| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Subject: | scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |
| Date: | 2020-09-24 02:53:14 |
| Message-ID: | 20200924025314.GE7405@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
Enabling FIPS with OpenSSL 1.0.2 causes direct calls to the SHAXXX
routines to fail:
"Low level API call to digest SHA256 forbidden in fips mode"
This got discussed back in 2018, but I never got back to it:
https://www.postgresql.org/message-id/20180911030250.GA27115@paquier.xyz
One thing I did not like back in the past patch was that we did not
handle failures if one of OpenSSL's call failed, but this can easily
be handled by using a trick similar to jsonapi.c to fail hard if that
happens.
It is worth noting that the low-level SHA routines are not recommended
for years in OpenSSL, and that these have been officially marked as
deprecated in 3.0.0. So, while the changes in sha2.h don't make this
stuff back-patchable per the ABI breakage it introduces, switching
sha2_openssl.c to use EVP is a better move in the long term, even if
that means that SCRAM+FIPS would not work with PG 10~13, so the
attached is something for HEAD, even if this would be possible to do
in older releases as the routines used in the attached are available
in versions of OpenSSL older than 1.0.1.
Any thoughts?
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| sha2-evp-v1.patch | text/x-diff | 3.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Nancarrow | 2020-09-24 02:56:09 | Re: Parallel copy |
| Previous Message | Andres Freund | 2020-09-24 02:41:28 | Re: Parallel Inserts in CREATE TABLE AS |