[openssl-users] [openssl-dev] Low level API call to digest SHA1 forbidden in FIPS mode - within openssl code

Dr. Stephen Henson steve at openssl.org
Sun Mar 27 01:52:23 UTC 2016


On Sat, Mar 26, 2016, Glen Matthews wrote:

> No, nothing unusual. Is there anything from the build process that would be useful in demonstrating this yes or no? I'm not the person responsible for the build process but I'm pretty sure it was followed to the letter - however I'll check on that. Certainly no engines
> 
> I can check back in the dump and see where we are in the code in each method call
> 

What would be useful is tracing what happens in EVP_DigestInit_ex() during
the X509_digest() call. For example does it detect FIPS mode properly and if 
so does evp_get_fips_md() return a non-NULL value?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list