Home > mailing lists

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date	September 25, 2020 09:56:53
Msg-id	20200925065653.GH3571@paquier.xyz Whole thread Raw
In response to	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

On Fri, Sep 25, 2020 at 01:36:44AM -0400, Tom Lane wrote:
> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>> However, again, the SCRAM
>> implementation would already appear to fail that requirement because it
>> uses a custom HMAC implementation, and HMAC is listed in FIPS 140-2 as a
>> covered algorithm.
>
> Ugh.  But is there any available FIPS-approved library code that could be
> used instead?

That's a good point, and I think that this falls down to use OpenSSL's
HMAC_* interface for this job when building with OpenSSL:
https://www.openssl.org/docs/man1.1.1/man3/HMAC.html

Worth noting that these have been deprecated in 3.0.0 as per the
rather-recent commit dbde472, where they recommend the use of
EVP_MAC_*() instead.
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Michael Banck
Date: 25 September 2020, 09:53:27
Subject: Re: [patch] Fix checksum verification in base backups for zero page headers

From: Fujii Masao
Date: 25 September 2020, 10:07:17
Subject: Re: history file on replica and double switchover

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 - Mailing list pgsql-hackers

Attachment

Previous

Next