| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, "Koshi Shibagaki (Fujitsu)" <shibagaki(dot)koshi(at)fujitsu(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Date: | 2024-02-20 12:35:02 |
| Message-ID: | 3697493F-14FC-44F6-B0D6-866ED9C05826@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 20 Feb 2024, at 13:24, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> On Tue, Feb 20, 2024 at 5:09 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>> A fifth option is to throw away our in-tree implementations and use the OpenSSL
>> API's for everything, which is where this thread started. If the effort to
>> payoff ratio is palatable to anyone then patches are for sure welcome.
>
> That generally seems fine, although I'm fuzzy on what our policy
> actually is. We have fallback implementations for some things and not
> others, IIRC.
I'm not sure there is a well-formed policy, but IIRC the idea with cryptohash
was to provide in-core functionality iff OpenSSL isn't used, and only use the
OpenSSL implementations if it is. Since pgcrypto cannot be built without
OpenSSL (since db7d1a7b0530e8cbd045744e1c75b0e63fb6916f) I don't think it's a
problem to continue the work from that commit and replace more with OpenSSL
implementations.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-02-20 12:40:27 | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Previous Message | Peter Eisentraut | 2024-02-20 12:34:04 | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |