Bug ID 1209053
Summary openssl 3 should fail on certain hash algorithms on FIPS
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter jalausuch@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Some of the hashes shouldn't work with FIPS mode. 

> echo Hello > /tmp/hello.txt
> openssl dgst -sha1 /tmp/hello.txt; echo qmtBZ-$?-
> SHA1(/tmp/hello.txt)= 1d229271928d3f9e2bb0375bd6ce5db6c6d348d9

This is expected to work:


This is expected to fail:
> openssl dgst -md4 /tmp/hello.txt 2>&1 || true
> Error setting digest
> 4097C442C07F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 84), Properties ()
> 4097C442C07F0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:254:

BUT this is expected to fail too (and it works):

> openssl dgst -md5 /tmp/hello.txt
> MD5(/tmp/hello.txt)= 09f7e02f1290be211da707a266f153b3


Environment: TW 20230307
package: openssl 3.0.8-1.1

You are receiving this mail because: