git.postgresql.org Git - postgresql.git/commit

author	Daniel Gustafsson <dgustafsson@postgresql.org>
	Fri, 24 Jan 2025 13:25:08 +0000 (14:25 +0100)
committer	Daniel Gustafsson <dgustafsson@postgresql.org>
	Fri, 24 Jan 2025 13:25:08 +0000 (14:25 +0100)
commit	035f99cbebe5ffcaf52f8370394446cd59621ab7
tree	1d9396c1e7ad2ea07daee1b32ccba55e2b24a461	tree
parent	924d89a354750976cdd271d1dfc6c1e97cbb8851	commit \| diff

pgcrypto: Make it possible to disable built-in crypto

When using OpenSSL and/or the underlying operating system in FIPS
mode no non-FIPS certified crypto implementations should be used.
While that is already possible by just not invoking the built-in
crypto in pgcrypto, this adds a GUC which prohibit the code from
being called. This doesn't change the FIPS status of PostgreSQL
but can make it easier for sites which target FIPS compliance to
ensure that violations cannot occur.

Author: Daniel Gustafsson <daniel@yesql.se>
Author: Joe Conway <mail@joeconway.com>
Reviewed-by: Joe Conway <mail@joeconway.com>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Hayato Kuroda <kuroda.hayato@fujitsu.com>
Discussion: https://postgr.es/m/16b4a157-9ea1-44d0-b7b3-4c85df5de97b@joeconway.com

contrib/pgcrypto/expected/crypt-des.out		diff \| blob \| blame \| history
contrib/pgcrypto/openssl.c		diff \| blob \| blame \| history
contrib/pgcrypto/pgcrypto.c		diff \| blob \| blame \| history
contrib/pgcrypto/px-crypt.c		diff \| blob \| blame \| history
contrib/pgcrypto/px.h		diff \| blob \| blame \| history
contrib/pgcrypto/sql/crypt-des.sql		diff \| blob \| blame \| history
doc/src/sgml/pgcrypto.sgml		diff \| blob \| blame \| history