Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

Alvaro Herrera <alvherre@alvh.no-ip.org>

From: Álvaro Herrera <alvherre@alvh.no-ip.org>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: "Hayato Kuroda (Fujitsu)" <kuroda.hayato@fujitsu.com>, Peter Eisentraut <peter@eisentraut.org>, Robert Haas <robertmhaas@gmail.com>, "Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, Joe Conway <mail@joeconway.com>
Date: 2025-01-20T12:00:31Z
Lists: pgsql-hackers
On 2025-Jan-15, Daniel Gustafsson wrote:

> > On 14 Jan 2025, at 13:12, Hayato Kuroda (Fujitsu) <kuroda.hayato@fujitsu.com> wrote:

> > Also: I'm not sure whether we should bump the version of pgcrypto.
> > It should be done when the API is changed, but the patch does not
> > do. Thought?
> 
> I don't think this constitutes a change which warrants a version bump
> so I've left that out for now.

Extension versions need to be changed only when the SQL definition of
the module is modified.  If the patch does not require a .sql script
that would run with ALTER EXTENSION UPDATE, then you should not modify
the extension version.

-- 
Álvaro Herrera         PostgreSQL Developer  —  https://www.EnterpriseDB.com/
<Schwern> It does it in a really, really complicated way
<crab> why does it need to be complicated?
<Schwern> Because it's MakeMaker.



Commits

  1. pgcrypto: Make it possible to disable built-in crypto

  2. pgcrypto: Add function to check FIPS mode

  3. citext: Allow tests to pass in OpenSSL FIPS mode

  4. pgcrypto: Remove non-OpenSSL support