NodeJS FIPS
NodeJS is using OpenSSL for all its encryption and decryption. NodeJS distribution is build with OpenSSL without FIPS support and it's statically linked. To enable FIPS for NodeJS, we'll have to recompile NodeJS.
OpenSSL FIPS Object Module
Download OpenSSL FIPS module (in time of writing openssl-fips-2.0.4.tar.gz) http://www.openssl.org/source/
Install the module following the steps in OpenSSL FIPS Object Module pdf http://www.openssl.org/docs/fips/UserGuide-2.0.pdf:
For Linux
Note! To ensure FIPS complience, NO configuration options are allowed!
Download OpenSSL (in time of writing openssl-1.0.1e.tar.gz) http://www.openssl.org/source/http://www.openssl.org/source/
Install OpenSSL with the following commands:
Download OpenSSL (in time of writing openssl-1.0.1e.tar.gz) http://www.openssl.org/source/http://www.openssl.org/source/
Install OpenSSL with the following commands:
Note! ./config fips is a required option in FIPS Object Module security policy, any following options, like shared -fPIC, are optional.
For Windows
Install Visual Studio 2010
Download Visual Studio 2010 choose Visual Studio 2010 All-in-One ISO.
Note! if you get a linker error, you'll have to install Windows SDK 7.1 before installing Visual Studio 2010.
Install NASM
Download NASM 2.10.09
To compile:
To compile:
Add NASM to PATH env variable.
Install Active Perl
Download and install Active Perl
Compile OpenSSL FIPS Object Module
the files will be copied to C:\usr\local\ssl\fips-2.0. (make sure FIPS_DIR environment is not set if the files are copied to somewhere else)
Compile OpenSSL
nmake -f ms\ntdll.mak clean
nmake -f ms\ntdll.mak install
nmake -f ms\ntdll.mak install
the files will be copied to c:\usr\local\ssl.
to verify if FIPS is compiled correctly for openssl
It should echo out the crypted text.
Repeat the test, but export OPENSSL_FIPS=1 first.
Openssl should fail, claiming that its not allowed to use that algorithm. This means fips mode is working correctly.
NodeJS
Download NodeJS
download source code from http://nodejs.org/download/ or clone from NodeJS repository
Modify source code to add FIPS support
For Linux
edit src/node.cc in project node
edit ../../src/object.cc in project v8_base
a PR is submitted to NodeJS to add FIPS, https://github.com/joyent/node/pull/6380
For Windows
Download and install python 2.7.6
- open node.sln in Visual Studio 2010
- change configuration to Release
- open project properties for mksnapshot.ia32 and remove libeasy32.lib and ssleay32.dll from linker input's additional dependencies
- open project properties for node and add c:\usr\local\ssl\lib to linker general's additional library directories
- edit src/node.cc
- edit ../../src/object.cc in project v8_base
compile NodeJS
For Linux
- /usr/local/ssl is the default output path for fips enabled openssl. to compliant with FIPS, you should not modify the location of the output directory when building openssl but you can copy the files to another location after compiling it.
to verify if the node is linked to the correct library
libssl.so.1.0.0 & libcrypto.so.1.0.0 should be linked to the one in /usr/local/ssl/lib.
For Windows
open node.sln in Visual Studio 2010
build solution
copy libeasy32.dll and ssleay32.dll from c:\usr\local\ssl\bin to ...\node.js
copy Release\node.exe to ...\node.js
build solution
copy libeasy32.dll and ssleay32.dll from c:\usr\local\ssl\bin to ...\node.js
copy Release\node.exe to ...\node.js
verify if node has FIPS compiled correctly
execute test_fips.js, it should fail.
Nice Article you have posted here. Thank you for giving this innovative information and please add more in future.
ReplyDeleteSpoken English Classes in Chennai
Best Spoken English Class in Chennai
English Coaching Classes in Chennai
french courses in chennai
spoken english class
spoken english course
TOEFL Classes in Chennai
spoken english class in vadapalani
spoken english class in thiruvanmiyur
spoken english class in t nagar
How to Deposit and Withdraw Money at Bovada
ReplyDeleteBovada has a minimum deposit 우리카지노 of It is very popular because it uses one of the popular betting sites in the world. With all the important information