Re: scram-sha-256 authentication broken in FIPS mode
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Alessandro Gherardi <alessandro.gherardi@yahoo.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2018-09-13T03:11:14Z
Lists: pgsql-general
On Wed, Sep 12, 2018 at 07:24:24AM +0900, Michael Paquier wrote: > Good point. Such things have bitten in the past. Okay, then let's do > something about sha2_openssl.c only on HEAD for now then, which I am > fine to finish wrapping. I was looking at trying to commit this patch, however more needs to be done in terms of error handling, as the proposed patch would happily crash if EVP_MD_CTX cannot be allocated (understand OOM) in EVP_DigestInit_ex if I read the OpenSSL code correctly (see crypto/evp/digest.c). Our lives would be facilitated if it was possible to use directly EVP_MD_CTX and EVP_MD_CTX_init so as no allocation is done but that's not doable as of 1.0.2. -- Michael
Commits
-
Change SHA2 implementation based on OpenSSL to use EVP digest routines
- 4f48a6fbe2b2 14.0 landed
- e21cbb4b893b 14.0 landed