Home > mailing lists

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date	October 14, 2020 10:40:12
Msg-id	039ba027-dfe7-2f35-da85-9cb0e4d3f79c@iki.fi Whole thread Raw
In response to	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Michael Paquier <michael@paquier.xyz>)
Responses	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

On 14/10/2020 06:29, Michael Paquier wrote:
> With 0001 in place, switching the SHA2 implementation of OpenSSL to
> use EVP is straight-forward, as the only thing that's actually needed
> here is to put in place a callback to clean up the EVP contexts
> allocated by OpenSSL.  This is rather similar to what we do in
> pgcrypto in some ways, but that's actually simpler and I made things
> so as we only track down the EVP_MD_CTX members to free on abort.

Since this is going to be core backend code (and also frontend), we 
don't need to use the generic reource owner callback mechanism, we could 
add a built-in ResourceOwnerData field and functions in resowner.c. The 
callback mechanism is a bit clunky.

- Heikki

pgsql-hackers by date:

From: Luc Vlaming
Date: 14 October 2020, 10:38:08
Subject: Re: allow partial union-all and improve parallel subquery costing

From: David Rowley
Date: 14 October 2020, 11:05:16
Subject: Re: Use appendStringInfoString and appendPQExpBufferStr where possible

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

Previous

Next