action #89122
closed[sle][security][backlog] fips: add some more openssl tests, dhparam and also s_server/s_client
100%
Description
We have some non working stuff in FIPS mode with openssl.
https://bugzilla.suse.com/show_bug.cgi?id=1182764
OPENSSL_FORCE_FIPS_MODE=1 openssl dhparam -out dhparams_2048.pem 2048
errors with:
..
140657399079360:error:050C90CA:Diffie-Hellman routines:DH_generate_parameters_ex:non FIPS method:crypto/dh/dh_gen.c:31:
can you add a "openssl dhparam 2048" test to the existing fips suite?
Also testing s_client and s_server in FIPS mode with DHE and potentially others.
openssl s_server -key generatedkey -cert generatedcert -dhparam dhparams_2048.pem -cipher DHE
and then connect to localhost:4433 e.g. with
openssl s_client -connect localhost:4443
Updated by tjyrinki_suse about 3 years ago
- Subject changed from fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client
- Start date deleted (
2021-02-25)
Updated by llzhao almost 3 years ago
- Subject changed from [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security][sle15sp4] fips: add some more openssl tests, dhparam and also s_server/s_client
- Category set to New test
- Assignee set to bchou
- Estimated time set to 40.00 h
Updated by bchou almost 2 years ago
- Assignee changed from bchou to rcai
After discussing with Roy, I think we can write some tests on single machine tests in advance. Thank you.
And there are some useful updates from the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1182764
Updated by llzhao almost 2 years ago
- Subject changed from [sle][security][sle15sp4] fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security][backlog] fips: add some more openssl tests, dhparam and also s_server/s_client
Updated by rcai almost 2 years ago
Related bug: https://bugzilla.suse.com/show_bug.cgi?id=1198913
Updated by rcai almost 2 years ago
Pending bug fix and automates it in existing test suite.
Updated by rcai almost 2 years ago
- Status changed from New to Blocked
https://bugzilla.suse.com/show_bug.cgi?id=1198913
https://bugzilla.suse.com/show_bug.cgi?id=1180995
Due to bugs, cannot make manual test succeed.
It blocked automation.
Updated by tjyrinki_suse over 1 year ago
1198913 is fixed, https://bugzilla.suse.com/show_bug.cgi?id=1180995 is still open but there is also very recent progress and a possible fix.
Updated by bchou over 1 year ago
- Assignee deleted (
bchou)
Let's wait for the bug fixes and do the manual test again.
Updated by pstivanin over 1 year ago
- Status changed from Blocked to In Progress
- Assignee set to pstivanin
Updated by pstivanin over 1 year ago
The test will be added to:
- 15-SP5 (all supported archs)
- 15-SP4 (all supported archs)
- 15-SP2 (all supported archs)
Updated by pstivanin over 1 year ago
- % Done changed from 0 to 70
Status update:
- 15-SP5:
- x86_64: PASSED
- s390x: PASSED
- aarch64: PASSED
- 15-SP4:
- x86_64: PASSED
- s390x: PASSED
- aarch64: PASSED
- 15-SP2:
- x86_64: PASSED
- s390x: PASSED
- aarch64: PASSED
Updated by pstivanin over 1 year ago
- % Done changed from 70 to 100
Updated by pstivanin over 1 year ago
- Status changed from In Progress to Resolved