[EXTERNAL] Re: MD5 and FIPS

Dr Paul Dale pauli at openssl.org
Thu Feb 2 00:55:48 UTC 2023


You need to load the default provider to access MD5.

So:

1. load the FIPS and default providers into your library context;

2. set the default property query to `fips="yes"' -- using 
configuration, EVP_set_default_properties(), 
EVP_default_properties_enable_fips() or whatever;

3. load MD5 via EVP_MD_fetch(libctx, "md5", "fips=no").



Pauli

On 2/2/23 11:45, Sands, Daniel wrote:
>
>> -----Original Message-----
>> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Dr
>> Paul Dale
>> Sent: Wednesday, February 1, 2023 2:33 PM
>> To: openssl-users at openssl.org
>> Subject: [EXTERNAL] Re: MD5 and FIPS
>>
>> If you are using OpenSSL 1.0.2 and the old FOM, you're out of luck.
>>
>> If you are using OpenSSL 3.0 with the FIPS provider, you can still access MD5 by
>> loading appropriate providers and specifying a property query.  See the
>> migration or FIPS guides.
> This sounds like an acceptable workaround.  So if I load the legacy provider, then request MD5 (or SHA1) explicitly through that provider, it should provide a working context?



More information about the openssl-users mailing list