Home > mailing lists

Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod - Mailing list pgsql-bugs

From	Michael Paquier
Subject	Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Date	April 24 07:20:50
Msg-id	aervokmPnxlO6Oqs@paquier.xyz Whole thread
In response to	Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod (Daniel Gustafsson <daniel@yesql.se>)
Responses	Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
List	pgsql-bugs

Tree view

On Tue, Apr 21, 2026 at 04:04:40PM +0200, Daniel Gustafsson wrote:
> Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent with
> the other builtin checks.

I am interesting in getting that fixed for the next point release, so
I have given it a try, finishing with the attached.  This would cause
pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
mode is disabled, making things more consistent with the surroundings.

I agree that this could break environments where builtin_crypto is
off, as the functions would now be blocked, but I am not sure that
this is worth worrying about as builtin_crypto=on is the default.

Daniel, what do you think?
--
Michael

Attachment

pgsql-bugs by date:

From: Michael Paquier
Date: 24 April, 01:14:18
Subject: Re: to_date()/to_timestamp() silently accept month=0 and day=0

From: Daniel Gustafsson
Date: 24 April, 11:11:04
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod

Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod - Mailing list pgsql-bugs

Attachment

Previous

Next