Re: Allow tests to pass in OpenSSL FIPS mode

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Michael Paquier <michael@paquier.xyz>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2023-03-08T09:26:54Z
Lists: pgsql-hackers
On 08.03.23 08:40, Tom Lane wrote:
> Peter Eisentraut <peter.eisentraut@enterprisedb.com> writes:
>> On 05.03.23 00:04, Tom Lane wrote:
>>> I've gone through this and have a modest suggestion: let's invent some
>>> wrapper functions around encode(sha256()) to reduce the cosmetic diffs
>>> and consequent need for closer study of patch changes.  In the attached
>>> I called them "notmd5()", but I'm surely not wedded to that name.
> 
>> Do you mean create this on the fly in the test suite, or make it a new
>> built-in function?
> 
> The former --- please read my version of the patch.

Ok, that makes sense.  We have some other uses of this pattern in other 
test suites that my initial patch didn't cover yet, for example in 
src/test/subscripton, but we don't have expected files there, so the 
argument of reducing the diffs doesn't apply.




Commits

  1. Add regression expected-files for older OpenSSL in FIPS mode.

  2. Allow tests to pass in OpenSSL FIPS mode (rest)

  3. Allow tests to pass in OpenSSL FIPS mode (TAP tests)

  4. pgcrypto: Allow tests to pass in OpenSSL FIPS mode

  5. pgcrypto: Split off pgp-encrypt-md5 test

  6. citext: Allow tests to pass in OpenSSL FIPS mode

  7. Remove incidental md5() function uses from main regression tests

  8. Improve/correct comments

  9. Put tests of md5() function into separate test file