www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: building libssh2 on FIPS enabled system

Re: building libssh2 on FIPS enabled system

From: Ján Osuský <Jan.Osusky_at_iblsoft.com>
Date: Wed, 14 Aug 2013 15:07:10 +0200

On Mon, 12 Aug 2013 16:13:07 +0200, Kamil Dudka <kdudka_at_redhat.com> wrote:

> On Monday, August 12, 2013 16:07:19 Ján Osuský wrote:
>> Hi,
>>
>> I used libssh2 1.4.2.
>> The failure happened in kex.c in function "diffie_hellman_sha1" there is
>> part of code: #if LIBSSH2_MD5
>> {
>> libssh2_md5_ctx fingerprint_ctx;
>>
>> libssh2_md5_init(&fingerprint_ctx);
>> libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
>> session->server_hostkey_len);
>> libssh2_md5_final(fingerprint_ctx,
>> session->server_hostkey_md5); }
>>
>> which must not be called when MD5 is not available. That's why I
>> concentrated on setting properly the "LIBSSH2_MD5".
>
> I see. This is believed to be already fixed in libssh2 1.4.3:
>
> http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=43b730ce
>
> Kamil
>

Sorry, I was not aware of. I confirm that libssh2 1.4.3 works without patch.

JanO
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2013-08-14

the libssh2 team