From 3af0d17acef7538c5605afa5dd7929cfd7e38d9e Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Thu, 16 Nov 2023 15:57:21 +0100 Subject: [PATCH] pgcrypto: Split off pgp-encrypt-md5 test In FIPS mode, these tests will fail. By having them in a separate file, it would make it easier to have an alternative output file or selectively disable these tests. This isn't done here; this is just some preparation. Reviewed-by: Tom Lane Discussion: https://www.postgresql.org/message-id/2766054.1700080156@sss.pgh.pa.us --- contrib/pgcrypto/Makefile | 2 +- contrib/pgcrypto/expected/pgp-encrypt-md5.out | 11 +++++++++++ contrib/pgcrypto/expected/pgp-encrypt.out | 8 -------- contrib/pgcrypto/meson.build | 1 + contrib/pgcrypto/sql/pgp-encrypt-md5.sql | 7 +++++++ contrib/pgcrypto/sql/pgp-encrypt.sql | 3 --- 6 files changed, 20 insertions(+), 12 deletions(-) create mode 100644 contrib/pgcrypto/expected/pgp-encrypt-md5.out create mode 100644 contrib/pgcrypto/sql/pgp-encrypt-md5.sql diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index 7fb59f51b7..5efa10c334 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -42,7 +42,7 @@ PGFILEDESC = "pgcrypto - cryptographic functions" REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ sha2 des 3des cast5 \ crypt-des crypt-md5 crypt-blowfish crypt-xdes \ - pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \ + pgp-armor pgp-decrypt pgp-encrypt pgp-encrypt-md5 $(CF_PGP_TESTS) \ pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info EXTRA_CLEAN = gen-rtab diff --git a/contrib/pgcrypto/expected/pgp-encrypt-md5.out b/contrib/pgcrypto/expected/pgp-encrypt-md5.out new file mode 100644 index 0000000000..339e12a434 --- /dev/null +++ b/contrib/pgcrypto/expected/pgp-encrypt-md5.out @@ -0,0 +1,11 @@ +-- +-- PGP encrypt using MD5 +-- +select pgp_sym_decrypt( + pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), + 'key', 'expect-s2k-digest-algo=md5'); + pgp_sym_decrypt +----------------- + Secret. +(1 row) + diff --git a/contrib/pgcrypto/expected/pgp-encrypt.out b/contrib/pgcrypto/expected/pgp-encrypt.out index 77e45abe53..50cd3f6daa 100644 --- a/contrib/pgcrypto/expected/pgp-encrypt.out +++ b/contrib/pgcrypto/expected/pgp-encrypt.out @@ -121,14 +121,6 @@ NOTICE: pgp_decrypt: unexpected s2k_count: expected 65000000 got 65011712 (1 row) -- s2k digest change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); - pgp_sym_decrypt ------------------ - Secret. -(1 row) - select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1'); diff --git a/contrib/pgcrypto/meson.build b/contrib/pgcrypto/meson.build index df7dd50dbc..4f62ea0af0 100644 --- a/contrib/pgcrypto/meson.build +++ b/contrib/pgcrypto/meson.build @@ -48,6 +48,7 @@ pgcrypto_regress = [ 'pgp-armor', 'pgp-decrypt', 'pgp-encrypt', + 'pgp-encrypt-md5', 'pgp-pubkey-decrypt', 'pgp-pubkey-encrypt', 'pgp-info', diff --git a/contrib/pgcrypto/sql/pgp-encrypt-md5.sql b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql new file mode 100644 index 0000000000..201636c820 --- /dev/null +++ b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql @@ -0,0 +1,7 @@ +-- +-- PGP encrypt using MD5 +-- + +select pgp_sym_decrypt( + pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), + 'key', 'expect-s2k-digest-algo=md5'); diff --git a/contrib/pgcrypto/sql/pgp-encrypt.sql b/contrib/pgcrypto/sql/pgp-encrypt.sql index ed8b17776b..f67329c2c3 100644 --- a/contrib/pgcrypto/sql/pgp-encrypt.sql +++ b/contrib/pgcrypto/sql/pgp-encrypt.sql @@ -63,9 +63,6 @@ select pgp_sym_decrypt( 'key', 'expect-s2k-count=65000000'); -- s2k digest change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1');