public inbox for [email protected]
help / color / mirror / Atom feedRe: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
4+ messages / 3 participants
[nested] [flat]
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
@ 2026-04-24 08:11 Daniel Gustafsson <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Daniel Gustafsson @ 2026-04-24 08:11 UTC (permalink / raw)
To: Michael Paquier <[email protected]>; +Cc: [email protected]; [email protected]
> On 24 Apr 2026, at 06:20, Michael Paquier <[email protected]> wrote:
>
> On Tue, Apr 21, 2026 at 04:04:40PM +0200, Daniel Gustafsson wrote:
>> Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent with
>> the other builtin checks.
>
> I am interesting in getting that fixed for the next point release, so
> I have given it a try, finishing with the attached. This would cause
> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
> mode is disabled, making things more consistent with the surroundings.
>
> I agree that this could break environments where builtin_crypto is
> off, as the functions would now be blocked, but I am not sure that
> this is worth worrying about as builtin_crypto=on is the default.
I'm not convinced this is material for a minor release, the feature works as
documented and it was never documented to cover PGP. Re-reading the thread PGP
was never discussed, and while that admittedly seem like an oversight doing
this in a minor release will alter documented behaviour which is generally not
what we want to do.
--
Daniel Gustafsson
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
@ 2026-04-24 14:38 Tom Lane <[email protected]>
parent: Daniel Gustafsson <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Tom Lane @ 2026-04-24 14:38 UTC (permalink / raw)
To: Daniel Gustafsson <[email protected]>; +Cc: Michael Paquier <[email protected]>; [email protected]; [email protected]
Daniel Gustafsson <[email protected]> writes:
>> On 24 Apr 2026, at 06:20, Michael Paquier <[email protected]> wrote:
>> I am interesting in getting that fixed for the next point release, so
>> I have given it a try, finishing with the attached. This would cause
>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
>> mode is disabled, making things more consistent with the surroundings.
> I'm not convinced this is material for a minor release, the feature works as
> documented and it was never documented to cover PGP. Re-reading the thread PGP
> was never discussed, and while that admittedly seem like an oversight doing
> this in a minor release will alter documented behaviour which is generally not
> what we want to do.
I sympathize with that argument, but ... people who are running in
FIPS mode are probably doing so because they have contractual or legal
obligations to meet that standard. A person who could be in hot water
if they are accidentally running disallowed crypto would see this as a
dangerous bug. A person who does not care should not be using FIPS
mode.
regards, tom lane
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
@ 2026-04-24 15:18 Joe Conway <[email protected]>
parent: Tom Lane <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Joe Conway @ 2026-04-24 15:18 UTC (permalink / raw)
To: Tom Lane <[email protected]>; Daniel Gustafsson <[email protected]>; +Cc: Michael Paquier <[email protected]>; [email protected]; [email protected]
On 4/24/26 10:38, Tom Lane wrote:
> Daniel Gustafsson <[email protected]> writes:
>>> On 24 Apr 2026, at 06:20, Michael Paquier <[email protected]> wrote:
>>> I am interesting in getting that fixed for the next point release, so
>>> I have given it a try, finishing with the attached. This would cause
>>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
>>> mode is disabled, making things more consistent with the surroundings.
>
>> I'm not convinced this is material for a minor release, the feature works as
>> documented and it was never documented to cover PGP. Re-reading the thread PGP
>> was never discussed, and while that admittedly seem like an oversight doing
>> this in a minor release will alter documented behaviour which is generally not
>> what we want to do.
>
> I sympathize with that argument, but ... people who are running in
> FIPS mode are probably doing so because they have contractual or legal
> obligations to meet that standard. A person who could be in hot water
> if they are accidentally running disallowed crypto would see this as a
> dangerous bug. A person who does not care should not be using FIPS
> mode.
+1 I think we should consider this as a backpatchable bug.
--
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
@ 2026-04-24 15:27 Daniel Gustafsson <[email protected]>
parent: Joe Conway <[email protected]>
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Gustafsson @ 2026-04-24 15:27 UTC (permalink / raw)
To: Joe Conway <[email protected]>; +Cc: Tom Lane <[email protected]>; Michael Paquier <[email protected]>; [email protected]; [email protected]
> On 24 Apr 2026, at 17:18, Joe Conway <[email protected]> wrote:
>
> On 4/24/26 10:38, Tom Lane wrote:
>> Daniel Gustafsson <[email protected]> writes:
>>>> On 24 Apr 2026, at 06:20, Michael Paquier <[email protected]> wrote:
>>>> I am interesting in getting that fixed for the next point release, so
>>>> I have given it a try, finishing with the attached. This would cause
>>>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
>>>> mode is disabled, making things more consistent with the surroundings.
>>> I'm not convinced this is material for a minor release, the feature works as
>>> documented and it was never documented to cover PGP. Re-reading the thread PGP
>>> was never discussed, and while that admittedly seem like an oversight doing
>>> this in a minor release will alter documented behaviour which is generally not
>>> what we want to do.
>> I sympathize with that argument, but ... people who are running in
>> FIPS mode are probably doing so because they have contractual or legal
>> obligations to meet that standard. A person who could be in hot water
>> if they are accidentally running disallowed crypto would see this as a
>> dangerous bug. A person who does not care should not be using FIPS
>> mode.
>
> +1 I think we should consider this as a backpatchable bug.
Sounds good, I'll have a look at the two proposed patches.
--
Daniel Gustafsson
^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2026-04-24 15:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-04-24 08:11 Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Daniel Gustafsson <[email protected]>
2026-04-24 14:38 ` Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Tom Lane <[email protected]>
2026-04-24 15:18 ` Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Joe Conway <[email protected]>
2026-04-24 15:27 ` Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Daniel Gustafsson <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox