> On 24 Apr 2026, at 06:20, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Tue, Apr 21, 2026 at 04:04:40PM +0200, Daniel Gustafsson wrote:
>> Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent with
>> the other builtin checks.
>
> I am interesting in getting that fixed for the next point release, so
> I have given it a try, finishing with the attached. This would cause
> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
> mode is disabled, making things more consistent with the surroundings.
>
> I agree that this could break environments where builtin_crypto is
> off, as the functions would now be blocked, but I am not sure that
> this is worth worrying about as builtin_crypto=on is the default.
I'm not convinced this is material for a minor release, the feature works as
documented and it was never documented to cover PGP. Re-reading the thread PGP
was never discussed, and while that admittedly seem like an oversight doing
this in a minor release will alter documented behaviour which is generally not
what we want to do.
--
Daniel Gustafsson
