On 1/22/25 17:49, Daniel Gustafsson wrote:
On 22 Jan 2025, at 19:59, Joe Conway <m...@joeconway.com> wrote:
I found it necessary to add:
#include <openssl/crypto.h>
in
contrib/pgcrypto/openssl.c
to avoid a symbol not defined warning.
Makes sense, it doesn't reproduce in my tree but reading OpenSSL code it seems
very plausible (and clearly happens in your environment).
Although come to think of it, probably:
"use of non-FIPS certified crypto"
^^^^^^^^^
should rather say:
"use of non-FIPS validated crypto"
^^^^^^^^^
That's probably better yes. I was under the impression that the terminology
used was "FIPS certified" but reading the OpenSSL and FIPS documentation they
too use "FIPS validated" so I've switched to that as per your comment.
FWIW, I tested with non-FIPS (OpenSSL 3.0.13 30 Jan 2024) on Linux Mint 22.1
and FIPS (aws-lc [1][2]) on Amazon Linux 2023.
Thanks. My testing has been with a range of plain upstream OpenSSL trees from
1.1.1 to 3.4 (compiled on macOS).
Rebased v10 with the above fixed attached.
LGTM
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
