Project

General

Profile

Actions
Copy link

action #100566

closed

[sle][security][backlog][feature][ECO] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process

Added by bchou over 2 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
New test
Target version:
-
Start date:
2021-10-07
Due date:
% Done:

0%

Estimated time:
40.00 h
Difficulty:
Tags:
fips, featureQA

Description

https://jira.suse.com/browse/SLE-21212

Prepare Openssl module for certification process under FIPS 140-3 standards. Make all code changes necessary, in Openssl, to comply with FIPS 140-3 standards to pass the validation process of NIST and obtain the FIPS certificate for the module.

Confirmed platforms: 

x86_64 intel
x86_64 AMD
aarch64
s390x zX (exact platform not yet specify)

Platforms under evaluation, pending for confirmation:

IBM Power 9/10

Algorithms:

12 algorithms: 

AES
DSA
SHS
DRBG
HMAC
RSA
ECDSA
ECDH
DH
TLS KDF
SSH KDF
IKE KDF

*Note that we identified 13 algorithms at the beginning, including Triple-DES, however we decided to not include it due to its sunset in 2022.

Standards:

The standards to follow are the FIPS 140-3. See:

https://confluence.suse.com/download/attachments/411795603/140-3_SUSE_RA.pdf?version=1&modificationDate=1618334281277&api=v2

https://www.atsec.com/wp-content/uploads/2020/11/atsec_FIPS-140-3_vs_140-2.pdf

https://csrc.nist.gov/projects/fips-140-3-transition-effort

Actions
Copy link
 #1

Updated by bchou over 2 years ago

  • Subject changed from [sle][security][sle15sp4][feature][manual] to [sle][security][sle15sp4][feature][manual] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process
Actions
Copy link
 #2

Updated by bchou about 2 years ago

  • Subject changed from [sle][security][sle15sp4][feature][manual] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process to [sle][security][sle15sp4][feature][ECO] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process
  • Status changed from New to Blocked
  • Estimated time set to 40.00 h

This case will be released after SLE15 SP4 GMC. Set this poo as ECO.

Actions
Copy link
 #3

Updated by llzhao almost 2 years ago

  • Subject changed from [sle][security][sle15sp4][feature][ECO] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process to [sle][security][backlog][feature][ECO] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process
Actions
Copy link
 #4

Updated by tjyrinki_suse over 1 year ago

Development still ongoing, but there is now a package ready for testing and we're enabling testing for 15-SP4.

Actions
Copy link
 #5

Updated by tjyrinki_suse over 1 year ago

  • Status changed from Blocked to In Progress
Actions
Copy link
 #7

Updated by bchou over 1 year ago

  • Status changed from In Progress to New
  • Assignee deleted (bchou)

This poo can be tracked in SP5 too.

Actions
Copy link
 #8

Updated by tjyrinki_suse about 1 year ago

  • Status changed from New to Resolved
Actions
Copy link

Also available in: Atom PDF