Re: Proposed patch for key managment - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Proposed patch for key managment
Date
Msg-id 20201217171022.GE23260@momjian.us
Whole thread Raw
In response to Re: Proposed patch for key managment  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Proposed patch for key managment
List pgsql-hackers
On Thu, Dec 17, 2020 at 11:39:55AM -0500, Stephen Frost wrote:
> Greetings,
> 
> * Michael Paquier (michael@paquier.xyz) wrote:
> > On Wed, Dec 16, 2020 at 05:04:12PM -0500, Bruce Momjian wrote:
> > >> fallback implementation.  Finally, pgcrypto is not touched, but we
> > > 
> > > I have a fallback implemention --- it fails?  ;-)  Did you want me to
> > > include an AES implementation?
> > 
> > No idea about this one yet.  There are no direct users of AES except
> > pgcrypto in core.  One thing that would be good IMO is to properly
> > split the patch of this thread into individual parts that could be
> > reviewed separately using for example "git format-patch" to generate
> > patch series.  What's presented is a mixed bag, so that's harder to
> > look at it and consider how this stuff should work, and if there are
> > pieces that should be designed better or not.
> 
> I don't think there's any need for us to implement a fallback
> implementation of AES.  I'm not entirely sure we need it for hashes
> but since we've already got it...

Agreed.  I think there is serious risk we would do AES in a different
way than OpenSSL, especially if I did it.  ;-)  We can add a native AES
one day if we want, but as stated by Michael Paquier, it has to be
tested so we are sure it returns exactly the same values as OpenSSL.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee




pgsql-hackers by date:

Previous
From: Alexey Kondratov
Date:
Subject: Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit
Next
From: Bruce Momjian
Date:
Subject: Re: Refactoring HMAC in the core code