[openssl-users] [openssl-dev] Low level API call to digest SHA1 forbidden in FIPS mode - within openssl code

Dr. Stephen Henson steve at openssl.org
Thu Mar 24 17:35:55 UTC 2016

On Wed, Mar 23, 2016, Glen Matthews wrote:

> Hi
> Right, sorry about the wrong posting - and thanks.
> The message is correct - we got this in the 1.0.2f tree and are still getting in in the 1.0.2g tree.
> I notice that in crypto\x509v3\v3_purp.c there is this:
>     if (x->ex_flags & EXFLAG_SET)
>         return;
> #ifndef OPENSSL_NO_SHA
>     X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
> #endif
> We haven't disabled SHA1 because we need it for our ssh implementation. From what I've been reading, the code should not be calling with EVP_sha1().

Is this a standard OpenSSL build or has it been modified in some way?

At what point do you enter FIPS mode?

The above call should be routed through to the SHA1 implementation in the
validated module. It's not clear why not at this point.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list