On 08.03.23 10:21, Daniel Gustafsson wrote:
>> On 8 Mar 2023, at 09:49, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:
>
>> It occurred to me that it would be easier to maintain this in the long run if we could enable a "fake FIPS" mode
thatwould have the same effect but didn't require fiddling with the OpenSSL configuration or installation.
>>
>> The attached patch shows how this could work. Thoughts?
>
> - * Initialize a hash context. Note that this implementation is designed
> - * to never fail, so this always returns 0.
> + * Initialize a hash context.
> Regardless of which, we wan't this hunk since the code clearly can return -1.
I was a bit puzzled by these comments in that file. While the existing
implementations (mostly) never fail, they are clearly not *designed* to
never fail, since the parallel OpenSSL implementations can fail (which
is the point of this thread). So I would remove these comments
altogether, really.
> +#ifdef FAKE_FIPS_MODE
> I'm not enthusiastic about this. If we use this rather than OpenSSL with FIPS
> enabled we might end up missing bugs or weird behavior due to changes in
> OpenSSL that we didn't test.
Valid point. In any case, the patch is available for ad hoc testing.