Re: Proposed patch for key managment

On Thu, Dec 17, 2020 at 11:39:55AM -0500, Stephen Frost wrote:
> Greetings,
>
> * Michael Paquier (michael(at)paquier(dot)xyz) wrote:
> > On Wed, Dec 16, 2020 at 05:04:12PM -0500, Bruce Momjian wrote:
> > >> fallback implementation. Finally, pgcrypto is not touched, but we
> > >
> > > I have a fallback implemention --- it fails? ;-) Did you want me to
> > > include an AES implementation?
> >
> > No idea about this one yet. There are no direct users of AES except
> > pgcrypto in core. One thing that would be good IMO is to properly
> > split the patch of this thread into individual parts that could be
> > reviewed separately using for example "git format-patch" to generate
> > patch series. What's presented is a mixed bag, so that's harder to
> > look at it and consider how this stuff should work, and if there are
> > pieces that should be designed better or not.
>
> I don't think there's any need for us to implement a fallback
> implementation of AES. I'm not entirely sure we need it for hashes
> but since we've already got it...

Agreed. I think there is serious risk we would do AES in a different
way than OpenSSL, especially if I did it. ;-) We can add a native AES
one day if we want, but as stated by Michael Paquier, it has to be
tested so we are sure it returns exactly the same values as OpenSSL.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com

The usefulness of a cup is in its emptiness, Bruce Lee