Lines Matching +full:aes +full:- +full:cmac
1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "OSSL_PROVIDER-FIPS 7ossl"
58 .TH OSSL_PROVIDER-FIPS 7ossl 2025-09-30 3.5.4 OpenSSL
64 OSSL_PROVIDER\-FIPS \- OpenSSL FIPS provider
68 Information Processing Standards (FIPS) specified in FIPS 140\-3. This 'module'
90 query may also include other non-crypto support operations that
92 "Asymmetric Key Management" in \fBOSSL_PROVIDER\-default\fR\|(7).
105 See "Provider parameters" in \fBprovider\-base\fR\|(7) for a list of base parameters.
113 .IP "SHA1, see \fBEVP_MD\-SHA1\fR\|(7)" 4
114 .IX Item "SHA1, see EVP_MD-SHA1"
116 .IP "SHA2, see \fBEVP_MD\-SHA2\fR\|(7)" 4
117 .IX Item "SHA2, see EVP_MD-SHA2"
118 .IP "SHA3, see \fBEVP_MD\-SHA3\fR\|(7)" 4
119 .IX Item "SHA3, see EVP_MD-SHA3"
120 .IP "KECCAK-KMAC, see \fBEVP_MD\-KECCAK\-KMAC\fR\|(7)" 4
121 .IX Item "KECCAK-KMAC, see EVP_MD-KECCAK-KMAC"
122 .IP "SHAKE, see \fBEVP_MD\-SHAKE\fR\|(7)" 4
123 .IX Item "SHAKE, see EVP_MD-SHAKE"
127 .IP "AES, see \fBEVP_CIPHER\-AES\fR\|(7)" 4
128 .IX Item "AES, see EVP_CIPHER-AES"
130 .IP "3DES, see \fBEVP_CIPHER\-DES\fR\|(7)" 4
131 .IX Item "3DES, see EVP_CIPHER-DES"
135 .IP "CMAC, see \fBEVP_MAC\-CMAC\fR\|(7)" 4
136 .IX Item "CMAC, see EVP_MAC-CMAC"
138 .IP "GMAC, see \fBEVP_MAC\-GMAC\fR\|(7)" 4
139 .IX Item "GMAC, see EVP_MAC-GMAC"
140 .IP "HMAC, see \fBEVP_MAC\-HMAC\fR\|(7)" 4
141 .IX Item "HMAC, see EVP_MAC-HMAC"
142 .IP "KMAC, see \fBEVP_MAC\-KMAC\fR\|(7)" 4
143 .IX Item "KMAC, see EVP_MAC-KMAC"
147 .IP "HKDF, see \fBEVP_KDF\-HKDF\fR\|(7)" 4
148 .IX Item "HKDF, see EVP_KDF-HKDF"
150 .IP "TLS13\-KDF, see \fBEVP_KDF\-TLS13_KDF\fR\|(7)" 4
151 .IX Item "TLS13-KDF, see EVP_KDF-TLS13_KDF"
152 .IP "SSKDF, see \fBEVP_KDF\-SS\fR\|(7)" 4
153 .IX Item "SSKDF, see EVP_KDF-SS"
154 .IP "PBKDF2, see \fBEVP_KDF\-PBKDF2\fR\|(7)" 4
155 .IX Item "PBKDF2, see EVP_KDF-PBKDF2"
156 .IP "SSHKDF, see \fBEVP_KDF\-SSHKDF\fR\|(7)" 4
157 .IX Item "SSHKDF, see EVP_KDF-SSHKDF"
158 .IP "TLS1\-PRF, see \fBEVP_KDF\-TLS1_PRF\fR\|(7)" 4
159 .IX Item "TLS1-PRF, see EVP_KDF-TLS1_PRF"
160 .IP "KBKDF, see \fBEVP_KDF\-KB\fR\|(7)" 4
161 .IX Item "KBKDF, see EVP_KDF-KB"
162 .IP "X942KDF\-ASN1, see \fBEVP_KDF\-X942\-ASN1\fR\|(7)" 4
163 .IX Item "X942KDF-ASN1, see EVP_KDF-X942-ASN1"
164 .IP "X942KDF\-CONCAT, see \fBEVP_KDF\-X942\-CONCAT\fR\|(7)" 4
165 .IX Item "X942KDF-CONCAT, see EVP_KDF-X942-CONCAT"
166 .IP "X963KDF, see \fBEVP_KDF\-X963\fR\|(7)" 4
167 .IX Item "X963KDF, see EVP_KDF-X963"
171 .IP "DH, see \fBEVP_KEYEXCH\-DH\fR\|(7)" 4
172 .IX Item "DH, see EVP_KEYEXCH-DH"
174 .IP "ECDH, see \fBEVP_KEYEXCH\-ECDH\fR\|(7)" 4
175 .IX Item "ECDH, see EVP_KEYEXCH-ECDH"
176 .IP "X25519, see \fBEVP_KEYEXCH\-X25519\fR\|(7)" 4
177 .IX Item "X25519, see EVP_KEYEXCH-X25519"
178 .IP "X448, see \fBEVP_KEYEXCH\-X448\fR\|(7)" 4
179 .IX Item "X448, see EVP_KEYEXCH-X448"
180 .IP "ML-KEM, see \fBEVP_KEM\-ML\-KEM\fR\|(7)" 4
181 .IX Item "ML-KEM, see EVP_KEM-ML-KEM"
182 .IP TLS1\-PRF 4
183 .IX Item "TLS1-PRF"
189 .IP "RSA, see \fBEVP_SIGNATURE\-RSA\fR\|(7)" 4
190 .IX Item "RSA, see EVP_SIGNATURE-RSA"
193 (This is a FIPS 140\-3 requirement)
194 .IP "DSA, see \fBEVP_SIGNATURE\-DSA\fR\|(7)" 4
195 .IX Item "DSA, see EVP_SIGNATURE-DSA"
197 .IP "ED25519, see \fBEVP_SIGNATURE\-ED25519\fR\|(7)" 4
198 .IX Item "ED25519, see EVP_SIGNATURE-ED25519"
199 .IP "ED448, see \fBEVP_SIGNATURE\-ED448\fR\|(7)" 4
200 .IX Item "ED448, see EVP_SIGNATURE-ED448"
201 .IP "ECDSA, see \fBEVP_SIGNATURE\-ECDSA\fR\|(7)" 4
202 .IX Item "ECDSA, see EVP_SIGNATURE-ECDSA"
203 .IP "ML\-DSA\-44, see \fBEVP_SIGNATURE\-ML\-DSA\fR\|(7)" 4
204 .IX Item "ML-DSA-44, see EVP_SIGNATURE-ML-DSA"
205 .IP "ML\-DSA\-65, see \fBEVP_SIGNATURE\-ML\-DSA\fR\|(7)" 4
206 .IX Item "ML-DSA-65, see EVP_SIGNATURE-ML-DSA"
207 .IP "ML\-DSA\-87, see \fBEVP_SIGNATURE\-ML\-DSA\fR\|(7)" 4
208 .IX Item "ML-DSA-87, see EVP_SIGNATURE-ML-DSA"
209 .IP "SLH-DSA, see \fBEVP_SIGNATURE\-SLH\-DSA\fR\|(7)" 4
210 .IX Item "SLH-DSA, see EVP_SIGNATURE-SLH-DSA"
211 .IP "HMAC, see \fBEVP_SIGNATURE\-HMAC\fR\|(7)" 4
212 .IX Item "HMAC, see EVP_SIGNATURE-HMAC"
213 .IP "CMAC, see \fBEVP_SIGNATURE\-CMAC\fR\|(7)" 4
214 .IX Item "CMAC, see EVP_SIGNATURE-CMAC"
218 .IP "RSA, see \fBEVP_ASYM_CIPHER\-RSA\fR\|(7)" 4
219 .IX Item "RSA, see EVP_ASYM_CIPHER-RSA"
223 .IP "RSA, see \fBEVP_KEM\-RSA\fR\|(7)" 4
224 .IX Item "RSA, see EVP_KEM-RSA"
228 .IP "DH, see \fBEVP_KEYMGMT\-DH\fR\|(7)" 4
229 .IX Item "DH, see EVP_KEYMGMT-DH"
231 .IP "DHX, see \fBEVP_KEYMGMT\-DHX\fR\|(7)" 4
232 .IX Item "DHX, see EVP_KEYMGMT-DHX"
233 .IP "DSA, see \fBEVP_KEYMGMT\-DSA\fR\|(7)" 4
234 .IX Item "DSA, see EVP_KEYMGMT-DSA"
235 .IP "RSA, see \fBEVP_KEYMGMT\-RSA\fR\|(7)" 4
236 .IX Item "RSA, see EVP_KEYMGMT-RSA"
237 .IP RSA-PSS 4
238 .IX Item "RSA-PSS"
239 .IP "EC, see \fBEVP_KEYMGMT\-EC\fR\|(7)" 4
240 .IX Item "EC, see EVP_KEYMGMT-EC"
241 .IP "ED25519, see \fBEVP_KEYMGMT\-ED25519\fR\|(7)" 4
242 .IX Item "ED25519, see EVP_KEYMGMT-ED25519"
243 .IP "ED448, see \fBEVP_KEYMGMT\-ED448\fR\|(7)" 4
244 .IX Item "ED448, see EVP_KEYMGMT-ED448"
245 .IP "X25519, see \fBEVP_KEYMGMT\-X25519\fR\|(7)" 4
246 .IX Item "X25519, see EVP_KEYMGMT-X25519"
249 The FIPS 140\-3 IG states that "Curves that are included in SP 800\-186 but not
250 included in SP 800\-56Arev3 are not approved for key agreement".
251 .IP "X448, see \fBEVP_KEYMGMT\-X448\fR\|(7)" 4
252 .IX Item "X448, see EVP_KEYMGMT-X448"
254 The FIPS 140\-3 IG states that "Curves that are included in SP 800\-186 but not"
255 included in SP 800\-56Arev3 are not approved for key agreement".
256 .IP TLS1\-PRF 4
257 .IX Item "TLS1-PRF"
261 .IP "HMAC, see \fBEVP_KEYMGMT\-HMAC\fR\|(7)" 4
262 .IX Item "HMAC, see EVP_KEYMGMT-HMAC"
263 .IP "CMAC, see \fBEVP_KEYMGMT\-CMAC\fR\|(7)" 4
264 .IX Item "CMAC, see EVP_KEYMGMT-CMAC"
265 .IP "ML\-DSA\-44, see \fBEVP_KEYMGMT\-ML\-DSA\fR\|(7)" 4
266 .IX Item "ML-DSA-44, see EVP_KEYMGMT-ML-DSA"
267 .IP "ML\-DSA\-65, see \fBEVP_KEYMGMT\-ML\-DSA\fR\|(7)" 4
268 .IX Item "ML-DSA-65, see EVP_KEYMGMT-ML-DSA"
269 .IP "ML\-DSA\-87, see \fBEVP_KEYMGMT\-ML\-DSA\fR\|(7)" 4
270 .IX Item "ML-DSA-87, see EVP_KEYMGMT-ML-DSA"
271 .IP "SLH\-DSA\-SHA2\-128s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
272 .IX Item "SLH-DSA-SHA2-128s, see EVP_KEYMGMT-SLH-DSA"
273 .IP "SLH\-DSA\-SHA2\-128f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
274 .IX Item "SLH-DSA-SHA2-128f, see EVP_KEYMGMT-SLH-DSA"
275 .IP "SLH\-DSA\-SHA2\-192s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
276 .IX Item "SLH-DSA-SHA2-192s, see EVP_KEYMGMT-SLH-DSA"
277 .IP "SLH\-DSA\-SHA2\-192f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
278 .IX Item "SLH-DSA-SHA2-192f, see EVP_KEYMGMT-SLH-DSA"
279 .IP "SLH\-DSA\-SHA2\-256s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
280 .IX Item "SLH-DSA-SHA2-256s, see EVP_KEYMGMT-SLH-DSA"
281 .IP "SLH\-DSA\-SHA2\-256f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
282 .IX Item "SLH-DSA-SHA2-256f, see EVP_KEYMGMT-SLH-DSA"
283 .IP "SLH\-DSA\-SHAKE\-128s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
284 .IX Item "SLH-DSA-SHAKE-128s, see EVP_KEYMGMT-SLH-DSA"
285 .IP "SLH\-DSA\-SHAKE\-128f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
286 .IX Item "SLH-DSA-SHAKE-128f, see EVP_KEYMGMT-SLH-DSA"
287 .IP "SLH\-DSA\-SHAKE\-192s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
288 .IX Item "SLH-DSA-SHAKE-192s, see EVP_KEYMGMT-SLH-DSA"
289 .IP "SLH\-DSA\-SHAKE\-192f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
290 .IX Item "SLH-DSA-SHAKE-192f, see EVP_KEYMGMT-SLH-DSA"
291 .IP "SLH\-DSA\-SHAKE\-256s, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
292 .IX Item "SLH-DSA-SHAKE-256s, see EVP_KEYMGMT-SLH-DSA"
293 .IP "SLH\-DSA\-SHAKE\-256f, see \fBEVP_KEYMGMT\-SLH\-DSA\fR\|(7)" 4
294 .IX Item "SLH-DSA-SHAKE-256f, see EVP_KEYMGMT-SLH-DSA"
298 .IP "CRNG-TEST, see \fBEVP_RAND\-CRNG\-TEST\fR\|(7)" 4
299 .IX Item "CRNG-TEST, see EVP_RAND-CRNG-TEST"
301 .IP "CTR-DRBG, see \fBEVP_RAND\-CTR\-DRBG\fR\|(7)" 4
302 .IX Item "CTR-DRBG, see EVP_RAND-CTR-DRBG"
303 .IP "HASH-DRBG, see \fBEVP_RAND\-HASH\-DRBG\fR\|(7)" 4
304 .IX Item "HASH-DRBG, see EVP_RAND-HASH-DRBG"
305 .IP "HMAC-DRBG, see \fBEVP_RAND\-HMAC\-DRBG\fR\|(7)" 4
306 .IX Item "HMAC-DRBG, see EVP_RAND-HMAC-DRBG"
307 .IP "TEST-RAND, see \fBEVP_RAND\-TEST\-RAND\fR\|(7)" 4
308 .IX Item "TEST-RAND, see EVP_RAND-TEST-RAND"
310 TEST-RAND is an unapproved algorithm.
314 FIPS 140\-3 requires known answer tests to be run on startup as well as
378 private key and checks that the public key matches. This is a SP 800\-56A requirement.
384 This is deprecated. The option is no longer used since FIPS 140\-3 requires
385 self tests to always run on startup. Previous FIPS 140\-2 validations allowed
403 .IP """ML-DSA"" (\fBOSSL_SELF_TEST_DESC_PCT_ML_DSA\fR)" 4
404 .IX Item """ML-DSA"" (OSSL_SELF_TEST_DESC_PCT_ML_DSA)"
405 .IP """ML-KEM"" (\fBOSSL_SELF_TEST_DESC_PCT_ML_KEM\fR)" 4
406 .IX Item """ML-KEM"" (OSSL_SELF_TEST_DESC_PCT_ML_KEM)"
407 .IP """SLH-DSA"" (\fBOSSL_SELF_TEST_DESC_PCT_SLH_DSA\fR)" 4
408 .IX Item """SLH-DSA"" (OSSL_SELF_TEST_DESC_PCT_SLH_DSA)"
418 .IP """ML-DSA"" (\fBOSSL_SELF_TEST_DESC_KEYGEN_ML_DSA\fR)" 4
419 .IX Item """ML-DSA"" (OSSL_SELF_TEST_DESC_KEYGEN_ML_DSA)"
421 .IP """ML-KEM"" (\fBOSSL_SELF_TEST_DESC_KEYGEN_ML_KEM\fR)" 4
422 .IX Item """ML-KEM"" (OSSL_SELF_TEST_DESC_KEYGEN_ML_KEM)"
423 .IP """SLH-DSA"" (\fBOSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA\fR)" 4
424 .IX Item """SLH-DSA"" (OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA)"
454 .IP """ML-DSA"" (\fBOSSL_SELF_TEST_DESC_SIGN_ML_DSA\fR)" 4
455 .IX Item """ML-DSA"" (OSSL_SELF_TEST_DESC_SIGN_ML_DSA)"
456 .IP """SLH-DSA"" (\fBOSSL_SELF_TEST_DESC_SIGN_SLH_DSA\fR)" 4
457 .IX Item """SLH-DSA"" (OSSL_SELF_TEST_DESC_SIGN_SLH_DSA)"
527 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
529 \& phase = (const char *)p\->data;
532 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
534 \& desc = (const char *)p\->data;
537 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
539 \& type = (const char *)p\->data;
565 require FIPS-approved functionality, it is essential to build your FIPS
586 \&\fBopenssl\-fipsinstall\fR\|(1),
591 \&\fBopenssl\-core.h\fR\|(7),
592 \&\fBopenssl\-core_dispatch.h\fR\|(7),
600 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.