Re: Allow tests to pass in OpenSSL FIPS mode

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Cc: Michael Paquier <michael@paquier.xyz>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2023-03-08T07:40:37Z
Lists: pgsql-hackers
Peter Eisentraut <peter.eisentraut@enterprisedb.com> writes:
> On 05.03.23 00:04, Tom Lane wrote:
>> I've gone through this and have a modest suggestion: let's invent some
>> wrapper functions around encode(sha256()) to reduce the cosmetic diffs
>> and consequent need for closer study of patch changes.  In the attached
>> I called them "notmd5()", but I'm surely not wedded to that name.

> Do you mean create this on the fly in the test suite, or make it a new 
> built-in function?

The former --- please read my version of the patch.

			regards, tom lane



Commits

  1. Add regression expected-files for older OpenSSL in FIPS mode.

  2. Allow tests to pass in OpenSSL FIPS mode (rest)

  3. Allow tests to pass in OpenSSL FIPS mode (TAP tests)

  4. pgcrypto: Allow tests to pass in OpenSSL FIPS mode

  5. pgcrypto: Split off pgp-encrypt-md5 test

  6. citext: Allow tests to pass in OpenSSL FIPS mode

  7. Remove incidental md5() function uses from main regression tests

  8. Improve/correct comments

  9. Put tests of md5() function into separate test file