Re: [EXTERNAL] MD5 and FIPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, 2 February 2023 01:45:00 CET, Sands, Daniel via openssl-users wrote:

-----Original Message-----
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Dr
Paul Dale
Sent: Wednesday, February 1, 2023 2:33 PM
To: openssl-users@xxxxxxxxxxx
Subject: [EXTERNAL] Re: MD5 and FIPS

If you are using OpenSSL 1.0.2 and the old FOM, you're out of luck.

If you are using OpenSSL 3.0 with the FIPS provider, you can still access MD5 by
loading appropriate providers and specifying a property query.  See the
migration or FIPS guides.

This sounds like an acceptable workaround. So if I load the legacy provider, then request MD5 (or SHA1) explicitly through that provider, it should provide a working context?

For some old FIPS modules you can also re-enable the md5 hash by using
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

Looking how Python handles the usedforsecurity keyword argument in hashlib
module is a usually a good idea.
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux