thr3ads.net - samba - [Samba] Is samba FIPS compliant ? Can it be build with openssl ? [Oct 2018]

If this information is useful, please help other people find it:
Share via:

Tompkins, Michael

2018-Oct-02 18:47 UTC

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?

Thanks for the quick reply Jeremy. 

We have other FIPS compliant libraries, which check for, and ensure the proper
FIPS compliant algorithms are used. Is  there a link option to specify this kind
of library ?

~ Mike

-----Original Message-----
From: Jeremy Allison <jra at samba.org> 
Sent: Tuesday, October 2, 2018 2:08 PM
To: Tompkins, Michael <Michael.Tompkins at xerox.com>
Cc: samba at lists.samba.org; USA Xerox Samba <USA.Xerox.Samba at
xerox.com>
Subject: Re: [Samba] Is samba FIPS compliant ? Can it be build with openssl ?

On Tue, Oct 02, 2018 at 05:50:35PM +0000, Tompkins, Michael via samba
wrote:> I'm checking back in to see if samba is FIPS compliant, as in using
FIPS compliant algorithms ? Can it be built with openssl, which is FIPS
compliant ?  We're currently running 4.7.5. Please let me know.
FIPS certification is expensive and time-consuming, and no Open Source project
that I know of has ever complied.

Having said that, individual vendors have gotten FIPS certification for specific
versions of their product, Red Hat being one. As Red Hat ships by default with
Samba, I think we're probably *able* to be FIPS certifiable, but you're
going to have to do the actual FIPS certification work yourself :-).

Cheers,

	Jeremy.

Jeremy Allison

2018-Oct-02 19:07 UTC

head link

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?

On Tue, Oct 02, 2018 at 06:47:40PM +0000, Tompkins, Michael via samba
wrote:> Thanks for the quick reply Jeremy. 
> 
> We have other FIPS compliant libraries, which check for, and ensure the
proper FIPS compliant algorithms are used. Is  there a link option to specify
this kind of library ?
Nope, sorry. Patches welcome though :-).

Andrew Bartlett

2018-Oct-10 04:55 UTC

head link

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?

On Tue, 2018-10-02 at 12:07 -0700, Jeremy Allison via samba
wrote:> On Tue, Oct 02, 2018 at 06:47:40PM +0000, Tompkins, Michael via samba
wrote:
> > Thanks for the quick reply Jeremy. 
> > 
> > We have other FIPS compliant libraries, which check for, and ensure
the proper FIPS compliant algorithms are used. Is  there a link option to
specify this kind of library ?
> 
> Nope, sorry. Patches welcome though :-).
Specifically, we are trying to move to using GnuTLS for all our crypto,
but are hampered by lack of some of the algorithms we use and the need
for CPU acceleration.  This is being worked on from time to time, and
what we use is tracked in lib/crypto/REQUIREMENTS.

This will be a long road, but patches to have us use GnuTLS for more
things will be seriously considered. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

samba - Oct 2018 - Is samba FIPS compliant ? Can it be build with openssl ?

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?

[Samba] Is samba FIPS compliant ? Can it be build with openssl ?