Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Date: 2020-11-30 13:29:29
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 30 Nov 2020, at 14:13, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Mon, Nov 30, 2020 at 01:43:24PM +0100, Daniel Gustafsson wrote:

>> Since the cryptohash support is now generalized behind an abstraction layer,
>> wouldn't it make sense to roll the resource ownership there as well kind of
>> like how JIT is handled? It would make it easier to implement TLS backend
>> support, and we won't have to inject OpenSSL headers here.
> So, you are referring here about using a new API in the abstraction
> layer. This makes sense. What about naming that
> pg_cryptohash_context_free(void *)?

Yeah, that's along the lines of what I was thinking of.

cheers ./daniel

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2020-11-30 13:47:31 Re: [HACKERS] logical decoding of two-phase transactions
Previous Message Dmitry Dolgov 2020-11-30 13:26:19 Re: [HACKERS] [PATCH] Generic type subscripting