crypto.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man7/crypto.pod

Lines Matching +full:fips +full:- +full:140 +full:- +full:2
5 crypto - OpenSSL cryptographic library
21 pseudo-random number generators, message authentication codes (MACs), key
29 a "default" implementation suitable for general use, and a "fips" implementation
30 which has been validated to FIPS standards for situations where that is
52 OpenSSL built-in "default" provider will be automatically loaded.
75 automatically destroyed. No explicit de-initialisation steps need to be taken.
80 =head2 Multi-threaded applications
83 on most platforms) then most OpenSSL I<functions> are thread-safe in the sense
85 time. However most OpenSSL I<data structures> are not thread-safe. For example
97 See L<openssl-threads(7)> for a more detailed discussion on OpenSSL threading
107 Two types of fetching are supported by OpenSSL - explicit fetching and implicit
150 will be loaded as a fallback (see L<OSSL_PROVIDER-default(7)>).
206 =item 2.
273 See L<OSSL_PROVIDER-default(7)>, <OSSL_PROVIDER-fips(7)> and
274 <OSSL_PROVIDER-legacy(7)>for a list of algorithm names that
282 Fetch any available implementation of SHA2-256 in the default context. Note
283 that some algorithms have aliases. So "SHA256" and "SHA2-256" are synonymous:
285  EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
289 Fetch any available implementation of AES-128-CBC in the default context:
291  EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
295 Fetch an implementation of SHA2-256 from the default provider in the default
298  EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
302 Fetch an implementation of SHA2-256 that is not from the default provider in the
305  EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
309 Fetch an implementation of SHA2-256 from the default provider in the specified
312  EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
319  /* This only needs to be done once - usually at application start up */
332  /* This only needs to be done once - usually at application start up */
337  EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
347 configuration options. The L<openssl-list(1)> command can be used to list the
350 The names of the algorithms shown from L<openssl-list(1)> can be used as an
371 See L<OSSL_PROVIDER-default(7)>.
380 Some encoding and decoding algorithm implementations are not FIPS algorithm
381 implementations in themselves but support algorithms from the FIPS provider and
382 are allowed for use in "FIPS mode". The property query string "fips=yes" can be
385 See L<OSSL_PROVIDER-base(7)>.
387 =head2 FIPS provider
389 The FIPS provider is a dynamically loadable module, and must therefore
392 validated according to the FIPS 140-2 standard. Should it be needed (if other
394 property query string "provider=fips" can be used as a search criterion for
395 these implementations. All approved algorithm implementations in the FIPS
396 provider can also be selected with the property "fips=yes". The FIPS provider
397 may also contain non-approved algorithm implementations and these can be
398 selected with the property "fips=no".
400 See L<OSSL_PROVIDER-FIPS(7)> and L<fips_module(7)>.
412 See L<OSSL_PROVIDER-legacy(7)>.
421 See L<OSSL_PROVIDER-null(7)>.
433 operation is then initialised ready for use via an "init" function - optionally
530 external format such as PEM or DER (see L<openssl-glossary(7)>). OpenSSL uses
566 L<openssl(1)>, L<ssl(7)>, L<evp(7)>, L<OSSL_LIB_CTX(3)>, L<openssl-threads(7)>,
567 L<property(7)>, L<OSSL_PROVIDER-default(7)>, L<OSSL_PROVIDER-base(7)>,
568 L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-legacy(7)>, L<OSSL_PROVIDER-null(7)>,
569 L<openssl-glossary(7)>, L<provider(7)>
573 Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.