On 14/05/2021 09:21, openssl.org@xxxxxxxxxxxxxx wrote:
Hi,
I am working with some legacy code which was written to use openssl
version 1.0.
I am trying to make it work with openssl version 1.1.1 but the following
line returns NULL.
const EVP_MD* messageDigest = EVP_get_digestbyname("sha");
I changed it to the following.
const EVP_MD* messageDigest = EVP_get_digestbyname("sha1");
That does return a EVP_MD pointer but when I use it with a EVP_MD_CTX to
create a hash it produces a different hash than the legacy code for the
same data.
What digest was returned by "sha" in the older version?
That is "SHA-0". A very early (1993) implementation of what later became
SHA-1. According to Wikipedia SHA-0: "...was withdrawn by the NSA
shortly after publication and was superseded by the revised version,
published in 1995 in FIPS PUB 180-1 and commonly designated SHA-1.
SHA-0 really really should not be used and support was removed in
OpenSSL 1.1.0.
Matt
