On Tue, Apr 21, 2026 at 04:04:40PM +0200, Daniel Gustafsson wrote:
> Not just FIPS, it should check CheckBuiltinCryptoMode() to be consistent with
> the other builtin checks.
I am interesting in getting that fixed for the next point release, so
I have given it a try, finishing with the attached. This would cause
pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
mode is disabled, making things more consistent with the surroundings.
I agree that this could break environments where builtin_crypto is
off, as the functions would now be blocked, but I am not sure that
this is worth worrying about as builtin_crypto=on is the default.
Daniel, what do you think?
--
Michael