From: | Curtis Ruck <curtis(dot)ruck+pgsql(dot)hackers(at)gmail(dot)com> |
---|---|
To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | FIPS mode? |
Date: | 2017-06-24 03:56:09 |
Message-ID: | CAFgGLFeuFrpT=kR2M-N91QyroO-Refzc=OKd2pqFa5xnaJbjVA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I've got a requirement for enabling FIPS support in our environment.
Looking at postgresql's be-secure-openssl.c and mucking with it, it seems
fairly straight forward to just add a few ifdefs and enable fips with a new
configure flag and a new postgresql.conf configuration setting.
If I clean this up some, maintain styleguide, what is the likely hood of
getting this included in the redhat packages, since redhat ships a
certified FIPS implementation?
For what its worth, I've got the FIPS_mode_set(1) working and postgresql
seems to function properly. I'd just like to see this in upstream so I
don't end up maintaining a long-lived branch.
Looking at scope, logically it seems mostly confined to libpq, and
be-secure-openssl.c, though i'd expect pgcrypto to be affected.
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Munro | 2017-06-24 04:05:21 | Re: Causal reads take II |
Previous Message | Amit Kapila | 2017-06-24 03:54:21 | Re: Broken hint bits (freeze) |