| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older |
| Date: | 2015-10-05 14:28:30 |
| Message-ID: | 5612890E.3000505@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/05/2015 06:02 AM, Heikki Linnakangas wrote:
> There was prior discussion on the EVP API in this old thread from 2007:
> http://www.postgresql.org/message-id/flat/46A5E284(dot)7030402(at)sun(dot)com#46A5E284(dot)7030402@sun.com
>
>
> In short, pgcrypto actually used to use the EVP functions, but was
> changed to *not* use them, because in older versions of OpenSSL, some
> key lengths and/or padding options that pgcrypto supports were not
> supported by the EVP API. That was fixed in OpenSSL 0.9.7, however. The
> consensus in 2007 was that we could drop support for OpenSSL 0.9.6 and
> below, so that should definitely be OK by now, if we haven't already
> done that elsewhere in the code.
>
> Any objections to the attached two patches?
I haven't studied that patches themselves yet, but +1 for the concept.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2015-10-05 15:04:32 | Re: No Issue Tracker - Say it Ain't So!] |
| Previous Message | Simon Riggs | 2015-10-05 14:27:16 | Re: Freeze avoidance of very large table. |