1660177 – FIPS-140: Tracker for compliance in .NET Core packages

Bug 1660177 - FIPS-140: Tracker for compliance in .NET Core packages

Summary: FIPS-140: Tracker for compliance in .NET Core packages

Keywords:
Status:	NEW
Alias:	None
Product:	dotNET
Classification:	Red Hat
Component:	rh-dotnet31
Sub Component:
Version:	3.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ga
Target Release:	5.0
Assignee:	Omair Majid
QA Contact:	Radka Gustavsson
Docs Contact:	Kevin Owen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-17 17:29 UTC by David Mulford
Modified:	2020-01-24 15:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description David Mulford 2018-12-17 17:29:28 UTC

This bug is a tracker for the FIPS-140 compliance in the Red Hat .NET Core packages. As of now, we've discussed internally with the following summary.

.NET Core calls out to OpenSSL for all but the following crypto algorithms.

  - RSA-PSS
  - RSA-OEAP
  - IDEA

Some work with Microsoft is needed here, as there has been discussions to move more implementations within the .NET framework.

Comment 1 David Mulford 2019-01-23 14:45:19 UTC

Any update on this? The upstream issue [1] seems to also have gone silent, so let me know if there is anything needed from me to push this forward.

[1] https://github.com/dotnet/corefx/issues/29417

Comment 4 Omair Majid 2020-01-24 15:20:45 UTC

.NET Core 2.2 has gone EOL.

I am re-targeting the bug to the latest version, .NET Core 3.1.

Note You need to log in before you can comment on or make changes to this bug.