Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

On 11/22/24 09:11, Daniel Gustafsson wrote:
>> On 21 Nov 2024, at 22:39, Joe Conway <mail@joeconway.com> wrote:
> 
>> I mean, perhaps I am misreading and/or interpreting all of that differently to you, but from my reading of the
entirethread there was clearly no consensus to using openssl to provide those two functions.
 
> 
> My interpretation (or perhaps, my opinion) is that it would be ideal to
> reimplement these functions using OpenSSL *if possible* but the cost/benefit
> ratio is probably tilted such that it will never happen.
> 
>> [..] we don't drag this out past pg18 feature freeze
> 
> Agreed.
> 
>> If you have a better patch you would like to propose to fix this problem,
>> please do.
> 
> I'm still not thrilled about having a transitive dependency GUC, so attached is
> a (very lightly tested POC) version of your patch which expands it from boolean
> to enum with on/off/fips; the fips value being "disable if openssl is in fips
> mode, else enable".  I'm not sure if that's better, but at least it gives users
> a way to control the FIPS mode setting in one place and have crypto consumers
> follow the set value (or they can explicitly turn it off if they just want them
> disabled even without FIPS).

Works for me.

I do wonder if the GUC should be PGC_POSTMASTER (as I had suggested it 
ought to be in an earlier post) rather than PGC_SUSET (which was the way 
my posted patch had it). But perhaps PGC_SUSET is sufficient, and it 
makes testing easier.

One other question this spawned -- do we document the minimum supported 
version of OpenSSL anywhere? I remembered it had recently been 
increased, but could only find confirmation in the git logs that 1.1.1 
was now the minimum.

-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com