> On 24 Aug 2021, at 11:13, Peter Eisentraut > <peter.eisentr...@enterprisedb.com> wrote:
> So I'm tempted to suggest that we remove the built-in, non-OpenSSL cipher and > hash implementations in pgcrypto (basically INT_SRCS in pgcrypto/Makefile), > and then also pursue the simplifications in the OpenSSL code paths described > in [0]. +1 > Thoughts? With src/common/cryptohash_*.c and contrib/pgcrypto we have two abstractions for hashing ciphers, should we perhaps retire hashing from pgcrypto altogether and pull across what we feel is useful to core (AES and 3DES and..)? There is already significant overlap, and allowing core to only support certain ciphers when compiled with OpenSSL isn’t any different from doing it in pgcrypto really. > (Some thoughts from those pursuing NSS support would also be useful.) Blowfish and CAST5 are not available in NSS. I've used the internal Blowfish implementation as a fallback in the NSS patch and left CAST5 as not supported. This proposal would mean that Blowfish too wasn’t supported in NSS builds, but I personally don’t see that as a dealbreaker. -- Daniel Gustafsson https://vmware.com/
