Em qui., 11 de fev. de 2021 às 09:47, Michael Paquier <michael@paquier.xyz> escreveu:
On Wed, Feb 10, 2021 at 09:14:46AM -0300, Ranier Vilela wrote: > It is necessary to correct the interfaces. To caller, inform the size of > the buffer it created.
Now, the patch you sent has no need to be that complicated, and it partially works while not actually solving at all the problem you are trying to solve (nothing done for MD5 or OpenSSL). Attached is an example of what I finish with while poking at this issue. There is IMO no point to touch the internals of SCRAM that all rely on the same digest lengths for the proof generation with SHA256.
Ok, I take a look at your patch and I have comments:
1. Looks missed contrib/pgcrypto.
2. scram_HMAC_final function still have a exchanged parameters,
