Message409017
I added christian.heimes to the nosy list; I hope that's OK
usedforsecurity flag is based on setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag. However this flag has no effect in OpenSSL 3.0.0.
[root@lambada ~]# /opt/opsware/bin/python3
Python 3.10.0 (default, Dec 8 2021, 17:05:23) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux-x86_64
Type "help", "copyright", "credits" or "license" for more information.
>>> import _hashlib
>>> _hashlib.get_fips_mode()
1
>>> import hashlib
>>> hashlib.md5(b'ceva', usedforsecurity=False).hexdigest()
'970c7956028654ac329b12c10b112058'
>>> hashlib.md5(b'ceva', usedforsecurity=True).hexdigest()
'970c7956028654ac329b12c10b112058'
The last call, when usedforsecurity is True, should fail because MD5 is not allowed in FIPS mode.
I will add a GitHub pull request for this issue. |
|
Date |
User |
Action |
Args |
2021-12-22 10:32:08 | florinspatar | set | recipients:
+ florinspatar, christian.heimes |
2021-12-22 10:32:08 | florinspatar | set | messageid: <1640169128.02.0.712227783585.issue46149@roundup.psfhosted.org> |
2021-12-22 10:32:07 | florinspatar | link | issue46149 messages |
2021-12-22 10:32:07 | florinspatar | create | |
|