Public bug reported: In Ubuntu we provide a cryptographic core based on a small set of packages that we FIPS certify [0]. Applications and libraries should not bundle their own crypto code but should use the cryptographic core to benefit from the certification, but also importantly to reduce bugs due to small cryptographic libraries that are not monitored for low level crypto CVEs. This bug is to change libkrb5 to use the openssl crypto code instead of bundling its own on the next ubuntu release.
[0]. https://ubuntu.com/security/fips ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New ** Description changed: In Ubuntu we provide a cryptographic core based on a small set of packages that we FIPS certify [0]. Applications and libraries should not bundle their own crypto code but should use the cryptographic core to benefit from the certification, but also importantly to reduce bugs due to small cryptographic libraries that are not monitored for low level crypto CVEs. This bug is to change libkrb5 to use the openssl crypto - code instead of bundling its own. - + code instead of bundling its own on the next ubuntu release. [0]. https://ubuntu.com/security/fips -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943530 Title: link libkrb5 with openssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1943530/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
