The patchset defines OPENSSL_FIPS in the openssl code. Thus code within "#ifdef OPENSSL_FIPS" gets built for the libcrypto and libssl libraries. However, the libraries don't run in fips mode. The version we certify will. This preliminary step to include the patchset now into 16.04 allows us to do only minor changes to the code for the 16.04 update version to be fips certified. A test package is available at https://launchpad.net/~j-latten/+archive/ubuntu/myppa
Building the test package included running the tests in the openssl's test directory. If any fail, the build would fail. The tests in openssl's test/ directory ran successfully for build of above test package. Successfully installed the package on a VM and ran following tests provided by security team in lp:qa-regression-testing. test-openssl.py test-apache2.py test-apache2-mpm-prefork.py test-wget.py test-ca-certficates.py All were successful. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: Include FIPS 140-2 selftest into openssl package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
