On Thu, 2019-10-10 at 08:40 -0700, Neptune wrote: > Hi all, > I am in the process of making required changes to migrate our code to > the > 1.1.x branch. We are currently using the FIPS Object Module 2.0 and > eagerly > await word on the new 3.0 FIPS Object Module, but in the meantime > there is > one issue of concern in our code for which I need some clarification: > > This is a fairly old code base which contains some MD4 and MD5 > usages. These > are merely used to create some comparison hashes, but because of > constraints > with other applications we integrate with, it would be painful to > replace > these with newer FIPS-compliant hashes. For our current code using > 1.0.2 we > got around the FIPS Object Module in these cases by using the private > variants of these hash functions (i.e. private_MD5_init). > > Will there be any such provisions for the 3.0 FIPS Object Module? Yes, they already are there in the master branch! See: https://github.com/openssl/openssl/issues/10129 -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]