Hi, That Redhat/Fedora patch is based on openssl library alone. But I am using the fips canister approach where i use both openssl and openssl-fips-ecp libraries. Though the redhat/fedora patch is OK, it is not straight forward portable to the canister model. Any idea of patches available for this kind of fips canister usage ? Thanks, Murugesh P. On 10/10/17, Marcus Meissner <meissner@xxxxxxx> wrote: > Hi, > > On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote: >> Hi, >> >> Thanks for the comment. >> >> I know that openSSL is not 186-4 compliant. That is why I am looking >> for anybody have the patch for the same. >> >> I see there are some works in Fedora: >> http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.1.0-fips.patch > > Yes, the FIPS 140-2 patches done by Redhat provide a FIPS 186-3 or 186-4 > enabled > keygeneration. > > There are some small adjustments that could be merged back into the generic > e.g. RSA key generation. > > Ciao, Marcus > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
