Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGIRU-00655V-0o
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 24 Apr 2026 15:27:44 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGIRS-006xhW-0g
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 24 Apr 2026 15:27:42 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1wGIRR-006xhO-34
	for pgsql-bugs@lists.postgresql.org;
	Fri, 24 Apr 2026 15:27:41 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1wGIRP-00000002awC-3OwW
	for pgsql-bugs@lists.postgresql.org;
	Fri, 24 Apr 2026 15:27:41 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id A90295E0A06
	for <pgsql-bugs@lists.postgresql.org>; Fri, 24 Apr 2026 17:27:38 +0200 (CEST)
Received: from s981.loopia.se (unknown [172.22.191.5])
	by s807.loopia.se (Postfix) with ESMTP id 949E55DFF4D;
	Fri, 24 Apr 2026 17:27:38 +0200 (CEST)
Received: from localhost (unknown [172.22.191.6])
	by s981.loopia.se (Postfix) with ESMTP id 90E8322B16B2;
	Fri, 24 Apr 2026 17:27:38 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s470.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s979.loopia.se ([172.22.191.5])
 by localhost (s470.loopia.se [172.22.190.34]) (amavis, port 10024) with LMTP
 id QfSVx0swBrVz; Fri, 24 Apr 2026 17:27:38 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s979.loopia.se (Postfix) with ESMTPSA id 19E8C10BC429;
	Fri, 24 Apr 2026 17:27:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1777044458;
	bh=j0mw3VDUP6AYMVuHNXJpZfULF8ZLrnZki+QOWk1yTdk=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=QlxLo0oBVXc8Ua4aGeNW/CPDsDzU2CdL/OFJK9Zj/qR8fZKJ3ftU0siSWgCuPyauQ
	 vcWwqIYlYpDmU3o8AGPu+vAr3q2YdUAku81D+iW7GYv9ujCpxUbFBFjGRvKKaonorZ
	 QVUYgNoSiDDVXHZUzyO0fBVBgBz8WETWmpY+VN5dDZnH2CxbGiA3exQvmLhV1wvKQ8
	 PDZo3AnCh3mYcFC1e4k+8lTgqyXqOXSHUc6/oAMAgi1LNfYSxPqft9C+b+yFQ2mUQH
	 Uv2npb7p6YUM63YEmf5Wlz4BLFKVHaj0YbI39RcrJadZzx6lRlhnZgQ/7a7nwtJuzG
	 Ra1/tRH++AVOw==
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers
 (bf, cast5, 3des) when OpenSSL is in FIPS mod
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: <71c66a3b-4c0d-447b-8b84-ef15ac047561@joeconway.com>
Date: Fri, 24 Apr 2026 17:27:27 +0200
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
 Michael Paquier <michael@paquier.xyz>,
 ansh01072001@gmail.com,
 pgsql-bugs@lists.postgresql.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E@yesql.se>
References: <19457-4bab15c17aea36c7@postgresql.org>
 <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se>
 <aervokmPnxlO6Oqs@paquier.xyz>
 <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se>
 <1612210.1777041534@sss.pgh.pa.us>
 <71c66a3b-4c0d-447b-8b84-ef15ac047561@joeconway.com>
To: Joe Conway <mail@joeconway.com>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E%40yesql.se>
Precedence: bulk

> On 24 Apr 2026, at 17:18, Joe Conway <mail@joeconway.com> wrote:
>=20
> On 4/24/26 10:38, Tom Lane wrote:
>> Daniel Gustafsson <daniel@yesql.se> writes:
>>>> On 24 Apr 2026, at 06:20, Michael Paquier <michael@paquier.xyz> =
wrote:
>>>> I am interesting in getting that fixed for the next point release, =
so
>>>> I have given it a try, finishing with the attached.  This would =
cause
>>>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the =
builtin
>>>> mode is disabled, making things more consistent with the =
surroundings.
>>> I'm not convinced this is material for a minor release, the feature =
works as
>>> documented and it was never documented to cover PGP.  Re-reading the =
thread PGP
>>> was never discussed, and while that admittedly seem like an =
oversight doing
>>> this in a minor release will alter documented behaviour which is =
generally not
>>> what we want to do.
>> I sympathize with that argument, but ... people who are running in
>> FIPS mode are probably doing so because they have contractual or =
legal
>> obligations to meet that standard.  A person who could be in hot =
water
>> if they are accidentally running disallowed crypto would see this as =
a
>> dangerous bug.  A person who does not care should not be using FIPS
>> mode.
>=20
> +1 I think we should consider this as a backpatchable bug.

Sounds good, I'll have a look at the two proposed patches.

--
Daniel Gustafsson