Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode

To: Pkgsrc Users <pkgsrc-users%netbsd.org@localhost>
Subject: Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Mon, 28 Jun 2021 23:48:30 +0200

On Mon, Jun 28, 2021 at 11:26:55AM -0400, Peter Lai wrote:
> Can someone point me to the appropriate upstream forum to resolve llvm
> not building when OpenSSL is in FIPS mode? The build script attempts
> to invoke md5 function which is linked to OpenSSL on Linux and that is
> not a FIPS 140-2 certified hash function. Maybe Iain, as you're in
> .gov-space?

We had bug reports for libarchive after overeager efforts to rip out
"insecure" hash functions. There is a major difference between using MD5
to implement HMAC or as part of a TLS connection and using it as a plain
(portable) hash function. The way it is handled in OpenSSL is completely BS and
just about the worst possible way to do it.

Joerg

Follow-Ups:
- Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
  - From: Peter Lai

References:
- llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
  - From: Peter Lai

Prev by Date: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
Next by Date: Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
Previous by Thread: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
Next by Thread: Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode
Indexes:

Home | Main Index | Thread Index | Old Index