| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Koshi Shibagaki (Fujitsu)" <shibagaki(dot)koshi(at)fujitsu(dot)com>, "Hayato Kuroda (Fujitsu)" <kuroda(dot)hayato(at)fujitsu(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Date: | 2025-01-21 22:57:55 |
| Message-ID: | 0C1C9E11-8BD2-4114-B3B3-5F7634B419CC@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 21 Jan 2025, at 22:13, Joe Conway <mail(at)joeconway(dot)com> wrote:
> I think this is a non-issue. Every implementation I have seen, the OS-level enabling of FIPS mode is just a way to ensure openssl is automatically put into FIPS mode when the library is loaded, just as if (and not depending on) the application had invoked FIPS mode manually. All matters here is that the loaded openssl thinks it is in FIPS mode.
Good point. The attached v9 adds a 0001 which expose a SQL function (along
with version bump and docs) for returning the FIPS mode, and 0002 is the
previous patch except it use the function from 0001.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v9-0001-pgcrypto-Add-function-to-check-FIPS-mode.patch | application/octet-stream | 5.5 KB |
| v9-0002-pgcrypto-Make-it-possible-to-disable-built-in-cry.patch | application/octet-stream | 8.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-01-21 23:19:51 | Re: allow trigger to get updated columns |
| Previous Message | Melih Mutlu | 2025-01-21 22:54:32 | Re: speedup COPY TO for partitioned table. |