Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wFBil-004pJS-2L
	for pgsql-bugs@arkaria.postgresql.org;
	Tue, 21 Apr 2026 14:05:00 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wFBik-0099Gq-2A
	for pgsql-bugs@arkaria.postgresql.org;
	Tue, 21 Apr 2026 14:04:58 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1wFBik-0099Gg-10
	for pgsql-bugs@lists.postgresql.org;
	Tue, 21 Apr 2026 14:04:58 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1wFBig-000000025tN-3LWP
	for pgsql-bugs@lists.postgresql.org;
	Tue, 21 Apr 2026 14:04:57 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id 226B35C3837
	for <pgsql-bugs@lists.postgresql.org>; Tue, 21 Apr 2026 16:04:51 +0200 (CEST)
Received: from s979.loopia.se (unknown [172.22.191.6])
	by s807.loopia.se (Postfix) with ESMTP id 0D44D5C3CAC;
	Tue, 21 Apr 2026 16:04:51 +0200 (CEST)
Received: from localhost (unknown [172.22.191.5])
	by s979.loopia.se (Postfix) with ESMTP id 0B85610BC481;
	Tue, 21 Apr 2026 16:04:51 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s470.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s981.loopia.se ([172.22.191.6])
 by localhost (s470.loopia.se [172.22.190.34]) (amavis, port 10024) with LMTP
 id monh8OZqmNRl; Tue, 21 Apr 2026 16:04:50 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s981.loopia.se (Postfix) with ESMTPSA id 8286922B177F;
	Tue, 21 Apr 2026 16:04:50 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1776780290;
	bh=1eewnHjRU15yeioP5yYrqzjHM6vMpeWqcKiI6Gcehok=;
	h=From:Subject:Date:References:To:In-Reply-To;
	b=VeOcg2cp3NeiNFDz54QNhJESQgorLOYAQp35AlByB3VmvYlemMKKpfv6Eioy2wPS3
	 dhN5I0PqmIwNpD7sj6liPmYCmXbnP1WjI67/vJVHSr9UGW8m6zxQFdc/SdeyvRw2oc
	 zL02PdamSc5LWUCLzl5jZ0KLupZLuVKeRYb2dzcEackeu3iD6STpLWV4ow0shoGpXt
	 dxIsbi53P7XzQK/a3NqzABiBpgVoBdaMKdQbQicoCEWT368iRUkCYOGGVgHc1be1Fs
	 TWV2g9H3F0WxMIaDbnGhDmBAgg6IRUZQURRQoLFhntqQPGb1OFdQrR4u8S76MX1pxU
	 kCe6KL871laLw==
From: Daniel Gustafsson <daniel@yesql.se>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: BUG #19457: RE:  pgp_sym_encrypt silently accepts non-FIPS
 ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Date: Tue, 21 Apr 2026 16:04:40 +0200
References: <19457-4bab15c17aea36c7@postgresql.org>
To: ansh01072001@gmail.com,
 pgsql-bugs@lists.postgresql.org
In-Reply-To: <19457-4bab15c17aea36c7@postgresql.org>
Message-Id: <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/3A2299BC-1684-4CEB-BD65-1DEBFB446F24%40yesql.se>
Precedence: bulk

> On 17 Apr 2026, at 06:21, PG Bug reporting form =
<noreply@postgresql.org> wrote:

> I am happy to work on this.

Please do, that would be great.  I'd be happy to review this so keep me =
CC'd.

> Add a FIPS cipher check in pgp_load_cipher() in =
contrib/pgcrypto/pgp.c.
> This function is the single chokepoint for all PGP cipher operations
> (encrypt, decrypt, session key encryption/decryption). A whitelist of
> FIPS 140-2/140-3 approved ciphers for PGP use would be:
>=20
>   PGP_SYM_AES_128, PGP_SYM_AES_192, PGP_SYM_AES_256

Maybe an extra flag in the cipher_info struct?

> All other ciphers (PGP_SYM_BLOWFISH, PGP_SYM_CAST5, PGP_SYM_DES3,
> PGP_SYM_TWOFISH, etc.) should raise an error when CheckFIPSMode()
> returns true.

Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent =
with
the other builtin checks.

--
Daniel Gustafsson