Subject: Re: building libssh2 on FIPS enabled system

Re: building libssh2 on FIPS enabled system

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Wed, 14 Aug 2013 18:43:45 +0200

On Wednesday, August 14, 2013 15:07:10 Ján Osuský wrote:
> On Mon, 12 Aug 2013 16:13:07 +0200, Kamil Dudka <kdudka_at_redhat.com> wrote:
> > On Monday, August 12, 2013 16:07:19 Ján Osuský wrote:
> >> Hi,
> >>
> >> I used libssh2 1.4.2.
> >> The failure happened in kex.c in function "diffie_hellman_sha1" there is
> >> part of code: #if LIBSSH2_MD5
> >>
> >> {
> >>
> >> libssh2_md5_ctx fingerprint_ctx;
> >>
> >> libssh2_md5_init(&fingerprint_ctx);
> >> libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
> >>
> >> session->server_hostkey_len);
> >>
> >> libssh2_md5_final(fingerprint_ctx,
> >>
> >> session->server_hostkey_md5); }
> >>
> >> which must not be called when MD5 is not available. That's why I
> >> concentrated on setting properly the "LIBSSH2_MD5".
> >
> > I see. This is believed to be already fixed in libssh2 1.4.3:
> >
> > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=43b730ce
> >
> > Kamil
>
> Sorry, I was not aware of. I confirm that libssh2 1.4.3 works without patch.

Great! Thanks for checking it!

Kamil

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2013-08-14