SHA digest differences in version 1.0 and 1.1.1
Matt Caswell
matt at openssl.org
Fri May 14 08:56:39 UTC 2021
On 14/05/2021 09:21, openssl.org at benshort.co.uk wrote:
> Hi,
>
> I am working with some legacy code which was written to use openssl
> version 1.0.
>
> I am trying to make it work with openssl version 1.1.1 but the following
> line returns NULL.
>
> const EVP_MD* messageDigest = EVP_get_digestbyname("sha");
>
> I changed it to the following.
>
> const EVP_MD* messageDigest = EVP_get_digestbyname("sha1");
>
> That does return a EVP_MD pointer but when I use it with a EVP_MD_CTX to
> create a hash it produces a different hash than the legacy code for the
> same data.
>
> What digest was returned by "sha" in the older version?
That is "SHA-0". A very early (1993) implementation of what later became
SHA-1. According to Wikipedia SHA-0: "...was withdrawn by the NSA
shortly after publication and was superseded by the revised version,
published in 1995 in FIPS PUB 180-1 and commonly designated SHA-1.
SHA-0 really really should not be used and support was removed in
OpenSSL 1.1.0.
Matt
More information about the openssl-users
mailing list