Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Daniel Gustafsson <daniel@yesql.se>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-11-05T06:41:23Z
Lists: pgsql-hackers
Attachments
- v3-0001-Rework-SHA2-APIs.patch (text/x-diff) patch v3-0001
- v3-0002-Switch-sha2_openssl.c-to-use-EVP.patch (text/x-diff) patch v3-0002
- v3-0003-Move-pgcrypto-to-use-in-core-resowner-facility-fo.patch (text/x-diff) patch v3-0003
On Thu, Oct 15, 2020 at 03:56:21PM +0900, Michael Paquier wrote: > I got my hands on that, and this proves to simplify a lot things. In > bonus, attached is a 0003 that cleans up some code in pgcrypto so as > it uses the in-core resowner facility to handle EVP contexts. This conflicted on HEAD with pgcrypto. Please find attached a rebased set. -- Michael
Commits
-
Change SHA2 implementation based on OpenSSL to use EVP digest routines
- 4f48a6fbe2b2 14.0 landed
- e21cbb4b893b 14.0 landed
-
Move SHA2 routines to a new generic API layer for crypto hashes
- 87ae9691d253 14.0 landed
-
Use OpenSSL EVP API for symmetric encryption in pgcrypto.
- 5ff4a67f63fd 10.0 cited