public inbox for [email protected]
help / color / mirror / Atom feedRe: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
2+ messages / 2 participants
[nested] [flat]
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
@ 2026-04-24 22:32 Michael Paquier <[email protected]>
2026-04-25 00:23 ` Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Joe Conway <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Michael Paquier @ 2026-04-24 22:32 UTC (permalink / raw)
To: Daniel Gustafsson <[email protected]>; +Cc: Joe Conway <[email protected]>; Tom Lane <[email protected]>; [email protected]; [email protected]
On Fri, Apr 24, 2026 at 05:27:27PM +0200, Daniel Gustafsson wrote:
> Sounds good, I'll have a look at the two proposed patches.
Thanks, Daniel.
FWIW, the patch sent by Shishir is mostly a copy-paste of what I have
provided in terms of tests (exactly the same) and documentation
(mostly the same). He has added a paragraph about the set of ciphers
that are allowed in FIPS. Do we actually need to mention these
explicitely? Perhaps a link to an external source would be more
adapted? I am not convinced that this is a good addition for
pgcrypto, but feel free to disagree.
The second difference is this diff, impacting the outputs of the
tests and the decision-making:
@@ -162,6 +163,9 @@ pgp_load_cipher(int code, PX_Cipher **res)
if (i == NULL)
return PXE_PGP_CORRUPT_DATA;
+ if (!i->fips_allowed)
+ CheckBuiltinCryptoMode();
Daniel should have the last word on that, I guess, as it is his
feature, but the semantics I have chosen are harder than that:
- If the GUC is off, block everything.
- If the GUC is on, allow everything.
- If the GUC is fips, block the non-fips ciphers and allow the fips
ciphers.
This behavior would be more consistent and symmetric with the other
functions, at least IMHO.
Thanks,
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
2026-04-24 22:32 Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Michael Paquier <[email protected]>
@ 2026-04-25 00:23 ` Joe Conway <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Joe Conway @ 2026-04-25 00:23 UTC (permalink / raw)
To: Michael Paquier <[email protected]>; Daniel Gustafsson <[email protected]>; +Cc: Tom Lane <[email protected]>; [email protected]; [email protected]
On 4/24/26 18:32, Michael Paquier wrote:
> He has added a paragraph about the set of ciphers that are allowed
> in FIPS. Do we actually need to mention these explicitely? Perhaps
> a link to an external source would be more adapted? I am not
> convinced that this is a good addition for pgcrypto, but feel free
> to disagree.
+1 for a link to an external source, specifically the official NIST
reference I would think.
--
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-04-25 00:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-04-24 22:32 Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Michael Paquier <[email protected]>
2026-04-25 00:23 ` Joe Conway <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox