RE: Replace current implementations in crypt() and gen_salt() to OpenSSL

Koshi Shibagaki (Fujitsu) <shibagaki.koshi@fujitsu.com>

From: "Koshi Shibagaki (Fujitsu)" <shibagaki.koshi@fujitsu.com>
To: 'Daniel Gustafsson' <daniel@yesql.se>, Peter Eisentraut <peter@eisentraut.org>
Cc: "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2024-02-16T11:35:41Z
Lists: pgsql-hackers
Dear Daniel

Thanks for your reply.

> I wonder if it's worth trying to make pgcrypto disallow non-FIPS compliant
> ciphers when the compiled against OpenSSL is running with FIPS mode
> enabled, or raise a WARNING when used?  It seems rather unlikely that
> someone running OpenSSL with FIPS=yes want to use our DES cipher without
> there being an error or misconfiguration somewhere.

Indeed, users do not use non-FIPS compliant ciphers in crypt() and gen_salt() 
such as DES with FIPS mode enabled.
However, can we reduce human error by having these functions make the judgment 
as to whether ciphers can or cannot be used?

If pgcrypto checks if FIPS enabled or not as in the pseudocode, it is easier to 
achieve than replacing to OpenSSL.
Currently, OpenSSL internally determines if it is in FIPS mode or not, but would
it be a problem to have PostgreSQL take on that role?

-----------------------------------------------
Fujitsu Limited
Shibagaki Koshi
shibagaki.koshi@fujitsu.com





Commits

  1. pgcrypto: Make it possible to disable built-in crypto

  2. pgcrypto: Add function to check FIPS mode

  3. citext: Allow tests to pass in OpenSSL FIPS mode

  4. pgcrypto: Remove non-OpenSSL support