se of non-FIPS certified crypto not allowed when OpenSSL is in FIPS
mode
+RESET pgcrypto.builtin_crypto_enabled;
+DROP TABLE ctest;
[1]
https://github.com/postgres/postgres/commit/3c551ebede46194237f82062b54b92e474b5c743
Koshi Shibagaki
FUJITSU LIMITED
https://www.fujitsu.com/
Let me confirm the discussion in threads. I think there are two topics.
1. prohibit the use of ciphers disallowed in FIPS mode at the level of block
cipher (crypt-bf, etc...) in crypt() and gen_salt()
2. adding new "crypt-aes" module.
If this is correct, I would like to make a patch for the first
Dear Daniel
Thanks for your reply.
> I wonder if it's worth trying to make pgcrypto disallow non-FIPS compliant
> ciphers when the compiled against OpenSSL is running with FIPS mode
> enabled, or raise a WARNING when used? It seems rather unlikely that
> someone running OpenSSL with FIPS=yes wan
Dear Peter
Thanks for the replying
> 1. All the block ciphers currently supported by crypt() and gen_salt() are not
> FIPS-compliant.
>
> 2. The crypt() and gen_salt() methods built on top of them (modes of
> operation,
> kind of) are not FIPS-compliant.
>
> 3. The implementations (crypt-blowfi
Hi
This is Shibagaki.
When FIPS mode is enabled, some encryption algorithms cannot be used.
Since PostgreSQL15, pgcrypto requires OpenSSL[1], digest() and other functions
also follow this policy.
However, crypt() and gen_salt() do not use OpenSSL as mentioned in [2].
Therefore, if we run crypt()
Hi Hackers,
This Koshi Shibagaki.
I found out that there is a mistake written in
contrib/postgres_fdw/postgres_fdw.c.
Patch file is attached.
The non-existent function name " ExecCheckRTEPerms " was written in
the comment in postgresBeginForeignScan.
This mistake is considered to have occurred
