dgst.update(oldHash);
        }
        dgst.update(input, off, len);
        return dgst.digest();
    }

    /**
     * Create encryption context for SMB3 encrypted communication
     *
     * @param sessionKey the session key from GSS-API authentication
     * @param preauthHash the pre-authentication integrity hash (SMB 3.1.1 only)
     * @return encryption context

    server.enqueue(
      MockResponse
        .Builder()
        .inTunnel()
        .build(),
    )
    server.enqueue(MockResponse(body = "encrypted response from the origin server"))
    client =
      client
        .newBuilder()
        .proxy(server.proxyAddress)
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),

				return
			}

			wantSize := int64(-1)
			if actualSize >= 0 {
				info := ObjectInfo{Size: actualSize}
				wantSize = info.EncryptedSize()
			}

			// do not try to verify encrypted content/
			hashReader, err = hash.NewReader(ctx, reader, wantSize, "", "", actualSize)
			if err != nil {
				writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
				return
			}

		HTTPStatusCode: http.StatusNotFound,
	},
	ErrInsecureClientRequest: {
		Code:           "XMinioInsecureClientRequest",
		Description:    "Cannot respond to plain-text request from TLS-encrypted server",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrRequestTimedout: {
		Code:           "RequestTimeout",

*PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, noCheck) } // DecryptWithCheck performs the RSA private key operation and checks the // result to defend against errors in the CRT computation. func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, withCheck) } // decrypt performs an RSA decryption of ciphertext into out. If check is true, // m^e is calculated...

	// clean up the temporary test backend.
	removeRoots(append(erasureDisks, fsDir))
}

// ExecExtendedObjectLayerTest will execute the tests with combinations of encrypted & compressed.
// This can be used to test functionality when reading and writing data.
func ExecExtendedObjectLayerAPITest(t *testing.T, objAPITest objAPITestType, endpoints []string) {

*PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, noCheck) } // DecryptWithCheck performs the RSA private key operation and checks the // result to defend against errors in the CRT computation. func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, withCheck) } // decrypt performs an RSA decryption of ciphertext into out. If check is true, // m^e is calculated...

Kubernetes 1.7 is a milestone release that adds security, stateful application, and extensibility features motivated by widespread production use of Kubernetes.

Security enhancements in this release include encrypted secrets (alpha), network policy for pod-to-pod communication, the node authorizer to limit Kubelet access to API resources, and Kubelet client / server TLS certificate rotation (alpha).

gov.scot
service.gov.scot

// Scry Security : http://www.scrysec.com
// Submitted by Shante Adam <******@****.***>
scrysec.com

// Scrypted : https://scrypted.app
// Submitted by Koushik Dutta <public-suffix-list@scrypted.app>
client.scrypted.io

// Securepoint GmbH : https://www.securepoint.de
// Submitted by Erik Anders <******@****.***>
firewall-gateway.com
firewall-gateway.de

		// Unencrypted objects
		{"nothing", []int64{0}, nil},
		{"small-1", []int64{509}, nil},

		{"mp-1", []int64{5 * oneMiB, 1}, nil},
		{"mp-2", []int64{5487701, 5487799, 3}, nil},

		// Encrypted object
		{"enc-nothing", []int64{0}, mapCopy(metaWithSSEC)},
		{"enc-small-1", []int64{509}, mapCopy(metaWithSSEC)},

		{"enc-mp-1", []int64{5 * oneMiB, 1}, mapCopy(metaWithSSEC)},