Re: OpenSSL 1.1 breaks configure and more

On 08/30/2016 08:42 AM, Heikki Linnakangas wrote:
> There's the ResourceOwner mechanism, see src/backend/utils/resowner/.
> That would be the proper way to do this. Call
> RegisterResourceReleaseCallback() when the context is allocated, and
> have the callback free it. One pitfall to watch out for is that
> RegisterResourceReleaseCallback() itself calls palloc(), and can error
> out, so you have to do things in such an order that you don't leak in
> that case either.
>
> Want to take a stab at that?
>
> Another approach is put each allocated context in a list or array in a
> global variable, and to register a callback to be called at
> end-of-(sub)transaction, which closes all the contexts. But the resource
> owner mechanism is probably easier.
>
> There's also PG_TRY-CATCH, that you could maybe use in the callers of
> px_find_digest(), to make sure they call px_free_digest() even on error.
> But that also seems difficult to use with the pgp_encrypt() pipeline.

Sure, I have attached a patch where I try to use it.

> PS. I just remembered that I've wanted to refactor the pgcrypto calls
> for symmetric encryption to use the newer EVP API for some time, and
> even posted a patch for that
> (https://www.postgresql.org/message-id/561274F1.1030000@iki.fi). I
> dropped the ball back then, but I think I'll go ahead and do that now,
> once we get these other OpenSSL changes in.

Nice!

Andreas