diff options
| author | Michael Paquier | 2020-12-04 01:49:23 +0000 |
|---|---|---|
| committer | Michael Paquier | 2020-12-04 01:49:23 +0000 |
| commit | 4f48a6fbe2b28d8281dbbfa2d334fa2ed8472734 (patch) | |
| tree | d86532649ed8d7cda0b1edf93166f59918e3674d /src/tools | |
| parent | 3f8971d92e767acf6e3d6e27c4cab7bfd88b71f4 (diff) | |
Change SHA2 implementation based on OpenSSL to use EVP digest routines
The use of low-level hash routines is not recommended by upstream
OpenSSL since 2000, and pgcrypto already switched to EVP as of 5ff4a67.
This takes advantage of the refactoring done in 87ae969 that has
introduced the allocation and free routines for cryptographic hashes.
Since 1.1.0, OpenSSL does not publish the contents of the cryptohash
contexts, forcing any consumers to rely on OpenSSL for all allocations.
Hence, the resource owner callback mechanism gains a new set of routines
to track and free cryptohash contexts when using OpenSSL, preventing any
risks of leaks in the backend. Nothing is needed in the frontend thanks
to the refactoring of 87ae969, and the resowner knowledge is isolated
into cryptohash_openssl.c.
Note that this also fixes a failure with SCRAM authentication when using
FIPS in OpenSSL, but as there have been few complaints about this
problem and as this causes an ABI breakage, no backpatch is done.
Author: Michael Paquier
Reviewed-by: Daniel Gustafsson, Heikki Linnakangas
Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
Discussion: https://postgr.es/m/20180911030250.GA27115@paquier.xyz
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/pgindent/typedefs.list | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list index 04464c2e768..cf63acbf6f3 100644 --- a/src/tools/pgindent/typedefs.list +++ b/src/tools/pgindent/typedefs.list @@ -3180,6 +3180,7 @@ pg_conv_map pg_crc32 pg_crc32c pg_cryptohash_ctx +pg_cryptohash_state pg_cryptohash_type pg_ctype_cache pg_enc |