On Fri, Aug 17, 2012, Cassie Helms wrote: > > Maybe I should add that I've verified that FIPS_mode is turned on right > > before > > my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special > > to compile or turn on the MD4 algorithm.....could that be where I'm missing > > a > > step? > > Ah yes, now I see that what I am trying to do is perhaps impossible: > > "Other non-FIPS approved algorithms such a Blowfish, MD5, IDEA, RC4, etc. are > disabled in FIPS mode." > > OK. Here is where I'm coming from: > - I have a new version of a product that needs to use CMAC and CCM > - but it also has to support older versions of a protocol that call for > things > like... MD4 > - as far as I know, CMAC and CCM can only be used through validated fips code > (right?)... > - but if fips mode is turned on, MD4 is not available because it's not a > validated algorithm. >
You only need the validated code if you need to support FIPS 140-2. If you don't then there is no need to use the FIPS capable OpenSSL at all. CCM and CMAC are supported in OpenSSL 1.0.1 without needing to use the validated module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
