SHA digest differences in version 1.0 and 1.1.1

Matt Caswell matt at
Fri May 14 08:56:39 UTC 2021

On 14/05/2021 09:21, at wrote:
> Hi,
> I am working with some legacy code which was written to use openssl 
> version 1.0.
> I am trying to make it work with openssl version 1.1.1 but the following 
> line returns NULL.
>      const EVP_MD* messageDigest = EVP_get_digestbyname("sha");
> I changed it to the following.
>      const EVP_MD* messageDigest = EVP_get_digestbyname("sha1");
> That does return a EVP_MD pointer but when I use it with a EVP_MD_CTX to 
> create a hash it produces a different hash than the legacy code for the 
> same data.
> What digest was returned by "sha" in the older version?

That is "SHA-0". A very early (1993) implementation of what later became 
SHA-1. According to Wikipedia SHA-0: "...was withdrawn by the NSA 
shortly after publication and was superseded by the revised version, 
published in 1995 in FIPS PUB 180-1 and commonly designated SHA-1.

SHA-0 really really should not be used and support was removed in 
OpenSSL 1.1.0.


More information about the openssl-users mailing list