| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | ansh01072001(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod |
| Date: | 2026-04-21 14:04:40 |
| Message-ID: | 3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 17 Apr 2026, at 06:21, PG Bug reporting form <noreply(at)postgresql(dot)org> wrote:
> I am happy to work on this.
Please do, that would be great. I'd be happy to review this so keep me CC'd.
> Add a FIPS cipher check in pgp_load_cipher() in contrib/pgcrypto/pgp.c.
> This function is the single chokepoint for all PGP cipher operations
> (encrypt, decrypt, session key encryption/decryption). A whitelist of
> FIPS 140-2/140-3 approved ciphers for PGP use would be:
>
> PGP_SYM_AES_128, PGP_SYM_AES_192, PGP_SYM_AES_256
Maybe an extra flag in the cipher_info struct?
> All other ciphers (PGP_SYM_BLOWFISH, PGP_SYM_CAST5, PGP_SYM_DES3,
> PGP_SYM_TWOFISH, etc.) should raise an error when CheckFIPSMode()
> returns true.
Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent with
the other builtin checks.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2026-04-21 15:19:36 | Re: Bug in CREATE TABLE .. LIKE .. INCLUDING STATISTICS? |
| Previous Message | 飞鱼 | 2026-04-21 13:11:22 | 回复:RE: 回复:RE: BUG #19464: Server crash (SIGABRT) with UPDATE containing multiple multi-column assignments |