ssl_client_dn().
const char* be_tls_get_version | ( | Port * | port | ) |
Definition at line 1477 of file be-secure-openssl.c.
References port.
Referenced by PerformAuthentication(), pgstat_bestart(), and ssl_version().
int be_tls_init | ( | bool | isServerStart | ) |
Definition at line 98 of file be-secure-openssl.c.
References check_ssl_key_file_permissions(), context, dummy_ssl_passwd_cb_called, ereport, errcode(), errdetail(), errmsg(), error(), FATAL, GetConfigOption(), initialize_dh(), initialize_ecdh(), LOG, ssl_ca_file, ssl_cert_file, SSL_context, ssl_crl_dir, ssl_crl_file, ssl_is_server_start, ssl_key_file, ssl_max_protocol_version, ssl_min_protocol_version, ssl_protocol_version_to_openssl(), SSLCipherSuites, SSLerrmessage(), SSLPreferServerCiphers, and verify_cb().
Referenced by secure_initialize().
int be_tls_open_server | ( | Port * | port | ) |
Definition at line 423 of file be-secure-openssl.c.
References alpn_cb(), Assert, cert_errdetail, COMMERROR, ereport, err(), errcode(), errcode_for_socket_access(), errdetail_internal(), errhint(), errmsg(), info_cb(), len, MemoryContextAlloc(), my_SSL_set_fd(), MyLatch, pfree(), PG_ALPN_PROTOCOL, port, SSL_context, ssl_max_protocol_version, ssl_min_protocol_version, ssl_protocol_version_to_string(), SSLerrmessage(), TopMemoryContext, WaitLatchOrSocket(), WL_EXIT_ON_PM_DEATH, WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_open_server().
ssize_t be_tls_read | ( | Port * | port, |
void * | ptr, | ||
size_t | len, | ||
int * | waitfor | ||
) |
Definition at line 749 of file be-secure-openssl.c.
References COMMERROR, ECONNRESET, ereport, err(), errcode(), errmsg(), EWOULDBLOCK, len, port, SSLerrmessage(), WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_read().
ssize_t be_tls_write | ( | Port * | port, |
void * | ptr, | ||
size_t | len, | ||
int * | waitfor | ||
) |
Definition at line 808 of file be-secure-openssl.c.
References COMMERROR, ECONNRESET, ereport, err(), errcode(), errmsg(), EWOULDBLOCK, len, port, SSLerrmessage(), WL_SOCKET_READABLE, and WL_SOCKET_WRITEABLE.
Referenced by secure_write().
|
static |
Definition at line 1726 of file be-secure-openssl.c.
References context, dummy_ssl_passwd_cb(), ssl_external_passwd_cb(), ssl_passphrase_command, and ssl_passphrase_command_supports_reload.
|
static |
Definition at line 1115 of file be-secure-openssl.c.
References Assert, buf, dummy_ssl_passwd_cb_called, and size.
Referenced by default_openssl_tls_init().
|
static |
Definition at line 1251 of file be-secure-openssl.c.
References generate_unaccent_rules::args, DEBUG4, ereport, errmsg_internal(), and type.
Referenced by be_tls_open_server().
Definition at line 1354 of file be-secure-openssl.c.
References context, ereport, errcode(), errmsg(), FATAL, load_dh_buffer(), load_dh_file(), LOG, ssl_dh_params_file, and SSLerrmessage().
Referenced by be_tls_init().
Definition at line 1392 of file be-secure-openssl.c.
References context, ereport, errcode(), errmsg(), FATAL, LOG, and SSLECDHCurve.
Referenced by be_tls_init().
|
static |
Definition at line 1073 of file be-secure-openssl.c.
References DEBUG2, ereport, errmsg_internal(), len, and SSLerrmessage().
Referenced by initialize_dh().
|
static |
Definition at line 1006 of file be-secure-openssl.c.
References AllocateFile(), ereport, errcode(), errcode_for_file_access(), errmsg(), FATAL, filename, FreeFile(), LOG, and SSLerrmessage().
Referenced by initialize_dh().
|
static |
Definition at line 937 of file be-secure-openssl.c.
References my_bio_methods, my_sock_read(), and my_sock_write().
Referenced by my_SSL_set_fd().
|
static |
Definition at line 896 of file be-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, res, secure_raw_read(), and size.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 918 of file be-secure-openssl.c.
References buf, EAGAIN, EINTR, EWOULDBLOCK, res, secure_raw_write(), and size.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 970 of file be-secure-openssl.c.
References err(), fd(), my_BIO_s_socket(), and port.
Referenced by be_tls_open_server().
|
static |
Definition at line 1132 of file be-secure-openssl.c.
References MAXLEN, name, and pg_clean_ascii().
Referenced by verify_cb().
|
static |
Definition at line 1095 of file be-secure-openssl.c.
References Assert, buf, run_ssl_passphrase_command(), size, and ssl_is_server_start.
Referenced by default_openssl_tls_init().
|
static |
Definition at line 1670 of file be-secure-openssl.c.
References PG_TLS1_1_VERSION, PG_TLS1_2_VERSION, PG_TLS1_3_VERSION, PG_TLS1_VERSION, and PG_TLS_ANY.
Referenced by be_tls_init().
|
static |
Definition at line 1705 of file be-secure-openssl.c.
References PG_TLS1_1_VERSION, PG_TLS1_2_VERSION, PG_TLS1_3_VERSION, PG_TLS1_VERSION, and PG_TLS_ANY.
Referenced by be_tls_open_server().
|
static |
Definition at line 1434 of file be-secure-openssl.c.
References _, snprintf, and strerror.
Referenced by be_tls_init(), be_tls_open_server(), be_tls_read(), be_tls_write(), initialize_dh(), load_dh_buffer(), and load_dh_file().
|
static |
Definition at line 1172 of file be-secure-openssl.c.
References _, appendStringInfo(), appendStringInfoChar(), b, cert_errdetail, errcode(), initStringInfo(), pfree(), prepare_cert_name(), str, and X509_NAME_to_cstring().
Referenced by be_tls_init().
|
static |
Definition at line 1597 of file be-secure-openssl.c.
References elog, ereport, errcode(), errmsg(), ERROR, i, name, pfree(), pg_any_to_server(), PG_UTF8, pstrdup(), and size.
Referenced by be_tls_get_peer_issuer_name(), be_tls_get_peer_subject_name(), and verify_cb().
|
static |
Definition at line 1295 of file be-secure-openssl.c.
Referenced by alpn_cb().
|
static |
Definition at line 91 of file be-secure-openssl.c.
Referenced by be_tls_open_server(), and verify_cb().
Definition at line 84 of file be-secure-openssl.c.
Referenced by be_tls_init(), and dummy_ssl_passwd_cb().
|
static |
Definition at line 893 of file be-secure-openssl.c.
Referenced by my_BIO_s_socket().
openssl_tls_init_hook_typ openssl_tls_init_hook = default_openssl_tls_init |
Definition at line 58 of file be-secure-openssl.c.
Referenced by _PG_init().
|
static |
Definition at line 83 of file be-secure-openssl.c.
Referenced by be_tls_destroy(), be_tls_init(), be_tls_open_server(), and initialize_SSL().
|
static |
Definition at line 85 of file be-secure-openssl.c.
Referenced by be_tls_init(), and ssl_external_passwd_cb().