According to the README-FIPS.txt file (/usr/share/doc/packages/openssl/README-FIPS.txt) the openssl package includes [FONT=Courier New]libopenssl0_9_8-hmac[/FONT]. I’ve found reference to this being a separate RPM, but I’m unable to find it in the repositories.
The latest RPMs I have installed from the repositories are:
[FONT=Courier New]openssl-0.9.8j-0.50.1
libopenssl0_9_8-0.9.8j-0.50.1
libopenssl-devel-0.9.8j-0.50.1[/FONT]
Will the hmac RPM be added to the repositories?
Will it be updated to 0.50?
When I compile our apps & libraries I’d like to link to the FIPS certified module.
the openssl package includes [FONT=Courier New]libopenssl0_9_8-hmac[/FONT]. I’ve found reference to this being a separate RPM, but I’m unable to find it in the repositories.
I see them in the regular update repositories:
[CODE]jmozdzen@myhost:~> zypper se -s libopenssl0_9_8-hmac
Daten des Repositorys laden …
Installierte Pakete lesen …
would it be possible for you to switch to using a SLES build system? Once you install/register the SDK, much of what you need to build packages ought to be available - and an exact match of what you need for your live server.
Of course, you might try to install the according SLES packages on your SLED system. As I have never had to deal with SLED, I cannot tell what works and what doesn’t, sorry I can’t help with experience here.
However, in the past, all the packages we needed to develop and build software for SLE was available on our SLED workstations. Running SLES was overkill and unnecessary (from a cost perspective too). I’m assuming that the hmac packages never got pushed to the SLED updates repositories. There is absolutely ZERO mention of these being SLES only. Which means they ought to be available from SLED repositories for our developers.
[QUOTE]This update adds libopenssl0_9_8-hmac packages, that, when
installed, will enforce FIPS 140-2 self-test being run
upon first use of the library.
[…] Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
[…]
SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-libopenssl-devel-6521[/QUOTE]
Could you please check if this solves your problem?
best I can do is go ask someone from SuSE - but that may take “a day or two” until I receive a reply. I’ll post an update once I know more
Regards,
Jens[/QUOTE]
Apologies to chime in this late in the game.
I had promised Jens to report back here some time ago already, but things came in between.
The official answer is that this is not an oversight.
This appears to be described a little awkward I agree.
The libopenssl0_9_8-hmac files are required just for FIPS, and there’s no plan currently to enable FIPS on SLED.
They are not required for generic SSL development.
So if you would require to develop FIPS on SLED, you need to get the SLES packages, they should install just fine.
If you would require FIPS support on SLED, I would suggest you send me a direct email at hvdheuvel [at] novell [dot] com with your details.
I can and will bring this to the attention of the appropriate product manager for SUSE Linux Enterprise Desktop.
