Project

General

Profile

Actions

Misc #19608

closed

Being a co-maintainer of the ruby/openssl for the OpenSSL FIPS mode

Added by jaruga (Jun Aruga) over 1 year ago. Updated over 1 year ago.


Description

Motivation and context

Recently I have been working for the ruby/openssl to support OpenSSL 3 FIPS mode such as sending pull-requests and reporting issues to the OpenSSL project. The related issue ticket is here.

Currently a challenge of the ruby/openssl is that it doesn't work well on the OpenSSL FIPS mode, and I want ruby/openssl to work on it by adding the OpenSSL 3 FIPS mode case to the CI, and by adding more FIPS related unit tests and features. To solve this challenge, I would like to be a co-maintainer of the ruby/openssl for the FIPS mode related things. What do you think?

What is FIPS mode?

For someone who is interested in knowing the FIPS mode. Let me share the related documents below. In my understanding, FIPS mode is a security policy developed by US government. In some cases, the shipped Linux OS systems need to follow this policy. And OpenSSL has a feature to enable the FIPS mode. The README is here. And there can be FIPS specific issues in the ruby/openssl with the OpenSSL FIPS mode enabled.

FIPS related documents:

Past FIPS related issue tickets

As a reference, I just found some old issue tickets below. It is about OpenSSL 1.0 and 1.1 FIPS mode.

Actions #1

Updated by jaruga (Jun Aruga) over 1 year ago

  • Description updated (diff)

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

  • Status changed from Open to Assigned
  • Assignee set to matz (Yukihiro Matsumoto)

+1

I'll support @jaruga (Jun Aruga) if you need extra permissions of our resources.

Updated by jaruga (Jun Aruga) over 1 year ago

@hsbt (Hiroshi SHIBATA) thanks for your help!

Everyone, any other comments?

Actions #4

Updated by jaruga (Jun Aruga) over 1 year ago

  • Description updated (diff)

Updated by jaruga (Jun Aruga) over 1 year ago

For someone who is interested in how to debug the ruby/openssl with OpenSSL 3 FIPS mode, I created a document about the topic below.

https://hackmd.io/@jaruga/ryDnksRm2

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

In Dev Meeting 5/10 at Matsumoto, no one objects this proposal.

Updated by jaruga (Jun Aruga) over 1 year ago

Thank you for discussing the topic in the meeting.
I started to work as a co-maintainer of the ruby/openssl for the FIPS mode.

Actions #8

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

  • Status changed from Assigned to Closed

Thank you. If you have any issue, please notify me.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0