On Tue, Jul 21, 2009, carlyo...@keycomm.co.uk wrote: > > TLS 1.0 DOES use MD5 and SHA-1 in combination, and - despite MD5 not being > allowed by the FIPS 140-2 standard - it is allowed in this case because the > combined 'strength" of the two, when used in unison, is not less than SHA-1 > itself. I can't remember the technical explanation, but its around > somewhere. I would suspect (not know) that OpenSSL uses the MD5 code > directly in TLS rather than through the EVP interface, as it should fail > using this code path if FIPS is enabled. >
To avoid issues with applications accidentally using non-FIPS algorithms in FIPS mode the EVP and low level interfaces generate errors if an attempt is made to use them. In the case of EVP you get errors when you try to initialise the context. Since some applications might blindly ignore the initialisation error (you'd normally never get an error with a software only interface) the context is initialised so that any attempt to use the context produces a hard assertion failure when you call *update(). The low level interfaces often don't return values and their use directly in applications has been discouraged for many years. In those cases you just get the assertion failure. There are some cases where an application can decide that the use of the non-FIPS algorithm is permissible in FIPS mode, in that case they can set a flag in the context structure and the use will be allowed. The TLS code uses that to allow MD5. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
