| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |
| Date: | 2020-09-25 04:27:03 |
| Message-ID: | 1830116.1601008023@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(at)paquier(dot)xyz> writes:
> On Fri, Sep 25, 2020 at 12:19:44PM +0900, Michael Paquier wrote:
>> Even if we'd try to force our internal implementation of SHA256 on
>> already-released branches instead of the one of OpenSSL, this would be
>> an ABI break for compiled modules expected to work on this released
>> branch as OpenSSL's internal SHA structures don't exactly match with
>> our own implementation (think just about sizeof() or such).
> Well, we could as well add one extra SHA API layer pointing to the EVP
> structures and APIs with new names, leaving the original ones in
> place, and then have SCRAM use the new ones, but I'd rather not go
> down that road for the back-branches.
Given the tiny number of complaints to date, it seems sufficient to me
to deal with this in HEAD.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Nancarrow | 2020-09-25 04:31:34 | Re: Parallel INSERT (INTO ... SELECT ...) |
| Previous Message | Michael Paquier | 2020-09-25 04:21:05 | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |