FIPS 3.0 private_* hash functions
matt at openssl.org
Thu Oct 10 15:42:01 UTC 2019
On 10/10/2019 16:40, Neptune wrote:
> Hi all,
> I am in the process of making required changes to migrate our code to the
> 1.1.x branch. We are currently using the FIPS Object Module 2.0 and eagerly
> await word on the new 3.0 FIPS Object Module, but in the meantime there is
> one issue of concern in our code for which I need some clarification:
> This is a fairly old code base which contains some MD4 and MD5 usages. These
> are merely used to create some comparison hashes, but because of constraints
> with other applications we integrate with, it would be painful to replace
> these with newer FIPS-compliant hashes. For our current code using 1.0.2 we
> got around the FIPS Object Module in these cases by using the private
> variants of these hash functions (i.e. private_MD5_init).
> Will there be any such provisions for the 3.0 FIPS Object Module?
OpenSSL 3.0 is a completely different architecture to the older versions.
Algorithm implementations are available via "providers". There will be 3
providers available initially (others might come from 3rd parties). These are
the default, legacy and fips providers. FIPS validated algorithms will be in the
fips provider. The legacy provider will have MD4 and MD5 implementations.
It is perfectly possible to have more than one provider loaded at the same time.
Configuration will enable you to specify which algorithm implementations you
wish to use for any given circumstance. You can also override configuration on a
per call site basis. For example you can load both the fips and legacy providers
and configure things so that by default you only ever use fips algorithms. For
specific cases you can override the default configuration to load algorithms
from the legacy provider.
More information about the openssl-users