On 05. 05. 2023. 15:46, Bagas Sanjaya wrote:
On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
Hi Bagas,
I seem to have run into a dead end with this.
OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
BTF [M] net/nsh/nsh.ko
BTF [M] net/hsr/hsr.ko
make -f ./Makefile ARCH=x86 KERNELRELEASE=6.3.0+ intdeb-pkg
sh ./scripts/package/builddeb
INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
At main.c:170:
- SSL error:1E08010C:DECODER routines::unsupported:
../crypto/encode_decode/decoder_lib.c:101
I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
library to `/tmp/openssl` and specify
`KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
Am I missing something?
Dear Mr. Bagas,
I have mistakenly deleted the
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
to
CONFIG_MODULE_SIG_KEY=""
so I got these strange errors, which made me believe that OpenSSL 3.0.1
disabled some encryptions and hashes.
I suspected it was the problem with the FIPS mode not installed in the
stock Ubuntu 22.04 LTS library, but I have to admit before so many
people that it was this stupid mistake which I found out by looking up
Debian config.
IOW, false alarm.
Ubuntu config with FIPS mode OpenSSL 3.1.0 works, however, I have
rebuilt with the default OpenSSL 3.0.1 and the error was bisected to the
missing .PEM.
Best regards,
Mirsad
