Re: Error compiling openssh with openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You will need to patch OpenSSH to not call the SHA256_XXX() APIs directly. To work with FIPS enabled, the EVP API must be used for all crypto operations.

--
-Todd Short
// "One if by land, two if by sea, three if by the Internet."

On Jun 11, 2018, at 10:44 AM, Sandeep Deshpande <sandeep.bvb@xxxxxxxxx> wrote:

Thanks for the reply. Our appliance is enabled in FIPS mode by default.
All these days, we were using openssh 6.2 with openssl 0.9.8. 
Now we need to upgrade openssl to 1.0.2j. 
But we would not like to upgrade openssh at this time.

So is there is any other way we can still make it work without disabling FIPS mode ?

Thanks,
Sandeep

On Sat, Jun 9, 2018 at 10:38 AM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:


> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande <sandeep.bvb@xxxxxxxxx> wrote:
>
> We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl.
> When the system in is crypto mode, we are getting the following error when a user logs in :
> "
> OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode "
>
> How do we overcome this without having to upgrade openssh ?

Don't enable FIPS mode.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux