sshd fails to start with FIPS selftest failure

This document (7017949) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)

Situation

Attempting to start sshd returns the following:

Starting SSH daemonfips.c(154): Openssl internal error, assertion Failed: FATAL FIPS SELFTEST FAILURE

startproc: signal catched /usr/sbin/sshd: Aborted

The command cat /proc/cmdline shows that fips is not included on kernel command line.
The command cat /proc/sys/crypto/fips_enabled returns 0.
The command rpm -qa| grep openssl shows:

libopenssl0_9_8-hmac-0.9.8j-0.70.1
openssl-doc-0.9.8j-0.70.1lib
openssl0_9_8-0.9.8j-0.89.1.lib
openssl0_9_8-32bit-0.9.8j-0.89.1.lib
openssl0_9_8-hmac-32bit-0.9.8j-0.70.1
openssl-0.9.8j-0.89.1

Resolution

Upgrade the following files to version 0.9.8j-0.89 and then restart sshd:

rpm -Uvh libopenssl0_9_8-hmac-0.9.8j-0.89.1
rpm -Uvh openssl-doc-0.9.8j-0.89.1lib
rpm -Uvh openssl0_9_8-hmac-32bit-0.9.8j-0.89.1

Cause

The openssl file versions of 0.9.8j-0.70.1 are incompatible with version 0.9.8j-0.89.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.