> -----Original Message-----
> From: HTCondor-users [
mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
> Of ade kc
> Sent: Wednesday, July 06, 2016 2:03 PM
> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> Subject: Re: [HTCondor-users] condor and FIPS issue
[...]
> In condor MasterLog, here's what the stack dump log looks like
>
>
>
>
> Stack dump for process 14412 at timestamp 1467830633 (17 frames)
> /usr/lib64/condor/libcondor_utils_8_2_9.so(dprintf_dump_stack+0x12d)[0x7f69
> 70aad4dd]
> /usr/lib64/condor/libcondor_utils_8_2_9.so(_Z18linux_sig_coredumpi+0x40)[0x
> 7f6970c10a10]
> /lib64/libpthread.so.0(+0xf710)[0x7f696c7c2710]
> /lib64/libc.so.6(gsignal+0x35)[0x7f696c451625]
> /lib64/libc.so.6(abort+0x175)[0x7f696c452e05]
> /usr/lib64/libcrypto.so.10(+0x69f7f)[0x7f696dd3ef7f]
> /usr/lib64/libcrypto.so.10(MD5_Init+0x49)[0x7f696dd456e9]
I believe the problem here is that MD5 is not a FIPS approved algorithm, and therefore any application that depends on it is likely out of compliance. It seems their solution is to dump core just to make sure you notice. :)
HTCondor currently does rely on the MD5 algorithm. It's on my plate to add SHA256 support, but until then I'm afraid we will not be FIPS compliant. (And there may be other issues as well, as FIPS compliance isn't something we have formally looked at.)
Cheers,
-zach
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/