Re: Allow tests to pass in OpenSSL FIPS mode

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, pgsql-hackers <pgsql-hackers@postgresql.org>, Tomas Vondra <tomas.vondra@enterprisedb.com>
Date: 2023-02-28T05:01:04Z
Lists: pgsql-hackers
On Mon, Feb 27, 2023 at 08:23:34AM +0100, Peter Eisentraut wrote:
> On 27.02.23 08:16, Michael Paquier wrote:
>> This refers to brin_minmax_multi_distance_macaddr8(), no?  This is
>> amazing.  I have a hard time imagining how FIPS would interact with
>> what we do in mac8.c to explain that, so it may be something entirely
>> different.  Is that reproducible?
> 
> This is no longer present in the v2 patch.

Sure, but why was it happening in the first place?  The proposed patch
set only reworks some regression tests.  So It seems to me that this
is a sign that we may have issues in some code area that got stressed
in some new way, no?
--
Michael

Commits

  1. Add regression expected-files for older OpenSSL in FIPS mode.

  2. Allow tests to pass in OpenSSL FIPS mode (rest)

  3. Allow tests to pass in OpenSSL FIPS mode (TAP tests)

  4. pgcrypto: Allow tests to pass in OpenSSL FIPS mode

  5. pgcrypto: Split off pgp-encrypt-md5 test

  6. citext: Allow tests to pass in OpenSSL FIPS mode

  7. Remove incidental md5() function uses from main regression tests

  8. Improve/correct comments

  9. Put tests of md5() function into separate test file