Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date: 2020-11-13 03:14:29
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Nov 05, 2020 at 03:41:23PM +0900, Michael Paquier wrote:
> This conflicted on HEAD with pgcrypto. Please find attached a rebased
> set.

I got to think more about this stuff and attached is a new patch set
that redesigns the generic interface used for the crypto hash
functions, in order to use the same entry point at the end for SHA2,
SHA1, MD5 or even HMAC. This is part of 0001:
- Introduction of a single file called cryptohash[_openssl].c, which
includes five functions to create, initialize, update, finalize and
free a crypto hash context. The attached does the work for SHA2.
- The fallback implementations are in their own file in src/common/,
and get included in cryptohash.c. cryptohash_openssl.c is much more
simple as it needs to use EVP for everything.
- Adding a new crypto function in the set is simple once this is done,
as a type needs to be added with the correct options plugged in.

0002 and 0003 don't have any changes. I think that we could also
rename the existing cryptohashes.c to crypohashfuncs.c to be more
consistent, but I have left that out for now.

Attachment Content-Type Size
v4-0001-Rework-SHA2-and-crypto-hash-APIs.patch text/x-diff 69.3 KB
v4-0002-Switch-cryptohash_openssl.c-to-use-EVP.patch text/x-diff 8.6 KB
v4-0003-Move-pgcrypto-to-use-in-core-resowner-facility-fo.patch text/x-diff 3.7 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2020-11-13 03:16:13 Re: public schema default ACL
Previous Message Noah Misch 2020-11-13 02:36:39 Re: public schema default ACL