> I am hoping that someone can clear this up for me.
>
> The tls1_PRF() function uses both the md5 and sha1 algorithms to generate
> pseudo-random data. Since this function is used for TLS key
> derivation, is
> the md5 algorithm allowed for key derivation while operating in FIPS mode?


The MD5 is not allowed for key derivation in FIPS mode where the security of
the key derivation depends upon the security of MD5. However, for TLS, the
security of the key derivation does not depend upon the security of MD5
because the MD5 information is combined with the full SHA1 hash.

> If it is OK, I am curious how this is handled. With FIPS mode
> enabled, is
> the SSL library itself allowed to call non-FIPS algorithms? The reason I
> ask is that I notice the SSL library doesn't necessarily check
> return values.


From a compliance standpoint, anyone can non-FIPS algorithms in FIPS mode.
However, you must assume that no security of any kind is provided by these
algorithms. I'm not precisely sure how OpenSSL implements this internally
from a technical standpoint.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org