http://bugzilla.opensuse.org/show_bug.cgi?id=1209053 Bug ID: 1209053 Summary: openssl 3 should fail on certain hash algorithms on FIPS Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jalausuch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Some of the hashes shouldn't work with FIPS mode.

echo Hello > /tmp/hello.txt openssl dgst -sha1 /tmp/hello.txt; echo qmtBZ-$?- SHA1(/tmp/hello.txt)= 1d229271928d3f9e2bb0375bd6ce5db6c6d348d9

This is expected to work: This is expected to fail:

openssl dgst -md4 /tmp/hello.txt 2>&1 || true Error setting digest 4097C442C07F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 84), Properties () 4097C442C07F0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:254:

BUT this is expected to fail too (and it works):

openssl dgst -md5 /tmp/hello.txt MD5(/tmp/hello.txt)= 09f7e02f1290be211da707a266f153b3

Environment: TW 20230307 package: openssl 3.0.8-1.1 -- You are receiving this mail because: You are on the CC list for the bug.