diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-21 05:05:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-21 05:05:26 +0000 |
commit | e75d99818dd3940be997520e64db8c9e3b207e39 (patch) | |
tree | 0003ca0de74fcc8d18433e34ea68d2e7aaf06b7c /src/interfaces/libpq/fe-secure-openssl.c | |
parent | Releasing progress-linux version 15.6-0+deb12u1~progress6.99u1. (diff) | |
download | postgresql-15-e75d99818dd3940be997520e64db8c9e3b207e39.tar.xz postgresql-15-e75d99818dd3940be997520e64db8c9e3b207e39.zip |
Merging upstream version 15.7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/interfaces/libpq/fe-secure-openssl.c')
-rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 45 |
1 files changed, 21 insertions, 24 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 61f3767..47c8e0b 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -96,12 +96,7 @@ static bool ssl_lib_initialized = false; #ifdef ENABLE_THREAD_SAFETY static long crypto_open_connections = 0; -#ifndef WIN32 static pthread_mutex_t ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER; -#else -static pthread_mutex_t ssl_config_mutex = NULL; -static long win32_ssl_create_mutex = 0; -#endif #endif /* ENABLE_THREAD_SAFETY */ static PQsslKeyPassHook_OpenSSL_type PQsslKeyPassHook = NULL; @@ -777,20 +772,6 @@ int pgtls_init(PGconn *conn, bool do_ssl, bool do_crypto) { #ifdef ENABLE_THREAD_SAFETY -#ifdef WIN32 - /* Also see similar code in fe-connect.c, default_threadlock() */ - if (ssl_config_mutex == NULL) - { - while (InterlockedExchange(&win32_ssl_create_mutex, 1) == 1) - /* loop, another thread own the lock */ ; - if (ssl_config_mutex == NULL) - { - if (pthread_mutex_init(&ssl_config_mutex, NULL)) - return -1; - } - InterlockedExchange(&win32_ssl_create_mutex, 0); - } -#endif if (pthread_mutex_lock(&ssl_config_mutex)) return -1; @@ -881,7 +862,6 @@ static void destroy_ssl_system(void) { #if defined(ENABLE_THREAD_SAFETY) && defined(HAVE_CRYPTO_LOCK) - /* Mutex is created in pgtls_init() */ if (pthread_mutex_lock(&ssl_config_mutex)) return; @@ -929,7 +909,6 @@ initialize_SSL(PGconn *conn) bool have_homedir; bool have_cert; bool have_rootcert; - EVP_PKEY *pkey = NULL; /* * We'll need the home directory if any of the relevant parameters are @@ -1265,6 +1244,7 @@ initialize_SSL(PGconn *conn) /* Colon, but not in second character, treat as engine:key */ char *engine_str = strdup(conn->sslkey); char *engine_colon; + EVP_PKEY *pkey; if (engine_str == NULL) { @@ -1677,10 +1657,11 @@ pgtls_close(PGconn *conn) * Obtain reason string for passed SSL errcode * * ERR_get_error() is used by caller to get errcode to pass here. + * The result must be freed after use, using SSLerrfree. * - * Some caution is needed here since ERR_reason_error_string will - * return NULL if it doesn't recognize the error code. We don't - * want to return NULL ever. + * Some caution is needed here since ERR_reason_error_string will return NULL + * if it doesn't recognize the error code, or (in OpenSSL >= 3) if the code + * represents a system errno value. We don't want to return NULL ever. */ static char ssl_nomem[] = "out of memory allocating error description"; @@ -1706,6 +1687,22 @@ SSLerrmessage(unsigned long ecode) strlcpy(errbuf, errreason, SSL_ERR_LEN); return errbuf; } + + /* + * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to + * map system errno values. We can cover that shortcoming with this bit + * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro, + * but that's okay because they don't have the shortcoming either. + */ +#ifdef ERR_SYSTEM_ERROR + if (ERR_SYSTEM_ERROR(ecode)) + { + strlcpy(errbuf, strerror(ERR_GET_REASON(ecode)), SSL_ERR_LEN); + return errbuf; + } +#endif + + /* No choice but to report the numeric ecode */ snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("SSL error code %lu"), ecode); return errbuf; } |