| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow tests to pass in OpenSSL FIPS mode |
| Date: | 2022-12-09 04:16:08 |
| Message-ID: | Y5K2iK+Q9c5KLnZ2@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Dec 07, 2022 at 03:14:09PM +0100, Peter Eisentraut wrote:
> Here is the next step. To contain the scope, I focused on just "make check"
> for now. This patch removes all incidental calls to md5(), replacing them
> with sha256(), so that they'd pass with or without FIPS mode. (Two tests
> would need alternative expected files: md5 and password. I have not
> included those here.)
Yeah, fine by me to do that step-by-step.
> Some tests inspect the actual md5 result strings or build statistics based
> on them. I have tried to carefully preserve the meaning of the original
> tests, to the extent that they could be inferred, in some cases adjusting
> example values by matching the md5 outputs to the equivalent sha256 outputs.
> Some cases are tricky or mysterious or both and could use another look.
incremental_sort mostly relies on the plan generated, so the change
should be rather straight-forward I guess, though there may be a side
effect depending on costing. Hmm, it does not look like stats_ext
would be an issue as it checks the stats correlation of the attributes
for mcv_lists_arrays.
largeobject_1.out has been forgotten in the set requiring a refresh.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2022-12-09 04:29:27 | Re: [PATCH] random_normal function |
| Previous Message | li jie | 2022-12-09 03:31:59 | Re: Support logical replication of DDLs |