Re: Refactoring HMAC in the core code - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Refactoring HMAC in the core code
Date
Msg-id 20201217175306.GF23260@momjian.us
Whole thread Raw
In response to Refactoring HMAC in the core code  (Michael Paquier <michael@paquier.xyz>)
Responses Re: Refactoring HMAC in the core code
List pgsql-hackers
On Wed, Dec 16, 2020 at 04:17:50PM +0900, Michael Paquier wrote:
> Please note that I have added code that should be enough for the
> compilation on Windows, but I have not taken the time to check that.
> I have checked that things compiled and that check-world passes
> with and without OpenSSL 1.1.1 on Linux though, so I guess that I have
> not messed up too badly.  This stuff requires much more tests, like
> making sure that we are able to connect to PG correctly with SCRAM
> when using combinations like libpq based on OpenSSL and the backend
> using the fallback, or just check the consistency of the results of
> computations with SQL functions or such.  An extra thing that can be
> done is to clean up pgcrypto's px-hmac.c but this also requires SHA1
> in cryptohash.c, something that I have submitted separately in [2].
> So this could just be done later.  This patch has updated the code of
> SCRAM so as we don't use anymore all the SCRAM/HMAC business but the
> generic HMAC routines instead for this work.
> 
> Thoughts are welcome.  I am adding that to the next CF.

Very nice.  Are you planning to apply this soon?  If so, I will delay
my key management patch until this is applied.  If not, I will update my
HMAC call when you apply this.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee




pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Proposed patch for key managment
Next
From: Bruce Momjian
Date:
Subject: Re: Perform COPY FROM encoding conversions in larger chunks