SHA1 Hashing in FIPS Provider
Kevin Millson
Kevin.Millson at intercede.com
Fri Feb 11 08:35:59 UTC 2022
Hello OpenSSL Users,
I’m trying to use SHA1 message digest hashing in combination with the FIPS provider, but seem to be running into issues. My code looks like the following:
EVP_PKEY* privateKey = getPrivateKey();
EVP_MD_CTX* mdContex = EVP_MD_CTX_new();
if (mdContex != NULL) {
const EVP_MD* messageDigest = EVP_MD_fetch(NULL, "SHA-1", "provider=fips");
if (EVP_DigestSignInit(mdContex, NULL, messageDigest, NULL, privateKey) == 1) {
std::cout << "Success";
} else {
std::cout << "EVP_DigestSignInit failed";
}
EVP_MD_CTX_free(mdContex);
}
The call to EVP_DigestSignInit() always fails. If I switch to SHA-256 then it works fine. I thought SHA-1 wasn’t allowed for raw sign operations, but was still okay for message digests calculated via the EVP_MD related methods, is that thinking incorrect? And in fact, all use of SHA-1 with FIPS is disallowed?
Regards,
Kevin Millson.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220211/c68dcea5/attachment-0001.htm>
More information about the openssl-users
mailing list