On 5/9/06, Marko Kreen <markokr@xxxxxxxxx> wrote:
Right on! SHA2 should fallback the same as AES!
That was my thought too. Old OpenSSL doesn't have SHA2 so why SHA2 is still blocked in pgcrypto? Is that by design or bug?
Thanks.
On 5/9/06, Joe Kramer <cckramer@xxxxxxxxx> wrote:
> On 5/9/06, Marko Kreen <markokr@xxxxxxxxx> wrote:
> > The fact that Fedora pgcrypto is linked with OpenSSL that does not
> > support SHA256 is not a bug, just a fact.
>
> It's not Fedora only, same problem with Gentoo/portage.
> I think it's problem for all distros. You need recompile pgcrypto or install
> openssl 0.9.8 which is considered as "unstable" by most distros.
>
> Maybe pgcrypto should use built-in algorithms until OpenSSL 0.9.8 is
> mainstream/default install.
To be honest, pgcrypto actually falls back on built-in code for AES,
in case old OpenSSL that does not have AES. Thats because AES
should be "always there", together with md5/sha1/blowfish.
I do not consider SHA2 that important (yet?), so they don't
get same treatment.
Right on! SHA2 should fallback the same as AES!
> Ideally, would be great if pgcrypto could fallback to built-in algorithm of
> OpenSSL don't support it.
> But since it's compile switch, completely seld-compiled pgcrypto would be
> great.
Attached is a patch that re-defines SHA2 symbols so that they would not
conflict with OpenSSL.
Now that I think about it, if your OpenSSL does not contain SHA2, then
there should be no conflict. But ofcourse, if someone upgrades OpenSSL,
server starts crashing. So I think its best to always apply this patch.
That was my thought too. Old OpenSSL doesn't have SHA2 so why SHA2 is still blocked in pgcrypto? Is that by design or bug?
Thanks.