Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wGP4J-006BTg-1x for pgsql-bugs@arkaria.postgresql.org; Fri, 24 Apr 2026 22:32:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wGP4I-007ice-2t for pgsql-bugs@arkaria.postgresql.org; Fri, 24 Apr 2026 22:32:14 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wGP4I-007icW-25 for pgsql-bugs@lists.postgresql.org; Fri, 24 Apr 2026 22:32:14 +0000 Received: from fout-a2-smtp.messagingengine.com ([103.168.172.145]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wGP4G-00000002tRg-2Sv5 for pgsql-bugs@lists.postgresql.org; Fri, 24 Apr 2026 22:32:14 +0000 Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfout.phl.internal (Postfix) with ESMTP id E8647EC0462; Fri, 24 Apr 2026 18:32:10 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Fri, 24 Apr 2026 18:32:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1777069930; x=1777156330; bh=BLf53HwXGd rEZpooQ3ArdGcWZ54CUznXiyhz6BctKx4=; b=XLdBCgjk01miyAPZcgVDHT0BlF ERUFca8LWveSBKsyNY8te1Mvuc7CmKwBXqMqPwjviseH62ojF+BI1LVbaqSkrrVG 5KpymI8cSGE+QBx3Vh8cNWgSfs0OfCVSmmwr1pAux4YTgQfJ6DG4AR4OGdU8nWjA Iq+gykMU1xP6/IY4DHW59JhQ3OZ56oeidmkL0Vf/MErLhwNOqwqHa9bu0dHIlosk /Ms6CqMAupuSAUW6FaEgUcCTt9avSRgF0BKkPXptKfN2Kx6UlzWIrSI0xA/xibVC wcR5DU7nP/1zfO/+p/LL2/3z+KK5zAJbIxQM0wFmO9AOczIQu9thCwmus54w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1777069930; x=1777156330; bh=BLf53HwXGdrEZpooQ3ArdGcWZ54CUznXiyh z6BctKx4=; b=Y3Ed3UNxy3UUNyTNqgO8jBxR7TrdUk49YmamKhVOU3WHrxj24Ep IgsRcdJRh6RK/xu8Zz9QI171RvBlNxT2arRHRpXCAQAdvArNrOc9U0xchaKHfE0i dkVje96Zpd3M7Vc0ZjlZp/OFLLdM6erFyRdV29oH5gtc67gEiEz31OKKgujXOfe9 P7QlKjH16zKskFc4rSS3GZfvqwepFDfLpsnnaKhMaOt29ucp3vb2blFK7FfxBPu/ R26RuDnd6p+WeU17sEHMJxoTXIIpI42ftXGXSPkcwZ8hHm9+tfzwsekqVWGmKnlT RtprbldCb3trfP/gIa31rYYnIcc8B3DhRug== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgdejuddvgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlh cuvffnffculdejtddmnecujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvden ucfhrhhomhepofhitghhrggvlhcurfgrqhhuihgvrhcuoehmihgthhgrvghlsehprghquh hivghrrdighiiiqeenucggtffrrghtthgvrhhnpeetleeifedufffhhfdtteelgeeggeff hfekueevteeigfduudevudetgfegiedvjeenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehmihgthhgrvghlsehprghquhhivghrrdighiiipdhn sggprhgtphhtthhopeehpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegurghnih gvlheshigvshhqlhdrshgvpdhrtghpthhtohepmhgrihhlsehjohgvtghonhifrgihrdgt ohhmpdhrtghpthhtohepthhglhesshhsshdrphhghhdrphgrrdhushdprhgtphhtthhope grnhhshhdtuddtjedvtddtudesghhmrghilhdrtghomhdprhgtphhtthhopehpghhsqhhl qdgsuhhgsheslhhishhtshdrphhoshhtghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: i0fe9450f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 24 Apr 2026 18:32:08 -0400 (EDT) Date: Sat, 25 Apr 2026 07:32:04 +0900 From: Michael Paquier To: Daniel Gustafsson Cc: Joe Conway , Tom Lane , ansh01072001@gmail.com, pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod Message-ID: References: <19457-4bab15c17aea36c7@postgresql.org> <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se> <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se> <1612210.1777041534@sss.pgh.pa.us> <71c66a3b-4c0d-447b-8b84-ef15ac047561@joeconway.com> <98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E@yesql.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6JewWzP4caI3GBv0" Content-Disposition: inline In-Reply-To: <98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E@yesql.se> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --6JewWzP4caI3GBv0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 24, 2026 at 05:27:27PM +0200, Daniel Gustafsson wrote: > Sounds good, I'll have a look at the two proposed patches. Thanks, Daniel. FWIW, the patch sent by Shishir is mostly a copy-paste of what I have provided in terms of tests (exactly the same) and documentation (mostly the same). He has added a paragraph about the set of ciphers that are allowed in FIPS. Do we actually need to mention these explicitely? Perhaps a link to an external source would be more adapted? I am not convinced that this is a good addition for pgcrypto, but feel free to disagree. The second difference is this diff, impacting the outputs of the tests and the decision-making: @@ -162,6 +163,9 @@ pgp_load_cipher(int code, PX_Cipher **res) if (i =3D=3D NULL) return PXE_PGP_CORRUPT_DATA; =20 + if (!i->fips_allowed) + CheckBuiltinCryptoMode(); Daniel should have the last word on that, I guess, as it is his feature, but the semantics I have chosen are harder than that: - If the GUC is off, block everything. - If the GUC is on, allow everything. - If the GUC is fips, block the non-fips ciphers and allow the fips ciphers. This behavior would be more consistent and symmetric with the other functions, at least IMHO. Thanks, -- Michael --6JewWzP4caI3GBv0 Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmnr72QACgkQnvQgOdby QH14lg/9FAjXbnfI8+L89QZYAjRjoJyJMgGzDBYFsdohCxAfjx6Cd25Hhnqb8zxG ljmUb90W+o21fjYvHVY9caUa8dxrCqh10w7oGkIQQhazRSiPdKkWueOZW0tSGyV6 CoonH5ozQ0PAw8gbIcy01qp3ChXF1Yqtc7XMMCCC3L7VRe52MVrMMlpLmYnrjjS8 b1nd22lww12oWf9i5Eq5w1wmvvqj48rIDSS8jVkQygW2+DiNmb2x6lqKvWAvyFss ebVAhkn8gPqM461vS+6TFA4fStN1CBJhsAAkqjUDe6mQeQmmDbHiViS5ee+O7HiY Nfo8g9d/Szw5QZI/dFhUhh1MXLENRKuf+QKiWGVFOsKk7GLq6UYsPpf2rv33m0+P POjq3lLATbgYkJX48ZTZ8XhK5K0yqJzW1v3L4MSLbiV6aNHMeyEhYi558YMQr8cw dHrR9WWVSM5b0tMeshTyyFikOCb0VUBxFwKu8L3g21Xo1k0eU1yyjK8Qn3V23kJy r6gM2BRmjXYp76M5r/aJlmEfxOJ7zPEdQUzdBSfTDWjeMS3IJyKn/VOQEuo4nrSw ORzkm7jexL16mX+TH1UeuL+mMrwsoQg93+t3HDpryTezZMUSRaWA1UyW9i+lV8ZX nXB92Ou2G1YylNFkXQejdWhm27wXPF7ZYtupCKIw6oXGXlwPkOo= =151y -----END PGP SIGNATURE----- --6JewWzP4caI3GBv0--