CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Support for security such as Firewalls and securing linux
Post Reply
pavandevaraj
Posts: 2
Joined: 2018/11/10 13:30:03

CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Post by pavandevaraj » 2018/11/10 13:47:06

Hi,

I am running CentOS 7.5.1804 in FIPS mode. When trying to hash a file using /usr/bin/sha512sum <FILE_NAME>, I get the following error:

sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!
Aborted


I also tried running openssl dgst command. It fails with error:

Error setting digest dgst
139795816437648:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:


Please advice.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Post by TrevorH » 2018/11/10 13:55:34

This appears to explain why it's not allowed:

http://openssl.6102.n7.nabble.com/Low-L ... 54983.html

Not sure why you're trying to use FIPS mode on CentOS though as it's not certified so is effectively meaningless.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

pavandevaraj
Posts: 2
Joined: 2018/11/10 13:30:03

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Post by pavandevaraj » 2018/11/10 16:04:31

Thanks for the reply. The URL suggests to use EVP_Message_Digests. However, there's nothing I have implemented here and am just using the sha512sum binary provided by coreutils package.

rpm -qf /usr/bin/sha512sum
coreutils-8.22-21.el7.x86_64

I am using openssl version: OpenSSL 1.0.2o-fips

The same call works on CentOS6.7 in FIPS mode. The openssl version is also same on centOS6.7. Not sure what is the problem here.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Post by TrevorH » 2018/11/10 16:19:51

I am using openssl version: OpenSSL 1.0.2o-fips
We only support what we ship and we ship openssl 1.0.2k.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply