[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Joy Latten joy.latten at canonical.com
Thu Apr 14 16:47:54 UTC 2016


Hi Martin,
I also ran an interdiff  when I re-factored  to ensure alignment with original fedora patches. 2 or 3 of them  did not apply cleanly, for various reasons, so I had to make very small changes. I also named each patch in debian/patches to be same as in fedora.

For  interdiff of 
openssl-1.0.2g-fips.patch, for some reason "Configure" shows up in diff yet I did not make any changes to patch. Visually compared to make sure code is the same and no regression.
openssl-1.0.2a-fips-ec.patch, we do not ship a "version.map" file, so when applying patch it prompts for location of file... so I removed it. So will show up in diff.
openssl-1.0.2a-fips-ctor.patch failed to apply altogether, because it is looking for a line of code that contains "secure_getenv" and not "getenv". upstream has "getenv" for that line of code, but fedora must have other patches applied before this one that changes it to "secure_getenv". So I corrected and this will show up in interdiff.

Corrected Origin in all the patches from fedora.

Hope this is all ok.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1553309

Title:
  [FFe]: Include FIPS 140-2 into openssl  package

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. 
  This patchset will :
   - add ability to config, compile, run with fips option enabled
   - add the selftest files to crypto/fips directory. 
   - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. 
   
  The selftest will be initiated externally at this point and not internally.
  Hope to have a test package ready early next week.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions



More information about the foundations-bugs mailing list