Home > mailing lists

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date	September 25, 2020 06:19:44
Msg-id	20200925031944.GD3571@paquier.xyz Whole thread Raw
In response to	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Daniel Gustafsson <daniel@yesql.se>)
Responses	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

On Thu, Sep 24, 2020 at 06:28:25PM +0200, Daniel Gustafsson wrote:
> Doh, of course, I blame a lack of caffeine this afternoon.  Having a private
> local sha256 implementation using the EVP_* API inside scram-common would
> maintain FIPS compliance and ABI compatibility, but would also be rather ugly.

Even if we'd try to force our internal implementation of SHA256 on
already-released branches instead of the one of OpenSSL, this would be
an ABI break for compiled modules expected to work on this released
branch as OpenSSL's internal SHA structures don't exactly match with
our own implementation (think just about sizeof() or such).
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Amit Kapila
Date: 25 September 2020, 06:18:19
Subject: Re: Parallel INSERT (INTO ... SELECT ...)

From: Michael Paquier
Date: 25 September 2020, 06:32:22
Subject: Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

Attachment

Previous

Next