[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package
Joy Latten
joy.latten at canonical.com
Tue Apr 5 19:12:03 UTC 2016
Short summary of above comments:
- FIPs 140-2 is a U.S. government security standard for crypto. it
involves receiving accreditation for the crypto.
- This patch contains,
- selftest required by FIPs
- defines OPENSSL_FIPS
- a few crypto additions/changes that are constrained by OPENSSL_FIPS define and having to be in fips mode to execute.
This patch does,
- provide the additional code required for FIPs certification
- upon openssl initialization and setup, the selftests will be executed. If a selftest fails, because openssl is not in fips mode,
normal operation should not be interrupted.
- This patch does not
- it does not enable fips mode, thus openssl will run as it normally does
The FIPs patch will not be included into the upstream source. This is a feature to be maintained by Canonical.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1553309
Title:
[FFe]: Include FIPS 140-2 into openssl package
Status in openssl package in Ubuntu:
Confirmed
Bug description:
This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4.
This patchset will :
- add ability to config, compile, run with fips option enabled
- add the selftest files to crypto/fips directory.
- minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled.
The selftest will be initiated externally at this point and not internally.
Hope to have a test package ready early next week.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions
More information about the foundations-bugs
mailing list