I'm sure Steve may be able to answer more succinctly, but generally...

That [Signature Algorithm: sha1WithRSAEncryption] is the signature on the X.509 
certificate - nothing to do with TLS at this point. When the certificate is 
'sealed', it is done so with a signature - in this case RSA combined with the 
SHA-1 hash algorithm - the signature is the combination of encrypting the SHA1 
hash of the certificate with the associated private key of the signing 
certificate.

When the certificate is "loaded" by OpenSSL, it is simply loaded into memory 
(usually) - no crypto operations are required to load a certificate. The 
private key associated with a certificate may be (and usually) is encrypted in 
some form. If that form uses MD5 or PBKD in any form, then it would not be 
allowed in FIPS mode.

When the certificate's RSA key and the associated is used during TLS (in PRF 
and signing, as Steve pointed out), then they are used in combination with 
SHA-1 and MD5. OpenSSLs access to MD5 at this point is probably private and any 
EVP access to the MD5 functions would be disabled in FIPS140-2 approved mode.

Carl
________________________________________
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 26 July 2013 14:10
To: openssl-users@openssl.org
Subject: RE: Using MD5 certificates in OpenSSL FIPS

If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm: 
sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is 
attempting to load it, I assume it's using the MD5-SHA1 combination. If that 
*is* permitted, why am I getting the "disabled for FIPS" error?

Graeme

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dr. Stephen Henson
Sent: Friday, July 26, 2013 7:39 AM
To: openssl-users@openssl.org
Subject: Re: Using MD5 certificates in OpenSSL FIPS

On Fri, Jul 26, 2013, Carl Young wrote:

> As far as I remember, the use of MD5 is only allowed in TLS 1 for the
> specific use within the PRF for key generation as the __combination__ of
> SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still
> disallowed.
>

It is also permitted with the MD5+SHA1 combined RSA signature again because
the combination is not considered weak.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to