fips

问题 Currently. I have to create client application to connect IBM MQ server which only support TLS. After google a lot. I know the JDK used have to support FIPS. Any one can help with how to set it up on Linux server? 回答1: You're right. FIPS is not supported as default in Oracle JDK. Download JCE from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html Put the extracted jars to %JAVA_HOME%/jre/lib/security. But these jars are just interface. Install NSS as an FIPS

问题 I am doing build for FIPS Object Module and FIPS compatible OpenSSL using openssl-fips-ecp-2.0.9 and openssl-1.0.1j respectively. Out of which FIPS one compiled successfully. But as per User Guide adding fips option with ./config is giving error: march=mips32 -fomit-frame-pointer -Wall -Ifips/openssl-fips-ecp-2.0.9/include -DSHA1_ASM -DSHA256_ASM -DAES_ASM -c -o o_fips.o o_fips.c o_fips.c:60:26: fatal error: openssl/fips.h: No such file or directory compilation terminated. make[6]: *** [o

问题 The SSL / TLS handshake between a "Java 1.7 TLS 1.1 server" and a "Java 1.8 client" fails in my environment with the following exception on the server side: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips Following are the details of the server and the client in my environment: Server: The server uses Java 1.7u45 and is running in FIPS 140 compliant mode as mentioned in http://docs.oracle.com/javase/7/docs/technotes/guides

问题 I am running Visual Studio 2008 Version 9.0.30729.1 SP with .NET 3.5 SP 1 under Windows XP Pro Version 2002 SP 3 with an Intel Core 2 Duo E8400 3 GHz processor. I am developing a C# WPF application that uses the Microsoft Patterns & Practices group's Composite Application Library (CAL). I am getting the following compliation error in XAML: "MC1000: This implementation is not part of the Windows platform FIPS validated cryptographic algorithms." I have found a hotfix that is supposed to fix

问题 I am trying to implement the FIPS_mode and FIPS_mode_set functions in Python's ssl module since those are not present by default. A patch for Python 3.4 has already been submitted and rejected due to various using reasons. Using that patch as an inspiration, i made some modifications and added the following code in ssl.py : try: from _ssl import FIPS_mode, FIPS_mode_set except ImportError: pass And the following code in _ssl.c : #define EXPORT_FIPSMODE_FUNCS #ifdef EXPORT_FIPSMODE_FUNCS

问题 I'm trying to compile OpenSSL with the FIPS module for armv7, armv7s and arm64. The scripts I am using are https://github.com/virtru/iOS-openSSL-FIPS/tree/develop however, this script errors out with Undefined symbols for architecture armv7: "_FIPS_ec_group_new_curve_gf2m", referenced from: _EC_GROUP_new_curve_GF2m in libcrypto.a(ec_cvt.o) "_fips_ec_gf2m_simple_method", referenced from: _EC_GF2m_simple_method in libcrypto.a(ec2_smpl.o) ld: symbol(s) not found for architecture armv7 I have

问题 I've read (but not tested) that Isolated Storage uses Sha1Managed, which is not FIPS-compliant? Is that accurate, and can anything be done to use Isolated Storage on a FIPS-compliant WinXP SP2 box? I've seen mention of "Isolated Storage" within both the ClickOnce and Silverlight spaces. I'd appreciate an informed answer regarding either (or both!). 回答1: Yes, Isolated Storage does use SHA1Managed internally, which is not FIPS compliant. You will get an exception thrown from within the

问题 Does Erlang 19.x compliant FIPS? Or it needs to be built? How can we build FIPS enable erlang and once build is there, is there some mechanism to verify it? When search erlang documentation, there is no mention of FIPS http://erlang.org/doc/search/?q=fips&x=0&y=0. But when search the github repo of erlang there are quit a referance to fips https://github.com/erlang/otp/search?p=2&q=fips&type=&utf8=%E2%9C%93 回答1: FIPS 140-2 support was merged into the master branch in this pull request. It is

问题 The issue is if you enforce FIPS validated cryptography in the Windows security policy settings, an exception will be thrown because RADIUS protocol uses the MD5 algorithm to hash the request authenticator. There is not an alternative MD5 algorithm that is FIPS validated so it does not appear any code implementation of RADIUS would be possible on a machine providing FIPS validated cryptography. Does this mean RADIUS is mutually exclusive with FIPS validation? The code implements the RADIUS

问题 I am creating a keyed SHA256 hash using HMACSHA256 with the following code: HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey); byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data)); string hashResult = string.Empty; for (int i = 0; i < hash.Length; i++) { hashResult += hash[i].ToString("x2"); // hex format } This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not