Quick Links

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Daniel Gustafsson <daniel(at)yesql(dot)se>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date:	2020-09-28 03:55:06
Message-ID:	20200928035506.GB2316@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Sep 25, 2020 at 12:27:03AM -0400, Tom Lane wrote:
> Given the tiny number of complaints to date, it seems sufficient to me
> to deal with this in HEAD.

Thanks. I have done more tests with the range of OpenSSL versions we
support on HEAD, and applied this one. I have noticed that the
previous patch forgot two fail-and-abort code paths as of
EVP_DigestInit_ex() and EVP_DigestUpdate().
--
Michael

In response to

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 at 2020-09-25 04:27:03 from Tom Lane

Responses

Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 at 2020-10-14 03:29:35 from Michael Paquier

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Keisuke Kuroda	2020-09-28 04:31:01	Re: Logical replication CPU-bound with TRUNCATE/DROP/CREATE many tables
Previous Message	Michael Paquier	2020-09-28 03:48:12	pgsql: Change SHA2 implementation based on OpenSSL to use EVP digest ro