Hello OpenSSL Users,
I’m trying to use SHA1 message digest hashing in combination with the FIPS
provider, but seem to be running into issues. My code looks like the following:
EVP_PKEY* privateKey = getPrivateKey();
EVP_MD_CTX* mdContex = EVP_MD_CTX_new();
if (mdContex != NULL) {
const EVP_MD* messageDigest = EVP_MD_fetch(NULL, "SHA-1",
"provider=fips");
if (EVP_DigestSignInit(mdContex, NULL, messageDigest, NULL, privateKey)
== 1) {
std::cout << "Success";
} else {
std::cout << "EVP_DigestSignInit failed";
}
EVP_MD_CTX_free(mdContex);
}
The call to EVP_DigestSignInit() always fails. If I switch to SHA-256 then it
works fine. I thought SHA-1 wasn’t allowed for raw sign operations, but was
still okay for message digests calculated via the EVP_MD related methods, is
that thinking incorrect? And in fact, all use of SHA-1 with FIPS is disallowed?
Regards,
Kevin Millson.
