FIPS 3.0 private_* hash functions
Tomas Mraz
tmraz at redhat.com
Thu Oct 10 15:49:28 UTC 2019
On Thu, 2019-10-10 at 08:40 -0700, Neptune wrote:
> Hi all,
> I am in the process of making required changes to migrate our code to
> the
> 1.1.x branch. We are currently using the FIPS Object Module 2.0 and
> eagerly
> await word on the new 3.0 FIPS Object Module, but in the meantime
> there is
> one issue of concern in our code for which I need some clarification:
>
> This is a fairly old code base which contains some MD4 and MD5
> usages. These
> are merely used to create some comparison hashes, but because of
> constraints
> with other applications we integrate with, it would be painful to
> replace
> these with newer FIPS-compliant hashes. For our current code using
> 1.0.2 we
> got around the FIPS Object Module in these cases by using the private
> variants of these hash functions (i.e. private_MD5_init).
>
> Will there be any such provisions for the 3.0 FIPS Object Module?
Yes, they already are there in the master branch!
See:
https://github.com/openssl/openssl/issues/10129
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list