search

maaaaz / androwarn

Yet another static code analyzer for malicious Android applications
GNU Lesser General Public License v3.0
477 stars 159 forks source link

androwarn segfault in FIPS mode #5

Open jhumphries opened 11 years ago

jhumphries commented 11 years ago

the updates that were made here: SHA: 6b9845bf4e2b66bbcba435596aa7083ffbd60b9c

cause an error on RHEL6 boxes with FIPS-compliant mode active. In this mode md5 is not allowed, and forces androwarn to segfault.

The most direct fix is the following:

in apk.py line 47:

md5 = hashlib.md5()

update to

md5 = hashlib.md5(usedforsecurity=False)

this has been noted in the commit as well.

maaaaz commented 5 years ago

Hello @jhumphries,

Can you test the latest version with a pip install androwarn and tell me if the FIPS bug is still valid ?

Best regards.