On Wed 2018-05-02 18:25:22, Theodore Y. Ts'o wrote: > On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote: > > > > It is a Fedora patch we're carrying > > https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23 > > so yes, it is a Fedora specific use case. > > From talking to the libgcrypt team, this is a FIPS mode requirement > > to run power on self test at the library constructor and the self > > test of libgrcypt ends up requiring a fully seeded RNG. Citation > > is in section 9.10 of > > https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf > > Forgive me if this is a stupid question, but does Fedora need FIPS > compliance? Or is this something which is only required for RHEL?
If RHEL needs it, Fedora needs it, too -- as Fedora is a beta test for
RHEL.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
