Home > mailing lists

pgsql: Clear the OpenSSL error queue before cryptohash operations - Mailing list pgsql-committers

From	Daniel Gustafsson
Subject	pgsql: Clear the OpenSSL error queue before cryptohash operations
Date	May 6, 2022 13:04:45
Msg-id	E1nmxdU-000Gdo-9M@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Clear the OpenSSL error queue before cryptohash operations

Setting up an EVP context for ciphers banned under FIPS generate
two OpenSSL errors in the queue, and as we only consume one from
the queue the other is at the head for the next invocation:

  postgres=# select md5('foo');
  ERROR:  could not compute MD5 hash: unsupported
  postgres=# select md5('foo');
  ERROR:  could not compute MD5 hash: initialization error

Clearing the error queue when creating the context ensures that
we don't pull in an error from an earlier operation.

Discussion: https://postgr.es/m/C89D932C-501E-4473-9750-638CFCD9095E@yesql.se

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/17ec5fa502d299b1919b1afacda839fb7d8206ad

Modified Files
--------------
src/common/cryptohash_openssl.c | 9 +++++++++
src/common/hmac_openssl.c       | 4 ++++
2 files changed, 13 insertions(+)

pgsql-committers by date:

From: Michael Paquier
Date: 06 May 2022, 11:02:20
Subject: pgsql: Fix typo in origin.c

From: Peter Eisentraut
Date: 06 May 2022, 13:29:43
Subject: Re: pgsql: Backpatch addition of wait_for_log(), pump_until().

pgsql: Clear the OpenSSL error queue before cryptohash operations - Mailing list pgsql-committers

Previous

Next