[openssl-users] Openssl FIPS 186-4 Patch

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Tue Oct 10 11:33:40 UTC 2017


That Redhat/Fedora patch is based on openssl library alone.
But I am using the fips canister approach where i use both openssl and
openssl-fips-ecp libraries.

Though the redhat/fedora patch is OK, it is not straight forward
portable to the canister model.

Any idea of patches available for this kind of fips canister usage ?

Murugesh P.

On 10/10/17, Marcus Meissner <meissner at suse.de> wrote:
> Hi,
> On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote:
>> Hi,
>> Thanks for the comment.
>> I know that openSSL is not 186-4 compliant. That is why I am looking
>> for anybody have the patch for the same.
>> I see there are some works in Fedora:
>> http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.1.0-fips.patch
> Yes, the FIPS 140-2 patches done by Redhat provide a FIPS 186-3 or 186-4
> enabled
> keygeneration.
> There are some small adjustments that could be merged back into the generic
> e.g. RSA key generation.
> Ciao, Marcus

More information about the openssl-users mailing list