| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Subject: | Re: Allow tests to pass in OpenSSL FIPS mode |
| Date: | 2022-12-07 14:14:09 |
| Message-ID: | 6885f06b-79a4-8ded-2261-85a7be68ef4c@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 13.10.22 12:26, Peter Eisentraut wrote:
>> I think that the other md5() computations done in the main regression
>> test suite could just be switched to use one of the sha*() functions
>> as they just want to put their hands on text values. It looks like a
>> few of them have some expections with the output size and
>> generate_series(), though, but this could be tweaked by making the
>> series shorter, for example.
>
> Right, that's the rest of my original patch. I'll come back with an
> updated version of that.
Here is the next step. To contain the scope, I focused on just "make
check" for now. This patch removes all incidental calls to md5(),
replacing them with sha256(), so that they'd pass with or without FIPS
mode. (Two tests would need alternative expected files: md5 and
password. I have not included those here.)
Some tests inspect the actual md5 result strings or build statistics
based on them. I have tried to carefully preserve the meaning of the
original tests, to the extent that they could be inferred, in some cases
adjusting example values by matching the md5 outputs to the equivalent
sha256 outputs. Some cases are tricky or mysterious or both and could
use another look.
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Remove-incidental-md5-function-uses-from-main-regres.patch | text/plain | 71.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-12-07 14:20:33 | Re: Error-safe user functions |
| Previous Message | Andrew Dunstan | 2022-12-07 13:47:37 | Re: Error-safe user functions |