Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Joe Conway <mail@joeconway.com>
From: Joe Conway <mail@joeconway.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Daniel Gustafsson <daniel@yesql.se>
Cc: Michael Paquier <michael@paquier.xyz>, ansh01072001@gmail.com,
pgsql-bugs@lists.postgresql.org
Date: 2026-04-24T15:18:28Z
Lists: pgsql-bugs
On 4/24/26 10:38, Tom Lane wrote: > Daniel Gustafsson <daniel@yesql.se> writes: >>> On 24 Apr 2026, at 06:20, Michael Paquier <michael@paquier.xyz> wrote: >>> I am interesting in getting that fixed for the next point release, so >>> I have given it a try, finishing with the attached. This would cause >>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin >>> mode is disabled, making things more consistent with the surroundings. > >> I'm not convinced this is material for a minor release, the feature works as >> documented and it was never documented to cover PGP. Re-reading the thread PGP >> was never discussed, and while that admittedly seem like an oversight doing >> this in a minor release will alter documented behaviour which is generally not >> what we want to do. > > I sympathize with that argument, but ... people who are running in > FIPS mode are probably doing so because they have contractual or legal > obligations to meet that standard. A person who could be in hot water > if they are accidentally running disallowed crypto would see this as a > dangerous bug. A person who does not care should not be using FIPS > mode. +1 I think we should consider this as a backpatchable bug. -- Joe Conway PostgreSQL Contributors Team Amazon Web Services: https://aws.amazon.com
Commits
-
pgcrypto: Make it possible to disable built-in crypto
- 035f99cbebe5 18.0 cited
-
pgcrypto: Add function to check FIPS mode
- 924d89a35475 18.0 cited