subject:"Re\: \[openssl\-users\] Digest MD5 forbidden in FIPS mode"

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

2016-01-18 Thread Ethan Rahn

MD5 is not considered a safe function to use hence it is forbidden in FIPS
mode. Can you use a different hash function ( such as SHA-something ) for
your use case?

On Mon, Jan 18, 2016 at 4:43 PM, Marcos Bontempo  wrote:

> Hello,
>
> I wrote a C code which enter in FIPS mode with fips_mod_set(1).
>
> But, when I call MD5 functions after setting FIPS mode, I get this error:
>
> md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API
> call to digest MD5 forbidden in FIPS mode! Aborted.
>
> Does anybody know what is wrong? How can I correct it?
>
> Any tip will be very helpful,
> Thanks.
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

2016-01-18 Thread Jeffrey Walton

> I wrote a C code which enter in FIPS mode with fips_mod_set(1).
>
> But, when I call MD5 functions after setting FIPS mode, I get this error:
>
> md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call
> to digest MD5 forbidden in FIPS mode! Aborted.
>
> Does anybody know what is wrong? How can I correct it?

Nothing is going wrong; everything is working as expected.

MD5 is essentially forbidden in US Federal except under a few
exemptions. The exemptions include the PRF in TLS. But I've never seen
a library expose MD5 even if its using it under the hood.

Also see FIPS 140-2 and http://www.nsrl.nist.gov/collision.html.

Jeff
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

2016-01-18 Thread Dr. Stephen Henson

On Mon, Jan 18, 2016, Marcos Bontempo wrote:

> Hello,
> I wrote a C code which enter in FIPS mode with fips_mod_set(1). 
> But, when I call MD5 functions after setting FIPS mode, I get this error:
> md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call 
> to digest MD5 forbidden in FIPS mode! Aborted.
> Does anybody know what is wrong? How can I correct it?
> Any tip will be very helpful,Thanks.

As well as the fact that MD5 is forbidden in FIPS mode you also have to use
the EVP API for digests.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

3 matches

Site Navigation

Mail list logo

Footer information