Merge pull request #17606 from ClickHouse/boringssl-2

Port ClickHouse code to BoringSSL

src/Common/OpenSSLHelpers.cpp

@@ -37,12 +37,16 @@ void encodeSHA256(const void * text, size_t size, unsigned char * out)
 
 String getOpenSSLErrors()
 {
-    BIO * mem = BIO_new(BIO_s_mem());
-    SCOPE_EXIT(BIO_free(mem));
-    ERR_print_errors(mem);
-    char * buf = nullptr;
-    size_t size = BIO_get_mem_data(mem, &buf);
-    return String(buf, size);
+    String res;
+    ERR_print_errors_cb([](const char * str, size_t len, void * ctx)
+    {
+        String & out = *reinterpret_cast<String*>(ctx);
+        if (!out.empty())
+            out += ", ";
+        out.append(str, len);
+        return 1;
+    }, &res);
+    return res;
 }
 
 }

src/Functions/FunctionsAES.h

@@ -82,10 +82,9 @@ struct KeyHolder<CipherMode::MySQLCompatibility>
         return foldEncryptionKeyInMySQLCompatitableMode(cipher_key_size, key, folded_key);
     }
 
-    ~KeyHolder()
-    {
-        OPENSSL_cleanse(folded_key.data(), folded_key.size());
-    }
+    /// There is a function to clear key securely.
+    /// It makes absolutely zero sense to call it here because
+    /// key comes from column and already copied multiple times through various memory buffers.
 
 private:
     std::array<char, EVP_MAX_KEY_LENGTH> folded_key;
@@ -119,7 +118,7 @@ inline void validateCipherMode(const EVP_CIPHER * evp_cipher)
         }
     }
 
-    throw DB::Exception("Unsupported cipher mode " + std::string(EVP_CIPHER_name(evp_cipher)), DB::ErrorCodes::BAD_ARGUMENTS);
+    throw DB::Exception("Unsupported cipher mode", DB::ErrorCodes::BAD_ARGUMENTS);
 }
 
 template <CipherMode mode>