[openssl-users] [openssl-dev] Low level API call to digest SHA1 forbidden in FIPS mode - within openssl code

Dr. Stephen Henson steve at openssl.org
Sat Mar 26 21:30:27 UTC 2016

On Thu, Mar 24, 2016, Glen Matthews wrote:

> Hi
> Yes it's a standard build. FIPS 2.0 with openssl 1.0.2g - I took a dump when the dialog box was displayed, and that's how I got the call stack. 
>     if (x->ex_flags & EXFLAG_SET)
>         return;
> #ifndef OPENSSL_NO_SHA
>     X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
> #endif
> I inspected the values in x509v3_cache_extensions() - the code above is from the beginning of it - and the test fails, so we drop down into the digest call.

Something strange is going on and I'm not sure what yet. 

At he start of EVP_DigestInit_ex() the implementation should be switched to
the validated module version which then should never call the prohibited low
level calls.

When you say it's a standard build you've presumably followed the FIPS module
build instructions to the letter and produced the FIPS capable OpenSSL from
that? Is there anything unusual you are doing like using an ENGINE
for some operations?`

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list