Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2

Heikki Linnakangas <hlinnaka@iki.fi>

From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: Daniel Gustafsson <daniel@yesql.se>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-10-14T07:40:12Z
Lists: pgsql-hackers
On 14/10/2020 06:29, Michael Paquier wrote:
> With 0001 in place, switching the SHA2 implementation of OpenSSL to
> use EVP is straight-forward, as the only thing that's actually needed
> here is to put in place a callback to clean up the EVP contexts
> allocated by OpenSSL.  This is rather similar to what we do in
> pgcrypto in some ways, but that's actually simpler and I made things
> so as we only track down the EVP_MD_CTX members to free on abort.

Since this is going to be core backend code (and also frontend), we 
don't need to use the generic reource owner callback mechanism, we could 
add a built-in ResourceOwnerData field and functions in resowner.c. The 
callback mechanism is a bit clunky.

- Heikki



Commits

  1. Change SHA2 implementation based on OpenSSL to use EVP digest routines

  2. Move SHA2 routines to a new generic API layer for crypto hashes

  3. Use OpenSSL EVP API for symmetric encryption in pgcrypto.