> From an OpenSSL perspective, it looks suspicious to me. We have a lot of
> hand-written assembly. Additionally, OpenSSL provider model would require
> building 3rd-party providers with Shadow Stack protection, which will break
> backward compatibility (currently providers built for OpenSSL 3 work with
> OpenSSL 4).
annocheck has been flagging missing SHSTK support since RHEL-8, so all
openssl incompatibilities should have been fixed by now.
When it comes to common providers, on an F44 box, I see:
/usr/lib64/ossl-modules/fips.so
Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/legacy.so
Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/pkcs11.so
Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/pkcs11sign.so
Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/tpm2.so
Properties: x86 feature: IBT, SHSTK
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new