Hi Aaron, If your openssl version supports sha256 and its version is less than 0.9.8l, then you should add OpenSSL_add_all_algorithms() in your code to enable the same. Otherwise it will throw errors while doing any digest operation with sha256.
By default sha256 is enabled on Openssl-0.9.8l version onwards. Thanks, Gayathri On Wed, Nov 21, 2012 at 8:53 AM, Dave Thompson <dthomp...@prinpay.com>wrote: > > From: Wu, Hong-Tao (Aaron, HPSW-R&D-SH) [mailto:hongtao...@hp.com] > > Sent: Tuesday, 20 November, 2012 22:05 > > To: openssl-users@openssl.org > > Cc: dthomp...@prinpay.com > > Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm > > > > Thanks a lot, Dave. > > > > So it means that SHA256 is only technically supported from > > 0.9.7h. If I am using 0.9.7d, it is not included, right? > > > I don't have all the old versions to check, but according to CHANGES > it is NOT in 0.9.7h which means it SHOULD NOT be in any earlier 0.9.7*, > and 0.9.7d IS earlier than 0.9.7h so it SHOULD NOT be in 0.9.7d. > > It IS in the code for 0.9.7m, therefore it was added sometime > after 0.9.7h and before or at 0.9.7m. That's what ">7h <=7m" means. > > > Best Regards, > > Aaron > > > > -----Original Message----- > > From: owner-openssl-us...@openssl.org > > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson > > Sent: Wednesday, November 21, 2012 10:01 AM > > To: openssl-users@openssl.org > > Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm > > > > > From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao > > > (Aaron, > > HPSW-R&D-SH) > > > Sent: Tuesday, 20 November, 2012 10:42 > > > > > In our product, we are still using OpenSSL 0.9.7d (on Windows > > > platform) for certificate validation. Recently we suffered an issue > > > about certificates based SHA256, and the following error is thrown: > > > > > > ldap_bind: Can't contact LDAP server (-1) > > > additional info: error:0D0890A1:asn1 encoding > > > routines:ASN1_verify:unknown message digest algorithm > > > > > > My question is: > > > > > > 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? > > > > On one system I still have 0.9.7m which does have SHA-2, with > > no mention in CHANGES. However, the 0.9.8* CHANGES describe > > it as added by 0.9.8(original) and not in 0.9.7h. > > Thus it was apparently backported somewhere >7h <=7m. > > > > > 2) If answer is NO for point 1, since which version does OpenSSL > > > support SHA Digest Algorithm? > > > > > (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in > > OpenSSL much longer, and the algorithm originally released as > > SHA was defective and withdrawn before use.) > > > > Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and > > signatures using SHA-2 with RSA. Due to API limitation they > > can't do signatures using SHA-2 with ECDSA, and AIR don't > > have the DSA sizes for SHA-2 added by FIPS 186-3. > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
