Fix the sense of the test on DH_check()'s return value. This was preventing

custom-generated DH parameters from actually being used by the server.
Found by Michael Fuhr.

diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 53d26adc776979957343880224a7ed2116d77e99..50825a0cb7a5a8d25a8ff5311abf930b3ac92186 100644 (file)
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -79,7 +79,6 @@
 #include <sys/stat.h>
 #include <signal.h>
 #include <fcntl.h>
-#include <errno.h>
 #include <ctype.h>
 #include <sys/socket.h>
 #include <unistd.h>
@@ -97,6 +96,8 @@
 
 #include "libpq/libpq.h"
 #include "miscadmin.h"
+#include "tcop/tcopprot.h"
+
 
 #ifdef USE_SSL
 static DH  *load_dh_file(int keylength);
@@ -308,8 +309,14 @@ rloop:
        }
        else
 #endif
+       {
+               prepare_for_client_read();
+
                n = recv(port->sock, ptr, len, 0);
 
+               client_read_ended();
+       }
+
        return n;
 }
 
@@ -410,6 +417,73 @@ wloop:
 /*                                               SSL specific code                                             */
 /* ------------------------------------------------------------ */
 #ifdef USE_SSL
+
+/*
+ * Private substitute BIO: this wraps the SSL library's standard socket BIO
+ * so that we can enable and disable interrupts just while calling recv().
+ * We cannot have interrupts occurring while the bulk of openssl runs,
+ * because it uses malloc() and possibly other non-reentrant libc facilities.
+ *
+ * As of openssl 0.9.7, we can use the reasonably clean method of interposing
+ * a wrapper around the standard socket BIO's sock_read() method.  This relies
+ * on the fact that sock_read() doesn't call anything non-reentrant, in fact
+ * not much of anything at all except recv().  If this ever changes we'd
+ * probably need to duplicate the code of sock_read() in order to push the
+ * interrupt enable/disable down yet another level.
+ */
+
+static bool my_bio_initialized = false;
+static BIO_METHOD my_bio_methods;
+static int (*std_sock_read) (BIO *h, char *buf, int size);
+
+static int
+my_sock_read(BIO *h, char *buf, int size)
+{
+       int             res;
+
+       prepare_for_client_read();
+
+       res = std_sock_read(h, buf, size);
+
+       client_read_ended();
+
+       return res;
+}
+
+static BIO_METHOD *
+my_BIO_s_socket(void)
+{
+       if (!my_bio_initialized)
+       {
+               memcpy(&my_bio_methods, BIO_s_socket(), sizeof(BIO_METHOD));
+               std_sock_read = my_bio_methods.bread;
+               my_bio_methods.bread = my_sock_read;
+               my_bio_initialized = true;
+       }
+       return &my_bio_methods;
+}
+
+/* This should exactly match openssl's SSL_set_fd except for using my BIO */
+static int
+my_SSL_set_fd(SSL *s, int fd)
+{
+       int ret=0;
+       BIO *bio=NULL;
+
+       bio=BIO_new(my_BIO_s_socket());
+
+       if (bio == NULL)
+       {
+               SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
+               goto err;
+       }
+       BIO_set_fd(bio,fd,BIO_NOCLOSE);
+       SSL_set_bio(s,bio,bio);
+       ret=1;
+err:
+       return(ret);
+}
+
 /*
  *     Load precomputed DH parameters.
  *
@@ -446,7 +520,7 @@ load_dh_file(int keylength)
        /* make sure the DH parameters are usable */
        if (dh != NULL)
        {
-               if (DH_check(dh, &codes))
+               if (DH_check(dh, &codes) == 0)
                {
                        elog(LOG, "DH_check error (%s): %s", fnbuf, SSLerrmessage());
                        return NULL;
@@ -761,7 +835,7 @@ open_server_SSL(Port *port)
                close_SSL(port);
                return -1;
        }
-       if (!SSL_set_fd(port->ssl, port->sock))
+       if (!my_SSL_set_fd(port->ssl, port->sock))
        {
                ereport(COMMERROR,
                                (errcode(ERRCODE_PROTOCOL_VIOLATION),