Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wGWCW-006IbE-2K for pgsql-bugs@arkaria.postgresql.org; Sat, 25 Apr 2026 06:09:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wGWCU-008LUy-1a for pgsql-bugs@arkaria.postgresql.org; Sat, 25 Apr 2026 06:09:10 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wGWCU-008LTH-0P for pgsql-bugs@lists.postgresql.org; Sat, 25 Apr 2026 06:09:10 +0000 Received: from mail-oa1-x31.google.com ([2001:4860:4864:20::31]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wGWCM-00000002gcT-2TDF for pgsql-bugs@lists.postgresql.org; Sat, 25 Apr 2026 06:09:03 +0000 Received: by mail-oa1-x31.google.com with SMTP id 586e51a60fabf-42c08cbae4cso4511984fac.2 for ; Fri, 24 Apr 2026 23:09:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1777097342; cv=none; d=google.com; s=arc-20240605; b=iNNL4jzI8i9rO+Z18F3vzwsXt5yGLQhaYT1HbGLXG1gOLtq8LhWHdFdXKEhBVS9SdD NvY3FBh2oMJDkM2Y07IrajmW1FyAMFIfg/H8O+80AEiJydcFcKL1AnPWBrNnfq6g+xcB S110L8Cxljt3iU7e82UxNI8ZN25pp6LajOm2R1PrwbPptNHmKup2YGcu6HOIlmSLv/Mt XYrvBeONqgA1BfoZGcls6kQWpcjznrU9vvBelaQKz7T85fyLKOi972pSY8+9s7GB9DKA uk3v8SJkbDLC9oJ6Mih6j+tz6yDV2MNTq5sQWxkva6enSm3LuUiD/f7B84TikeoGkxTz at2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=BziV1St/hEogNvRYUYcMe6j8J/8fHHR2arARM42ArnI=; fh=YCZ8KmY34kDJV9jevXsbrPM3zIK102TcF7LBOY77xtI=; b=L9MtGmfd7N/k20aqCcyM4cP/rd3QDODPAHYdBoI0kcaK2xrZByd5QgZnXVZ/8j8KtM VLi5SrnkuA3AZHJmXkqxvZ3mOwjpJMW6FH2MeunEDyYaErkLbWgcEttfb/EuPIJ6YGyS DMM11lVEuonGgrnVamIkIzZvCtX09vU8FU7VxWBlmN/CowoXn+HyB6G6YPA6hFfdJPwt yyOWAGwDxiJrYApgg/ozerTEaRMFaMpyFxHo2fzka2BlUp9WTiazlDwIBo78cuA5CIt5 QCrRXhRtLToL2iQ6fpwnvd36Jxy4/VvXglCGLIYWTV2qCJjco//ePDXwdYKuJlXJ9KE7 PiXQ==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777097342; x=1777702142; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BziV1St/hEogNvRYUYcMe6j8J/8fHHR2arARM42ArnI=; b=IrxcLWkz0A9KwaD15OxGyW9gOF8BviKxBJad+xhEBn+MhYtzNH6I6pPosvcz5pKE5v 6MEXkLLRzubw2GarhzKOKRxjXO1gI1AqYu+wSgj8Vxul6qmaCrKO+bYb3E5ytN39F3qx BBU2lCVcMHAh2oWtdMNVIxj+y/f55trTysWfUvi3Rbc5qxpupG2IzefRSpJrliDFd0A2 q4I/IeHnVGV5JMHo23GMm+DRI1e5yqthcuoZwirBAbvaXAk/GzIWQ4f6VvLqqFcH6TUG 5fowig4p4KtshDjlp1JLZ3XHA+Mvul67JKqYJZBeDknl/J3DDhmVv+fhdyTRByzbtEaB epGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777097342; x=1777702142; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BziV1St/hEogNvRYUYcMe6j8J/8fHHR2arARM42ArnI=; b=m4MTgB2K7rVrYypi04mmxDgcaJweWuxLeGU87kATtHlyVawXMh8/A++EovByJTZDlY z/MqN+8Ri0Dj8AMewiSRzqgeQeAeLdSnTdfbYlgxGywZ/qgK1tv/czkG5HctaICz2rJW iPIleM56IHP055LkMD3Jhoc4NUUWdJDlAKjo04K7FOu/M1RJ68bUtRZDCTDZ+S5yFBCp Gun3qm5L+2tovwwOpkRiQYlwAqAc8SF2CebKRxvqdorZbCz/lE6eo8cKLRMnvdHC6X6f zbldMOBNFJiUnINjh22iGS/JT/B6af8rfEDZjLtCquJNKLx42qomUeR+UBTcIxYngPOq fcwQ== X-Forwarded-Encrypted: i=1; AFNElJ/jP4DR4eB1SyMGoRlAcA8vb9sVZtY3/1FoABRlPtERowQQDmYmu7ZO4s4tIFNLVJrgRTPAraT1o83T@lists.postgresql.org X-Gm-Message-State: AOJu0YzbJRPwMa7bRPTVxe6BaaL0e+1FLmRxbp778Ge0yBZDokZgaSp4 48XFtYZYKy08NYGJHf3Od/4k8DLLbPf6+H9fs3fGdMch7/yBBfp5PVvKbmz++0Sb69kwCxHGv+9 7YsUT6/ybyPU1Zc4t9MUmjJXDpHXvXRM= X-Gm-Gg: AeBDietTplRqEw7+jvbRYim1gaAis5hLkRAVZxiDREPzb9Py2eANz0yocV8wq63/4z3 rxiR3q2a3OFcEUYJQojY/Ut1vz68loXZ6CCOCWY/evOpaebrEM1SetWcRgt7fd8+s2acBybKGhT 7cRUmLRH2mqm73TgYzAd43FHxs+8q2uhsdtCruq9roZ0Bwov8sv4LXqtEsoISxv1K319T1qI7an cT+80ZTv3iW3N0dyqHEHza8v0TI6NzP9fX32t8BiQ0X2SLdnIYsl9ppkmEM9hsh2UVuEDbELQ2C Fp2LuGoRVfvz1+T1d2I= X-Received: by 2002:a05:6870:200f:b0:42f:af81:2765 with SMTP id 586e51a60fabf-42faf8143bdmr11137343fac.16.1777097342415; Fri, 24 Apr 2026 23:09:02 -0700 (PDT) MIME-Version: 1.0 References: <19457-4bab15c17aea36c7@postgresql.org> <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se> <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se> <1612210.1777041534@sss.pgh.pa.us> <71c66a3b-4c0d-447b-8b84-ef15ac047561@joeconway.com> <98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E@yesql.se> In-Reply-To: From: Shishir Sharma Date: Sat, 25 Apr 2026 11:38:50 +0530 X-Gm-Features: AQROBzDRAiVyzss6U-IJmEOz-WSH0GMgBni-wF04dSHeYFQ4k_8J1bAvO9Ju8kY Message-ID: Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod To: Michael Paquier Cc: Daniel Gustafsson , pgsql-bugs@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000d376dd065042b75d" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000d376dd065042b75d Content-Type: text/plain; charset="UTF-8" My last message showed a failed delivery, so resending it. > Daniel should have the last word on that, I guess, as it is his > feature, but the semantics I have chosen are harder than that: > - If the GUC is off, block everything. > - If the GUC is on, allow everything. > - If the GUC is fips, block the non-fips ciphers and allow the fips > ciphers. > > This behavior would be more consistent and symmetric with the other > functions, at least IMHO. The intent behind gating the check on fips_allowed was that the GUC (commit *035f99c*) was designed to block built-in crypto (gen_salt, crypt) which use PostgreSQL's own implementations. PGP with AES goes through OpenSSL's FIPS-validated EVP interface, so blocking it under builtin_crypto_enabled=off felt like it went beyond what the GUC was designed for. That said, you and Daniel have far more context on the codebase and its history than I do, so I'm happy to adjust or defer to whichever approach you both prefer. > --000000000000d376dd065042b75d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My last message = showed a failed delivery, so resending it.

> Daniel should have t= he last word on that, I guess, as it is his
> feature, but the semant= ics I have chosen are harder than that:
> - If the GUC is off, block = everything.
> - If the GUC is on, allow everything.
> - If the = GUC is fips, block the non-fips ciphers and allow the fips
> ciphers.=
>
> This behavior would be more consistent and symmetric with = the other
> functions, at least IMHO.

The intent behind= gating the check on fips_allowed was that the GUC
(commit=C2=A0035f9= 9c) was designed to block built-in crypto (gen_salt,
crypt) which us= e PostgreSQL's own implementations. PGP with AES goes
through OpenSS= L's FIPS-validated EVP interface, so blocking it under
builtin_crypt= o_enabled=3Doff felt like it went beyond what the GUC was
designed for.<= br>
That said, you and Daniel have far more context on the codebase and = its
history than I do, so I'm happy to adjust or defer to whichever<= br>approach you both=C2=A0prefer.
--000000000000d376dd065042b75d--