You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Symcrypt engine and provider are only available when FIPS is enabled. It's found that openssh patch src/openssh.patch/microsoft-symcrypt-fips.patch is doing SCOSSL_ENGINE_Initialize() during ssh_libcrypto_init(). Sonic design will take FIPS images when FIPS is supported.
With this design even when FIPS is disabled on the chassis, openssh will still make SCOSSL_ENGINE_Initialize(). It does not seems to break any openssh feature through.
Recommend solution is to remove microsoft-symcrypt-fips.patch from openssh. Openssl already has patches to initialize Symcrypt provider and engine when FIPS is enabled. That should be enough.
The text was updated successfully, but these errors were encountered:
Symcrypt engine and provider are only available when FIPS is enabled. It's found that openssh patch src/openssh.patch/microsoft-symcrypt-fips.patch is doing SCOSSL_ENGINE_Initialize() during ssh_libcrypto_init(). Sonic design will take FIPS images when FIPS is supported.
With this design even when FIPS is disabled on the chassis, openssh will still make SCOSSL_ENGINE_Initialize(). It does not seems to break any openssh feature through.
Recommend solution is to remove microsoft-symcrypt-fips.patch from openssh. Openssl already has patches to initialize Symcrypt provider and engine when FIPS is enabled. That should be enough.
The text was updated successfully, but these errors were encountered: