| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Alessandro Gherardi <alessandro(dot)gherardi(at)yahoo(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 authentication broken in FIPS mode |
| Date: | 2018-09-13 03:11:14 |
| Message-ID: | 20180913031114.GA3578@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Sep 12, 2018 at 07:24:24AM +0900, Michael Paquier wrote:
> Good point. Such things have bitten in the past. Okay, then let's do
> something about sha2_openssl.c only on HEAD for now then, which I am
> fine to finish wrapping.
I was looking at trying to commit this patch, however more needs to be
done in terms of error handling, as the proposed patch would happily
crash if EVP_MD_CTX cannot be allocated (understand OOM) in
EVP_DigestInit_ex if I read the OpenSSL code correctly (see
crypto/evp/digest.c). Our lives would be facilitated if it was possible
to use directly EVP_MD_CTX and EVP_MD_CTX_init so as no allocation is
done but that's not doable as of 1.0.2.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Arup Rakshit | 2018-09-13 18:17:00 | Can I add Index to make a query faster which involves joins on unnest ? |
| Previous Message | Tom Lane | 2018-09-13 00:09:47 | Re: constraint exclusion with a tsrange type |