Hi, given the point this was posted in 2011, i hope this is resolved and i can get some help with my problem! I have a similar problem with openssl 1.0.1c compiled with FIPS 2.0.2 and OPENSSH 6.1p1. Here is the debug mode of sshd with aes256-ctr cipher
FIPS mode initialized debug1: inetd sockets after dupping: 3, 3 Connection from 127.0.0.1 port 51395 debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1 Debian-6+squeeze1 debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.1 debug1: permanently_set_uid: 101/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] aes_misc.c(73): OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS mode! debug1: do_cleanup Any help is highly appreciated. Also i read in some threads that i have to use EVPs. How to use them? Is there a related patch? Thanks. -- View this message in context: http://openssl.6102.n7.nabble.com/AES-key-wrap-feature-unavailable-in-FIPS-mode-OpenSSL-tp18237p44865.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
