Collaborate Disseminate
OpenSSL 3 migration guide doesn’t mention anything about TLSv1 and TLSv1.1
FIPS provider doesn’t mention it as well.
But my understanding is that TLSv1 and TLSv1.1 isn’t supported by FIPS provider as the latter doesn’t implement MD5 which … Continue reading Does OpenSSL 3.0 FIPS support TLSv1 and TLSv1.1?
I’m quite new to the security topic and encryption.
Our software has to comply with FIPS 140-2. I have the following method (C#).
In this case, the algorithm is AES256.
What concerns me, is that we use SHA1 to hash the key. It is acceptabl… Continue reading FIPS 140-2 compliance implementation
To clarify: The FIPS module Security Policy lists using RSA keys for wrap/unwrap. FIPS is a moving target, and the state of the requirements when the CMVP approved module went through the process was such, that a given key’s "usage&… Continue reading Is it (under FIPS) possible to generate a CSR for an asymmetric key with usage=WRAP?
NIST, the National Institute of Standards and Technology, does publish FIPS, the Federal Information Processing Standards Publications.
Does Germany or the European Union have their own standards?
Or do comparable standards at all exist in… Continue reading Do comparable standards like FIPS exist for Germany or the European Union? [duplicate]
Trying to test the conformance of the certificates inside our application, with the below requirement:
The application shall [selection: invoke platform-provided
functionality, implement functionality ] to generate asymmetric
cryptographi… Continue reading Validate the conformance of an OpenSSL created certificate with FIPs standards
We build OpenSSL in FIPS mode, to be used as a DLL. According to the OpenSSL FIPS module (https://www.openssl.org/docs/fips/UserGuide-1.2.pdf), we supply a parameter to the compiler –with-baseaddr=0xFB00000. This parameter allows an integ… Continue reading OpenSSL 1.0.2, for 32 bit FIPS, is doing a base-address verification. Where and how is that implemented?
The standard OpenSSL build with the FIPS option will use a base address for libeay64.dll of 0xFB00000.
Since the FIPS module is not re-locatable, it cannot take part in Address Space Layout Randomization (ASLR),
which is an important part … Continue reading Should using a FIPS capable OpenSSL implementation be avoided?
Does either FIPS 140-2 or FIPS 140-3 certification require USB flash drive’s firmware to be signed so that malicious computer cannot overwrite flash drive’s firmware? e.g. badusb attack.
If I buy any FIPS 140 certified USB flash drive can … Continue reading If I buy any FIPS 140 certified USB flash drive can I be sure that it’s firmware is signed?
With bc-fips-1.0.1 there are below security vulnerabilities
CVE-2018-1000180
CVE-2020-26939
What are the impacts of those two CVE? Are this risks are very critical?
Both are fixed in bc-fips-1.0.2 but this version is degrading performanc… Continue reading bc-fips-1.0.1 security vulnerability, CVE-2018-1000180 and CVE-2020-26939 [closed]
My Challenge
My project has a requirement that we use only FIPS-validated modules to do anything cryptographic, including generating checksums for binaries. We’ve been using the SHA-2 utilities provided by GNU coreutils for a long time to … Continue reading Are GNU coreutils SHA digest functions FIPS-validated (in NIST’s Cryptographic Module Validation Program)?