RE: Replace current implementations in crypt() and gen_salt() to OpenSSL
Koshi Shibagaki (Fujitsu) <shibagaki.koshi@fujitsu.com>
From: "Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>
To: 'Daniel Gustafsson' <daniel@yesql.se>, Peter Eisentraut <peter@eisentraut.org>
Cc: "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2024-02-16T11:35:41Z
Lists: pgsql-hackers
Dear Daniel Thanks for your reply. > I wonder if it's worth trying to make pgcrypto disallow non-FIPS compliant > ciphers when the compiled against OpenSSL is running with FIPS mode > enabled, or raise a WARNING when used? It seems rather unlikely that > someone running OpenSSL with FIPS=yes want to use our DES cipher without > there being an error or misconfiguration somewhere. Indeed, users do not use non-FIPS compliant ciphers in crypt() and gen_salt() such as DES with FIPS mode enabled. However, can we reduce human error by having these functions make the judgment as to whether ciphers can or cannot be used? If pgcrypto checks if FIPS enabled or not as in the pseudocode, it is easier to achieve than replacing to OpenSSL. Currently, OpenSSL internally determines if it is in FIPS mode or not, but would it be a problem to have PostgreSQL take on that role? ----------------------------------------------- Fujitsu Limited Shibagaki Koshi shibagaki.koshi@fujitsu.com
Commits
-
pgcrypto: Make it possible to disable built-in crypto
- 035f99cbebe5 18.0 landed
-
pgcrypto: Add function to check FIPS mode
- 924d89a35475 18.0 landed
-
citext: Allow tests to pass in OpenSSL FIPS mode
- 3c551ebede46 17.0 cited
-
pgcrypto: Remove non-OpenSSL support
- db7d1a7b0530 15.0 cited