Re: [openssl-users] Error compiling openssh with openssl

On 11/06/2018 18:14, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Monday, June 11, 2018 08:52 So is there is any other way we can still make it work without disabling FIPS mode ? No. The version of

Re: [openssl-users] Error compiling openssh with openssl

You will need to patch OpenSSH to not call the SHA256_XXX() APIs directly. To work with FIPS enabled, the EVP API must be used for all crypto operations. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jun 11, 2018,

Re: [openssl-users] Error compiling openssh with openssl

>This is one of several reasons why FIPS 140-2 is a problem. Unfortunately > the FIPS 140-3 effort seems to be moribund, and I haven't heard anything > about "ISO FIPS" in some time. If I understood what was said at the ICMC conference last month, the FIPS 140-3 plan is to just point to

Re: [openssl-users] Error compiling openssh with openssl

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Monday, June 11, 2018 08:52 > > So is there is any other way we can still make it work without disabling > > FIPS mode ? > No. The version of openssh you are using makes API

Re: [openssl-users] Error compiling openssh with openssl

* So is there is any other way we can still make it work without disabling FIPS mode ? No. The version of openssh you are using makes API calls that are not allowed in FIPS mode. I suspect later versions of OpenSSH also do this, and therefore “FIPS mode openssh” will require some coding

Re: [openssl-users] Error compiling openssh with openssl

Thanks for the reply. Our appliance is enabled in FIPS mode by default. All these days, we were using openssh 6.2 with openssl 0.9.8. Now we need to upgrade openssl to 1.0.2j. But we would not like to upgrade openssh at this time. So is there is any other way we can still make it work without

Re: [openssl-users] Error compiling openssh with openssl

> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande wrote: > > We have compiled and built older version (6.2p2) of openssh with 1.0.2j > version of openssl. > When the system in is crypto mode, we are getting the following error when a > user logs in : > " > OpenSSL internal error, assertion

[openssl-users] Error compiling openssh with openssl

Hi, We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl. When the system in is crypto mode, we are getting the following error when a user logs in : " *OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode " *