Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc - Mailing list pgsql-hackers

From Marko Kreen
Subject Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc
Date
Msg-id 20050705193221.GA29963@l-t.ee
Whole thread Raw
In response to Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc
List pgsql-hackers
On Tue, Jul 05, 2005 at 02:55:07PM -0400, Tom Lane wrote:
> Marko Kreen <marko@l-t.ee> writes:
> > I see 2 variants:
> 
> > 1) put @with_openssl@ and @with_zlib@ variables into
> >    contrib/pgcrypto/Makefile.in and let configure process it.
> > 2) put them in some other makefile fragment under src/
> >    and let pgcrypto include it.
> 
> > First I did the simple thing and put them into Makefile.global.in,
> > but this does not work, as it needs to be included _after_ all
> > module variables are set.  So 2) needs a new file.
> 
> Hm ... libpq manages to build code that requires openssl without
> needing a generated Makefile, so why do we need it here?

Now, looking more into it, it indeed does work.

But it breaks pgcrypto build for USE_PGXS case.

> I'd prefer #1 of these two, but seeing that no other contrib module
> has a Makefile.in, not having to do either would be even better.

Can I break USE_PGXS?  Otherwise I need pre-processed
Makefile.in.

> This is particularly true if you aren't going to completely eliminate
> the hand-configuration options in the Makefile, because having to edit
> a generated Makefile or having to edit Makefile.in and then remember
> to reconfigure both suck.

I'd like to eliminate hand-config.  Current code does not need
hand-config - you will miss only couple of algorithms without
OpenSSL.  And there is no code that needs strong randomness.

With new PGP code, if you dont have OpenSSL you won't have
public-key code anyway - you can't configure bignum support.
That leaves randomness for pgp_sym_encrypt - which can be
solved with including a strong PRNG with pgcrypto.  I think
this can be done in 8.1 timeframe, as it will be pretty
small piece of code.

There is also zlib - no need to configure it if I can get
it from main config.

-- 
marko



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc
Next
From: Tom Lane
Date:
Subject: Re: pgcrypto 3des failure, OpenSSL 0.9.8, Solaris 9/sparc