| From: | Daniel Gustafsson <dgustafsson(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: pgcrypto: Make it possible to disable built-in crypto |
| Date: | 2025-01-24 13:28:20 |
| Message-ID: | E1tbJjQ-003HPl-4E@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
pgcrypto: Make it possible to disable built-in crypto
When using OpenSSL and/or the underlying operating system in FIPS
mode no non-FIPS certified crypto implementations should be used.
While that is already possible by just not invoking the built-in
crypto in pgcrypto, this adds a GUC which prohibit the code from
being called. This doesn't change the FIPS status of PostgreSQL
but can make it easier for sites which target FIPS compliance to
ensure that violations cannot occur.
Author: Daniel Gustafsson <daniel(at)yesql(dot)se>
Author: Joe Conway <mail(at)joeconway(dot)com>
Reviewed-by: Joe Conway <mail(at)joeconway(dot)com>
Reviewed-by: Peter Eisentraut <peter(at)eisentraut(dot)org>
Reviewed-by: Hayato Kuroda <kuroda(dot)hayato(at)fujitsu(dot)com>
Discussion: https://postgr.es/m/16b4a157-9ea1-44d0-b7b3-4c85df5de97b@joeconway.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/035f99cbebe5ffcaf52f8370394446cd59621ab7
Modified Files
--------------
contrib/pgcrypto/expected/crypt-des.out | 7 ++++++
contrib/pgcrypto/openssl.c | 26 ++++++++++++++++++++++
contrib/pgcrypto/pgcrypto.c | 31 +++++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 4 ++++
contrib/pgcrypto/px.h | 9 ++++++++
contrib/pgcrypto/sql/crypt-des.sql | 6 ++++++
doc/src/sgml/pgcrypto.sgml | 38 +++++++++++++++++++++++++++++++++
7 files changed, 121 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2025-01-24 16:46:09 | pgsql: Fix copy-and-paste typo |
| Previous Message | Álvaro Herrera | 2025-01-24 12:18:05 | pgsql: Fix instability in recently added regression tests |