[openssl-users] Error compiling openssh with openssl

Short, Todd tshort at akamai.com
Mon Jun 11 18:01:40 UTC 2018

You will need to patch OpenSSH to not call the SHA256_XXX() APIs directly. To work with FIPS enabled, the EVP API must be used for all crypto operations.

-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Jun 11, 2018, at 10:44 AM, Sandeep Deshpande <sandeep.bvb at gmail.com<mailto:sandeep.bvb at gmail.com>> wrote:

Thanks for the reply. Our appliance is enabled in FIPS mode by default.
All these days, we were using openssh 6.2 with openssl 0.9.8.
Now we need to upgrade openssl to 1.0.2j.
But we would not like to upgrade openssh at this time.

So is there is any other way we can still make it work without disabling FIPS mode ?


On Sat, Jun 9, 2018 at 10:38 AM, Viktor Dukhovni <openssl-users at dukhovni.org<mailto:openssl-users at dukhovni.org>> wrote:

> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande <sandeep.bvb at gmail.com<mailto:sandeep.bvb at gmail.com>> wrote:
> We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl.
> When the system in is crypto mode, we are getting the following error when a user logs in :
> "
> OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode "
> How do we overcome this without having to upgrade openssh ?

Don't enable FIPS mode.


openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=CWhX-q3QUS_vzMnQf34oGSuK7cOZkzUMz8LqhTQNmxM&s=KZktgcWyDdc5hW87YGjfdSY-0FapGOnJnYP6IQ_3H9Q&e=>

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180611/5b71cc54/attachment.html>

More information about the openssl-users mailing list