Adding a few more details as requested by Adrien. I used lxd to run the autopkgtest, in particular:
# Build lxd image /usr/bin/autopkgtest-build-lxd ubuntu-daily:noble # Run autopkgtest -s --apt-pocket=proposed ./openssl_3.0.13-1ubuntu2.dsc -- lxd autopkgtest/ubuntu/noble/amd64 It is quite easy to verify OpenSSL doesn't accidentally enable FIPS mode on non fips_enabled machines. 1. openssl speed will skip non-compliant alorithms in FIPS mode, if it starts with md5 OpenSSL is not in FIPS mode. 2. Using OPENSSL_FORCE_FIPS_MODE=1 FIPS mode can be enforced resulting in an error if the FIPS provider is not installed. Similarly OPENSSL_FORCE_FIPS_MODE=0 can be used to force disable FIPS mode on a fips_enabled kernel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056593 Title: [FFE] FIPS compatibility patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
