You need to load the default provider to access MD5.
So:
1. load the FIPS and default providers into your library context;
2. set the default property query to `fips="yes"' -- using
configuration, EVP_set_default_properties(),
EVP_default_properties_enable_fips() or whatever;
3. load MD5 via EVP_MD_fetch(libctx, "md5", "fips=no").
Pauli
On 2/2/23 11:45, Sands, Daniel wrote:
-----Original Message-----
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Dr
Paul Dale
Sent: Wednesday, February 1, 2023 2:33 PM
To: openssl-users@xxxxxxxxxxx
Subject: [EXTERNAL] Re: MD5 and FIPS
If you are using OpenSSL 1.0.2 and the old FOM, you're out of luck.
If you are using OpenSSL 3.0 with the FIPS provider, you can still access MD5 by
loading appropriate providers and specifying a property query. See the
migration or FIPS guides.
This sounds like an acceptable workaround. So if I load the legacy provider, then request MD5 (or SHA1) explicitly through that provider, it should provide a working context?
