pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: llvm build fail when Linux kernel/openssl in FIPS 140-2 compliance mode

On Mon, Jun 28, 2021 at 11:26:55AM -0400, Peter Lai wrote:
> Can someone point me to the appropriate upstream forum to resolve llvm
> not building when OpenSSL is in FIPS mode? The build script attempts
> to invoke md5 function which is linked to OpenSSL on Linux and that is
> not a FIPS 140-2 certified hash function. Maybe Iain, as you're in
> .gov-space?

We had bug reports for libarchive after overeager efforts to rip out
"insecure" hash functions. There is a major difference between using MD5
to implement HMAC or as part of a TLS connection and using it as a plain
(portable) hash function. The way it is handled in OpenSSL is completely BS and
just about the worst possible way to do it.


Home | Main Index | Thread Index | Old Index