| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow tests to pass in OpenSSL FIPS mode |
| Date: | 2023-10-05 20:55:39 |
| Message-ID: | 2825088.1696539339@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I found another bit of fun we'll need to deal with: on my F38
platform, pgcrypto/3des fails as attached. Some googling finds
this relevant info:
https://github.com/pyca/cryptography/issues/6875
That is, FIPS deprecation of 3DES is happening even as we speak.
So apparently we'll have little choice but to deal with two
different behaviors for that.
As before, I'm not too pleased with the user-friendliness
of the error:
+ERROR: encrypt error: Cipher cannot be initialized
That's even less useful to a user than "unsupported".
FWIW, everything else seems to pass with this patchset.
I ran check-world as well as the various "must run manually"
test suites.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| pgcrypto-regression.diffs | text/x-diff | 2.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gurjeet Singh | 2023-10-05 21:28:17 | Re: [PoC/RFC] Multiple passwords, interval expirations |
| Previous Message | Gurjeet Singh | 2023-10-05 20:55:26 | Re: [PoC/RFC] Multiple passwords, interval expirations |