The patchset defines OPENSSL_FIPS in the openssl code. Thus code within "#ifdef OPENSSL_FIPS" gets built for the libcrypto and libssl libraries. However, the libraries don't run in fips mode. The version we certify will. This preliminary step to include the patchset now into 16.04 allows us to do only minor changes to the code for the 16.04 update version to be fips certified. A test package is available at https://launchpad.net/~j-latten/+archive/ubuntu/myppa
Building the test package included running the tests in the openssl's test directory. If any fail, the build would fail. The tests in openssl's test/ directory ran successfully for build of above test package. Successfully installed the package on a VM and ran following tests provided by security team in lp:qa-regression-testing. test-openssl.py test-apache2.py test-apache2-mpm-prefork.py test-wget.py test-ca-certficates.py All were successful. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: Include FIPS 140-2 selftest into openssl package Status in openssl package in Ubuntu: New Bug description: This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. This patchset will : - add ability to config, compile, run with fips option enabled - add the selftest files to crypto/fips directory. - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. The selftest will be initiated externally at this point and not internally. Hope to have a test package ready early next week. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
