CentOS

The Community ENTerprise Operating System
https://forums.centos.org/

CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

https://forums.centos.org/viewtopic.php?f=51&t=68756

Page 1 of 1

CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Posted: 2018/11/10 13:47:06
by pavandevaraj
Hi,

I am running CentOS 7.5.1804 in FIPS mode. When trying to hash a file using /usr/bin/sha512sum <FILE_NAME>, I get the following error:

sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!
Aborted

I also tried running openssl dgst command. It fails with error:

Error setting digest dgst
139795816437648:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:

Please advice.

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Posted: 2018/11/10 13:55:34
by TrevorH
This appears to explain why it's not allowed:

http://openssl.6102.n7.nabble.com/Low-L ... 54983.html

Not sure why you're trying to use FIPS mode on CentOS though as it's not certified so is effectively meaningless.

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Posted: 2018/11/10 16:04:31
by pavandevaraj
Thanks for the reply. The URL suggests to use EVP_Message_Digests. However, there's nothing I have implemented here and am just using the sha512sum binary provided by coreutils package.

rpm -qf /usr/bin/sha512sum
coreutils-8.22-21.el7.x86_64

I am using openssl version: OpenSSL 1.0.2o-fips

The same call works on CentOS6.7 in FIPS mode. The openssl version is also same on centOS6.7. Not sure what is the problem here.

Re: CentOS 7.5 - FIPS mode - sha512sum hashing fails with openssl error

Posted: 2018/11/10 16:19:51
by TrevorH
I am using openssl version: OpenSSL 1.0.2o-fips
We only support what we ship and we ship openssl 1.0.2k.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited