Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Joe Conway <mail@joeconway.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>, "Hayato Kuroda (Fujitsu)" <kuroda.hayato@fujitsu.com>, Peter Eisentraut <peter@eisentraut.org>, Robert Haas <robertmhaas@gmail.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2025-01-22T22:49:45Z
Lists: pgsql-hackers

Attachments

> On 22 Jan 2025, at 19:59, Joe Conway <mail@joeconway.com> wrote:

> I found it necessary to add:
>  #include <openssl/crypto.h>
> in
>  contrib/pgcrypto/openssl.c
> to avoid a symbol not defined warning.

Makes sense, it doesn't reproduce in my tree but reading OpenSSL code it seems
very plausible (and clearly happens in your environment).

> Although come to think of it, probably:
>  "use of non-FIPS certified crypto"
>                   ^^^^^^^^^
> should rather say:
>  "use of non-FIPS validated crypto"
>                   ^^^^^^^^^

That's probably better yes.  I was under the impression that the terminology
used was "FIPS certified" but reading the OpenSSL and FIPS documentation they
too use "FIPS validated" so I've switched to that as per your comment.

> FWIW, I tested with non-FIPS (OpenSSL 3.0.13 30 Jan 2024) on Linux Mint 22.1 and FIPS (aws-lc [1][2]) on Amazon Linux 2023.

Thanks.  My testing has been with a range of plain upstream OpenSSL trees from
1.1.1 to 3.4 (compiled on macOS).

Rebased v10 with the above fixed attached.

--
Daniel Gustafsson

Commits

  1. pgcrypto: Make it possible to disable built-in crypto

  2. pgcrypto: Add function to check FIPS mode

  3. citext: Allow tests to pass in OpenSSL FIPS mode

  4. pgcrypto: Remove non-OpenSSL support