Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-12 Thread Michael Paquier
On Mon, Dec 12, 2016 at 6:17 PM, Heikki Linnakangas wrote: > Removed that, did some further cosmetic changes, and pushed. I renamed a > bunch variables and structs, so that they are more consistent with the > similar digest stuff. That definitely makes sense this way, thanks for

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-12 Thread Heikki Linnakangas
On 12/12/2016 07:18 AM, Michael Paquier wrote: On Fri, Dec 9, 2016 at 10:22 AM, Michael Paquier wrote: Thanks for looking at the patch. Looking forward to hearing more! Here is an updated patch based on which reviews should be done. I have fixed the issue you have

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-11 Thread Michael Paquier
On Fri, Dec 9, 2016 at 10:22 AM, Michael Paquier wrote: > Thanks for looking at the patch. Looking forward to hearing more! Here is an updated patch based on which reviews should be done. I have fixed the issue you have reported, and upon additional lookup I have

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-08 Thread Michael Paquier
On Fri, Dec 9, 2016 at 1:11 AM, Asif Naeem wrote: > It make sense. I would like to share more comments as following i.e. > >> static int >> bf_check_supported_key_len(void) >> { >> ... >> /* encrypt with 448bits key and verify output */ >> evp_ctx =

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-08 Thread Asif Naeem
It make sense. I would like to share more comments as following i.e. static int > bf_check_supported_key_len(void) > { > ... > /* encrypt with 448bits key and verify output */ > evp_ctx = EVP_CIPHER_CTX_new(); > if (!evp_ctx) > return 1; > if

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-06 Thread Michael Paquier
On Tue, Dec 6, 2016 at 11:42 PM, Asif Naeem wrote: > Thanks for updated patch. Although EVP_CIPHER_CTX_cleanup() seems deprecated > in OpenSSL >= 1.1.0 i.e. > >> # if OPENSSL_API_COMPAT < 0x1010L >> # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) >> #

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-06 Thread Asif Naeem
Thanks for updated patch. Although EVP_CIPHER_CTX_cleanup() seems deprecated in OpenSSL >= 1.1.0 i.e. # if OPENSSL_API_COMPAT < 0x1010L > # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) > # define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) > # endif I guess use of

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-06 Thread Michael Paquier
On Tue, Dec 6, 2016 at 9:31 PM, Asif Naeem wrote: > Thank you for v2 patch, I would like to comment on it. It seems that you > have used function EVP_CIPHER_CTX_reset in the patch that was introduced in > OpenSSL 1.1.0, older library version might not work now, is it

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-06 Thread Asif Naeem
Hi Michael, Thank you for v2 patch, I would like to comment on it. It seems that you have used function EVP_CIPHER_CTX_reset in the patch that was introduced in OpenSSL 1.1.0, older library version might not work now, is it intentional change ?. Regards, Muhammad Asif Naeem On Tue, Dec 6, 2016

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-05 Thread Michael Paquier
On Mon, Dec 5, 2016 at 6:09 PM, Michael Paquier wrote: > On Mon, Dec 5, 2016 at 5:11 PM, Heikki Linnakangas wrote: >> I'm afraid if we just start using EVP_CIPHER_CTX_new(), we'll leak the >> context on any error. We had exactly the same problem with

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-05 Thread Michael Paquier
On Mon, Dec 5, 2016 at 5:11 PM, Heikki Linnakangas wrote: > I'm afraid if we just start using EVP_CIPHER_CTX_new(), we'll leak the > context on any error. We had exactly the same problem with EVP_MD_CTX_init > being removed, in the patch that added OpenSSL 1.1.0 support. We'll

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-05 Thread Heikki Linnakangas
On 12/05/2016 05:19 AM, Michael Paquier wrote: On Thu, Dec 1, 2016 at 11:17 AM, Andreas Karlsson wrote: On 12/01/2016 02:48 AM, Andres Freund wrote: Yes, I believe this is one of the changes in OpenSSL 1.1. I guess you might be the first one to try to compile with 1.1 since

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-12-04 Thread Michael Paquier
On Thu, Dec 1, 2016 at 11:17 AM, Andreas Karlsson wrote: > On 12/01/2016 02:48 AM, Andres Freund wrote: >> >> It appears openssl has removed the public definition of EVP_CIPHER_CTX >> leading to pgcrypto failing with: That's not much surprising, most distributions are still on

Re: [HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-11-30 Thread Andreas Karlsson
On 12/01/2016 02:48 AM, Andres Freund wrote: It appears openssl has removed the public definition of EVP_CIPHER_CTX leading to pgcrypto failing with: Yes, I believe this is one of the changes in OpenSSL 1.1. I guess you might be the first one to try to compile with 1.1 since

[HACKERS] pgcrypto compilation error due to stack-allocated EVP_CIPHER_CTX

2016-11-30 Thread Andres Freund
Hi, It appears openssl has removed the public definition of EVP_CIPHER_CTX leading to pgcrypto failing with: /home/andres/src/postgresql/contrib/pgcrypto/openssl.c:253:17: error: field ‘evp_ctx’ has incomplete type EVP_CIPHER_CTX evp_ctx; ^~~