All Questions
21 questions
1vote
0answers
120views
Does openssl3.1 support UEFI target with FIPS enabled?
I am trying to build openssl 3.1 in FIPS mode for the UEFI target. But the config option enable-fips as defined in the documentation does not define the flag FIPS_MODULE for UEFI targets. Also, I ...
- 111
1vote
0answers
799views
How can I FIPS enable openssl3 on yocto linux?
I'm running yocto linux, which has openssl3 installed. I manually compiled the openssl FIPS module (fips.so), generated the fipsmodule.cnf file, and modified my openssl.cnf to use it. I know FIPS is ...
- 11
3votes
2answers
3kviews
Does OpenSSL 3.0 FIPS support TLSv1 and TLSv1.1?
OpenSSL 3 migration guide doesn't mention anything about TLSv1 and TLSv1.1 FIPS provider doesn't mention it as well. But my understanding is that TLSv1 and TLSv1.1 isn't supported by FIPS provider as ...
0votes
0answers
313views
Validate the conformance of an OpenSSL created certificate with FIPs standards
Trying to test the conformance of the certificates inside our application, with the below requirement: The application shall [selection: invoke platform-provided functionality, implement ...
1vote
2answers
246views
Are GNU coreutils SHA digest functions FIPS-validated (in NIST's Cryptographic Module Validation Program)?
My Challenge My project has a requirement that we use only FIPS-validated modules to do anything cryptographic, including generating checksums for binaries. We've been using the SHA-2 utilities ...
- 113
2votes
0answers
321views
Fingerprint mismatch only for 32-bit DLL linked statically to FIPS Capable OpenSSL
Appreciate any help on the following. Built OpenSSL Fips Module and then 'static binaries' of FIPS capable OSSL which 'statically link to the windows run-time'. Thus, my application binary (FipsApp....
- 243
4votes
0answers
2kviews
Generating RSA keys per the FIPS 186-4 standard
my company is trying to get our OpenSSL 1.0.2l software (it's compiled in FIPS mode with the FIPS canister) FIPS certified, but I am having difficulty generating RSA keys according to the FIPS 186-4 ...
- 41
1vote
0answers
862views
Ssh and fips mode
I am working on a networking device that needs to meet fips 140-2 level 2. ( runs on Ubuntu ) As for ssh, is it enough to limit the ciphers to those "allowed" by fips or should we patch openssh to ...
4votes
2answers
2kviews
use of PRNG in OpenSSL - fips mode
I am working on a centos based network device , required to pass fips 140-2 level 2. I plan to use openssl in fips mode and CTR_DRBG will use as PRNG. will this be enough for meeting NIST SP 800-90 ...
1vote
1answer
386views
Why RedHat Linux has obtained separate FIPS 140-2 certificates for OpenSSL , NSS, Kernel Crypto API etc?
I am wondering why RedHat Enterprise has obtained separate FIPS 140-2 certificates for OpenSSL , NSS, Kernel Crypto API etc. Is it not enough to have FIPS 140-2 certification for only one ...
- 123
1vote
0answers
439views
OpenSSL is not giving correct result for encryption and decryption for FIPS test vector for AES -CFB1
I am running FIPS test vectors against AES-CFB. I am getting correct results for aes-cfb128 and aes-cfb8 but getting wrong results for aes-cfb1. The values being used by me for aes-cfb1 tests are: ...
- 123
2votes
1answer
1kviews
OpenSSL implemented AES not according to NIST?
I have been using the Encryption/Decryption code from https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption. The NIST test vectors (http://csrc.nist.gov/groups/STM/cavp/) for AES ...
- 31
1vote
0answers
579views
FIPS_mode_set failed: f06d065
I execute the following code in Netbeans and get the error : FIPS_mode_set failed: f06d065. How to enable FIPS mode and get the code running? #include <openssl/crypto.h> int main() { int mode ...
- 31
3votes
0answers
425views
FIPS Compliance with iOS app
Our company is working on getting FIPS validation for the iOS app and is in the initial phase. We have decided to use a private FIPS-certified libraries for using in the crypto modules. I have some ...
- 31
2votes
1answer
3kviews
What is the relationship between Suite B and FIPS 140-2?
What is the relationship between the Suite B algorithms and FIPS 140-2 certification? Does OpenSSL meet both criteria? From what I've read, it seems that OpenSSL's crypto library implements many ...
