The assessment is accurate. FIPS 140-2 does not allow MD5 except for use in PRF.
Thus the OpenSSL_add_all_digests in fips openssl does not include MD5. However, SSL_library_init() does include MD5 but only for use in calculating the PRF. Notice in tls1_P_hash() in ssl/t1_enc.c the flag, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is set in the context to permit this use of MD5. Apps wishing to calculate their own PRF can do the same. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835135 Title: FIPS OpenSSL crashes Python2 hashlib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1835135/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
