I've got a requirement for enabling FIPS support in our environment.
Looking at postgresql's be-secure-openssl.c and mucking with it, it seems
fairly straight forward to just add a few ifdefs and enable fips with a new
configure flag and a new postgresql.conf configuration setting.

If I clean this up some, maintain styleguide, what is the likely hood of
getting this included in the redhat packages, since redhat ships a
certified FIPS implementation?

For what its worth, I've got the FIPS_mode_set(1) working and postgresql
seems to function properly.  I'd just like to see this in upstream so I
don't end up maintaining a long-lived branch.

Looking at scope, logically it seems mostly confined to libpq, and
be-secure-openssl.c, though i'd expect pgcrypto to be affected.

Reply via email to