Hi, We're receiving this assertion at the start of negotiating an SSL connection:
c:\s\15\src\openssl\build\openssl-1.0.2f\crypto\sha\sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode! The last 2 lines of this stack trace shows that we are performing a BIO_read at this point. How can we work around this issue? We're using the self-validated FIPS module and openssl 1.0.2g. glen user32!ZwUserWaitMessage+0xa user32!DialogBox2+0x212 user32!InternalDialogBox+0x132 user32!SoftModalMessageBox+0xee1 user32!MessageBoxWorker+0x2eb user32!MessageBoxTimeoutW+0xba user32!MessageBoxW+0x4e libeay32f!OPENSSL_showfatal+0x25e [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\cryptlib.c @ 979] libeay32f!OpenSSLDie+0x22 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\cryptlib.c @ 1008] libeay32f!SHA1_Init+0x33 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\sha\sha_locl.h @ 128] libeay32f!EVP_DigestInit_ex+0x269 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\evp\digest.c @ 241] libeay32f!EVP_Digest+0x7a [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\evp\digest.c @ 359] libeay32f!ASN1_item_digest+0x6a [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\asn1\a_digest.c @ 107] libeay32f!X509_digest+0x44 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\x509\x_all.c @ 414] libeay32f!x509v3_cache_extensions+0x43 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\x509v3\v3_purp.c @ 407] libeay32f!X509_check_purpose+0x47 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\x509v3\v3_purp.c @ 134] libeay32f!X509_verify_cert+0x180 [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\x509\x509_vfy.c @ 249] ssleay32f!ssl_verify_cert_chain+0x14a [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\ssl_cert.c @ 759] ssleay32f!ssl3_get_server_certificate+0x1bb [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\s3_clnt.c @ 1255] ssleay32f!ssl3_connect+0x258 [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\s3_clnt.c @ 345] ssleay32f!ssl23_get_server_hello+0x44a [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\s23_clnt.c @ 799] ssleay32f!ssl23_connect+0x1f2 [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\s23_clnt.c @ 228] ssleay32f!ssl23_read+0x44 [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\s23_lib.c @ 134] ssleay32f!ssl_read+0x5e [c:\s\15\src\openssl\build\openssl-1.0.2g\ssl\bio_ssl.c @ 167] libeay32f!BIO_read+0xbf [c:\s\15\src\openssl\build\openssl-1.0.2g\crypto\bio\bio_lib.c @ 212] hclftpx!CAsyncSslSocketLayer::OnReceive+0x1a8 [c:\s\15\src\montreal\inc\asyncsslsocketlayer.cpp @ 357]
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
