On 04.10.22 17:45, Peter Eisentraut wrote:
> While working on the column encryption patch, I wanted to check that
> what is implemented also works in OpenSSL FIPS mode. I tried running
> the normal test suites after switching the OpenSSL installation to FIPS
> mode, but that failed all over the place. So I embarked on fixing that.
> Attached is a first iteration of a patch.
Continuing this, we have fixed many issues since. Here is a patch set
to fix all remaining issues.
v4-0001-citext-Allow-tests-to-pass-in-OpenSSL-FIPS-mode.patch
v4-0002-pgcrypto-Allow-tests-to-pass-in-OpenSSL-FIPS-mode.patch
These two are pretty straightforward.
v4-0003-Allow-tests-to-pass-in-OpenSSL-FIPS-mode-TAP-test.patch
This one does some delicate surgery and could use some thorough review.
v4-0004-Allow-tests-to-pass-in-OpenSSL-FIPS-mode-rest.patch
This just adds alternative expected files. The question is mainly just
whether there are better ways to organize this.
v4-0005-WIP-Use-fipshash-in-brin_multi-test.patch
Here, some previously fixed md5() uses have snuck back in. I will need
to track down the origin of this and ask for a proper fix there. This
is just included here for completeness.
