On Thu, Sep 24, 2020 at 06:28:25PM +0200, Daniel Gustafsson wrote: > Doh, of course, I blame a lack of caffeine this afternoon. Having a private > local sha256 implementation using the EVP_* API inside scram-common would > maintain FIPS compliance and ABI compatibility, but would also be rather ugly.
Even if we'd try to force our internal implementation of SHA256 on already-released branches instead of the one of OpenSSL, this would be an ABI break for compiled modules expected to work on this released branch as OpenSSL's internal SHA structures don't exactly match with our own implementation (think just about sizeof() or such). -- Michael
signature.asc
Description: PGP signature
