| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |
| Date: | 2020-10-14 08:18:51 |
| Message-ID: | 20201014081851.GC12403@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 14, 2020 at 10:40:12AM +0300, Heikki Linnakangas wrote:
> Since this is going to be core backend code (and also frontend), we don't
> need to use the generic reource owner callback mechanism, we could add a
> built-in ResourceOwnerData field and functions in resowner.c. The callback
> mechanism is a bit clunky.
Sure, thanks. I wanted to keep things isolated in sha2_openssl.c as
that's something specific to the implementation. Thinking more about
it, your suggestion makes a lot of sense in the long-term by including
MD5 and HMAC in the picture. These also go through EVP in OpenSSL,
and we are kind of incorrect currently to not use the OpenSSL flavor
if available (MD5 is not authorized in FIPS, but we still allow it to
be used with the in-core implementation).
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2020-10-14 08:39:20 | Re: Add Information during standby recovery conflicts |
| Previous Message | Michael Banck | 2020-10-14 08:14:26 | Re: Two fsync related performance issues? |