> I was not sure of the naming convention for the patches, so I kept the same name as in fedora but used the version of openssl that we were patching.
The patch name is not that important. But it's very important to give the precise URL where you took it from, and that the patch actually matches the patch in that URL. This is the case for some of the patches, but not for openssl-1.0.2g-fips-ec.patch and openssl-1.0.2f-new-fips- reqs.patch, or you took them from a different place than http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/. > I downloaded openssl source rpm and the fips patches were in the SOURCES directory. Ah, I see. But according to git, the fips-ec patch hasn't been changed in Fedora git for a year. Also, I downloaded the exact same srpm and compared patches -- the srpm has the same patches as Fedora git (not surprisingly), and the same differences towards the patches in your package: $ interdiff -p1 fedora/openssl-1.0.2a-fips-ec.patch openssl-1.0.2g/debian/patches/openssl-1.0.2g-fips-ec.patch|diffstat b/crypto/fips/Makefile | 64 --- crypto/ec/ec2_smpl.c | 5 crypto/ec/ec_curve.c | 4 openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c | 456 --------------------- openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c | 486 ----------------------- openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c | 242 ----------- openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c | 165 ------- openssl-1.0.2a/version.map | 4 8 files changed, 1426 deletions(-) $ interdiff -p1 fedora/openssl-1.0.2f-new-fips-reqs.patch openssl-1.0.2g/debian/patches/openssl-1.0.2g-new-fips-reqs.patch|diffstat b/crypto/fips/fips_dh_selftest.c | 6 b/crypto/fips/fips_ecdh_selftest.c | 240 ++++++++++++++++++++++++++++++++++++ b/crypto/fips/fips_ecdsa_selftest.c | 165 ++++++++++++++++++++++++ openssl-1.0.2f/crypto/bn/bn_rand.c | 8 - 4 files changed, 411 insertions(+), 8 deletions(-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package Status in openssl package in Ubuntu: In Progress Bug description: This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. This patchset will : - add ability to config, compile, run with fips option enabled - add the selftest files to crypto/fips directory. - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. The selftest will be initiated externally at this point and not internally. Hope to have a test package ready early next week. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
