| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Alessandro Gherardi <alessandro(dot)gherardi(at)yahoo(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 authentication broken in FIPS mode |
| Date: | 2018-09-11 22:24:24 |
| Message-ID: | 20180911222424.GB25160@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Sep 11, 2018 at 04:32:27PM +0200, Peter Eisentraut wrote:
> I recommend letting this bake in the master branch for a while. There
> are a lot weirdly patched and alternative OpenSSL versions out there
> that defy any documentation.
Good point. Such things have bitten in the past. Okay, then let's do
something about sha2_openssl.c only on HEAD for now then, which I am
fine to finish wrapping.
> Of course, we should also see if this actually fixes the reported problem.
It seems to me that addressing FIPS concerns on Windows and getting our
hashing functions plugged with OpenSSL correctly are two separate
issues. The second one also says that we are in the grey based on
OpenSSL docs, which worryies me. And EVP_DigestInit is used in pgcrypto
for ages, where I don't recall seeing reports about that.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Márcio Antônio Sepp | 2018-09-12 02:11:57 | Table cannot be partiotioned using domain in argument |
| Previous Message | Peter Eisentraut | 2018-09-11 14:32:27 | Re: scram-sha-256 authentication broken in FIPS mode |