On Wed, Feb 15, 2006 at 03:02:45PM -0500, Tom Lane wrote:
> Michael Fuhr <mike(at)fuhr(dot)org> writes:
> > My non-OpenSSL build shows no memory leak, so the leak and OpenSSL
> > seem to be correlated. I'd be more inclined to suspect a bug in
> > pgcrypto's OpenSSL-specific code than in OpenSSL itself. Will keep
> > digging.
> The problem appears to be here:
> static void
> digest_finish(PX_MD * h, uint8 *dst)
> EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
> const EVP_MD *md = EVP_MD_CTX_md(ctx);
> EVP_DigestFinal(ctx, dst, NULL);
> * Some builds of 0.9.7x clear all of ctx in EVP_DigestFinal. Fix it by
> * reinitializing ctx.
> EVP_DigestInit(ctx, md);
> It looks like this results in a leak of the entire OpenSSL context for
> each call to pg_crypt. Marko, I trust you've got a better solution for
> this ...
Seems it's another bug in OpenSSL backwards compatibility code.
EVP_DigestFinal() is similar to EVP_DigestFinal_ex()
except the digest context ctx is automatically cleaned up.
EVP_DigestFinal() retrieves the digest value from ctx
and places it in md. If the s parameter is not NULL then the
number of bytes of data written (i.e. the length of the digest)
will be written to the integer at s, at most EVP_MAX_MD_SIZE
bytes will be written. After calling EVP_DigestFinal() no
additional calls to EVP_DigestUpdate() can be made, but
EVP_DigestInit() can be called to initialize a new digest
But I have planned converting it to newer *_ex interface,
I just didn't bother as I hoped OpenSSL compatibility code
works fine. Seems they don't do much testing of older
interfaces, so the fix should be conversion of digest
functions to newer interface.
I'll send a patch ASAP.
In response to
pgsql-bugs by date
|Next:||From: James Hughes||Date: 2006-02-16 15:33:48|
|Subject: BUG #2268: initdb fails to initialize database cluster with error "Access is denied"|
|Previous:||From: Gerhard Lutz||Date: 2006-02-16 14:06:52|
|Subject: BUG #2267: Accessing large objects via ODBC|