Symcrypt engine and provider are only available when FIPS is enabled. It's found that openssh patch src/openssh.patch/microsoft-symcrypt-fips.patch is doing SCOSSL_ENGINE_Initialize() during ssh_libcrypto_init(). Sonic design will take FIPS images when FIPS is supported.
With this design even when FIPS is disabled on the chassis, openssh will still make SCOSSL_ENGINE_Initialize(). It does not seems to break any openssh feature through.
Recommend solution is to remove microsoft-symcrypt-fips.patch from openssh. Openssl already has patches to initialize Symcrypt provider and engine when FIPS is enabled. That should be enough.
Symcrypt engine and provider are only available when FIPS is enabled. It's found that openssh patch src/openssh.patch/microsoft-symcrypt-fips.patch is doing SCOSSL_ENGINE_Initialize() during ssh_libcrypto_init(). Sonic design will take FIPS images when FIPS is supported.
With this design even when FIPS is disabled on the chassis, openssh will still make SCOSSL_ENGINE_Initialize(). It does not seems to break any openssh feature through.
Recommend solution is to remove microsoft-symcrypt-fips.patch from openssh. Openssl already has patches to initialize Symcrypt provider and engine when FIPS is enabled. That should be enough.