fips

Building OpenSSL FIPS for arm64

﹥>﹥吖頭↗ 提交于 2019-12-11 02:57:51
问题 I've found references for building non-FIPS openssl for arm64 but I need to build the FIPS version. Projects like https://github.com/GotoHack/iOS-openSSL-FIPS build armv7 versions but I can't seem to extend them to arm64. Has anyone successfully done this? I'm using os-x to compile, the target is IOS 回答1: I've found references for building non-FIPS openssl for arm64 but I need to build the FIPS version. You can't at the moment. The platform (iOS, ARM64, A7/A8 chips) has not been validated.

FIPS Capable OpenSSL and `make depend`

坚强是说给别人听的谎言 提交于 2019-12-10 20:56:06
问题 I'm trying to build a FIPS Capable OpenSSL for an iDevice. I'm working with the FIPS 2.0 gear, and the 1.0.1 sources. Step 1 is OpenSSL FIPS Object Module, and it went fairly well. Step 2 is FIPS Capable OpenSSL. To configure FIPS Capable OpenSSL, we perform: ./config -no-dtls --with-fiplibdir=/usr/local/ssl/iphoneos/lib -no-dtls is required because Apple omitted STCP and friends. I don't want to make STCP and DTLS a dependency in this process, so -no-dtls is the obvious choice. In addition,

ASPX pages fail due to FIPS 140 security policy

旧街凉风 提交于 2019-12-10 19:19:43
问题 I am working on a government site and am having some problems with my local security policy interferring with my web application. There is a setting called "System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms" which is enabled on my server. Since that has been enabled, most of my aspx pages are returning the error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." These pages

FIPS validated application with HMAC function based on SHA512?

这一生的挚爱 提交于 2019-12-10 17:17:29
问题 I'm building a FIPS validated application and have the FIPS mode turned on on my computer. I need an HMAC function hopefully based on SHA512. I understand that the HMAC SHA1 function is FIPS validated but I have a hash function SHA512CryptoServiceProvider which is FIPS validated and I know that FIPS does in fact allow for SHA512. Is there a similar HMAC function in C# that does FIPS validated HMAC SHA512? 回答1: There is a HMACSHA512 Class, but it uses the SHA512Managed Class internally, which

Bouncy Castle not working on linux machine

谁说我不能喝 提交于 2019-12-10 11:10:24
问题 I implemented boucnyCastle for fips complaint signature generation and verification, this worked fine on a windows environment but on a linux environment the code is stuck on keypair generation. Following is the code that i have written: public static KeyPair generateKeyPair() throws GeneralSecurityException { KeyPairGenerator keyPair = KeyPairGenerator.getInstance("RSA", "BCFIPS"); keyPair.initialize(new RSAKeyGenParameterSpec(3072, RSAKeyGenParameterSpec.F4)); return keyPair.generateKeyPair

How do I convert from Census FIPS to Lat Lon?

本小妞迷上赌 提交于 2019-12-10 09:43:45
问题 I'm trying to learn some skills in programming (python) by plotting out/manipulating public data sets. Currently, I'm trying to make an interactive population map of the Arctic. I downloaded Alaskan census data from the Alaskan State Department of Labor which gave me population divided by census tract in FIPS (i.e. 0201301090 is Akutan City in the Aleutians East Borough). Is there a way to convert FIPS to Lat Lon or plot by FIPS in python? 回答1: The FIPS code for places in your example (the

Make a Android application use FIPS 140-2 valiated cryptography

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-10 08:09:39
问题 I have client who wants our application to use FIPS 140-2 validated cryptography. The app uses Okhttp and does some HTTPS requests. AFAIK Android uses OpenSSL C library and uses java wrapper javax/net/ssl. Questions: How to make android Application FIPS 140 -2 Complaint? Is it not android at stack(OS) level should use FIPS Compliant OpenSSL, hence all app are default FIPS 140 -2 Compliant? Or our app should use FIPS 140-2 validated cryptography and make java javax/net/ssl to use it? Feasible?

How can I ensure that curl uses openssl, and not nss?

血红的双手。 提交于 2019-12-07 08:44:29
问题 Is it possible to ensure by a configuration parameter, that curl uses OpenSSL, and not NSS to retrieve https content? I need to ensure this, in order to enforce compliance with FIPS140-2, which RHEL6.2 has certified? I think that answer is "no". So I'll ask the follow-up here as well... Can I recompile curl to ensure that it uses libssl and not libnss? I've tried: ./configure --with-ssl --without-nss and I still end up with a curl binary that dynamically links against libnss3.so . [root@fips

Bouncy Castle not working on linux machine

混江龙づ霸主 提交于 2019-12-06 10:17:17
I implemented boucnyCastle for fips complaint signature generation and verification, this worked fine on a windows environment but on a linux environment the code is stuck on keypair generation. Following is the code that i have written: public static KeyPair generateKeyPair() throws GeneralSecurityException { KeyPairGenerator keyPair = KeyPairGenerator.getInstance("RSA", "BCFIPS"); keyPair.initialize(new RSAKeyGenParameterSpec(3072, RSAKeyGenParameterSpec.F4)); return keyPair.generateKeyPair(); } Bouncy Castle First Check if rngd.service (Hardware RNG Entropy Gatherer Daemon) is running on

Unknown cpu type when compiling OpenSSL FIPS Capable libraries for arm64 or arm7s

孤者浪人 提交于 2019-12-06 06:52:59
问题 I can successfully (at least without warnings and with resulting .a files) compile for arm7, x86_64, and i386. When I compile for arm64, I get Unknown cpu type 100000c, no adjustments made . When I compile for arm7s, I get Unknown cpu type 100000c, no adjustments made . The script for those two architectures, which is modified from and uses environment scripts from https://github.com/noloader/openssl-1.0.1i-ios is below including arm7, which works and arm7s and arm64, followed by a log tail
订阅 fips