I've got a requirement for enabling FIPS support in our environment. Looking at postgresql's be-secure-openssl.c and mucking with it, it seems fairly straight forward to just add a few ifdefs and enable fips with a new configure flag and a new postgresql.conf configuration setting.
If I clean this up some, maintain styleguide, what is the likely hood of getting this included in the redhat packages, since redhat ships a certified FIPS implementation?
For what its worth, I've got the FIPS_mode_set(1) working and postgresql seems to function properly. I'd just like to see this in upstream so I don't end up maintaining a long-lived branch.
Looking at scope, logically it seems mostly confined to libpq, and be-secure-openssl.c, though i'd expect pgcrypto to be affected.