From 208bf364a9cc80cc586d060726d076ba7d0c8dec Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Mon, 13 Mar 2023 10:15:44 +0100 Subject: [PATCH] Remove incidental md5() function uses from main regression tests Most of these calls were to generate some random data. These can be replaced by appropriately adapted sha256() calls. To keep the diff smaller, we wrap this into a helper function that produces the same output format and length as the md5() call. This will eventually allow these tests to pass in OpenSSL FIPS mode (which does not allow MD5 use). Similar work for other test suites will follow later. Reviewed-by: Tom Lane Discussion: https://www.postgresql.org/message-id/flat/dbbd927f-ef1f-c9a1-4ec6-c759778ac852@enterprisedb.com --- src/test/regress/expected/arrays.out | 6 +- src/test/regress/expected/brin.out | 4 +- src/test/regress/expected/brin_multi.out | 6 +- src/test/regress/expected/compression.out | 8 +- src/test/regress/expected/compression_1.out | 8 +- src/test/regress/expected/inherit.out | 2 +- src/test/regress/expected/largeobject.out | 2 +- src/test/regress/expected/largeobject_1.out | 2 +- src/test/regress/expected/matview.out | 8 +- src/test/regress/expected/memoize.out | 2 +- src/test/regress/expected/plpgsql.out | 20 +- src/test/regress/expected/rowsecurity.out | 546 ++++++++++---------- src/test/regress/expected/stats_ext.out | 18 +- src/test/regress/expected/test_setup.out | 12 + src/test/regress/sql/arrays.sql | 6 +- src/test/regress/sql/brin.sql | 4 +- src/test/regress/sql/brin_multi.sql | 6 +- src/test/regress/sql/compression.sql | 4 +- src/test/regress/sql/inherit.sql | 2 +- src/test/regress/sql/largeobject.sql | 2 +- src/test/regress/sql/matview.sql | 8 +- src/test/regress/sql/memoize.sql | 2 +- src/test/regress/sql/plpgsql.sql | 2 +- src/test/regress/sql/rowsecurity.sql | 14 +- src/test/regress/sql/stats_ext.sql | 18 +- src/test/regress/sql/test_setup.sql | 15 + 26 files changed, 374 insertions(+), 353 deletions(-) diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out index 0ff54a18de..bfaf125187 100644 --- a/src/test/regress/expected/arrays.out +++ b/src/test/regress/expected/arrays.out @@ -2303,14 +2303,14 @@ insert into src create type textandtext as (c1 text, c2 text); create temp table dest (f1 textandtext[]); insert into dest select array[row(f1,f1)::textandtext] from src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; length -------- 32 (1 row) delete from src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; length -------- 32 @@ -2318,7 +2318,7 @@ select length(md5((f1[1]).c2)) from dest; truncate table src; drop table src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; length -------- 32 diff --git a/src/test/regress/expected/brin.out b/src/test/regress/expected/brin.out index 73fa38396e..f0b7de5bf7 100644 --- a/src/test/regress/expected/brin.out +++ b/src/test/regress/expected/brin.out @@ -530,7 +530,7 @@ EXPLAIN (COSTS OFF) SELECT * FROM brin_test WHERE b = 1; CREATE TABLE brintest_3 (a text, b text, c text, d text); -- long random strings (~2000 chars each, so ~6kB for min/max on two -- columns) to trigger toasting -WITH rand_value AS (SELECT string_agg(md5(i::text),'') AS val FROM generate_series(1,60) s(i)) +WITH rand_value AS (SELECT string_agg(fipshash(i::text),'') AS val FROM generate_series(1,60) s(i)) INSERT INTO brintest_3 SELECT val, val, val, val FROM rand_value; CREATE INDEX brin_test_toast_idx ON brintest_3 USING brin (b, c); @@ -545,7 +545,7 @@ VACUUM brintest_3; -- retry insert with a different random-looking (but deterministic) value -- the value is different, and so should replace either min or max in the -- brin summary -WITH rand_value AS (SELECT string_agg(md5((-i)::text),'') AS val FROM generate_series(1,60) s(i)) +WITH rand_value AS (SELECT string_agg(fipshash((-i)::text),'') AS val FROM generate_series(1,60) s(i)) INSERT INTO brintest_3 SELECT val, val, val, val FROM rand_value; -- now try some queries, accessing the brin index diff --git a/src/test/regress/expected/brin_multi.out b/src/test/regress/expected/brin_multi.out index f3309f433f..fbbfb6710c 100644 --- a/src/test/regress/expected/brin_multi.out +++ b/src/test/regress/expected/brin_multi.out @@ -29,7 +29,7 @@ INSERT INTO brintest_multi SELECT (four + 1.0)/(hundred+1), odd::float8 / (tenthous + 1), format('%s:00:%s:00:%s:00', to_hex(odd), to_hex(even), to_hex(hundred))::macaddr, - substr(md5(unique1::text), 1, 16)::macaddr8, + substr(fipshash(unique1::text), 1, 16)::macaddr8, inet '10.2.3.4/24' + tenthous, cidr '10.2.3/24' + tenthous, date '1995-08-15' + tenthous, @@ -179,7 +179,7 @@ INSERT INTO brinopers_multi VALUES ('macaddr8col', 'macaddr8', '{>, >=, =, <=, <}', '{b1:d1:0e:7b:af:a4:42:12, d9:35:91:bd:f7:86:0e:1e, 72:8f:20:6c:2a:01:bf:57, 23:e8:46:63:86:07:ad:cb, 13:16:8e:6a:2e:6c:84:b4}', - '{33, 15, 1, 13, 6}'), + '{31, 17, 1, 11, 4}'), ('inetcol', 'inet', '{=, <, <=, >, >=}', '{10.2.14.231/24, 255.255.255.255, 255.255.255.255, 0.0.0.0, 0.0.0.0}', @@ -327,7 +327,7 @@ INSERT INTO brintest_multi SELECT (four + 1.0)/(hundred+1), odd::float8 / (tenthous + 1), format('%s:00:%s:00:%s:00', to_hex(odd), to_hex(even), to_hex(hundred))::macaddr, - substr(md5(unique1::text), 1, 16)::macaddr8, + substr(fipshash(unique1::text), 1, 16)::macaddr8, inet '10.2.3.4' + tenthous, cidr '10.2.3/24' + tenthous, date '1995-08-15' + tenthous, diff --git a/src/test/regress/expected/compression.out b/src/test/regress/expected/compression.out index e06ac93a36..834b7555cb 100644 --- a/src/test/regress/expected/compression.out +++ b/src/test/regress/expected/compression.out @@ -102,7 +102,7 @@ SELECT pg_column_compression(f1) FROM cmmove2; -- test externally stored compressed data CREATE OR REPLACE FUNCTION large_val() RETURNS TEXT LANGUAGE SQL AS -'select array_agg(md5(g::text))::text from generate_series(1, 256) g'; +'select array_agg(fipshash(g::text))::text from generate_series(1, 256) g'; CREATE TABLE cmdata2 (f1 text COMPRESSION pglz); INSERT INTO cmdata2 SELECT large_val() || repeat('a', 4000); SELECT pg_column_compression(f1) FROM cmdata2; @@ -123,13 +123,13 @@ SELECT SUBSTR(f1, 200, 5) FROM cmdata1; substr -------- 01234 - 8f14e + 79026 (2 rows) SELECT SUBSTR(f1, 200, 5) FROM cmdata2; substr -------- - 8f14e + 79026 (1 row) DROP TABLE cmdata2; @@ -317,7 +317,7 @@ SELECT pg_column_compression(f1) FROM cmdata; DROP TABLE cmdata2; CREATE TABLE cmdata2 (f1 TEXT COMPRESSION pglz, f2 TEXT COMPRESSION lz4); CREATE UNIQUE INDEX idx1 ON cmdata2 ((f1 || f2)); -INSERT INTO cmdata2 VALUES((SELECT array_agg(md5(g::TEXT))::TEXT FROM +INSERT INTO cmdata2 VALUES((SELECT array_agg(fipshash(g::TEXT))::TEXT FROM generate_series(1, 50) g), VERSION()); -- check data is ok SELECT length(f1) FROM cmdata; diff --git a/src/test/regress/expected/compression_1.out b/src/test/regress/expected/compression_1.out index c0a47646eb..56d74be2ce 100644 --- a/src/test/regress/expected/compression_1.out +++ b/src/test/regress/expected/compression_1.out @@ -102,7 +102,7 @@ SELECT pg_column_compression(f1) FROM cmmove2; -- test externally stored compressed data CREATE OR REPLACE FUNCTION large_val() RETURNS TEXT LANGUAGE SQL AS -'select array_agg(md5(g::text))::text from generate_series(1, 256) g'; +'select array_agg(fipshash(g::text))::text from generate_series(1, 256) g'; CREATE TABLE cmdata2 (f1 text COMPRESSION pglz); INSERT INTO cmdata2 SELECT large_val() || repeat('a', 4000); SELECT pg_column_compression(f1) FROM cmdata2; @@ -126,7 +126,7 @@ LINE 1: SELECT SUBSTR(f1, 200, 5) FROM cmdata1; SELECT SUBSTR(f1, 200, 5) FROM cmdata2; substr -------- - 8f14e + 79026 (1 row) DROP TABLE cmdata2; @@ -312,10 +312,10 @@ ERROR: compression method lz4 not supported DETAIL: This functionality requires the server to be built with lz4 support. CREATE UNIQUE INDEX idx1 ON cmdata2 ((f1 || f2)); ERROR: relation "cmdata2" does not exist -INSERT INTO cmdata2 VALUES((SELECT array_agg(md5(g::TEXT))::TEXT FROM +INSERT INTO cmdata2 VALUES((SELECT array_agg(fipshash(g::TEXT))::TEXT FROM generate_series(1, 50) g), VERSION()); ERROR: relation "cmdata2" does not exist -LINE 1: INSERT INTO cmdata2 VALUES((SELECT array_agg(md5(g::TEXT))::... +LINE 1: INSERT INTO cmdata2 VALUES((SELECT array_agg(fipshash(g::TEXT)... ^ -- check data is ok SELECT length(f1) FROM cmdata; diff --git a/src/test/regress/expected/inherit.out b/src/test/regress/expected/inherit.out index e2a0dc80b2..a7fbeed9eb 100644 --- a/src/test/regress/expected/inherit.out +++ b/src/test/regress/expected/inherit.out @@ -2560,7 +2560,7 @@ alter table permtest_child attach partition permtest_grandchild for values in (' alter table permtest_parent attach partition permtest_child for values in (1); create index on permtest_parent (left(c, 3)); insert into permtest_parent - select 1, 'a', left(md5(i::text), 5) from generate_series(0, 100) i; + select 1, 'a', left(fipshash(i::text), 5) from generate_series(0, 100) i; analyze permtest_parent; create role regress_no_child_access; revoke all on permtest_grandchild from regress_no_child_access; diff --git a/src/test/regress/expected/largeobject.out b/src/test/regress/expected/largeobject.out index 31fba2ff9d..bdcede6728 100644 --- a/src/test/regress/expected/largeobject.out +++ b/src/test/regress/expected/largeobject.out @@ -441,7 +441,7 @@ TRUNCATE lotest_stash_values; \set newloid_1 :LASTOID SELECT lo_from_bytea(0, lo_get(:newloid_1)) AS newloid_2 \gset -SELECT md5(lo_get(:newloid_1)) = md5(lo_get(:newloid_2)); +SELECT fipshash(lo_get(:newloid_1)) = fipshash(lo_get(:newloid_2)); ?column? ---------- t diff --git a/src/test/regress/expected/largeobject_1.out b/src/test/regress/expected/largeobject_1.out index 7acd7f73e1..d700910c35 100644 --- a/src/test/regress/expected/largeobject_1.out +++ b/src/test/regress/expected/largeobject_1.out @@ -441,7 +441,7 @@ TRUNCATE lotest_stash_values; \set newloid_1 :LASTOID SELECT lo_from_bytea(0, lo_get(:newloid_1)) AS newloid_2 \gset -SELECT md5(lo_get(:newloid_1)) = md5(lo_get(:newloid_2)); +SELECT fipshash(lo_get(:newloid_1)) = fipshash(lo_get(:newloid_2)); ?column? ---------- t diff --git a/src/test/regress/expected/matview.out b/src/test/regress/expected/matview.out index 87b6e569a5..7cb05827ca 100644 --- a/src/test/regress/expected/matview.out +++ b/src/test/regress/expected/matview.out @@ -556,10 +556,10 @@ SET ROLE regress_user_mvtest; -- duplicate all the aliases used in those queries CREATE TABLE mvtest_foo_data AS SELECT i, i+1 AS tid, - md5(random()::text) AS mv, - md5(random()::text) AS newdata, - md5(random()::text) AS newdata2, - md5(random()::text) AS diff + fipshash(random()::text) AS mv, + fipshash(random()::text) AS newdata, + fipshash(random()::text) AS newdata2, + fipshash(random()::text) AS diff FROM generate_series(1, 10) i; CREATE MATERIALIZED VIEW mvtest_mv_foo AS SELECT * FROM mvtest_foo_data; CREATE MATERIALIZED VIEW mvtest_mv_foo AS SELECT * FROM mvtest_foo_data; diff --git a/src/test/regress/expected/memoize.out b/src/test/regress/expected/memoize.out index 60cbdeec7a..07c18b56de 100644 --- a/src/test/regress/expected/memoize.out +++ b/src/test/regress/expected/memoize.out @@ -164,7 +164,7 @@ DROP TABLE flt; CREATE TABLE strtest (n name, t text); CREATE INDEX strtest_n_idx ON strtest (n); CREATE INDEX strtest_t_idx ON strtest (t); -INSERT INTO strtest VALUES('one','one'),('two','two'),('three',repeat(md5('three'),100)); +INSERT INTO strtest VALUES('one','one'),('two','two'),('three',repeat(fipshash('three'),100)); -- duplicate rows so we get some cache hits INSERT INTO strtest SELECT * FROM strtest; ANALYZE strtest; diff --git a/src/test/regress/expected/plpgsql.out b/src/test/regress/expected/plpgsql.out index cdc519256a..2d26be1a81 100644 --- a/src/test/regress/expected/plpgsql.out +++ b/src/test/regress/expected/plpgsql.out @@ -3404,22 +3404,22 @@ select * from ret_query1(); create type record_type as (x text, y int, z boolean); create or replace function ret_query2(lim int) returns setof record_type as $$ begin - return query select md5(s.x::text), s.x, s.x > 0 + return query select fipshash(s.x::text), s.x, s.x > 0 from generate_series(-8, lim) s (x) where s.x % 2 = 0; end; $$ language plpgsql; select * from ret_query2(8); x | y | z ----------------------------------+----+--- - a8d2ec85eaf98407310b72eb73dda247 | -8 | f - 596a3d04481816330f07e4f97510c28f | -6 | f - 0267aaf632e87a63288a08331f22c7c3 | -4 | f - 5d7b9adcbe1c629ec722529dd12e5129 | -2 | f - cfcd208495d565ef66e7dff9f98764da | 0 | f - c81e728d9d4c2f636f067f89cc14862c | 2 | t - a87ff679a2f3e71d9181a67b7542122c | 4 | t - 1679091c5a880faf6fb5e6087eb1b2dc | 6 | t - c9f0f895fb98ab9159f51fd0297e236d | 8 | t + e91592205d3881e3ea35d66973bb4898 | -8 | f + 03b26944890929ff751653acb2f2af79 | -6 | f + e5e0093f285a4fb94c3fcc2ad7fd04ed | -4 | f + cf3bae39dd692048a8bf961182e6a34d | -2 | f + 5feceb66ffc86f38d952786c6d696c79 | 0 | f + d4735e3a265e16eee03f59718b9b5d03 | 2 | t + 4b227777d4dd1fc61c6f884f48641d02 | 4 | t + e7f6c011776e8db7cd330b54174fd76f | 6 | t + 2c624232cdd221771294dfbb310aca00 | 8 | t (9 rows) -- test EXECUTE USING diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out index 834acf142d..38f53ed486 100644 --- a/src/test/regress/expected/rowsecurity.out +++ b/src/test/regress/expected/rowsecurity.out @@ -1408,9 +1408,9 @@ ERROR: infinite recursion detected in policy for relation "rec1" -- SET SESSION AUTHORIZATION regress_rls_alice; CREATE TABLE s1 (a int, b text); -INSERT INTO s1 (SELECT x, md5(x::text) FROM generate_series(-10,10) x); +INSERT INTO s1 (SELECT x, public.fipshash(x::text) FROM generate_series(-10,10) x); CREATE TABLE s2 (x int, y text); -INSERT INTO s2 (SELECT x, md5(x::text) FROM generate_series(-6,6) x); +INSERT INTO s2 (SELECT x, public.fipshash(x::text) FROM generate_series(-6,6) x); GRANT SELECT ON s1, s2 TO regress_rls_bob; CREATE POLICY p1 ON s1 USING (a in (select x from s2 where y like '%2f%')); CREATE POLICY p2 ON s2 USING (x in (select a from s1 where b like '%22%')); @@ -1428,13 +1428,11 @@ DROP POLICY p3 on s1; ALTER POLICY p2 ON s2 USING (x % 2 = 0); SET SESSION AUTHORIZATION regress_rls_bob; SELECT * FROM s1 WHERE f_leak(b); -- OK -NOTICE: f_leak => c81e728d9d4c2f636f067f89cc14862c -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c - a | b ----+---------------------------------- - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c -(2 rows) +NOTICE: f_leak => 03b26944890929ff751653acb2f2af79 + a | b +----+---------------------------------- + -6 | 03b26944890929ff751653acb2f2af79 +(1 row) EXPLAIN (COSTS OFF) SELECT * FROM only s1 WHERE f_leak(b); QUERY PLAN @@ -1450,13 +1448,11 @@ SET SESSION AUTHORIZATION regress_rls_alice; ALTER POLICY p1 ON s1 USING (a in (select x from v2)); -- using VIEW in RLS policy SET SESSION AUTHORIZATION regress_rls_bob; SELECT * FROM s1 WHERE f_leak(b); -- OK -NOTICE: f_leak => 0267aaf632e87a63288a08331f22c7c3 -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc +NOTICE: f_leak => 03b26944890929ff751653acb2f2af79 a | b ----+---------------------------------- - -4 | 0267aaf632e87a63288a08331f22c7c3 - 6 | 1679091c5a880faf6fb5e6087eb1b2dc -(2 rows) + -6 | 03b26944890929ff751653acb2f2af79 +(1 row) EXPLAIN (COSTS OFF) SELECT * FROM s1 WHERE f_leak(b); QUERY PLAN @@ -1471,10 +1467,8 @@ EXPLAIN (COSTS OFF) SELECT * FROM s1 WHERE f_leak(b); SELECT (SELECT x FROM s1 LIMIT 1) xx, * FROM s2 WHERE y like '%28%'; xx | x | y ----+----+---------------------------------- - -6 | -6 | 596a3d04481816330f07e4f97510c28f - -4 | -4 | 0267aaf632e87a63288a08331f22c7c3 - 2 | 2 | c81e728d9d4c2f636f067f89cc14862c -(3 rows) + -4 | -4 | e5e0093f285a4fb94c3fcc2ad7fd04ed +(1 row) EXPLAIN (COSTS OFF) SELECT (SELECT x FROM s1 LIMIT 1) xx, * FROM s2 WHERE y like '%28%'; QUERY PLAN @@ -1900,7 +1894,7 @@ NOTICE: f_leak => yyyyyy -- SET SESSION AUTHORIZATION regress_rls_alice; CREATE TABLE b1 (a int, b text); -INSERT INTO b1 (SELECT x, md5(x::text) FROM generate_series(-10,10) x); +INSERT INTO b1 (SELECT x, public.fipshash(x::text) FROM generate_series(-10,10) x); CREATE POLICY p1 ON b1 USING (a % 2 = 0); ALTER TABLE b1 ENABLE ROW LEVEL SECURITY; GRANT ALL ON b1 TO regress_rls_bob; @@ -1918,18 +1912,18 @@ EXPLAIN (COSTS OFF) SELECT * FROM bv1 WHERE f_leak(b); (4 rows) SELECT * FROM bv1 WHERE f_leak(b); -NOTICE: f_leak => c81e728d9d4c2f636f067f89cc14862c -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc -NOTICE: f_leak => c9f0f895fb98ab9159f51fd0297e236d -NOTICE: f_leak => d3d9446802a44259755d38e6d163e820 +NOTICE: f_leak => d4735e3a265e16eee03f59718b9b5d03 +NOTICE: f_leak => 4b227777d4dd1fc61c6f884f48641d02 +NOTICE: f_leak => e7f6c011776e8db7cd330b54174fd76f +NOTICE: f_leak => 2c624232cdd221771294dfbb310aca00 +NOTICE: f_leak => 4a44dc15364204a80fe80e9039455cc1 a | b ----+---------------------------------- - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 (5 rows) INSERT INTO bv1 VALUES (-1, 'xxx'); -- should fail view WCO @@ -1946,7 +1940,7 @@ EXPLAIN (COSTS OFF) UPDATE bv1 SET b = 'yyy' WHERE a = 4 AND f_leak(b); (3 rows) UPDATE bv1 SET b = 'yyy' WHERE a = 4 AND f_leak(b); -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c +NOTICE: f_leak => 4b227777d4dd1fc61c6f884f48641d02 EXPLAIN (COSTS OFF) DELETE FROM bv1 WHERE a = 6 AND f_leak(b); QUERY PLAN ----------------------------------------------------------------------- @@ -1956,30 +1950,30 @@ EXPLAIN (COSTS OFF) DELETE FROM bv1 WHERE a = 6 AND f_leak(b); (3 rows) DELETE FROM bv1 WHERE a = 6 AND f_leak(b); -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc +NOTICE: f_leak => e7f6c011776e8db7cd330b54174fd76f SET SESSION AUTHORIZATION regress_rls_alice; SELECT * FROM b1; a | b -----+---------------------------------- - -10 | 1b0fd9efa5279c4203b7c70233f86dbf - -9 | 252e691406782824eec43d7eadc3d256 - -8 | a8d2ec85eaf98407310b72eb73dda247 - -7 | 74687a12d3915d3c4d83f1af7b3683d5 - -6 | 596a3d04481816330f07e4f97510c28f - -5 | 47c1b025fa18ea96c33fbb6718688c0f - -4 | 0267aaf632e87a63288a08331f22c7c3 - -3 | b3149ecea4628efd23d2f86e5a723472 - -2 | 5d7b9adcbe1c629ec722529dd12e5129 - -1 | 6bb61e3b7bce0931da574d19d1d82c88 - 0 | cfcd208495d565ef66e7dff9f98764da - 1 | c4ca4238a0b923820dcc509a6f75849b - 2 | c81e728d9d4c2f636f067f89cc14862c - 3 | eccbc87e4b5ce2fe28308fd9f2a7baf3 - 5 | e4da3b7fbbce2345d7772b0674a318d5 - 7 | 8f14e45fceea167a5a36dedd4bea2543 - 8 | c9f0f895fb98ab9159f51fd0297e236d - 9 | 45c48cce2e2d7fbdea1afc51c7c6ad26 - 10 | d3d9446802a44259755d38e6d163e820 + -10 | c171d4ec282b23db89a99880cd624e9b + -9 | d5c534fde62beb89c745a59952c8efed + -8 | e91592205d3881e3ea35d66973bb4898 + -7 | a770d3270c9dcdedf12ed9fd70444f7c + -6 | 03b26944890929ff751653acb2f2af79 + -5 | 37aa1ccf80e481832b2db282d4d4f895 + -4 | e5e0093f285a4fb94c3fcc2ad7fd04ed + -3 | 615bdd17c2556f82f384392ea8557f8c + -2 | cf3bae39dd692048a8bf961182e6a34d + -1 | 1bad6b8cf97131fceab8543e81f77571 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 1 | 6b86b273ff34fce19d6b804eff5a3f57 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 3 | 4e07408562bedb8b60ce05c1decfe3ad + 5 | ef2d127de37b942baad06145e54b0c61 + 7 | 7902699be42c8a8e46fbbb4501726517 + 8 | 2c624232cdd221771294dfbb310aca00 + 9 | 19581e27de7ced00ff1ce50b2047e7a5 + 10 | 4a44dc15364204a80fe80e9039455cc1 12 | xxx 4 | yyy (21 rows) @@ -3038,41 +3032,41 @@ DROP VIEW rls_sbv; -- Expression structure -- SET SESSION AUTHORIZATION regress_rls_alice; -INSERT INTO y2 (SELECT x, md5(x::text) FROM generate_series(0,20) x); +INSERT INTO y2 (SELECT x, public.fipshash(x::text) FROM generate_series(0,20) x); CREATE POLICY p2 ON y2 USING (a % 3 = 0); CREATE POLICY p3 ON y2 USING (a % 4 = 0); SET SESSION AUTHORIZATION regress_rls_bob; SELECT * FROM y2 WHERE f_leak(b); -NOTICE: f_leak => cfcd208495d565ef66e7dff9f98764da -NOTICE: f_leak => c81e728d9d4c2f636f067f89cc14862c -NOTICE: f_leak => eccbc87e4b5ce2fe28308fd9f2a7baf3 -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc -NOTICE: f_leak => c9f0f895fb98ab9159f51fd0297e236d -NOTICE: f_leak => 45c48cce2e2d7fbdea1afc51c7c6ad26 -NOTICE: f_leak => d3d9446802a44259755d38e6d163e820 -NOTICE: f_leak => c20ad4d76fe97759aa27a0c99bff6710 -NOTICE: f_leak => aab3238922bcc25a6f606eb525ffdc56 -NOTICE: f_leak => 9bf31c7ff062936a96d3c8bd1f8f2ff3 -NOTICE: f_leak => c74d97b01eae257e44aa9d5bade97baf -NOTICE: f_leak => 6f4922f45568161a8cdf4ad2299f6d23 -NOTICE: f_leak => 98f13708210194c475687be6106a3b84 +NOTICE: f_leak => 5feceb66ffc86f38d952786c6d696c79 +NOTICE: f_leak => d4735e3a265e16eee03f59718b9b5d03 +NOTICE: f_leak => 4e07408562bedb8b60ce05c1decfe3ad +NOTICE: f_leak => 4b227777d4dd1fc61c6f884f48641d02 +NOTICE: f_leak => e7f6c011776e8db7cd330b54174fd76f +NOTICE: f_leak => 2c624232cdd221771294dfbb310aca00 +NOTICE: f_leak => 19581e27de7ced00ff1ce50b2047e7a5 +NOTICE: f_leak => 4a44dc15364204a80fe80e9039455cc1 +NOTICE: f_leak => 6b51d431df5d7f141cbececcf79edf3d +NOTICE: f_leak => 8527a891e224136950ff32ca212b45bc +NOTICE: f_leak => e629fa6598d732768f7c726b4b621285 +NOTICE: f_leak => b17ef6d19c7a5b1ee83b907c595526dc +NOTICE: f_leak => 4ec9599fc203d176a301536c2e091a19 +NOTICE: f_leak => f5ca38f748a1d6eaf726b8a42fb575c3 a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 3 | eccbc87e4b5ce2fe28308fd9f2a7baf3 - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 9 | 45c48cce2e2d7fbdea1afc51c7c6ad26 - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 15 | 9bf31c7ff062936a96d3c8bd1f8f2ff3 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 3 | 4e07408562bedb8b60ce05c1decfe3ad + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 9 | 19581e27de7ced00ff1ce50b2047e7a5 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 15 | e629fa6598d732768f7c726b4b621285 + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 (14 rows) EXPLAIN (COSTS OFF) SELECT * FROM y2 WHERE f_leak(b); @@ -3109,20 +3103,20 @@ NOTICE: f_leak => abc NOTICE: f_leak => abc a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 3 | eccbc87e4b5ce2fe28308fd9f2a7baf3 - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 9 | 45c48cce2e2d7fbdea1afc51c7c6ad26 - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 15 | 9bf31c7ff062936a96d3c8bd1f8f2ff3 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 3 | 4e07408562bedb8b60ce05c1decfe3ad + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 9 | 19581e27de7ced00ff1ce50b2047e7a5 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 15 | e629fa6598d732768f7c726b4b621285 + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 (14 rows) EXPLAIN (COSTS OFF) SELECT * FROM y2 WHERE f_leak('abc'); @@ -3156,20 +3150,20 @@ EXPLAIN (COSTS OFF) SELECT * FROM y2 JOIN test_qual_pushdown ON (b = abc) WHERE (7 rows) SELECT * FROM y2 JOIN test_qual_pushdown ON (b = abc) WHERE f_leak(b); -NOTICE: f_leak => cfcd208495d565ef66e7dff9f98764da -NOTICE: f_leak => c81e728d9d4c2f636f067f89cc14862c -NOTICE: f_leak => eccbc87e4b5ce2fe28308fd9f2a7baf3 -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc -NOTICE: f_leak => c9f0f895fb98ab9159f51fd0297e236d -NOTICE: f_leak => 45c48cce2e2d7fbdea1afc51c7c6ad26 -NOTICE: f_leak => d3d9446802a44259755d38e6d163e820 -NOTICE: f_leak => c20ad4d76fe97759aa27a0c99bff6710 -NOTICE: f_leak => aab3238922bcc25a6f606eb525ffdc56 -NOTICE: f_leak => 9bf31c7ff062936a96d3c8bd1f8f2ff3 -NOTICE: f_leak => c74d97b01eae257e44aa9d5bade97baf -NOTICE: f_leak => 6f4922f45568161a8cdf4ad2299f6d23 -NOTICE: f_leak => 98f13708210194c475687be6106a3b84 +NOTICE: f_leak => 5feceb66ffc86f38d952786c6d696c79 +NOTICE: f_leak => d4735e3a265e16eee03f59718b9b5d03 +NOTICE: f_leak => 4e07408562bedb8b60ce05c1decfe3ad +NOTICE: f_leak => 4b227777d4dd1fc61c6f884f48641d02 +NOTICE: f_leak => e7f6c011776e8db7cd330b54174fd76f +NOTICE: f_leak => 2c624232cdd221771294dfbb310aca00 +NOTICE: f_leak => 19581e27de7ced00ff1ce50b2047e7a5 +NOTICE: f_leak => 4a44dc15364204a80fe80e9039455cc1 +NOTICE: f_leak => 6b51d431df5d7f141cbececcf79edf3d +NOTICE: f_leak => 8527a891e224136950ff32ca212b45bc +NOTICE: f_leak => e629fa6598d732768f7c726b4b621285 +NOTICE: f_leak => b17ef6d19c7a5b1ee83b907c595526dc +NOTICE: f_leak => 4ec9599fc203d176a301536c2e091a19 +NOTICE: f_leak => f5ca38f748a1d6eaf726b8a42fb575c3 a | b | abc ---+---+----- (0 rows) @@ -3239,33 +3233,33 @@ CREATE TABLE t1 (a integer, b text); CREATE POLICY p1 ON t1 USING (a % 2 = 0); ALTER TABLE t1 ENABLE ROW LEVEL SECURITY; GRANT ALL ON t1 TO regress_rls_bob; -INSERT INTO t1 (SELECT x, md5(x::text) FROM generate_series(0,20) x); +INSERT INTO t1 (SELECT x, public.fipshash(x::text) FROM generate_series(0,20) x); SET SESSION AUTHORIZATION regress_rls_bob; WITH cte1 AS MATERIALIZED (SELECT * FROM t1 WHERE f_leak(b)) SELECT * FROM cte1; -NOTICE: f_leak => cfcd208495d565ef66e7dff9f98764da -NOTICE: f_leak => c81e728d9d4c2f636f067f89cc14862c -NOTICE: f_leak => a87ff679a2f3e71d9181a67b7542122c -NOTICE: f_leak => 1679091c5a880faf6fb5e6087eb1b2dc -NOTICE: f_leak => c9f0f895fb98ab9159f51fd0297e236d -NOTICE: f_leak => d3d9446802a44259755d38e6d163e820 -NOTICE: f_leak => c20ad4d76fe97759aa27a0c99bff6710 -NOTICE: f_leak => aab3238922bcc25a6f606eb525ffdc56 -NOTICE: f_leak => c74d97b01eae257e44aa9d5bade97baf -NOTICE: f_leak => 6f4922f45568161a8cdf4ad2299f6d23 -NOTICE: f_leak => 98f13708210194c475687be6106a3b84 +NOTICE: f_leak => 5feceb66ffc86f38d952786c6d696c79 +NOTICE: f_leak => d4735e3a265e16eee03f59718b9b5d03 +NOTICE: f_leak => 4b227777d4dd1fc61c6f884f48641d02 +NOTICE: f_leak => e7f6c011776e8db7cd330b54174fd76f +NOTICE: f_leak => 2c624232cdd221771294dfbb310aca00 +NOTICE: f_leak => 4a44dc15364204a80fe80e9039455cc1 +NOTICE: f_leak => 6b51d431df5d7f141cbececcf79edf3d +NOTICE: f_leak => 8527a891e224136950ff32ca212b45bc +NOTICE: f_leak => b17ef6d19c7a5b1ee83b907c595526dc +NOTICE: f_leak => 4ec9599fc203d176a301536c2e091a19 +NOTICE: f_leak => f5ca38f748a1d6eaf726b8a42fb575c3 a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 (11 rows) EXPLAIN (COSTS OFF) @@ -3283,17 +3277,17 @@ ERROR: new row violates row-level security policy for table "t1" WITH cte1 AS (UPDATE t1 SET a = a RETURNING *) SELECT * FROM cte1; --ok a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 (11 rows) WITH cte1 AS (INSERT INTO t1 VALUES (21, 'Fail') RETURNING *) SELECT * FROM cte1; --fail @@ -3346,17 +3340,17 @@ EXPLAIN (COSTS OFF) INSERT INTO t2 (SELECT * FROM t1); SELECT * FROM t2; a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 20 | Success (12 rows) @@ -3370,17 +3364,17 @@ CREATE TABLE t3 AS SELECT * FROM t1; SELECT * FROM t3; a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 20 | Success (12 rows) @@ -3388,17 +3382,17 @@ SELECT * INTO t4 FROM t1; SELECT * FROM t4; a | b ----+---------------------------------- - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 20 | Success (12 rows) @@ -3471,27 +3465,27 @@ RESET SESSION AUTHORIZATION; SELECT * FROM t1; a | b ----+---------------------------------- - 1 | c4ca4238a0b923820dcc509a6f75849b - 3 | eccbc87e4b5ce2fe28308fd9f2a7baf3 - 5 | e4da3b7fbbce2345d7772b0674a318d5 - 7 | 8f14e45fceea167a5a36dedd4bea2543 - 9 | 45c48cce2e2d7fbdea1afc51c7c6ad26 - 11 | 6512bd43d9caa6e02c990b0a82652dca - 13 | c51ce410c124a10e0db5e4b97fc2af39 - 15 | 9bf31c7ff062936a96d3c8bd1f8f2ff3 - 17 | 70efdf2ec9b086079795c442636b55fb - 19 | 1f0e3dad99908345f7439f8ffabdffc4 - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 1 | 6b86b273ff34fce19d6b804eff5a3f57 + 3 | 4e07408562bedb8b60ce05c1decfe3ad + 5 | ef2d127de37b942baad06145e54b0c61 + 7 | 7902699be42c8a8e46fbbb4501726517 + 9 | 19581e27de7ced00ff1ce50b2047e7a5 + 11 | 4fc82b26aecb47d2868c4efbe3581732 + 13 | 3fdba35f04dc8c462986c992bcf87554 + 15 | e629fa6598d732768f7c726b4b621285 + 17 | 4523540f1504cd17100c4835e85b7eef + 19 | 9400f1b21cb527d7fa3d3eabba93557a + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 20 | Success (22 rows) @@ -3506,27 +3500,27 @@ SET SESSION AUTHORIZATION regress_rls_alice; SELECT * FROM t1; a | b ----+---------------------------------- - 1 | c4ca4238a0b923820dcc509a6f75849b - 3 | eccbc87e4b5ce2fe28308fd9f2a7baf3 - 5 | e4da3b7fbbce2345d7772b0674a318d5 - 7 | 8f14e45fceea167a5a36dedd4bea2543 - 9 | 45c48cce2e2d7fbdea1afc51c7c6ad26 - 11 | 6512bd43d9caa6e02c990b0a82652dca - 13 | c51ce410c124a10e0db5e4b97fc2af39 - 15 | 9bf31c7ff062936a96d3c8bd1f8f2ff3 - 17 | 70efdf2ec9b086079795c442636b55fb - 19 | 1f0e3dad99908345f7439f8ffabdffc4 - 0 | cfcd208495d565ef66e7dff9f98764da - 2 | c81e728d9d4c2f636f067f89cc14862c - 4 | a87ff679a2f3e71d9181a67b7542122c - 6 | 1679091c5a880faf6fb5e6087eb1b2dc - 8 | c9f0f895fb98ab9159f51fd0297e236d - 10 | d3d9446802a44259755d38e6d163e820 - 12 | c20ad4d76fe97759aa27a0c99bff6710 - 14 | aab3238922bcc25a6f606eb525ffdc56 - 16 | c74d97b01eae257e44aa9d5bade97baf - 18 | 6f4922f45568161a8cdf4ad2299f6d23 - 20 | 98f13708210194c475687be6106a3b84 + 1 | 6b86b273ff34fce19d6b804eff5a3f57 + 3 | 4e07408562bedb8b60ce05c1decfe3ad + 5 | ef2d127de37b942baad06145e54b0c61 + 7 | 7902699be42c8a8e46fbbb4501726517 + 9 | 19581e27de7ced00ff1ce50b2047e7a5 + 11 | 4fc82b26aecb47d2868c4efbe3581732 + 13 | 3fdba35f04dc8c462986c992bcf87554 + 15 | e629fa6598d732768f7c726b4b621285 + 17 | 4523540f1504cd17100c4835e85b7eef + 19 | 9400f1b21cb527d7fa3d3eabba93557a + 0 | 5feceb66ffc86f38d952786c6d696c79 + 2 | d4735e3a265e16eee03f59718b9b5d03 + 4 | 4b227777d4dd1fc61c6f884f48641d02 + 6 | e7f6c011776e8db7cd330b54174fd76f + 8 | 2c624232cdd221771294dfbb310aca00 + 10 | 4a44dc15364204a80fe80e9039455cc1 + 12 | 6b51d431df5d7f141cbececcf79edf3d + 14 | 8527a891e224136950ff32ca212b45bc + 16 | b17ef6d19c7a5b1ee83b907c595526dc + 18 | 4ec9599fc203d176a301536c2e091a19 + 20 | f5ca38f748a1d6eaf726b8a42fb575c3 20 | Success (22 rows) @@ -3574,35 +3568,35 @@ CREATE TABLE copy_t (a integer, b text); CREATE POLICY p1 ON copy_t USING (a % 2 = 0); ALTER TABLE copy_t ENABLE ROW LEVEL SECURITY; GRANT ALL ON copy_t TO regress_rls_bob, regress_rls_exempt_user; -INSERT INTO copy_t (SELECT x, md5(x::text) FROM generate_series(0,10) x); +INSERT INTO copy_t (SELECT x, public.fipshash(x::text) FROM generate_series(0,10) x); -- Check COPY TO as Superuser/owner. RESET SESSION AUTHORIZATION; SET row_security TO OFF; COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; -0,cfcd208495d565ef66e7dff9f98764da -1,c4ca4238a0b923820dcc509a6f75849b -2,c81e728d9d4c2f636f067f89cc14862c -3,eccbc87e4b5ce2fe28308fd9f2a7baf3 -4,a87ff679a2f3e71d9181a67b7542122c -5,e4da3b7fbbce2345d7772b0674a318d5 -6,1679091c5a880faf6fb5e6087eb1b2dc -7,8f14e45fceea167a5a36dedd4bea2543 -8,c9f0f895fb98ab9159f51fd0297e236d -9,45c48cce2e2d7fbdea1afc51c7c6ad26 -10,d3d9446802a44259755d38e6d163e820 +0,5feceb66ffc86f38d952786c6d696c79 +1,6b86b273ff34fce19d6b804eff5a3f57 +2,d4735e3a265e16eee03f59718b9b5d03 +3,4e07408562bedb8b60ce05c1decfe3ad +4,4b227777d4dd1fc61c6f884f48641d02 +5,ef2d127de37b942baad06145e54b0c61 +6,e7f6c011776e8db7cd330b54174fd76f +7,7902699be42c8a8e46fbbb4501726517 +8,2c624232cdd221771294dfbb310aca00 +9,19581e27de7ced00ff1ce50b2047e7a5 +10,4a44dc15364204a80fe80e9039455cc1 SET row_security TO ON; COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; -0,cfcd208495d565ef66e7dff9f98764da -1,c4ca4238a0b923820dcc509a6f75849b -2,c81e728d9d4c2f636f067f89cc14862c -3,eccbc87e4b5ce2fe28308fd9f2a7baf3 -4,a87ff679a2f3e71d9181a67b7542122c -5,e4da3b7fbbce2345d7772b0674a318d5 -6,1679091c5a880faf6fb5e6087eb1b2dc -7,8f14e45fceea167a5a36dedd4bea2543 -8,c9f0f895fb98ab9159f51fd0297e236d -9,45c48cce2e2d7fbdea1afc51c7c6ad26 -10,d3d9446802a44259755d38e6d163e820 +0,5feceb66ffc86f38d952786c6d696c79 +1,6b86b273ff34fce19d6b804eff5a3f57 +2,d4735e3a265e16eee03f59718b9b5d03 +3,4e07408562bedb8b60ce05c1decfe3ad +4,4b227777d4dd1fc61c6f884f48641d02 +5,ef2d127de37b942baad06145e54b0c61 +6,e7f6c011776e8db7cd330b54174fd76f +7,7902699be42c8a8e46fbbb4501726517 +8,2c624232cdd221771294dfbb310aca00 +9,19581e27de7ced00ff1ce50b2047e7a5 +10,4a44dc15364204a80fe80e9039455cc1 -- Check COPY TO as user with permissions. SET SESSION AUTHORIZATION regress_rls_bob; SET row_security TO OFF; @@ -3610,40 +3604,40 @@ COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --fail ERROR: query would be affected by row-level security policy for table "copy_t" SET row_security TO ON; COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --ok -0,cfcd208495d565ef66e7dff9f98764da -2,c81e728d9d4c2f636f067f89cc14862c -4,a87ff679a2f3e71d9181a67b7542122c -6,1679091c5a880faf6fb5e6087eb1b2dc -8,c9f0f895fb98ab9159f51fd0297e236d -10,d3d9446802a44259755d38e6d163e820 +0,5feceb66ffc86f38d952786c6d696c79 +2,d4735e3a265e16eee03f59718b9b5d03 +4,4b227777d4dd1fc61c6f884f48641d02 +6,e7f6c011776e8db7cd330b54174fd76f +8,2c624232cdd221771294dfbb310aca00 +10,4a44dc15364204a80fe80e9039455cc1 -- Check COPY TO as user with permissions and BYPASSRLS SET SESSION AUTHORIZATION regress_rls_exempt_user; SET row_security TO OFF; COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --ok -0,cfcd208495d565ef66e7dff9f98764da -1,c4ca4238a0b923820dcc509a6f75849b -2,c81e728d9d4c2f636f067f89cc14862c -3,eccbc87e4b5ce2fe28308fd9f2a7baf3 -4,a87ff679a2f3e71d9181a67b7542122c -5,e4da3b7fbbce2345d7772b0674a318d5 -6,1679091c5a880faf6fb5e6087eb1b2dc -7,8f14e45fceea167a5a36dedd4bea2543 -8,c9f0f895fb98ab9159f51fd0297e236d -9,45c48cce2e2d7fbdea1afc51c7c6ad26 -10,d3d9446802a44259755d38e6d163e820 +0,5feceb66ffc86f38d952786c6d696c79 +1,6b86b273ff34fce19d6b804eff5a3f57 +2,d4735e3a265e16eee03f59718b9b5d03 +3,4e07408562bedb8b60ce05c1decfe3ad +4,4b227777d4dd1fc61c6f884f48641d02 +5,ef2d127de37b942baad06145e54b0c61 +6,e7f6c011776e8db7cd330b54174fd76f +7,7902699be42c8a8e46fbbb4501726517 +8,2c624232cdd221771294dfbb310aca00 +9,19581e27de7ced00ff1ce50b2047e7a5 +10,4a44dc15364204a80fe80e9039455cc1 SET row_security TO ON; COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --ok -0,cfcd208495d565ef66e7dff9f98764da -1,c4ca4238a0b923820dcc509a6f75849b -2,c81e728d9d4c2f636f067f89cc14862c -3,eccbc87e4b5ce2fe28308fd9f2a7baf3 -4,a87ff679a2f3e71d9181a67b7542122c -5,e4da3b7fbbce2345d7772b0674a318d5 -6,1679091c5a880faf6fb5e6087eb1b2dc -7,8f14e45fceea167a5a36dedd4bea2543 -8,c9f0f895fb98ab9159f51fd0297e236d -9,45c48cce2e2d7fbdea1afc51c7c6ad26 -10,d3d9446802a44259755d38e6d163e820 +0,5feceb66ffc86f38d952786c6d696c79 +1,6b86b273ff34fce19d6b804eff5a3f57 +2,d4735e3a265e16eee03f59718b9b5d03 +3,4e07408562bedb8b60ce05c1decfe3ad +4,4b227777d4dd1fc61c6f884f48641d02 +5,ef2d127de37b942baad06145e54b0c61 +6,e7f6c011776e8db7cd330b54174fd76f +7,7902699be42c8a8e46fbbb4501726517 +8,2c624232cdd221771294dfbb310aca00 +9,19581e27de7ced00ff1ce50b2047e7a5 +10,4a44dc15364204a80fe80e9039455cc1 -- Check COPY TO as user without permissions. SET row_security TO OFF; SET SESSION AUTHORIZATION regress_rls_carol; SET row_security TO OFF; @@ -3659,15 +3653,15 @@ CREATE TABLE copy_rel_to (a integer, b text); CREATE POLICY p1 ON copy_rel_to USING (a % 2 = 0); ALTER TABLE copy_rel_to ENABLE ROW LEVEL SECURITY; GRANT ALL ON copy_rel_to TO regress_rls_bob, regress_rls_exempt_user; -INSERT INTO copy_rel_to VALUES (1, md5('1')); +INSERT INTO copy_rel_to VALUES (1, public.fipshash('1')); -- Check COPY TO as Superuser/owner. RESET SESSION AUTHORIZATION; SET row_security TO OFF; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 SET row_security TO ON; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 -- Check COPY TO as user with permissions. SET SESSION AUTHORIZATION regress_rls_bob; SET row_security TO OFF; @@ -3679,10 +3673,10 @@ COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok SET SESSION AUTHORIZATION regress_rls_exempt_user; SET row_security TO OFF; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 SET row_security TO ON; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 -- Check COPY TO as user without permissions. SET row_security TO OFF; SET SESSION AUTHORIZATION regress_rls_carol; SET row_security TO OFF; @@ -3700,10 +3694,10 @@ INSERT INTO copy_rel_to_child VALUES (1, 'one'), (2, 'two'); RESET SESSION AUTHORIZATION; SET row_security TO OFF; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 SET row_security TO ON; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 -- Check COPY TO as user with permissions. SET SESSION AUTHORIZATION regress_rls_bob; SET row_security TO OFF; @@ -3715,10 +3709,10 @@ COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok SET SESSION AUTHORIZATION regress_rls_exempt_user; SET row_security TO OFF; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 SET row_security TO ON; COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok -1,c4ca4238a0b923820dcc509a6f75849b +1,6b86b273ff34fce19d6b804eff5a3f57 -- Check COPY TO as user without permissions. SET row_security TO OFF; SET SESSION AUTHORIZATION regress_rls_carol; SET row_security TO OFF; diff --git a/src/test/regress/expected/stats_ext.out b/src/test/regress/expected/stats_ext.out index 03880874c1..a430153b22 100644 --- a/src/test/regress/expected/stats_ext.out +++ b/src/test/regress/expected/stats_ext.out @@ -2615,18 +2615,18 @@ CREATE TABLE mcv_lists_uuid ( WITH (autovacuum_enabled = off); INSERT INTO mcv_lists_uuid (a, b, c) SELECT - md5(mod(i,100)::text)::uuid, - md5(mod(i,50)::text)::uuid, - md5(mod(i,25)::text)::uuid + fipshash(mod(i,100)::text)::uuid, + fipshash(mod(i,50)::text)::uuid, + fipshash(mod(i,25)::text)::uuid FROM generate_series(1,5000) s(i); ANALYZE mcv_lists_uuid; -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); estimated | actual -----------+-------- 1 | 50 (1 row) -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND c = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND c = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); estimated | actual -----------+-------- 1 | 50 @@ -2635,13 +2635,13 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''167 CREATE STATISTICS mcv_lists_uuid_stats (mcv) ON a, b, c FROM mcv_lists_uuid; ANALYZE mcv_lists_uuid; -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); estimated | actual -----------+-------- 50 | 50 (1 row) -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND c = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND c = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); estimated | actual -----------+-------- 50 | 50 @@ -2657,7 +2657,7 @@ CREATE TABLE mcv_lists_arrays ( WITH (autovacuum_enabled = off); INSERT INTO mcv_lists_arrays (a, b, c) SELECT - ARRAY[md5((i/100)::text), md5((i/100-1)::text), md5((i/100+1)::text)], + ARRAY[fipshash((i/100)::text), fipshash((i/100-1)::text), fipshash((i/100+1)::text)], ARRAY[(i/100-1)::numeric/1000, (i/100)::numeric/1000, (i/100+1)::numeric/1000], ARRAY[(i/100-1), i/100, (i/100+1)] FROM generate_series(1,5000) s(i); @@ -3038,7 +3038,7 @@ SELECT * FROM check_estimated_rows('SELECT * FROM expr_stats WHERE a = 0 AND b = DROP TABLE expr_stats; -- statistics on expressions with different data types CREATE TABLE expr_stats (a int, b name, c text); -INSERT INTO expr_stats SELECT mod(i,10), md5(mod(i,10)::text), md5(mod(i,10)::text) FROM generate_series(1,1000) s(i); +INSERT INTO expr_stats SELECT mod(i,10), fipshash(mod(i,10)::text), fipshash(mod(i,10)::text) FROM generate_series(1,1000) s(i); ANALYZE expr_stats; SELECT * FROM check_estimated_rows('SELECT * FROM expr_stats WHERE a = 0 AND (b || c) <= ''z'' AND (c || b) >= ''0'''); estimated | actual diff --git a/src/test/regress/expected/test_setup.out b/src/test/regress/expected/test_setup.out index 4f54fe20ec..5d9e6bf12b 100644 --- a/src/test/regress/expected/test_setup.out +++ b/src/test/regress/expected/test_setup.out @@ -231,3 +231,15 @@ create function part_hashtext_length(value text, seed int8) create operator class part_test_text_ops for type text using hash as operator 1 =, function 2 part_hashtext_length(text, int8); +-- +-- These functions are used in tests that used to use md5(), which we now +-- mostly avoid so that the tests will pass in FIPS mode. +-- +create function fipshash(bytea) + returns text + strict immutable parallel safe leakproof + return substr(encode(sha256($1), 'hex'), 1, 32); +create function fipshash(text) + returns text + strict immutable parallel safe leakproof + return substr(encode(sha256($1::bytea), 'hex'), 1, 32); diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql index 6ea4dba9f1..094937ba63 100644 --- a/src/test/regress/sql/arrays.sql +++ b/src/test/regress/sql/arrays.sql @@ -677,12 +677,12 @@ insert into src create type textandtext as (c1 text, c2 text); create temp table dest (f1 textandtext[]); insert into dest select array[row(f1,f1)::textandtext] from src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; delete from src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; truncate table src; drop table src; -select length(md5((f1[1]).c2)) from dest; +select length(fipshash((f1[1]).c2)) from dest; drop table dest; drop type textandtext; diff --git a/src/test/regress/sql/brin.sql b/src/test/regress/sql/brin.sql index e68e9e18df..929a087a25 100644 --- a/src/test/regress/sql/brin.sql +++ b/src/test/regress/sql/brin.sql @@ -476,7 +476,7 @@ CREATE TABLE brintest_3 (a text, b text, c text, d text); -- long random strings (~2000 chars each, so ~6kB for min/max on two -- columns) to trigger toasting -WITH rand_value AS (SELECT string_agg(md5(i::text),'') AS val FROM generate_series(1,60) s(i)) +WITH rand_value AS (SELECT string_agg(fipshash(i::text),'') AS val FROM generate_series(1,60) s(i)) INSERT INTO brintest_3 SELECT val, val, val, val FROM rand_value; @@ -495,7 +495,7 @@ VACUUM brintest_3; -- retry insert with a different random-looking (but deterministic) value -- the value is different, and so should replace either min or max in the -- brin summary -WITH rand_value AS (SELECT string_agg(md5((-i)::text),'') AS val FROM generate_series(1,60) s(i)) +WITH rand_value AS (SELECT string_agg(fipshash((-i)::text),'') AS val FROM generate_series(1,60) s(i)) INSERT INTO brintest_3 SELECT val, val, val, val FROM rand_value; diff --git a/src/test/regress/sql/brin_multi.sql b/src/test/regress/sql/brin_multi.sql index 2189b6ccf4..49f26072ec 100644 --- a/src/test/regress/sql/brin_multi.sql +++ b/src/test/regress/sql/brin_multi.sql @@ -30,7 +30,7 @@ INSERT INTO brintest_multi SELECT (four + 1.0)/(hundred+1), odd::float8 / (tenthous + 1), format('%s:00:%s:00:%s:00', to_hex(odd), to_hex(even), to_hex(hundred))::macaddr, - substr(md5(unique1::text), 1, 16)::macaddr8, + substr(fipshash(unique1::text), 1, 16)::macaddr8, inet '10.2.3.4/24' + tenthous, cidr '10.2.3/24' + tenthous, date '1995-08-15' + tenthous, @@ -183,7 +183,7 @@ INSERT INTO brinopers_multi VALUES ('macaddr8col', 'macaddr8', '{>, >=, =, <=, <}', '{b1:d1:0e:7b:af:a4:42:12, d9:35:91:bd:f7:86:0e:1e, 72:8f:20:6c:2a:01:bf:57, 23:e8:46:63:86:07:ad:cb, 13:16:8e:6a:2e:6c:84:b4}', - '{33, 15, 1, 13, 6}'), + '{31, 17, 1, 11, 4}'), ('inetcol', 'inet', '{=, <, <=, >, >=}', '{10.2.14.231/24, 255.255.255.255, 255.255.255.255, 0.0.0.0, 0.0.0.0}', @@ -334,7 +334,7 @@ INSERT INTO brintest_multi SELECT (four + 1.0)/(hundred+1), odd::float8 / (tenthous + 1), format('%s:00:%s:00:%s:00', to_hex(odd), to_hex(even), to_hex(hundred))::macaddr, - substr(md5(unique1::text), 1, 16)::macaddr8, + substr(fipshash(unique1::text), 1, 16)::macaddr8, inet '10.2.3.4' + tenthous, cidr '10.2.3/24' + tenthous, date '1995-08-15' + tenthous, diff --git a/src/test/regress/sql/compression.sql b/src/test/regress/sql/compression.sql index 86332dcc51..7179a5002e 100644 --- a/src/test/regress/sql/compression.sql +++ b/src/test/regress/sql/compression.sql @@ -48,7 +48,7 @@ SELECT pg_column_compression(f1) FROM cmmove2; -- test externally stored compressed data CREATE OR REPLACE FUNCTION large_val() RETURNS TEXT LANGUAGE SQL AS -'select array_agg(md5(g::text))::text from generate_series(1, 256) g'; +'select array_agg(fipshash(g::text))::text from generate_series(1, 256) g'; CREATE TABLE cmdata2 (f1 text COMPRESSION pglz); INSERT INTO cmdata2 SELECT large_val() || repeat('a', 4000); SELECT pg_column_compression(f1) FROM cmdata2; @@ -135,7 +135,7 @@ SELECT pg_column_compression(f1) FROM cmdata; DROP TABLE cmdata2; CREATE TABLE cmdata2 (f1 TEXT COMPRESSION pglz, f2 TEXT COMPRESSION lz4); CREATE UNIQUE INDEX idx1 ON cmdata2 ((f1 || f2)); -INSERT INTO cmdata2 VALUES((SELECT array_agg(md5(g::TEXT))::TEXT FROM +INSERT INTO cmdata2 VALUES((SELECT array_agg(fipshash(g::TEXT))::TEXT FROM generate_series(1, 50) g), VERSION()); -- check data is ok diff --git a/src/test/regress/sql/inherit.sql b/src/test/regress/sql/inherit.sql index 5db6dbc191..215d58e80d 100644 --- a/src/test/regress/sql/inherit.sql +++ b/src/test/regress/sql/inherit.sql @@ -920,7 +920,7 @@ alter table permtest_child attach partition permtest_grandchild for values in (' alter table permtest_parent attach partition permtest_child for values in (1); create index on permtest_parent (left(c, 3)); insert into permtest_parent - select 1, 'a', left(md5(i::text), 5) from generate_series(0, 100) i; + select 1, 'a', left(fipshash(i::text), 5) from generate_series(0, 100) i; analyze permtest_parent; create role regress_no_child_access; revoke all on permtest_grandchild from regress_no_child_access; diff --git a/src/test/regress/sql/largeobject.sql b/src/test/regress/sql/largeobject.sql index 15e0dff7a3..800e4fcc6a 100644 --- a/src/test/regress/sql/largeobject.sql +++ b/src/test/regress/sql/largeobject.sql @@ -244,7 +244,7 @@ TRUNCATE lotest_stash_values; SELECT lo_from_bytea(0, lo_get(:newloid_1)) AS newloid_2 \gset -SELECT md5(lo_get(:newloid_1)) = md5(lo_get(:newloid_2)); +SELECT fipshash(lo_get(:newloid_1)) = fipshash(lo_get(:newloid_2)); SELECT lo_get(:newloid_1, 0, 20); SELECT lo_get(:newloid_1, 10, 20); diff --git a/src/test/regress/sql/matview.sql b/src/test/regress/sql/matview.sql index 68b9ccfd45..acc4519d01 100644 --- a/src/test/regress/sql/matview.sql +++ b/src/test/regress/sql/matview.sql @@ -216,10 +216,10 @@ SET ROLE regress_user_mvtest; -- duplicate all the aliases used in those queries CREATE TABLE mvtest_foo_data AS SELECT i, i+1 AS tid, - md5(random()::text) AS mv, - md5(random()::text) AS newdata, - md5(random()::text) AS newdata2, - md5(random()::text) AS diff + fipshash(random()::text) AS mv, + fipshash(random()::text) AS newdata, + fipshash(random()::text) AS newdata2, + fipshash(random()::text) AS diff FROM generate_series(1, 10) i; CREATE MATERIALIZED VIEW mvtest_mv_foo AS SELECT * FROM mvtest_foo_data; CREATE MATERIALIZED VIEW mvtest_mv_foo AS SELECT * FROM mvtest_foo_data; diff --git a/src/test/regress/sql/memoize.sql b/src/test/regress/sql/memoize.sql index d66acaed85..8f72f67df9 100644 --- a/src/test/regress/sql/memoize.sql +++ b/src/test/regress/sql/memoize.sql @@ -91,7 +91,7 @@ DROP TABLE flt; CREATE TABLE strtest (n name, t text); CREATE INDEX strtest_n_idx ON strtest (n); CREATE INDEX strtest_t_idx ON strtest (t); -INSERT INTO strtest VALUES('one','one'),('two','two'),('three',repeat(md5('three'),100)); +INSERT INTO strtest VALUES('one','one'),('two','two'),('three',repeat(fipshash('three'),100)); -- duplicate rows so we get some cache hits INSERT INTO strtest SELECT * FROM strtest; ANALYZE strtest; diff --git a/src/test/regress/sql/plpgsql.sql b/src/test/regress/sql/plpgsql.sql index 9a53b15081..98365e087f 100644 --- a/src/test/regress/sql/plpgsql.sql +++ b/src/test/regress/sql/plpgsql.sql @@ -2877,7 +2877,7 @@ create type record_type as (x text, y int, z boolean); create or replace function ret_query2(lim int) returns setof record_type as $$ begin - return query select md5(s.x::text), s.x, s.x > 0 + return query select fipshash(s.x::text), s.x, s.x > 0 from generate_series(-8, lim) s (x) where s.x % 2 = 0; end; $$ language plpgsql; diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql index 507a088841..0fd0cded7d 100644 --- a/src/test/regress/sql/rowsecurity.sql +++ b/src/test/regress/sql/rowsecurity.sql @@ -534,10 +534,10 @@ SELECT * FROM rec1; -- fail, mutual recursion via s.b. views -- SET SESSION AUTHORIZATION regress_rls_alice; CREATE TABLE s1 (a int, b text); -INSERT INTO s1 (SELECT x, md5(x::text) FROM generate_series(-10,10) x); +INSERT INTO s1 (SELECT x, public.fipshash(x::text) FROM generate_series(-10,10) x); CREATE TABLE s2 (x int, y text); -INSERT INTO s2 (SELECT x, md5(x::text) FROM generate_series(-6,6) x); +INSERT INTO s2 (SELECT x, public.fipshash(x::text) FROM generate_series(-6,6) x); GRANT SELECT ON s1, s2 TO regress_rls_bob; @@ -669,7 +669,7 @@ DELETE FROM t1 WHERE f_leak(b) RETURNING tableoid::regclass, *, t1; -- SET SESSION AUTHORIZATION regress_rls_alice; CREATE TABLE b1 (a int, b text); -INSERT INTO b1 (SELECT x, md5(x::text) FROM generate_series(-10,10) x); +INSERT INTO b1 (SELECT x, public.fipshash(x::text) FROM generate_series(-10,10) x); CREATE POLICY p1 ON b1 USING (a % 2 = 0); ALTER TABLE b1 ENABLE ROW LEVEL SECURITY; @@ -1269,7 +1269,7 @@ DROP VIEW rls_sbv; -- Expression structure -- SET SESSION AUTHORIZATION regress_rls_alice; -INSERT INTO y2 (SELECT x, md5(x::text) FROM generate_series(0,20) x); +INSERT INTO y2 (SELECT x, public.fipshash(x::text) FROM generate_series(0,20) x); CREATE POLICY p2 ON y2 USING (a % 3 = 0); CREATE POLICY p3 ON y2 USING (a % 4 = 0); @@ -1341,7 +1341,7 @@ ALTER TABLE t1 ENABLE ROW LEVEL SECURITY; GRANT ALL ON t1 TO regress_rls_bob; -INSERT INTO t1 (SELECT x, md5(x::text) FROM generate_series(0,20) x); +INSERT INTO t1 (SELECT x, public.fipshash(x::text) FROM generate_series(0,20) x); SET SESSION AUTHORIZATION regress_rls_bob; @@ -1473,7 +1473,7 @@ ALTER TABLE copy_t ENABLE ROW LEVEL SECURITY; GRANT ALL ON copy_t TO regress_rls_bob, regress_rls_exempt_user; -INSERT INTO copy_t (SELECT x, md5(x::text) FROM generate_series(0,10) x); +INSERT INTO copy_t (SELECT x, public.fipshash(x::text) FROM generate_series(0,10) x); -- Check COPY TO as Superuser/owner. RESET SESSION AUTHORIZATION; @@ -1513,7 +1513,7 @@ ALTER TABLE copy_rel_to ENABLE ROW LEVEL SECURITY; GRANT ALL ON copy_rel_to TO regress_rls_bob, regress_rls_exempt_user; -INSERT INTO copy_rel_to VALUES (1, md5('1')); +INSERT INTO copy_rel_to VALUES (1, public.fipshash('1')); -- Check COPY TO as Superuser/owner. RESET SESSION AUTHORIZATION; diff --git a/src/test/regress/sql/stats_ext.sql b/src/test/regress/sql/stats_ext.sql index d0d42cd013..90b625a5a2 100644 --- a/src/test/regress/sql/stats_ext.sql +++ b/src/test/regress/sql/stats_ext.sql @@ -1283,25 +1283,25 @@ WITH (autovacuum_enabled = off); INSERT INTO mcv_lists_uuid (a, b, c) SELECT - md5(mod(i,100)::text)::uuid, - md5(mod(i,50)::text)::uuid, - md5(mod(i,25)::text)::uuid + fipshash(mod(i,100)::text)::uuid, + fipshash(mod(i,50)::text)::uuid, + fipshash(mod(i,25)::text)::uuid FROM generate_series(1,5000) s(i); ANALYZE mcv_lists_uuid; -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND c = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND c = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); CREATE STATISTICS mcv_lists_uuid_stats (mcv) ON a, b, c FROM mcv_lists_uuid; ANALYZE mcv_lists_uuid; -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); -SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND b = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'' AND c = ''1679091c-5a88-0faf-6fb5-e6087eb1b2dc'''); +SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_uuid WHERE a = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND b = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'' AND c = ''e7f6c011-776e-8db7-cd33-0b54174fd76f'''); DROP TABLE mcv_lists_uuid; @@ -1315,7 +1315,7 @@ WITH (autovacuum_enabled = off); INSERT INTO mcv_lists_arrays (a, b, c) SELECT - ARRAY[md5((i/100)::text), md5((i/100-1)::text), md5((i/100+1)::text)], + ARRAY[fipshash((i/100)::text), fipshash((i/100-1)::text), fipshash((i/100+1)::text)], ARRAY[(i/100-1)::numeric/1000, (i/100)::numeric/1000, (i/100+1)::numeric/1000], ARRAY[(i/100-1), i/100, (i/100+1)] FROM generate_series(1,5000) s(i); @@ -1515,7 +1515,7 @@ DROP TABLE expr_stats; -- statistics on expressions with different data types CREATE TABLE expr_stats (a int, b name, c text); -INSERT INTO expr_stats SELECT mod(i,10), md5(mod(i,10)::text), md5(mod(i,10)::text) FROM generate_series(1,1000) s(i); +INSERT INTO expr_stats SELECT mod(i,10), fipshash(mod(i,10)::text), fipshash(mod(i,10)::text) FROM generate_series(1,1000) s(i); ANALYZE expr_stats; SELECT * FROM check_estimated_rows('SELECT * FROM expr_stats WHERE a = 0 AND (b || c) <= ''z'' AND (c || b) >= ''0'''); diff --git a/src/test/regress/sql/test_setup.sql b/src/test/regress/sql/test_setup.sql index 8439b38d21..1b2d434683 100644 --- a/src/test/regress/sql/test_setup.sql +++ b/src/test/regress/sql/test_setup.sql @@ -284,3 +284,18 @@ create function part_hashtext_length(value text, seed int8) create operator class part_test_text_ops for type text using hash as operator 1 =, function 2 part_hashtext_length(text, int8); + +-- +-- These functions are used in tests that used to use md5(), which we now +-- mostly avoid so that the tests will pass in FIPS mode. +-- + +create function fipshash(bytea) + returns text + strict immutable parallel safe leakproof + return substr(encode(sha256($1), 'hex'), 1, 32); + +create function fipshash(text) + returns text + strict immutable parallel safe leakproof + return substr(encode(sha256($1::bytea), 'hex'), 1, 32); -- 2.39.5