Re: Proposed patch for key managment

On Tue, Dec 15, 2020 at 02:20:33PM +0900, Michael Paquier wrote:
> On Mon, Dec 14, 2020 at 10:19:02PM -0500, Bruce Momjian wrote:
> > I am going to need someone to help me make these changes. I don't feel
> > I know enough about the crypto API to do it, and it will take me 1+ week
> > to learn it.
>
> I think that designing a correct set of APIs that can be plugged with
> any SSL library is the correct move in the long term. I have on my
> agenda to clean up HMAC as SCRAM uses that with SHA256 and you would
> use that with SHA512. Daniel has mentioned that he has been touching
> this area, and I also got a patch halfly done though pgcrypto needs
> some extra thoughts. So this is still WIP but you could reuse that
> here.

I thought this was going to be a huge job, but once I looked at it, it
was clear exactly what you were saying. Comparing cryptohash.c and
cryptohash_openssl.c I saw exactly what you wanted, and I think I have
completed it in the attached patch. cryptohash.c implemented the hash
in C code if OpenSSL is not present --- I assume you didn't want me to
do that, but rather to split the API so it was easy to add another
implementation.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com

The usefulness of a cup is in its emptiness, Bruce Lee