On Fri, 2022-02-11 at 08:35 +0000, Kevin Millson wrote:
> Hello OpenSSL Users,
>
> I’m trying to use SHA1 message digest hashing in combination with the
> FIPS provider, but seem to be running into issues. My code looks like
> the following:
>
> EVP_PKEY* privateKey = getPrivateKey();
> EVP_MD_CTX* mdContex = EVP_MD_CTX_new();
> if (mdContex != NULL) {
> const EVP_MD* messageDigest = EVP_MD_fetch(NULL, "SHA-1",
> "provider=fips");
> if (EVP_DigestSignInit(mdContex, NULL, messageDigest, NULL,
> privateKey) == 1) {
> std::cout << "Success";
> } else {
> std::cout << "EVP_DigestSignInit failed";
> }
> EVP_MD_CTX_free(mdContex);
> }
>
> The call to EVP_DigestSignInit() always fails. If I switch to SHA-256
> then it works fine. I thought SHA-1 wasn’t allowed for raw sign
> operations, but was still okay for message digests calculated via the
> EVP_MD related methods, is that thinking incorrect? And in fact, all
> use of SHA-1 with FIPS is disallowed?
With FIPS SHA-1 is disallowed for signing. SHA-1 is allowed in other
contexts than signing. It is allowed for legacy purposes in
verification of signatures, it is also allowed in HMACs.
--
Tomáš Mráz, OpenSSL
