Re: pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

Asif Naeem <anaeem.it@gmail.com>

From: Asif Naeem <anaeem.it@gmail.com>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Andreas Karlsson <andreas@proxel.se>, Andres Freund <andres@anarazel.de>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2016-12-06T14:42:21Z
Lists: pgsql-hackers
Thanks for updated patch. Although EVP_CIPHER_CTX_cleanup() seems deprecated in
OpenSSL >= 1.1.0 i.e.

# if OPENSSL_API_COMPAT < 0x10100000L
> #  define EVP_CIPHER_CTX_init(c)      EVP_CIPHER_CTX_reset(c)
> #  define EVP_CIPHER_CTX_cleanup(c)   EVP_CIPHER_CTX_reset(c)
> # endif


I guess use of deprecated function is fine, until OpenSSL library support
it.



On Tue, Dec 6, 2016 at 6:15 PM, Michael Paquier <michael.paquier@gmail.com>
wrote:

> On Tue, Dec 6, 2016 at 9:31 PM, Asif Naeem <anaeem.it@gmail.com> wrote:
> > Thank you for v2 patch, I would like to comment on it. It seems that you
> > have used function EVP_CIPHER_CTX_reset in the patch that was introduced
> in
> > OpenSSL 1.1.0, older library version might not work now, is it
> intentional
> > change ?.
>
> I thought I tested that... But yes, that would not compile when linked
> with 1.0.2 or older. Using EVP_CIPHER_CTX_cleanup() is safe instead as
> that's available down to 0.9.8.
> --
> Michael
>

Commits

  1. Fix pgcrypto compilation with OpenSSL 1.1.0.

  2. Use OpenSSL EVP API for symmetric encryption in pgcrypto.

  3. Support OpenSSL 1.1.0.