int
pgwin32_send(SOCKET s, const void *buf, int len, int flags)
{
WSABUF wbuf;
int r;
DWORD b;
if (pgwin32_poll_signals())
return -1;
wbuf.len = len;
wbuf.buf = (char *) buf;
/*
* Readiness of socket to send data to UDP socket may be not true: socket
* can become busy again! So loop until send or error occurs.
*/
for (;;)
{
r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL);
if (r != SOCKET_ERROR && b > 0)
/* Write succeeded right away */
return b;
if (r == SOCKET_ERROR &&
WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
if (pgwin32_noblock)
{
/*
* No data sent, and we are in "emulated non-blocking mode", so
* return indicating that we'd block if we were to continue.
*/
errno = EWOULDBLOCK;
return -1;
}
/* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE, INFINITE) == 0)
return -1;
}
return -1;
}
int
pgwin32_recv(SOCKET s, char *buf, int len, int f)
{
WSABUF wbuf;
int r;
DWORD b;
DWORD flags = f;
if (pgwin32_poll_signals())
return -1;
wbuf.len = len;
wbuf.buf = buf;
r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL);
if (r != SOCKET_ERROR && b > 0)
/* Read succeeded right away */
return b;
if (r == SOCKET_ERROR &&
WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
/* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
if (pgwin32_waitforsinglesocket(s, FD_READ | FD_CLOSE | FD_ACCEPT,
INFINITE) == 0)
return -1;
r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL);
if (r == SOCKET_ERROR)
{
TranslateSocketError();
return -1;
}
return b;
}
/* No signal delivery during connect. */
int
pgwin32_connect(SOCKET s, const struct sockaddr * addr, int addrlen)
{
int r;
r = WSAConnect(s, addr, addrlen, NULL, NULL, NULL, NULL);
if (r == 0)
return 0;
if (WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
while (pgwin32_waitforsinglesocket(s, FD_CONNECT, INFINITE) == 0)
{
/* Loop endlessly as long as we are just delivering signals */
}
return 0;
}
int
pgwin32_send(SOCKET s, char *buf, int len, int flags)
{
WSABUF wbuf;
int r;
DWORD b;
if (pgwin32_poll_signals())
return -1;
wbuf.len = len;
wbuf.buf = buf;
/*
* Readiness of socket to send data to UDP socket may be not true: socket
* can become busy again! So loop until send or error occurs.
*/
for (;;)
{
r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL);
if (r != SOCKET_ERROR && b > 0)
/* Write succeeded right away */
return b;
if (r == SOCKET_ERROR &&
WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
/* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE, INFINITE) == 0)
return -1;
}
return -1;
}
int
pgwin32_send(SOCKET s, char *buf, int len, int flags)
{
WSABUF wbuf;
int r;
DWORD b;
if (pgwin32_poll_signals())
return -1;
wbuf.len = len;
wbuf.buf = buf;
r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL);
if (r != SOCKET_ERROR && b > 0)
/* Write succeeded right away */
return b;
if (r == SOCKET_ERROR &&
WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
/* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE) == 0)
return -1;
r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL);
if (r == SOCKET_ERROR)
{
TranslateSocketError();
return -1;
}
return b;
}
/*
* Attempt to negotiate SSL connection.
*/
static int
open_server_SSL(Port *port)
{
int r;
int err;
Assert(!port->ssl);
Assert(!port->peer);
if (!(port->ssl = SSL_new(SSL_context)))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not initialize SSL connection: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
if (!my_SSL_set_fd(port->ssl, port->sock))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not set SSL socket: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
aloop:
r = SSL_accept(port->ssl);
if (r <= 0)
{
err = SSL_get_error(port->ssl, r);
switch (err)
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto aloop;
case SSL_ERROR_SYSCALL:
if (r < 0)
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("could not accept SSL connection: %m")));
else
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: %s",
SSLerrmessage())));
break;
case SSL_ERROR_ZERO_RETURN:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
break;
}
close_SSL(port);
return -1;
}
port->count = 0;
/* get client certificate, if available. */
port->peer = SSL_get_peer_certificate(port->ssl);
if (port->peer == NULL)
{
strlcpy(port->peer_dn, "(anonymous)", sizeof(port->peer_dn));
strlcpy(port->peer_cn, "(anonymous)", sizeof(port->peer_cn));
}
else
{
X509_NAME_oneline(X509_get_subject_name(port->peer),
port->peer_dn, sizeof(port->peer_dn));
port->peer_dn[sizeof(port->peer_dn) - 1] = '\0';
r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
NID_commonName, port->peer_cn, sizeof(port->peer_cn));
port->peer_cn[sizeof(port->peer_cn) - 1] = '\0';
if (r == -1)
{
/* Unable to get the CN, set it to blank so it can't be used */
port->peer_cn[0] = '\0';
}
else
{
/*
* Reject embedded NULLs in certificate common name to prevent
* attacks like CVE-2009-4034.
*/
if (r != strlen(port->peer_cn))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL certificate's common name contains embedded null")));
close_SSL(port);
return -1;
}
}
}
ereport(DEBUG2,
(errmsg("SSL connection from \"%s\"", port->peer_cn)));
/* set up debugging/info callback */
SSL_CTX_set_info_callback(SSL_context, info_cb);
return 0;
}
/*
* Write data to a secure connection.
*/
ssize_t
secure_write(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
{
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (SSL_do_handshake(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failed to send renegotiation request")));
port->ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(port->ssl);
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
port->count = 0;
}
wloop:
errno = 0;
n = SSL_write(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto wloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
n = send(port->sock, ptr, len, 0);
return n;
}
/*
* Read data from a secure connection.
*/
ssize_t
secure_read(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
rloop:
errno = 0;
n = SSL_read(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
if (port->noblock)
{
errno = EWOULDBLOCK;
n = -1;
break;
}
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto rloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
{
prepare_for_client_read();
n = recv(port->sock, ptr, len, 0);
client_read_ended();
}
return n;
}
int
pgwin32_recv(SOCKET s, char *buf, int len, int f)
{
WSABUF wbuf;
int r;
DWORD b;
DWORD flags = f;
int n;
if (pgwin32_poll_signals())
return -1;
wbuf.len = len;
wbuf.buf = buf;
r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL);
if (r != SOCKET_ERROR && b > 0)
/* Read succeeded right away */
return b;
if (r == SOCKET_ERROR &&
WSAGetLastError() != WSAEWOULDBLOCK)
{
TranslateSocketError();
return -1;
}
if (pgwin32_noblock)
{
/*
* No data received, and we are in "emulated non-blocking mode", so
* return indicating that we'd block if we were to continue.
*/
errno = EWOULDBLOCK;
return -1;
}
/* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
for (n = 0; n < 5; n++)
{
if (pgwin32_waitforsinglesocket(s, FD_READ | FD_CLOSE | FD_ACCEPT,
INFINITE) == 0)
return -1; /* errno already set */
r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL);
if (r == SOCKET_ERROR)
{
if (WSAGetLastError() == WSAEWOULDBLOCK)
{
/*
* There seem to be cases on win2k (at least) where WSARecv
* can return WSAEWOULDBLOCK even when
* pgwin32_waitforsinglesocket claims the socket is readable.
* In this case, just sleep for a moment and try again. We try
* up to 5 times - if it fails more than that it's not likely
* to ever come back.
*/
pg_usleep(10000);
continue;
}
TranslateSocketError();
return -1;
}
return b;
}
ereport(NOTICE,
(errmsg_internal("could not read from ready socket (after retries)")));
errno = EWOULDBLOCK;
return -1;
}
/*
* Attempt to negotiate SSL connection.
*/
static int
open_server_SSL(Port *port)
{
int r;
int err;
Assert(!port->ssl);
Assert(!port->peer);
if (!(port->ssl = SSL_new(SSL_context)))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not initialize SSL connection: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
if (!my_SSL_set_fd(port->ssl, port->sock))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not set SSL socket: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
aloop:
r = SSL_accept(port->ssl);
if (r <= 0)
{
err = SSL_get_error(port->ssl, r);
switch (err)
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto aloop;
case SSL_ERROR_SYSCALL:
if (r < 0)
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("could not accept SSL connection: %m")));
else
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: %s",
SSLerrmessage())));
break;
case SSL_ERROR_ZERO_RETURN:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
break;
}
close_SSL(port);
return -1;
}
port->count = 0;
/* Get client certificate, if available. */
port->peer = SSL_get_peer_certificate(port->ssl);
/* and extract the Common Name from it. */
port->peer_cn = NULL;
if (port->peer != NULL)
{
int len;
len = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
NID_commonName, NULL, 0);
if (len != -1)
{
char *peer_cn;
peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1);
r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
NID_commonName, peer_cn, len+1);
peer_cn[len] = '\0';
if (r != len)
{
/* shouldn't happen */
pfree(peer_cn);
close_SSL(port);
return -1;
}
/*
* Reject embedded NULLs in certificate common name to prevent
* attacks like CVE-2009-4034.
*/
if (len != strlen(peer_cn))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL certificate's common name contains embedded null")));
pfree(peer_cn);
close_SSL(port);
return -1;
}
port->peer_cn = peer_cn;
}
}
ereport(DEBUG2,
(errmsg("SSL connection from \"%s\"",
port->peer_cn ? port->peer_cn : "(anonymous)")));
/* set up debugging/info callback */
SSL_CTX_set_info_callback(SSL_context, info_cb);
return 0;
}
/*
* Write data to a secure connection.
*/
ssize_t
secure_write(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
{
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
{
report_commerror("SSL renegotiation failure");
}
if (SSL_do_handshake(port->ssl) <= 0)
{
report_commerror("SSL renegotiation failure");
}
if (port->ssl->state != SSL_ST_OK)
{
report_commerror("SSL failed to send renegotiation request");
}
port->ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(port->ssl);
if (port->ssl->state != SSL_ST_OK)
{
report_commerror("SSL renegotiation failure");
}
port->count = 0;
}
wloop:
errno = 0;
n = SSL_write(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
const int ERR_MSG_LEN = ERROR_BUF_SIZE + 20;
char err_msg[ERR_MSG_LEN];
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto wloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
snprintf((char *)&err_msg, ERR_MSG_LEN, "SSL error: %s", SSLerrmessage());
report_commerror(err_msg);
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
snprintf((char *)&err_msg, ERR_MSG_LEN, "unrecognized SSL error code: %d", err);
report_commerror(err_msg);
n = -1;
break;
}
}
else
#endif
{
prepare_for_client_write();
n = send(port->sock, ptr, len, 0);
client_write_ended();
}
return n;
}
/*
* Write data to a secure connection.
*/
ssize_t
secure_write(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
/*
* If SSL renegotiations are enabled and we're getting close to the
* limit, start one now; but avoid it if there's one already in
* progress. Request the renegotiation 1kB before the limit has
* actually expired.
*/
if (ssl_renegotiation_limit && !in_ssl_renegotiation &&
port->count > (ssl_renegotiation_limit - 1) * 1024L)
{
in_ssl_renegotiation = true;
/*
* The way we determine that a renegotiation has completed is by
* observing OpenSSL's internal renegotiation counter. Make sure
* we start out at zero, and assume that the renegotiation is
* complete when the counter advances.
*
* OpenSSL provides SSL_renegotiation_pending(), but this doesn't
* seem to work in testing.
*/
SSL_clear_num_renegotiations(port->ssl);
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failure during renegotiation start")));
else
{
int retries;
/*
* A handshake can fail, so be prepared to retry it, but only
* a few times.
*/
for (retries = 0; retries++;)
{
if (SSL_do_handshake(port->ssl) > 0)
break; /* done */
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL handshake failure on renegotiation, retrying")));
if (retries >= 20)
ereport(FATAL,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unable to complete SSL handshake")));
}
}
}
wloop:
errno = 0;
n = SSL_write(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto wloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
errno = ECONNRESET;
n = -1;
break;
}
if (n >= 0)
{
/* is renegotiation complete? */
if (in_ssl_renegotiation &&
SSL_num_renegotiations(port->ssl) >= 1)
{
in_ssl_renegotiation = false;
port->count = 0;
}
/*
* if renegotiation is still ongoing, and we've gone beyond the
* limit, kill the connection now -- continuing to use it can be
* considered a security problem.
*/
if (in_ssl_renegotiation &&
port->count > ssl_renegotiation_limit * 1024L)
ereport(FATAL,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failed to renegotiate connection before limit expired")));
}
}
else
#endif
n = send(port->sock, ptr, len, 0);
return n;
}
