On Fri, Apr 24, 2026 at 05:27:27PM +0200, Daniel Gustafsson wrote:
> Sounds good, I'll have a look at the two proposed patches.
Thanks, Daniel.
FWIW, the patch sent by Shishir is mostly a copy-paste of what I have
provided in terms of tests (exactly the same) and documentation
(mostly the same). He has added a paragraph about the set of ciphers
that are allowed in FIPS. Do we actually need to mention these
explicitely? Perhaps a link to an external source would be more
adapted? I am not convinced that this is a good addition for
pgcrypto, but feel free to disagree.
The second difference is this diff, impacting the outputs of the
tests and the decision-making:
@@ -162,6 +163,9 @@ pgp_load_cipher(int code, PX_Cipher **res)
if (i == NULL)
return PXE_PGP_CORRUPT_DATA;
+ if (!i->fips_allowed)
+ CheckBuiltinCryptoMode();
Daniel should have the last word on that, I guess, as it is his
feature, but the semantics I have chosen are harder than that:
- If the GUC is off, block everything.
- If the GUC is on, allow everything.
- If the GUC is fips, block the non-fips ciphers and allow the fips
ciphers.
This behavior would be more consistent and symmetric with the other
functions, at least IMHO.
Thanks,
--
Michael
