Home > mailing lists

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date	September 25, 2020 07:27:03
Msg-id	1830116.1601008023@sss.pgh.pa.us Whole thread Raw
In response to	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Michael Paquier <michael@paquier.xyz>)
Responses	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

Michael Paquier <michael@paquier.xyz> writes:
> On Fri, Sep 25, 2020 at 12:19:44PM +0900, Michael Paquier wrote:
>> Even if we'd try to force our internal implementation of SHA256 on
>> already-released branches instead of the one of OpenSSL, this would be
>> an ABI break for compiled modules expected to work on this released
>> branch as OpenSSL's internal SHA structures don't exactly match with
>> our own implementation (think just about sizeof() or such).

> Well, we could as well add one extra SHA API layer pointing to the EVP
> structures and APIs with new names, leaving the original ones in
> place, and then have SCRAM use the new ones, but I'd rather not go
> down that road for the back-branches.

Given the tiny number of complaints to date, it seems sufficient to me
to deal with this in HEAD.

            regards, tom lane

pgsql-hackers by date:

From: Michael Paquier
Date: 25 September 2020, 07:21:05
Subject: Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

From: Greg Nancarrow
Date: 25 September 2020, 07:31:34
Subject: Re: Parallel INSERT (INTO ... SELECT ...)

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

Previous

Next