Re: pgcrypto sha256/384/512 don't work on Redhat. Please help!

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Joe Kramer <cckramer(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: pgcrypto sha256/384/512 don't work on Redhat. Please help!
Date: 2006-06-07 17:03:11
Message-ID: 200606071703.k57H3BD06819@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


HEAD only appears in 8.2, but 8.1.X means it will appear in 8.1.5.

---------------------------------------------------------------------------

Joe Kramer wrote:
> If it was commited to HEAD, it will appear in 8.1.5, right?
>
> On 5/30/06, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> >
> > Patch applied to CVS HEAD and 8.1.X. Thanks.
> >
> > ---------------------------------------------------------------------------
> >
> >
> >
> > Marko Kreen wrote:
> > > On 5/9/06, Joe Kramer <cckramer(at)gmail(dot)com> wrote:
> > > > On 5/9/06, Marko Kreen <markokr(at)gmail(dot)com> wrote:
> > > > > The fact that Fedora pgcrypto is linked with OpenSSL that does not
> > > > > support SHA256 is not a bug, just a fact.
> > > >
> > > > It's not Fedora only, same problem with Gentoo/portage.
> > > > I think it's problem for all distros. You need recompile pgcrypto or install
> > > > openssl 0.9.8 which is considered as "unstable" by most distros.
> > > >
> > > > Maybe pgcrypto should use built-in algorithms until OpenSSL 0.9.8 is
> > > > mainstream/default install.
> > >
> > > To be honest, pgcrypto actually falls back on built-in code for AES,
> > > in case old OpenSSL that does not have AES. Thats because AES
> > > should be "always there", together with md5/sha1/blowfish.
> > >
> > > I do not consider SHA2 that important (yet?), so they don't
> > > get same treatment.
> > >
> > > > > OTOH, the nicest solution to your problem would be self-compiled
> > > > > pgcrypto, that would work with stock PostgreSQL. As the conflict
> > > > > happens with only (new) SHA2 functions, I can prepare a patch for
> > > > > symbol conflict, would that be satisfactory for you?
> > > >
> > > > Ideally, would be great if pgcrypto could fallback to built-in algorithm of
> > > > OpenSSL don't support it.
> > > > But since it's compile switch, completely seld-compiled pgcrypto would be
> > > > great.
> > >
> > > Attached is a patch that re-defines SHA2 symbols so that they would not
> > > conflict with OpenSSL.
> > >
> > > Now that I think about it, if your OpenSSL does not contain SHA2, then
> > > there should be no conflict. But ofcourse, if someone upgrades OpenSSL,
> > > server starts crashing. So I think its best to always apply this patch.
> > >
> > > I think I'll send the patch to 8.2 later, not sure if it's important
> > > enough for 8.1.
> > >
> > > --
> > > marko
> >
> > [ Attachment, skipping... ]
> >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 6: explain analyze is your friend
> >
> > --
> > Bruce Momjian http://candle.pha.pa.us
> > EnterpriseDB http://www.enterprisedb.com
> >
> > + If your life is a hard drive, Christ can be your backup. +
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
>

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Merlin Moncure 2006-06-07 17:20:17 Re: Import Data from MS SQL Server
Previous Message Matthew Schumacher 2006-06-07 16:43:06 Backslash problems with 8.1.4