From: Peter Eisentraut Date: Thu, 16 Nov 2023 14:57:21 +0000 (+0100) Subject: pgcrypto: Split off pgp-encrypt-md5 test X-Git-Tag: REL_17_BETA1~1455 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3af0d17acef7538c5605afa5dd7929cfd7e38d9e;p=thirdparty%2Fpostgresql.git pgcrypto: Split off pgp-encrypt-md5 test In FIPS mode, these tests will fail. By having them in a separate file, it would make it easier to have an alternative output file or selectively disable these tests. This isn't done here; this is just some preparation. Reviewed-by: Tom Lane Discussion: https://www.postgresql.org/message-id/2766054.1700080156@sss.pgh.pa.us --- diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index 7fb59f51b72..5efa10c334c 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -42,7 +42,7 @@ PGFILEDESC = "pgcrypto - cryptographic functions" REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ sha2 des 3des cast5 \ crypt-des crypt-md5 crypt-blowfish crypt-xdes \ - pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \ + pgp-armor pgp-decrypt pgp-encrypt pgp-encrypt-md5 $(CF_PGP_TESTS) \ pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info EXTRA_CLEAN = gen-rtab diff --git a/contrib/pgcrypto/expected/pgp-encrypt-md5.out b/contrib/pgcrypto/expected/pgp-encrypt-md5.out new file mode 100644 index 00000000000..339e12a434b --- /dev/null +++ b/contrib/pgcrypto/expected/pgp-encrypt-md5.out @@ -0,0 +1,11 @@ +-- +-- PGP encrypt using MD5 +-- +select pgp_sym_decrypt( + pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), + 'key', 'expect-s2k-digest-algo=md5'); + pgp_sym_decrypt +----------------- + Secret. +(1 row) + diff --git a/contrib/pgcrypto/expected/pgp-encrypt.out b/contrib/pgcrypto/expected/pgp-encrypt.out index 77e45abe53a..50cd3f6daa0 100644 --- a/contrib/pgcrypto/expected/pgp-encrypt.out +++ b/contrib/pgcrypto/expected/pgp-encrypt.out @@ -121,14 +121,6 @@ NOTICE: pgp_decrypt: unexpected s2k_count: expected 65000000 got 65011712 (1 row) -- s2k digest change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); - pgp_sym_decrypt ------------------ - Secret. -(1 row) - select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1'); diff --git a/contrib/pgcrypto/meson.build b/contrib/pgcrypto/meson.build index df7dd50dbc3..4f62ea0af03 100644 --- a/contrib/pgcrypto/meson.build +++ b/contrib/pgcrypto/meson.build @@ -48,6 +48,7 @@ pgcrypto_regress = [ 'pgp-armor', 'pgp-decrypt', 'pgp-encrypt', + 'pgp-encrypt-md5', 'pgp-pubkey-decrypt', 'pgp-pubkey-encrypt', 'pgp-info', diff --git a/contrib/pgcrypto/sql/pgp-encrypt-md5.sql b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql new file mode 100644 index 00000000000..201636c8209 --- /dev/null +++ b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql @@ -0,0 +1,7 @@ +-- +-- PGP encrypt using MD5 +-- + +select pgp_sym_decrypt( + pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), + 'key', 'expect-s2k-digest-algo=md5'); diff --git a/contrib/pgcrypto/sql/pgp-encrypt.sql b/contrib/pgcrypto/sql/pgp-encrypt.sql index ed8b17776b3..f67329c2c30 100644 --- a/contrib/pgcrypto/sql/pgp-encrypt.sql +++ b/contrib/pgcrypto/sql/pgp-encrypt.sql @@ -63,9 +63,6 @@ select pgp_sym_decrypt( 'key', 'expect-s2k-count=65000000'); -- s2k digest change -select pgp_sym_decrypt( - pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), - 'key', 'expect-s2k-digest-algo=md5'); select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1');