Re: Proposed patch for key managment
| От | Bruce Momjian |
|---|---|
| Тема | Re: Proposed patch for key managment |
| Дата | |
| Msg-id | 20201215210212.GG14596@momjian.us обсуждение исходный текст |
| Ответ на | Re: Proposed patch for key managment (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: Proposed patch for key managment
|
| Список | pgsql-hackers |
On Tue, Dec 15, 2020 at 02:20:33PM +0900, Michael Paquier wrote: > On Mon, Dec 14, 2020 at 10:19:02PM -0500, Bruce Momjian wrote: > > I am going to need someone to help me make these changes. I don't feel > > I know enough about the crypto API to do it, and it will take me 1+ week > > to learn it. > > I think that designing a correct set of APIs that can be plugged with > any SSL library is the correct move in the long term. I have on my > agenda to clean up HMAC as SCRAM uses that with SHA256 and you would > use that with SHA512. Daniel has mentioned that he has been touching > this area, and I also got a patch halfly done though pgcrypto needs > some extra thoughts. So this is still WIP but you could reuse that > here. I thought this was going to be a huge job, but once I looked at it, it was clear exactly what you were saying. Comparing cryptohash.c and cryptohash_openssl.c I saw exactly what you wanted, and I think I have completed it in the attached patch. cryptohash.c implemented the hash in C code if OpenSSL is not present --- I assume you didn't want me to do that, but rather to split the API so it was easy to add another implementation. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
Вложения
В списке pgsql-hackers по дате отправления: