Page MenuHomeFreeBSD
Differential D46223

openssl: Remove fips module from base system.
ClosedPublic
Actions

Authored by gordon on Aug 4 2024, 9:31 PM.
Tags
None
Referenced Files
F94595905: D46223.diff
Tue, Sep 17, 7:49 PM
Unknown Object (File)
Sat, Sep 14, 3:55 PM
Unknown Object (File)
Fri, Sep 13, 12:53 AM
Unknown Object (File)
Wed, Sep 11, 4:12 PM
Unknown Object (File)
Tue, Sep 10, 11:14 PM
Unknown Object (File)
Sun, Sep 8, 9:38 PM
Unknown Object (File)
Sat, Sep 7, 10:29 PM
Unknown Object (File)
Tue, Sep 3, 1:15 PM
View All 16 Files
Subscribers
imp
ngie

Details

Reviewers
emaste
Commits
rG3d8501d90e24: openssl: Remove fips module from base system.
rG86dd740dd73a: openssl: Remove fips module from base system.
Summary

To comply with FIPS 140 guidance, you must be using a specifically
validated and approved version of the fips module. Currently, only
OpenSSL 3.0.8 and 3.0.9 have been approved by NIST for FIPS 140
validation. As such, we need to stop shipping later versions of the
module in the base system.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

gordon created this revision.Aug 4 2024, 9:31 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 4 2024, 9:31 PM
gordon requested review of this revision.Aug 4 2024, 9:31 PM
Harbormaster completed remote builds in B58938: Diff 141811.Aug 4 2024, 9:31 PM
gordon added a reviewer: emaste.Aug 4 2024, 9:32 PM

Not sure who else to get this reviewed by, but we should stop shipping fips.so.

This revision was not accepted when it landed; it landed in state Needs Review.Sat, Aug 31, 4:28 PM
Closed by commit rG86dd740dd73a: openssl: Remove fips module from base system. (authored by gordon). · Explain Why
This revision was automatically updated to reflect the committed changes.
gordon added a commit: rG86dd740dd73a: openssl: Remove fips module from base system..
ngie added a subscriber: ngie.Wed, Sep 4, 8:27 PM

Thank you for doing this!

gordon added a commit: rG3d8501d90e24: openssl: Remove fips module from base system..Sat, Sep 7, 4:18 AM

Revision Contents
Changeset List

PathSize
3 lines
secure/
lib/
libcrypto/
modules/
2 lines
fips/

Diff 142645

View Options

ObsoleteFiles.inc

Loading...
View Options

secure/lib/libcrypto/modules/Makefile

Loading...
View Options

secure/lib/libcrypto/modules/fips/Makefile

Loading...