Re: pgcrypto sha256/384/512 don't work on Redhat. Please help!

On 5/9/06, Marko Kreen <markokr(at)gmail(dot)com> wrote:
>
> On 5/9/06, Joe Kramer <cckramer(at)gmail(dot)com> wrote:
> > On 5/9/06, Marko Kreen <markokr(at)gmail(dot)com> wrote:
> > > The fact that Fedora pgcrypto is linked with OpenSSL that does not
> > > support SHA256 is not a bug, just a fact.
> >
> > It's not Fedora only, same problem with Gentoo/portage.
> > I think it's problem for all distros. You need recompile pgcrypto or
> install
> > openssl 0.9.8 which is considered as "unstable" by most distros.
> >
> > Maybe pgcrypto should use built-in algorithms until OpenSSL 0.9.8 is
> > mainstream/default install.
>
> To be honest, pgcrypto actually falls back on built-in code for AES,
> in case old OpenSSL that does not have AES. Thats because AES
> should be "always there", together with md5/sha1/blowfish.
>
> I do not consider SHA2 that important (yet?), so they don't
> get same treatment.

Right on! SHA2 should fallback the same as AES!

> > Ideally, would be great if pgcrypto could fallback to built-in algorithm
> of
> > OpenSSL don't support it.
> > But since it's compile switch, completely seld-compiled pgcrypto would
> be
> > great.
>
> Attached is a patch that re-defines SHA2 symbols so that they would not
> conflict with OpenSSL.
>
> Now that I think about it, if your OpenSSL does not contain SHA2, then
> there should be no conflict. But ofcourse, if someone upgrades OpenSSL,
> server starts crashing. So I think its best to always apply this patch.

That was my thought too. Old OpenSSL doesn't have SHA2 so why SHA2 is still
blocked in pgcrypto? Is that by design or bug?

Thanks.