[CentOS-devel] snmp walk not working in FIPS compliant algorithms

Fri May 24 18:14:18 UTC 2019
Jim Perrin <jperrin at centos.org>

Hi,

This sort of email is probably best sent to the main list, as it's not
about the building of CentOS. The main list has many more subscribers
and you may get a faster answer there.

On 5/22/19 9:14 PM, Maheshwari, Shagun wrote:
> Hi,
> 
>  
> 
> When we attempt to do SNMP walk v3 in CentOS7 when its FIPS enabled, we
> get the below error: 
> 
> *aes_misc.c(74): OpenSSL internal error, assertion failed: Low level API
> call to cipher AES forbidden in FIPS mode!* 
> 
> FIPS support SHA and AES. This error is coming internally and it needs
> changes from rpm level. When we try the same scenario in RHEL 6 servers,
> we don’t get this error and we get output successfully. 
> 
> The SNMP rpm we use is 
> net-snmp-5.7.2-28.el7.x86_64 
> 

This package is out of date. The current version is -37, and may solve
your issue. I'd recommend updating and checking if you can reproduce the
issue with the current version.



-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77