[Bug 278469] OpenSSL in the base system is being built incorrectly: resulting in incorrect built/linked providers (fips, legacy, etc)

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 19 Apr 2024 23:47:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278469

            Bug ID: 278469
           Summary: OpenSSL in the base system is being built incorrectly:
                    resulting in incorrect built/linked providers (fips,
                    legacy, etc)
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: ngie@FreeBSD.org

In short...
- There are a variety of objects which are being built with the fips provider
that only apply to the legacy provider.
- A number of non-fips provider sources appear to be incorrectly built with
CFLAGS+= -DFIPS_MODULE.

This results in non-deterministic behavior compared to the upstream provided
version of OpenSSL and the equivalent ports versions of OpenSSL.

There are likely more issues; these are the ones that are known at this time.

This was originally filed with the OpenSSL project as:
https://github.com/openssl/openssl/issues/24202 .

-- 
You are receiving this mail because:
You are the assignee for the bug.