| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: remove internal support in pgcrypto? |
| Date: | 2021-08-24 12:38:05 |
| Message-ID: | 72FC5DEE-8DA3-40CE-946F-3A13B26BFE4C@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 24 Aug 2021, at 11:13, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
> So I'm tempted to suggest that we remove the built-in, non-OpenSSL cipher and hash implementations in pgcrypto (basically INT_SRCS in pgcrypto/Makefile), and then also pursue the simplifications in the OpenSSL code paths described in [0].
+1
> Thoughts?
With src/common/cryptohash_*.c and contrib/pgcrypto we have two abstractions
for hashing ciphers, should we perhaps retire hashing from pgcrypto altogether
and pull across what we feel is useful to core (AES and 3DES and..)? There is
already significant overlap, and allowing core to only support certain ciphers
when compiled with OpenSSL isn’t any different from doing it in pgcrypto
really.
> (Some thoughts from those pursuing NSS support would also be useful.)
Blowfish and CAST5 are not available in NSS. I've used the internal Blowfish
implementation as a fallback in the NSS patch and left CAST5 as not supported.
This proposal would mean that Blowfish too wasn’t supported in NSS builds, but
I personally don’t see that as a dealbreaker.
--
Daniel Gustafsson https://vmware.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ajin Cherian | 2021-08-24 12:58:35 | Re: Failure of subscription tests with topminnow |
| Previous Message | Dipesh Pandit | 2021-08-24 12:30:56 | Re: .ready and .done files considered harmful |