Investigating
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2 hashlib
Status in python2.7 package in Ubuntu:
Triaged
Bug d
The assessment is accurate.
FIPS 140-2 does not allow MD5 except for use in PRF.
Thus the OpenSSL_add_all_digests in fips openssl does not include MD5.
However, SSL_library_init() does include MD5 but only for use in calculating
the PRF. Notice in tls1_P_hash() in ssl/t1_enc.c
the flag, EVP_MD
Like python3, python2 should check the return value of EVP_DigestInit.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2 hashlib
Upon looking at the source for both python2.7 and python3.5 in xenial,
neither checks the return value from EVP_DigestInit in
Modules/_hashopenssl.c file.
However, python3.6 (in bionic, cosmic and disco) does have the check.
So the check will need to be backported to python 2.7 and python 3.5 in
The 2.7 and 3.5 python packages in the security proposed PPA have been
successfully tested in a fips and non-fips xenial environment.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.
version of package verified on artful,
ubuntu@artfulguest:~$ dpkg -l | grep util-linux
ii util-linux 2.30.1-0ubuntu4.1
amd64miscellaneous system utilities
--
You received this bug notification because you are a member of Ubunt
Generated an artful VM and verified that this is fixed in artful.
ubuntu@artfulguest:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="17.10 (Artful Aardvark)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.10"
VERSION_ID="17.10"
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.c
Sorry, comment #13 had a cut-and-paste issue.
log message is,
type=USYS_CONFIG msg=audit(1511898182.500:184): pid=3305 uid=0 auid=1000 ses=2
msg='op=change-system-time exe="/sbin/hwclock" hostname=artfulguest addr=?
terminal=pts/0 res=success'
--
You received this bug notification because you
** Tags added: verification-done-artful
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1722313
Title:
Enable auditing in util-linux.
Status in util-linux package in Ub
Verified on xenial on a P8 and a z13 zlpar.
>From P8:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/";
SUPPORT_URL="http://help.ubuntu.com/";
BUG_REPORT_URL="http
verified successfully in amd64 VM for zesty.
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="17.04 (Zesty Zapus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.04"
VERSION_ID="17.04"
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.
Summary of analysis of the autopkgtest failures listed for this SRU in
http://people.canonical.com/~ubuntu-archive/pending-sru.html
For Xenial regressions:
1. In xenial, the failing testcases had been skipped in prior versions and not
run.
i.e. "SKIP Test requires machine-level isolation but te
Summary of analysis of the autopkgtest failures listed for his SRU in
http://people.canonical.com/~ubuntu-archive/pending-sru.html
For Artful regressions:
1. dpdk (s390x), ocfs2-tools (s390x), lxcfs(s390x), ori(s390x),
network-manager(s390x), lxd(s390x)
These all have failing testcases that wer
Update on Artful regression analysis from comment #22.
1. Same as in comment #22. Hopefully these can be ignored as they were
for xenial.
2. Same as in comment #22. tests passed in different runs as stated
above. When the failures occurred, was because of time outs while
waiting for something. Fa
** Attachment removed: "debdiff of version 3.3 and 3.4~joyppa2"
https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/4966026/+files/debdiff.out
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-
** Attachment added: "debdiff.xenial"
https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006617/+files/debdiff.xenial
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https:
** Attachment added: "debdiff.artful"
https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006620/+files/debdiff.artful
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https:
** Attachment added: "debdiff.zesty"
https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006619/+files/debdiff.zesty
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://
Build logs and test runs can be found in PPA at,
https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+packages
Please note, the versioning of the packages are incorrect in PPA, my
apologies. I did them correctly in the debdiff for each release that I
have attached.
Comment #3 just contains the
** Changed in: util-linux (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1722313
Title:
[SRU][xenial] Enable auditing in util
** Attachment added: "debdiff.bionic"
https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006681/+files/debdiff.bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https:
I have also submitted a patch against recent debian version of this
package to Debian. Just in case, I also noted in the debian bug thread
the following:
- util-linux package is Priority: required and the libaudit1 package is
Priority: optional.
Possibly this is no longer a problem in reference t
** Summary changed:
- [SRU][xenial] Enable auditing in util-linux.
+ Enable auditing in util-linux.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1722313
Title:
Enabl
Public bug reported:
[IMPACT]
There is a requirement for Common Criteria EAL2 certification that changes to
the system's hardware clock be audited/monitored. In Ubuntu the hwclock command
can be used to alter the system's hardware clock. Thus this event needs to be
audited for EAL2. The hwclock
** Description changed:
[IMPACT]
There is a requirement for Common Criteria EAL2 certification that changes to
the system's hardware clock be audited/monitored. In Ubuntu the hwclock command
can be used to alter the system's hardware clock. Thus this event needs to be
audited for EAL2. The
build log and tests run
https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/13375821
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1722313
Title:
[SRU][xenia
** Attachment added: "EAL hwclock testcase"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+attachment/4966040/+files/test_hwclock.bash
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubunt
Comment #3 Should have read "Common Criteria EAL2 hwclock testcase".
** Description changed:
[IMPACT]
There is a requirement for Common Criteria EAL2 certification that changes to
the system's hardware clock be audited/monitored. In Ubuntu the hwclock command
can be used to alter the system
** Bug watch added: Debian Bug tracker #745771
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745771
** Also affects: util-linux (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745771
Importance: Unknown
Status: Unknown
--
You received this bug notification beca
** Summary changed:
- [SRU][xenial] Add "--with-audit" config option so that the hwclock command
creates an audit record when the hardware clock is altered.
+ [SRU][xenial] Enable auditing in util-linux.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packa
** Description changed:
[IMPACT]
- There is a requirement for Common Criteria EAL2 certification that changes to
the system's hardware clock be audited/monitored. In Ubuntu the hwclock command
can be used to alter the system's hardware clock. Thus this event needs to be
audited for EAL2. The
Investigating.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265
Title:
[fips] Not fully initialized digest segfaulting some client
applications
Status in openssl
It seems 2 things are happening to generate this issue
1.fips-openssl in bionic has md5 and md5_sha1 in fips digest list with
explicit purpose of accommodating PRF use only in fips mode. But you
must pass the flag, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to successfully use
them.
2. ntpq does not check re
Also, this is only applicable in bionic. Neither xenial nor focal
experience this issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265
Title:
[fips] Not fully ini
I added return checks to ntpq code and this appears to solve the
problem. Is it ok to make this an SRU?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265
Title:
[fips
Build log:
https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/19570468
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265
Title:
[fips] Not fully initializ
debdiff for bionic
** Attachment added: "debdiff.bionic"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1884265/+attachment/5391374/+files/debdiff.bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in
** Description changed:
- In FIPS mode on Bionic MD5 is semi-disabled causing some applications to
- segfault.
+ [Impact]
+ In FIPS mode on Bionic MD5 is semi-disabled causing some applications to
segfault.
+ ntpq uses crypto hashes to authenticate its requests. By default it appears
to use a
** Description changed:
[Impact]
In FIPS mode on Bionic MD5 is semi-disabled causing some applications to
segfault.
- ntpq uses crypto hashes to authenticate its requests. By default it appears
to use an internal md5 implementation. However, when compiled with openssl it
creates a lists
Testing:
There are no autopkgtests for ntp pkg and we do not run "make check" in
the tests dir as part of the build. So, just in case it is applicable, I
ran make check on my local build to ensure everything passes.
** Attachment added: "Results of running make check in ../tests directory"
ht
Additional testing for ntpq authentication to ensure MD5 still works for
ntpq in archive
NOTE: The shown testing is ntpq(with patch) + openssl from archive. To ensure
all still works.
Testing with ntpq + fips-openssl was also done successfully.
VM-A (ntp server)
1. Edit /etc/ntp.keys to inclu
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Joy Latten (j-latten)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265
Title:
[fips] Not fu
** Summary changed:
- [fips] Not fully initialized digest segfaulting some client applications
+ [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to open
** Description changed:
[Impact]
In FIPS mode on Bionic MD5 is semi-disabled causing some applications to
segfault.
ntpq uses crypto hashes to authenticate its requests. By default it uses
md5. However, when compiled with openssl it creates a lists of
acceptable hashes from openssl t
Hi Seth and Christian,
I did a smartcard setup and confirmed I did not have to use anything
from pcsc-tools. And pcsc-tools seem to depend on libpcsc-perl, so won't
need pcsc-perl either.
My "sudo apt install opensc" pulled in libccid, libpcslite1, opensc-
pkcs11 and pcscd binary packages. I only
pcscd is required. When removed, I am not able to get any info from the
driver about the reader or the smartcard. pcscd loads the smartcard
driver and coordinates communications.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
pcsc-lite source package provides pcscd and libpcsclite1 and thus is
needed for smartcard deployment.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559
Title:
[MIR]
Public bug reported:
The fix for #1835135 was not included into the python2.7 update. This
bug has been opened to include it.
** Affects: python2.7 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded pack
** Also affects: python2.7 (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu
** Description changed:
- The fix for #1835135 was not included into the python2.7 update. This
- bug has been opened to include it.
+ The fix for #1835135 was included into a python2.7 ver when python2.7
+ was updated, the fix was not included. It needs to be put pack into the
+ latest version pf
This bug appears to have been fixed in an update. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/b
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/7
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/100
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/7
This is most likely fixed via pcscd starting from systemd in current
releases. Closing this since it has had no activity and has eol.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
This was fixed in subsequent release. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1
This bug was not applicable to pcsc-lite package. Closing since no
activity and eol.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https:/
Fixed in subsequent release. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1700104
Title
This bugreport has had no activity and has eol. Closing.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1
Is this still an issue? Changing to incomplete.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/153
Hi, Is this still an issue? Changing the status to incomplete.
** Changed in: pcsc-lite (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchp
Hi, Is this still an issue? Changing the status to incomplete.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net
Hi, Is this still an issue? Changing the status to incomplete.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net
Hi, Is this still an issue? Changing the status to incomplete.
** Changed in: pcsc-lite (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net
This has been fixed in bionic. Already fixed in xenial.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1898078
Title:
FIPS OpenSSL crashes Python2.7 hashlib when using M
ak/util-linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
** Affects: util-linux (Ubuntu)
Importance: High
Assignee: Joy Latten (j-latten)
Status: New
** Changed in: util-linux (Ubuntu)
Importance: Undecided => Medium
** Changed in: util-linux (Ubuntu)
Importance: Medium
** Description changed:
+ [IMPACT]
+ hwclock reports incrorect status in audit message
+
+ hwclock calls audit_log_user_message(3) to create an audit entry.
audit_log_user_message(3) result 1 is "success" and 0 is
"failed", hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse
- sta
Build log
https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/18795481
** Bug watch added: Debian Bug tracker #953065
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953065
** Also affects: util-linux (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953065
Impo
** Attachment added: "debdiff for focal"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5333544/+files/debdiff.focal
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
http
** Also affects: util-linux (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865504
Title:
hwclock reports in
The debdiff for focal
** Attachment removed: "debdiff for focal"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5333544/+files/debdiff.focal
** Attachment added: "debdiff.focal"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/53
** Also affects: util-linux (Ubuntu Eoan)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865504
Title:
hwclock reports inco
Mauricio,
Thank you so much for handling. Much appreciated. I took a quick look at the
above #15 and #16 and perhaps a retry may be beneficial... there were some
timeouts...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to u
Successful verification on amd64 for eaon
$ dpkg -l | grep util-linux
ii util-linux 2.34-0.1ubuntu2.4
amd64miscellaneous system utilities
Audit records found in /var/log/audit/audit.log,
type=USYS_CONFIG msg=audit(1584463433.533:68): pid=4
Successful verification on amd64 for bionic
$ dpkg -l | grep util-linux
ii util-linux2.31.1-0.4ubuntu3.6
amd64miscellaneous system utilities
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DI
** Tags added: verification-done-eoan
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865504
Title:
hwclock reports incorrect s
Public bug reported:
This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest
into the openssl package in preparation for the FIPS 140-2 compliance for
16.0.4.
This patchset will :
- add ability to config, compile, run with fips option enabled
- add the selftest files t
I tested this on 1.0.2g-1ubuntu4.3 using the openssl_fips_test.c that
was attached. And all worked as expected and I received the expected
error message. Thus verifying this issue has been resolved in 1.0.2g-
1ubuntu4.3,
--
You received this bug notification because you are a member of Ubuntu
Tou
I tested version 1.0.2g-1ubuntu4.3 with the death.c program from the
upstream openssl bug ticket 4559 and confirmed this problem is now
resolved.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.
Investigating.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1594748
Title:
CRYPTO_set_mem_functions() is broken
Status in OpenSSL:
Unknown
Status in openssl package i
Public bug reported:
Package: openssl-1.0.2g-1ubuntu4.1
Distro: xenial
The openssl contains incomplete fips patches. In light that the fips is
incomplete and will not be completed in the main archive and they are
impacting customers, they should be withdrawn. See lp bugs 1593953,
1591797, 1594748
Marcelo and I took a look at this...
o_init.c in openssl has following constructor, introduced for fips.
void __attribute__ ((constructor)) OPENSSL_init_library(void)
OPENSSL_init_library() when OPENSSL_FIPS is defined, calls
RAND_init_fips() which eventually calls RAND_poll() which calls
time(NU
I forgot to add, we will file a bug with Debian to pick up this commit.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1613658
Title:
OPENSSL_init_library () crash in conj
I purposely cleared this error message from the queue so that no one would be
distracted or thwarted by the addition of the fips code while it is a work in
progress and not complete. FIPS_module_mode_set() at this point will always
fail and return an error code.
But yes, I see in your test prog
Will definitely remove clearing the error as we continue completing the
code.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1588524
Title:
FIPS_mode_set reports incorrect
This is a FIPS 140-2 requirement.
The FIPS_mode_set(1) in init_fips_mode() called from OPENSSL_init_library is to
satisfy the FIPS 140-2, Section 4.9 requirement that power-up selftest be run
when the module is powered-up. This must be done regardless of whether the
module is to be run in FIPS m
Looking into this...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1593953
Title:
EC_KEY_generate_key() causes FIPS self-test failure
Status in openssl package in Ubuntu
Looking into this...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1594748
Title:
CRYPTO_set_mem_functions() is broken
Status in openssl package in Ubuntu:
New
Bug de
Ok, this is also "broken" or an issue in upstream openssl 1.0.2 when
OPENSSL_FIPS is defined.
See, https://rt.openssl.org/Ticket/Display.html?id=4559#txn-68189 or
http://rt.openssl.org/Ticket/Display.html?id=4559
** Bug watch added: OpenSSL RT #4559
http://rt.openssl.org/Ticket/Display.html?i
** Also affects: openssl via
http://rt.openssl.org/Ticket/Display.html?id=4559
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs
Just as a note, the fips mode is not enabled in 1.0.2g-1ubuntu4.1. But
OPENSSL_FIPS is defined and its codes compiled in. Thus in
OPENSSL_init_library(), the RAND_init_fips() is included in.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is s
Waiting to see upstream commit/fix for this since this is an issue in
the upstream openssl code when OPENSSL_FIPS is defined.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1
** Summary changed:
- Include FIPS 140-2 selftest into openssl package
+ [FFe]: Include FIPS 140-2 selftest into openssl package
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/
attaching debdiff
** Patch added: "Patch to include fips selftest and fips support to openssl"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+attachment/4602623/+files/openssl_1.0.2g-1ubuntu3~ppa2.debdiff
--
You received this bug notification because you are a member of Ubu
The patchset defines OPENSSL_FIPS in the openssl code. Thus code within "#ifdef
OPENSSL_FIPS" gets built for the libcrypto and libssl libraries. However, the
libraries don't run in fips mode. The version we certify will.
This preliminary step to include the patchset now into 16.04 allows us to
Overview
-
FIPS 140-2 is a U.S. Government computer security standard to accredit
cryptographic modules. The certification process validates and certifies the
crypto within the module or used by the module.
Canonical is pursuing FIPS 140-2 certification for several modules in
1
** Changed in: openssl (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1553309
Title:
[FFe]: Include FIPS 140-2 into openssl
Short summary of above comments:
- FIPs 140-2 is a U.S. government security standard for crypto. it
involves receiving accreditation for the crypto.
- This patch contains,
- selftest required by FIPs
- defines OPENSSL_FIPS
- a few crypto additions/changes that are constrained by OPENS
1 - 100 of 119 matches
Mail list logo
