On Wed, Dec 16, 2020 at 10:23:23AM +0900, Michael Paquier wrote: > On Tue, Dec 15, 2020 at 04:02:12PM -0500, Bruce Momjian wrote: > > I thought this was going to be a huge job, but once I looked at it, it > > was clear exactly what you were saying. Comparing cryptohash.c and > > cryptohash_openssl.c I saw exactly what you wanted, and I think I have > > completed it in the attached patch. cryptohash.c implemented the hash > > in C code if OpenSSL is not present --- I assume you didn't want me to > > do that, but rather to split the API so it was easy to add another > > implementation. > > Hmm. I don't think that this is right. First, this still mixes > ciphers and HMAC.
I looked at the code. The HMAC function body is just one function call to OpenSSL. Do you want it moved to cryptohash.c and cryptohash_openssl.c? To a new C file? > Second, it is only possible here to use HMAC with > SHA512 but we want to be able to use SHA256 as well with SCRAM (per se > the scram_HMAC_* business in scram-common.c). Third, this lacks a I looked at the SCRAM HMAC code. It looks complex, but I assume ideally that would be moved into a separate C file and used by cluster file encryption and SCRAM, right? I need help to do that because I am unclear how much of the SCRAM hash code is specific to SCRAM. > fallback implementation. Finally, pgcrypto is not touched, but we I have a fallback implemention --- it fails? ;-) Did you want me to include an AES implementation? -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee