OpenSSL FIPS for 1.1.x

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL FIPS for 1.1.x

Vijay Chander
Hi,

This link here below only seems to talk about 1.0.x
https://wiki.openssl.org/index.php/FIPS_Library_and_Android

Is there a wiki for openssl fips for openssl-1.1.0x ?

Thanks,
-vijay
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL FIPS for 1.1.x

Matt Caswell-2


On 10/08/2020 16:01, Vijay Chander wrote:
> Hi,
>
> This link here below only seems to talk about 1.0.x
> https://wiki.openssl.org/index.php/FIPS_Library_and_Android
>
> Is there a wiki for openssl fips for openssl-1.1.0x ?

There is no FIPS module for the 1.1.x series. We are currently working
on a new module which will be integrated into OpenSSL 3.0 (i.e. its all
one download, not two separate ones)

Matt

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL FIPS for 1.1.x

Vijay Chander

Thank you Matt.

Our FIPS compliance vendor is recommending the following for openssl 1.1 from Oracle.
 
https://github.com/oracle/solaris-userland/tree/master/components/openssl/openssl-fips-140/fipscanister-dev/patches

Thanks,
-vijay

On Mon, Aug 10, 2020 at 8:08 AM Matt Caswell <[hidden email]> wrote:


On 10/08/2020 16:01, Vijay Chander wrote:
> Hi,
>
> This link here below only seems to talk about 1.0.x
> https://wiki.openssl.org/index.php/FIPS_Library_and_Android
>
> Is there a wiki for openssl fips for openssl-1.1.0x ?

There is no FIPS module for the 1.1.x series. We are currently working
on a new module which will be integrated into OpenSSL 3.0 (i.e. its all
one download, not two separate ones)

Matt

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL FIPS for 1.1.x

Matt Caswell-2
On 10/08/2020 16:25, Vijay Chander wrote:
>
> Thank you Matt.
>
> Our FIPS compliance vendor is recommending the following for openssl 1.1
> from Oracle.
>  
> https://github.com/oracle/solaris-userland/tree/master/components/openssl/openssl-fips-140/fipscanister-dev/patches

I can't comment on those patches because I know nothing about them. But
there is no official module from the OpenSSL Project that works with
1.1.x and certainly not one covered by our FIPS certificates. Its
possible that third parties have their own modules and certificates - I
don't know. But if so you'd have to seek guidance from those third parties.

Matt

>
> Thanks,
> -vijay
>
> On Mon, Aug 10, 2020 at 8:08 AM Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 10/08/2020 16:01, Vijay Chander wrote:
>     > Hi,
>     >
>     > This link here below only seems to talk about 1.0.x
>     > https://wiki.openssl.org/index.php/FIPS_Library_and_Android
>     >
>     > Is there a wiki for openssl fips for openssl-1.1.0x ?
>
>     There is no FIPS module for the 1.1.x series. We are currently working
>     on a new module which will be integrated into OpenSSL 3.0 (i.e. its all
>     one download, not two separate ones)
>
>     Matt
>
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL FIPS for 1.1.x

Vijay Chander
Cool. Thanks.

On Mon, Aug 10, 2020 at 9:09 AM Matt Caswell <[hidden email]> wrote:
On 10/08/2020 16:25, Vijay Chander wrote:
>
> Thank you Matt.
>
> Our FIPS compliance vendor is recommending the following for openssl 1.1
> from Oracle.
>  
> https://github.com/oracle/solaris-userland/tree/master/components/openssl/openssl-fips-140/fipscanister-dev/patches

I can't comment on those patches because I know nothing about them. But
there is no official module from the OpenSSL Project that works with
1.1.x and certainly not one covered by our FIPS certificates. Its
possible that third parties have their own modules and certificates - I
don't know. But if so you'd have to seek guidance from those third parties.

Matt

>
> Thanks,
> -vijay
>
> On Mon, Aug 10, 2020 at 8:08 AM Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 10/08/2020 16:01, Vijay Chander wrote:
>     > Hi,
>     >
>     > This link here below only seems to talk about 1.0.x
>     > https://wiki.openssl.org/index.php/FIPS_Library_and_Android
>     >
>     > Is there a wiki for openssl fips for openssl-1.1.0x ?
>
>     There is no FIPS module for the 1.1.x series. We are currently working
>     on a new module which will be integrated into OpenSSL 3.0 (i.e. its all
>     one download, not two separate ones)
>
>     Matt
>