• Michael Paquier's avatar
    Change SHA2 implementation based on OpenSSL to use EVP digest routines · 4f48a6fb
    Michael Paquier authored
    The use of low-level hash routines is not recommended by upstream
    OpenSSL since 2000, and pgcrypto already switched to EVP as of 5ff4a67f.
    This takes advantage of the refactoring done in 87ae9691 that has
    introduced the allocation and free routines for cryptographic hashes.
    
    Since 1.1.0, OpenSSL does not publish the contents of the cryptohash
    contexts, forcing any consumers to rely on OpenSSL for all allocations.
    Hence, the resource owner callback mechanism gains a new set of routines
    to track and free cryptohash contexts when using OpenSSL, preventing any
    risks of leaks in the backend.  Nothing is needed in the frontend thanks
    to the refactoring of 87ae9691, and the resowner knowledge is isolated
    into cryptohash_openssl.c.
    
    Note that this also fixes a failure with SCRAM authentication when using
    FIPS in OpenSSL, but as there have been few complaints about this
    problem and as this causes an ABI breakage, no backpatch is done.
    
    Author: Michael Paquier
    Reviewed-by: Daniel Gustafsson, Heikki Linnakangas
    Discussion: https://postgr.es/m/20200924025314.GE7405@paquier.xyz
    Discussion: https://postgr.es/m/20180911030250.GA27115@paquier.xyz
    4f48a6fb
cryptohash_openssl.c 4.68 KB