[openssl-users] Openssl FIPS 186-4 Patch
murugesh pitchaiah
murugesh.pitchaiah at gmail.com
Tue Oct 10 11:33:40 UTC 2017
Hi,
That Redhat/Fedora patch is based on openssl library alone.
But I am using the fips canister approach where i use both openssl and
openssl-fips-ecp libraries.
Though the redhat/fedora patch is OK, it is not straight forward
portable to the canister model.
Any idea of patches available for this kind of fips canister usage ?
Thanks,
Murugesh P.
On 10/10/17, Marcus Meissner <meissner at suse.de> wrote:
> Hi,
>
> On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote:
>> Hi,
>>
>> Thanks for the comment.
>>
>> I know that openSSL is not 186-4 compliant. That is why I am looking
>> for anybody have the patch for the same.
>>
>> I see there are some works in Fedora:
>> http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.1.0-fips.patch
>
> Yes, the FIPS 140-2 patches done by Redhat provide a FIPS 186-3 or 186-4
> enabled
> keygeneration.
>
> There are some small adjustments that could be merged back into the generic
> e.g. RSA key generation.
>
> Ciao, Marcus
>
More information about the openssl-users
mailing list