|
Hello OpenSSL Users, I’m trying to use SHA1 message digest hashing in combination with the FIPS provider, but seem to be running into issues. My code looks like the following: EVP_PKEY* privateKey = getPrivateKey(); EVP_MD_CTX* mdContex = EVP_MD_CTX_new(); if (mdContex != NULL) { const EVP_MD* messageDigest = EVP_MD_fetch(NULL, "SHA-1", "provider=fips"); if (EVP_DigestSignInit(mdContex, NULL, messageDigest, NULL, privateKey) == 1) { std::cout << "Success"; } else { std::cout << "EVP_DigestSignInit failed"; } EVP_MD_CTX_free(mdContex); } The call to EVP_DigestSignInit() always fails. If I switch to SHA-256 then it works fine. I thought SHA-1 wasn’t allowed for raw sign operations, but was still okay for message digests calculated via the EVP_MD related methods, is that
thinking incorrect? And in fact, all use of SHA-1 with FIPS is disallowed? Regards, Kevin Millson. |
