Actions
action #100566
closed[sle][security][backlog][feature][ECO] SLE-21212 - QA: FIPS 140-3: make Openssl module ready for certification process
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
New test
Target version:
-
Start date:
2021-10-07
Due date:
% Done:
0%
Estimated time:
40.00 h
Difficulty:
Description
https://jira.suse.com/browse/SLE-21212
Prepare Openssl module for certification process under FIPS 140-3 standards. Make all code changes necessary, in Openssl, to comply with FIPS 140-3 standards to pass the validation process of NIST and obtain the FIPS certificate for the module.
Confirmed platforms:
x86_64 intel
x86_64 AMD
aarch64
s390x zX (exact platform not yet specify)
Platforms under evaluation, pending for confirmation:
IBM Power 9/10
Algorithms:
12 algorithms:
AES
DSA
SHS
DRBG
HMAC
RSA
ECDSA
ECDH
DH
TLS KDF
SSH KDF
IKE KDF
*Note that we identified 13 algorithms at the beginning, including Triple-DES, however we decided to not include it due to its sunset in 2022.
Standards:
The standards to follow are the FIPS 140-3. See:
https://www.atsec.com/wp-content/uploads/2020/11/atsec_FIPS-140-3_vs_140-2.pdf
Actions