pgcrypto: Make it possible to disable built-in crypto When using OpenSSL and/or the underlying operating system in FIPS mode no non-FIPS certified crypto implementations should be used. While that is already possible by just not invoking the built-in crypto in pgcrypto, this adds a GUC which prohibit the code from being called. This doesn't change the FIPS status of PostgreSQL but can make it easier for sites which target FIPS compliance to ensure that violations cannot occur.
Author: Daniel Gustafsson <[email protected]> Author: Joe Conway <[email protected]> Reviewed-by: Joe Conway <[email protected]> Reviewed-by: Peter Eisentraut <[email protected]> Reviewed-by: Hayato Kuroda <[email protected]> Discussion: https://postgr.es/m/[email protected] Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/035f99cbebe5ffcaf52f8370394446cd59621ab7 Modified Files -------------- contrib/pgcrypto/expected/crypt-des.out | 7 ++++++ contrib/pgcrypto/openssl.c | 26 ++++++++++++++++++++++ contrib/pgcrypto/pgcrypto.c | 31 +++++++++++++++++++++++++++ contrib/pgcrypto/px-crypt.c | 4 ++++ contrib/pgcrypto/px.h | 9 ++++++++ contrib/pgcrypto/sql/crypt-des.sql | 6 ++++++ doc/src/sgml/pgcrypto.sgml | 38 +++++++++++++++++++++++++++++++++ 7 files changed, 121 insertions(+)
