As reported on the forum: https://forums.gentoo.org/viewtopic-t-1107190-highlight-.html Linux kernel currently is bugged when LibreSSL is used and refuses to support anything higher than SHA1 for module signing. Since SHA1 is mostly considered insecure and prone to collision attacks it is pretty typical to use SHA256. See URL for current upstream bug. The patch there is currently lying around in limbo for the past few months, so until they get around to landing, it should be included in Gentoo if libressl is used. Reproducible: Always Expected Results: Kernel should build with LibreSSL supporting SHA256/512 etc.
Created attachment 657348 [details, diff] sign-file: full functionality with modern LibreSSL Patch from upstream kernel.org
I tend to reject this patch. There's a reason why upstream did not accept the patch. Also, current stable libressl version in Gentoo is > /var/tmp/portage/dev-libs/libressl-3.1.3/image/usr/include/openssl/opensslv.h:#define LIBRESSL_VERSION_NUMBER 0x3010300fL so we do not really need this patch.
(In reply to Thomas Deutschmann from comment #2) > > so we do not really need this patch. For some reason compiling with module signing >=SHA256 still fails on latest stable kernel and latest stable LibreSSL for me. Same error.
The process to remove libressl form gentoo has been initiated and is tracked at: Bug 762847 - dev-libs/libressl: Removal