> From an OpenSSL perspective, it looks suspicious to me. We have a lot of 
> hand-written assembly. Additionally, OpenSSL provider model would require 
> building 3rd-party providers with Shadow Stack protection, which will break 
> backward compatibility (currently providers built for OpenSSL 3 work with 
> OpenSSL 4).

annocheck has been flagging missing SHSTK support since RHEL-8, so all
openssl incompatibilities should have been fixed by now.

When it comes to common providers, on an F44 box, I see:

/usr/lib64/ossl-modules/fips.so
      Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/legacy.so
      Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/pkcs11.so
      Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/pkcs11sign.so
      Properties: x86 feature: IBT, SHSTK
/usr/lib64/ossl-modules/tpm2.so
      Properties: x86 feature: IBT, SHSTK

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to