When FIPS is enabled: missed that. We enable it when we load the modules - we're in a mode where we only have the FIPS libraries installed, and when we load them, we enable FIPS. In searching for a temporary work-around, I put different code at that place in x509v3_cache_extensions() - calculating another digest at that point - and the test for FIPS_mode() worked, so I think we are in FIPS mode all through that call stack. glen -----Original Message----- From: Glen Matthews Sent: Thursday, March 24, 2016 1:55 PM To: 'openssl-users at openssl.org' Subject: RE: [openssl-dev] Low level API call to digest SHA1 forbidden in FIPS mode - within openssl code Hi Yes it's a standard build. FIPS 2.0 with openssl 1.0.2g - I took a dump when the dialog box was displayed, and that's how I got the call stack. if (x->ex_flags & EXFLAG_SET) return; #ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); #endif I inspected the values in x509v3_cache_extensions() - the code above is from the beginning of it - and the test fails, so we drop down into the digest call. glen -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Dr. Stephen Henson Sent: Thursday, March 24, 2016 1:36 PM To: openssl-users at openssl.org Subject: Re: [openssl-dev] Low level API call to digest SHA1 forbidden in FIPS mode - within openssl code On Wed, Mar 23, 2016, Glen Matthews wrote: > Hi > > Right, sorry about the wrong posting - and thanks. > > The message is correct - we got this in the 1.0.2f tree and are still getting in in the 1.0.2g tree. > > I notice that in crypto\x509v3\v3_purp.c there is this: > > if (x->ex_flags & EXFLAG_SET) > return; > #ifndef OPENSSL_NO_SHA > X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); #endif > > We haven't disabled SHA1 because we need it for our ssh implementation. From what I've been reading, the code should not be calling with EVP_sha1(). > Is this a standard OpenSSL build or has it been modified in some way? At what point do you enter FIPS mode? The above call should be routed through to the SHA1 implementation in the validated module. It's not clear why not at this point. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users