Re: Replace current implementations in crypt() and gen_salt() to OpenSSL
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Joe Conway <mail@joeconway.com>
Cc: Robert Haas <robertmhaas@gmail.com>,
Peter Eisentraut <peter@eisentraut.org>,
"Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>,
"pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2024-11-22T14:11:55Z
Lists: pgsql-hackers
Attachments
- v2-0001-Make-it-possible-to-disable-built-in-crypto.patch (application/octet-stream) patch v2-0001
> On 21 Nov 2024, at 22:39, Joe Conway <mail@joeconway.com> wrote: > I mean, perhaps I am misreading and/or interpreting all of that differently to you, but from my reading of the entire thread there was clearly no consensus to using openssl to provide those two functions. My interpretation (or perhaps, my opinion) is that it would be ideal to reimplement these functions using OpenSSL *if possible* but the cost/benefit ratio is probably tilted such that it will never happen. > [..] we don't drag this out past pg18 feature freeze Agreed. > If you have a better patch you would like to propose to fix this problem, > please do. I'm still not thrilled about having a transitive dependency GUC, so attached is a (very lightly tested POC) version of your patch which expands it from boolean to enum with on/off/fips; the fips value being "disable if openssl is in fips mode, else enable". I'm not sure if that's better, but at least it gives users a way to control the FIPS mode setting in one place and have crypto consumers follow the set value (or they can explicitly turn it off if they just want them disabled even without FIPS). -- Daniel Gustafsson
Commits
-
pgcrypto: Make it possible to disable built-in crypto
- 035f99cbebe5 18.0 landed
-
pgcrypto: Add function to check FIPS mode
- 924d89a35475 18.0 landed
-
citext: Allow tests to pass in OpenSSL FIPS mode
- 3c551ebede46 17.0 cited
-
pgcrypto: Remove non-OpenSSL support
- db7d1a7b0530 15.0 cited