[EXTERNAL] RE: MD5 and FIPS
Sands, Daniel
dnsands at sandia.gov
Wed Feb 1 20:32:41 UTC 2023
> > We use MD5 as a choice of file hashing. The problem is, that with
> > FIPS enabled, the low-level routine doesn't just refuse, but it even
> > calls OpenSSL's abort function, terminating the program with
> > prejudice. The EVP routine is more reasonable, simply refusing to provide
> MD5. But as mentioned, I am not asking for MD5 as a cryptographic algorithm,
> but as a file hash. OpenSSL does not provide a way to differentiate that, though.
>
> I don't think FIPS 140-2 differentiates. You include MD5, you violate your FIPS
> 140 validation. It doesn't matter what you're using it for.
I suppose it would be useful to track down the actual text. What I've been told is that FIPS limits its scope to what is allowed for cryptographic purposes. What you do outside of cryptography is your own discretion.
> That said, if you really do need to implement MD5, there's reference C source in
> RFC 1321. It's trivial to extract and compile.
While that is true, OpenSSL's implementation is optimized for the various processors and is leagues ahead of what a naïve C implementation can do. It also seems wasteful to include our own implementation of something that OpenSSL already can do, just because they have it chained off.
More information about the openssl-users
mailing list