| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Robert Haas <robertmhaas(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |
| Date: | 2020-09-25 06:56:53 |
| Message-ID: | 20200925065653.GH3571@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Sep 25, 2020 at 01:36:44AM -0400, Tom Lane wrote:
> Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
>> However, again, the SCRAM
>> implementation would already appear to fail that requirement because it
>> uses a custom HMAC implementation, and HMAC is listed in FIPS 140-2 as a
>> covered algorithm.
>
> Ugh. But is there any available FIPS-approved library code that could be
> used instead?
That's a good point, and I think that this falls down to use OpenSSL's
HMAC_* interface for this job when building with OpenSSL:
https://www.openssl.org/docs/man1.1.1/man3/HMAC.html
Worth noting that these have been deprecated in 3.0.0 as per the
rather-recent commit dbde472, where they recommend the use of
EVP_MAC_*() instead.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2020-09-25 07:07:17 | Re: history file on replica and double switchover |
| Previous Message | Michael Banck | 2020-09-25 06:53:27 | Re: [patch] Fix checksum verification in base backups for zero page headers |