Re: pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>
Cc: Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX
Date: 2016-12-05 08:11:42
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 12/05/2016 05:19 AM, Michael Paquier wrote:
> On Thu, Dec 1, 2016 at 11:17 AM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
>> On 12/01/2016 02:48 AM, Andres Freund wrote:
>> Yes, I believe this is one of the changes in OpenSSL 1.1. I guess you might
>> be the first one to try to compile with 1.1 since
>> 5ff4a67f63fd6d3eb01ff9707d4674ed54a89f3b was pushed.
> Yes, I can see the failure as well using 1.1.0 on my OSX laptop with
> homebrew packages.

Sorry about that! Given that I just dealt with this same issue with
EVP_MD_CTX_init, I should've noticed.

> Finally, attached is a patch to address the failure. make check is
> passing here for 1.1.0 and 1.0.2. The problem is that OpenSSL 1.1
> relies on an opaque structure here so we need to have the pgcrypto
> code rely on a pointer and not a direct declaration of the structure.
> EVP_CIPHER_CTX_free() and EVP_CIPHER_CTX_new() have been introduced in
> 0.9.8 which is the oldest version supported by HEAD, and 5ff4a67f is
> HEAD-only, so there is no need to back-patch here.

I'm afraid if we just start using EVP_CIPHER_CTX_new(), we'll leak the
context on any error. We had exactly the same problem with
EVP_MD_CTX_init being removed, in the patch that added OpenSSL 1.1.0
support. We'll have to use a resource owner to track it, just like we
did with EVP_MD_CTX in commit 593d4e47. Want to do that, or should I?

- Heikki

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2016-12-05 08:11:44 Re: commitfest 2016-11 status summary
Previous Message Kouhei Kaigai 2016-12-05 07:49:27 Re: PassDownLimitBound for ForeignScan/CustomScan [take-2]