Error compiling openssh with openssl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Error compiling openssh with openssl

Sandeep Deshpande
Hi,

We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl. 
When the system in is crypto mode, we are getting the following error when a user logs in :
"
OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode " 

How do we overcome this without having to upgrade openssh ? 

Thanks,
Sandeep

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

Viktor Dukhovni


> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande <[hidden email]> wrote:
>
> We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl.
> When the system in is crypto mode, we are getting the following error when a user logs in :
> "
> OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode "
>
> How do we overcome this without having to upgrade openssh ?

Don't enable FIPS mode.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

Sandeep Deshpande
Thanks for the reply. Our appliance is enabled in FIPS mode by default.
All these days, we were using openssh 6.2 with openssl 0.9.8. 
Now we need to upgrade openssl to 1.0.2j. 
But we would not like to upgrade openssh at this time.

So is there is any other way we can still make it work without disabling FIPS mode ?

Thanks,
Sandeep

On Sat, Jun 9, 2018 at 10:38 AM, Viktor Dukhovni <[hidden email]> wrote:


> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande <[hidden email]> wrote:
>
> We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl.
> When the system in is crypto mode, we are getting the following error when a user logs in :
> "
> OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode "
>
> How do we overcome this without having to upgrade openssh ?

Don't enable FIPS mode.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

OpenSSL - User mailing list

 

  • So is there is any other way we can still make it work without disabling FIPS mode ?

 

No.  The version of openssh you are using makes API calls that are not allowed in FIPS mode. I suspect later versions of OpenSSH also do this, and therefore “FIPS mode openssh” will require some coding work.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Salz, Rich via openssl-users
> Sent: Monday, June 11, 2018 08:52

> >  So is there is any other way we can still make it work without disabling FIPS mode ?

> No.  The version of openssh you are using makes API calls that are not allowed in FIPS mode. I suspect
> later versions of OpenSSH also do this, and therefore “FIPS mode openssh” will require some coding work.

The OP should also note this also implies this is an issue in OpenSSH, not OpenSSL. OpenSSL is working properly. FIPS 140-2 has various requirements, and OpenSSH is violating one of them.

And, further, note that even if there were a way to suppress this check without disabling FIPS mode, that would be pointless. A product that uses non-FIPS cryptography cannot claim FIPS validation or "FIPS Inside" (which is the claim that only FIPS-validated cryptography is used). Consequently, such a product doesn't meet the FIPS requirement, for customers who have such a requirement; and there's little or no other benefit to FIPS.

So, since you can't claim FIPS Inside while using OpenSSH, it seems your choices are: 1) disable FIPS mode and do not claim FIPS Inside; 2) find a commercial SSH implementation that is FIPS-validated, if there is such a thing; or 3) as Rich suggested, modify OpenSSH to only use FIPS-allowed APIs, which I suspect would not be trivial (but I haven't looked into it).

This is one of several reasons why FIPS 140-2 is a problem. Unfortunately the FIPS 140-3 effort seems to be moribund, and I haven't heard anything about "ISO FIPS" in some time.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

OpenSSL - User mailing list
>    This is one of several reasons why FIPS 140-2 is a problem. Unfortunately the FIPS 140-3 effort seems to be moribund, and I haven't heard anything about "ISO FIPS" in some time.
 
If I understood what was said at the ICMC conference last month, the FIPS 140-3 plan is to just point to the ISO FIPS-equivalent spec.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

OpenSSL - User mailing list
In reply to this post by Sandeep Deshpande
You will need to patch OpenSSH to not call the SHA256_XXX() APIs directly. To work with FIPS enabled, the EVP API must be used for all crypto operations.

--
-Todd Short
// "One if by land, two if by sea, three if by the Internet."

On Jun 11, 2018, at 10:44 AM, Sandeep Deshpande <[hidden email]> wrote:

Thanks for the reply. Our appliance is enabled in FIPS mode by default.
All these days, we were using openssh 6.2 with openssl 0.9.8. 
Now we need to upgrade openssl to 1.0.2j. 
But we would not like to upgrade openssh at this time.

So is there is any other way we can still make it work without disabling FIPS mode ?

Thanks,
Sandeep

On Sat, Jun 9, 2018 at 10:38 AM, Viktor Dukhovni <[hidden email]> wrote:


> On Jun 9, 2018, at 1:35 PM, Sandeep Deshpande <[hidden email]> wrote:
>
> We have compiled and built older version (6.2p2) of openssh with 1.0.2j version of openssl.
> When the system in is crypto mode, we are getting the following error when a user logs in :
> "
> OpenSSL internal error, assertion failed: Low level API call to digest SHA256 forbidden in FIPS mode "
>
> How do we overcome this without having to upgrade openssh ?

Don't enable FIPS mode.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Error compiling openssh with openssl

Jakob Bohm-7
In reply to this post by Michael Wojcik
On 11/06/2018 18:14, Michael Wojcik wrote:
>> From: openssl-users [mailto:[hidden email]] On Behalf Of Salz, Rich via openssl-users
>> Sent: Monday, June 11, 2018 08:52
>>>   So is there is any other way we can still make it work without disabling FIPS mode ?
>> No.  The version of openssh you are using makes API calls that are not allowed in FIPS mode. I suspect
>> later versions of OpenSSH also do this, and therefore “FIPS mode openssh” will require some coding work.
> The OP should also note this also implies this is an issue in OpenSSH, not OpenSSL. OpenSSL is working properly. FIPS 140-2 has various requirements, and OpenSSH is violating one of them.
>
> And, further, note that even if there were a way to suppress this check without disabling FIPS mode, that would be pointless. A product that uses non-FIPS cryptography cannot claim FIPS validation or "FIPS Inside" (which is the claim that only FIPS-validated cryptography is used). Consequently, such a product doesn't meet the FIPS requirement, for customers who have such a requirement; and there's little or no other benefit to FIPS.
Note that what seems to be violated here is not the FIPS requirements as
such, but the OpenSSL-specific rule that the older crypto functions are
not directed to the FIPS blob, just outright rejected.  In this case,
that the more easy to use SHA256 OpenSSL 1.0.x API isn't forwarded to
the FIPS validated SHA256 implementation.

I don't know if FIPS-enabled OpenSSL 0.9.8 forwarded those calls to the
old FIPS validated implementation or just left the non-FIPS implementation
available by accident.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users