Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

On 11/22/24 09:11, Daniel Gustafsson wrote:
>> On 21 Nov 2024, at 22:39, Joe Conway <mail(at)joeconway(dot)com> wrote:
>
>> I mean, perhaps I am misreading and/or interpreting all of that differently to you, but from my reading of the entire thread there was clearly no consensus to using openssl to provide those two functions.
>
> My interpretation (or perhaps, my opinion) is that it would be ideal to
> reimplement these functions using OpenSSL *if possible* but the cost/benefit
> ratio is probably tilted such that it will never happen.
>
>> [..] we don't drag this out past pg18 feature freeze
>
> Agreed.
>
>> If you have a better patch you would like to propose to fix this problem,
>> please do.
>
> I'm still not thrilled about having a transitive dependency GUC, so attached is
> a (very lightly tested POC) version of your patch which expands it from boolean
> to enum with on/off/fips; the fips value being "disable if openssl is in fips
> mode, else enable". I'm not sure if that's better, but at least it gives users
> a way to control the FIPS mode setting in one place and have crypto consumers
> follow the set value (or they can explicitly turn it off if they just want them
> disabled even without FIPS).

Works for me.

I do wonder if the GUC should be PGC_POSTMASTER (as I had suggested it
ought to be in an earlier post) rather than PGC_SUSET (which was the way
my posted patch had it). But perhaps PGC_SUSET is sufficient, and it
makes testing easier.

One other question this spawned -- do we document the minimum supported
version of OpenSSL anywhere? I remembered it had recently been
increased, but could only find confirmation in the git logs that 1.1.1
was now the minimum.

--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com