FIPS restrictions bypass #26096
Description
Prerequisites
- Write a descriptive title.
- Make sure you are able to repro it on the latest released version
- Search the existing issues.
- Refer to the FAQ.
- Refer to Differences between Windows PowerShell 5.1 and PowerShell.
Steps to reproduce
Having a Linux FIPS compliance system, just download and install latest version of PowerShell following these steps:
mkdir -p /app
mkdir -p /opt/powershell/bin
mkdir -p /tmp/pkg/cache/ ; cd /tmp/pkg/cache/ || exit 1 ;
curl -SsLf "https://github.com/PowerShell/PowerShell/releases/download/v7.5.3/powershell-7.5.3-linux-arm64.tar.gz" -O
tar -zxf "powershell-7.5.3-linux-arm64.tar.gz" -C /opt/powershell/bin --no-same-owner
chmod +x "/opt/powershell/bin/pwsh"
rm -rf "powershell-7.5.3-linux-arm64.tar.gz"
export PS_INSTALL_FOLDER="/opt/powershell/bin"
Expected behavior
An error occurs when I try to use forbidden algorithms.Actual behavior
root [ ~ ]# openssl version
OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
root [ ~ ]# openssl md5 /etc/ssl/openssl.cnf
Error setting digest
20C06785FFFF0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:386:Global default library context, Algorithm (MD5 : 102), Properties ()
20C06785FFFF0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:254:
root [ ~ ]# pwsh -C "Get-FileHash -Path /etc/ssl/openssl.cnf -Algorithm MD5"
Algorithm Hash Path
--------- ---- ----
MD5 62FBD4A7041201E791A582AF31E7BB14 /etc/ssl/openssl.cnf
root [ ~ ]# echo $OPENSSL_FIPS
yesError details
Environment data
PowerShell 7.5.3
PS /app> $PSVersionTable
Name Value
---- -----
PSVersion 7.5.3
PSEdition Core
GitCommitId 7.5.3
OS VMware Photon OS/Linux
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Visuals
No response