Re: Allow tests to pass in OpenSSL FIPS mode

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2023-01-31T09:55:30Z
Lists: pgsql-hackers

Attachments

On 09.12.22 05:16, Michael Paquier wrote:
>> Some tests inspect the actual md5 result strings or build statistics based
>> on them.  I have tried to carefully preserve the meaning of the original
>> tests, to the extent that they could be inferred, in some cases adjusting
>> example values by matching the md5 outputs to the equivalent sha256 outputs.
>> Some cases are tricky or mysterious or both and could use another look.
> incremental_sort mostly relies on the plan generated, so the change
> should be rather straight-forward I guess, though there may be a side
> effect depending on costing.  Hmm, it does not look like stats_ext
> would be an issue as it checks the stats correlation of the attributes
> for mcv_lists_arrays.
> 
> largeobject_1.out has been forgotten in the set requiring a refresh.

Here is a refreshed patch with the missing file added.

Commits

  1. Add regression expected-files for older OpenSSL in FIPS mode.

  2. Allow tests to pass in OpenSSL FIPS mode (rest)

  3. Allow tests to pass in OpenSSL FIPS mode (TAP tests)

  4. pgcrypto: Allow tests to pass in OpenSSL FIPS mode

  5. pgcrypto: Split off pgp-encrypt-md5 test

  6. citext: Allow tests to pass in OpenSSL FIPS mode

  7. Remove incidental md5() function uses from main regression tests

  8. Improve/correct comments

  9. Put tests of md5() function into separate test file