Bug 1660177 - FIPS-140: Tracker for compliance in .NET Core packages
Summary: FIPS-140: Tracker for compliance in .NET Core packages
Keywords:
Status: NEW
Alias: None
Product: dotNET
Classification: Red Hat
Component: rh-dotnet31
Version: 3.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ga
: 5.0
Assignee: Omair Majid
QA Contact: Radka Janek
Kevin Owen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-17 17:29 UTC by David Mulford
Modified: 2020-01-24 15:20 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description David Mulford 2018-12-17 17:29:28 UTC
This bug is a tracker for the FIPS-140 compliance in the Red Hat .NET Core packages. As of now, we've discussed internally with the following summary.

.NET Core calls out to OpenSSL for all but the following crypto algorithms.

  - RSA-PSS
  - RSA-OEAP
  - IDEA

Some work with Microsoft is needed here, as there has been discussions to move more implementations within the .NET framework.

Comment 1 David Mulford 2019-01-23 14:45:19 UTC
Any update on this? The upstream issue [1] seems to also have gone silent, so let me know if there is anything needed from me to push this forward.

[1] https://github.com/dotnet/corefx/issues/29417

Comment 4 Omair Majid 2020-01-24 15:20:45 UTC
.NET Core 2.2 has gone EOL.

I am re-targeting the bug to the latest version, .NET Core 3.1.


Note You need to log in before you can comment on or make changes to this bug.