TeXLive 2019 help when FIPS enabled

Novack, Bryan Bryan.Novack at dynetics.com
Thu May 9 15:14:50 CEST 2019

I'm in the unfortunate position of having to use TeXLive 20190410 on an offline CentOS7 system that is STIG'd meaning FIPS is enabled. I downloaded the offline tarballs and have successfully extracted the files into the correct directory structure. I can even build a pdf using texexec.....when FIPS is disabled. Unfortunately IT requires FIPS be enabled and that is when I receive an error trying to use texexec because under the covers somewhere it is using an MD5 hash for something.

I've done a large amount of scouring of online forums trying to find a workaround and have been unsuccessful thus far. I did some digging in the files contained in the tarballs and found things dealing with Digest::MD5 in tlpkg/TeXLive/TLCrypto.pm. I tried changing that file to use SHA1 but it made no difference.

Here is the exact error I'm receiving:
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

I'm stuck with the machines provided and the IA/IT configuration so I need to find a way to make this work when FIPS is enabled. Any help is greatly appreciated.

Bryan Novack
Dynetics, Inc.
Office: 256.964.4546
bryan.novack at dynetics.com<mailto:bryan.novack at dynetics.com>


The information contained in this message, and any attachments, may contain privileged and/or proprietary information that is intended solely for the person or entity to which it is addressed. Moreover, it may contain export restricted technical data controlled by Export Administration Regulations (EAR) or the International Traffic in Arms Regulations (ITAR). Any review, retransmission, dissemination, or re-export to foreign or domestic entities by anyone other than the intended recipient in accordance with EAR and/or ITAR regulations is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20190509/62d641b5/attachment.html>

More information about the tex-live mailing list