On 8/24/21 08:38, Daniel Gustafsson wrote:
>> On 24 Aug 2021, at 11:13, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:
>> So I'm tempted to suggest that we remove the built-in, non-OpenSSL cipher and hash implementations in pgcrypto
(basicallyINT_SRCS in pgcrypto/Makefile), and then also pursue the simplifications in the OpenSSL code paths described
in[0].
> +1
>
>> Thoughts?
> With src/common/cryptohash_*.c and contrib/pgcrypto we have two abstractions
> for hashing ciphers, should we perhaps retire hashing from pgcrypto altogether
> and pull across what we feel is useful to core (AES and 3DES and..)? There is
> already significant overlap, and allowing core to only support certain ciphers
> when compiled with OpenSSL isn’t any different from doing it in pgcrypto
> really.
>
>> (Some thoughts from those pursuing NSS support would also be useful.)
> Blowfish and CAST5 are not available in NSS. I've used the internal Blowfish
> implementation as a fallback in the NSS patch and left CAST5 as not supported.
> This proposal would mean that Blowfish too wasn’t supported in NSS builds, but
> I personally don’t see that as a dealbreaker.
>
Maybe it would be worth creating a non-core extension for things like
this that we are ripping out? I have no idea how many people might be
using them.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
