Hello,
when enabling FIPS on redhat 8.5 or centos stream 8.5 you got a crash in libcrypto (111k).
The problem is that when calling the EVP_BytesToKey() from generateKey () (which is called when creating a CipherKey object), the return code from EVP_BytesToKey() is not checked (it returns 0 probably because md5 digest are too weak for FIPS recommendation).
I believe an exception shall be returned if EVP_BytesToKey() returns 0.
Regards & thank You for this fantastic library,
Hello,
when enabling FIPS on redhat 8.5 or centos stream 8.5 you got a crash in libcrypto (111k).
The problem is that when calling the EVP_BytesToKey() from generateKey () (which is called when creating a CipherKey object), the return code from EVP_BytesToKey() is not checked (it returns 0 probably because md5 digest are too weak for FIPS recommendation).
I believe an exception shall be returned if EVP_BytesToKey() returns 0.
Regards & thank You for this fantastic library,