Project

General

Profile

action #100566

[sle][security][sle15sp4][feature][manual] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process

Added by bchou about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
New test
Target version:
-
Start date:
2021-10-07
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

https://jira.suse.com/browse/SLE-21212

Prepare Openssl module for certification process under FIPS 140-3 standards. Make all code changes necessary, in Openssl, to comply with FIPS 140-3 standards to pass the validation process of NIST and obtain the FIPS certificate for the module.

Confirmed platforms:

x86_64 intel
x86_64 AMD
aarch64
s390x zX (exact platform not yet specify) 

Platforms under evaluation, pending for confirmation:

IBM Power 9/10

Algorithms:

12 algorithms:

AES
DSA
SHS
DRBG
HMAC
RSA
ECDSA
ECDH
DH
TLS KDF
SSH KDF
IKE KDF

*Note that we identified 13 algorithms at the beginning, including Triple-DES, however we decided to not include it due to its sunset in 2022.

Standards:

The standards to follow are the FIPS 140-3. See:

https://confluence.suse.com/download/attachments/411795603/140-3_SUSE_RA.pdf?version=1&modificationDate=1618334281277&api=v2

https://www.atsec.com/wp-content/uploads/2020/11/atsec_FIPS-140-3_vs_140-2.pdf

https://csrc.nist.gov/projects/fips-140-3-transition-effort

History

#1 Updated by bchou about 2 months ago

  • Subject changed from [sle][security][sle15sp4][feature][manual] to [sle][security][sle15sp4][feature][manual] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process

Also available in: Atom PDF