Lines Matching +full:single +full:- +full:phase
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OSSL_PROVIDER-FIPS 7ossl"
134 .TH OSSL_PROVIDER-FIPS 7ossl "2023-09-19" "3.0.11" "OpenSSL"
140 OSSL_PROVIDER\-FIPS \- OpenSSL FIPS provider
143 The OpenSSL \s-1FIPS\s0 provider is a special provider that conforms to the Federal
144 Information Processing Standards (\s-1FIPS\s0) specified in \s-1FIPS 140\-2.\s0 This 'module'
168 The \*(L"fips=yes\*(R" property can be use to make sure only \s-1FIPS\s0 approved
170 other non-crypto support operations that are not in the \s-1FIPS\s0 provider,
172 see \*(L"Asymmetric Key Management\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7).
175 The OpenSSL \s-1FIPS\s0 provider supports these operations and algorithms:
178 .IP "\s-1SHA1,\s0 see \s-1\fBEVP_MD\-SHA1\s0\fR\|(7)" 4
179 .IX Item "SHA1, see EVP_MD-SHA1"
181 .IP "\s-1SHA2,\s0 see \s-1\fBEVP_MD\-SHA2\s0\fR\|(7)" 4
182 .IX Item "SHA2, see EVP_MD-SHA2"
183 .IP "\s-1SHA3,\s0 see \s-1\fBEVP_MD\-SHA3\s0\fR\|(7)" 4
184 .IX Item "SHA3, see EVP_MD-SHA3"
185 .IP "KECCAK-KMAC, see \s-1\fBEVP_MD\-KECCAK\-KMAC\s0\fR\|(7)" 4
186 .IX Item "KECCAK-KMAC, see EVP_MD-KECCAK-KMAC"
190 .IP "\s-1AES,\s0 see \s-1\fBEVP_CIPHER\-AES\s0\fR\|(7)" 4
191 .IX Item "AES, see EVP_CIPHER-AES"
193 .IP "\s-1DES\-EDE3\s0 (TripleDES), see \s-1\fBEVP_CIPHER\-DES\s0\fR\|(7)" 4
194 .IX Item "DES-EDE3 (TripleDES), see EVP_CIPHER-DES"
196 .SS "Message Authentication Code (\s-1MAC\s0)"
198 .IP "\s-1CMAC,\s0 see \s-1\fBEVP_MAC\-CMAC\s0\fR\|(7)" 4
199 .IX Item "CMAC, see EVP_MAC-CMAC"
201 .IP "\s-1GMAC,\s0 see \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7)" 4
202 .IX Item "GMAC, see EVP_MAC-GMAC"
203 .IP "\s-1HMAC,\s0 see \s-1\fBEVP_MAC\-HMAC\s0\fR\|(7)" 4
204 .IX Item "HMAC, see EVP_MAC-HMAC"
205 .IP "\s-1KMAC,\s0 see \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7)" 4
206 .IX Item "KMAC, see EVP_MAC-KMAC"
208 .SS "Key Derivation Function (\s-1KDF\s0)"
210 .IP "\s-1HKDF,\s0 see \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7)" 4
211 .IX Item "HKDF, see EVP_KDF-HKDF"
213 .IP "\s-1TLS13\-KDF,\s0 see \s-1\fBEVP_KDF\-TLS13_KDF\s0\fR\|(7)" 4
214 .IX Item "TLS13-KDF, see EVP_KDF-TLS13_KDF"
215 .IP "\s-1SSKDF,\s0 see \s-1\fBEVP_KDF\-SS\s0\fR\|(7)" 4
216 .IX Item "SSKDF, see EVP_KDF-SS"
217 .IP "\s-1PBKDF2,\s0 see \s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7)" 4
218 .IX Item "PBKDF2, see EVP_KDF-PBKDF2"
219 .IP "\s-1SSHKDF,\s0 see \s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7)" 4
220 .IX Item "SSHKDF, see EVP_KDF-SSHKDF"
221 .IP "\s-1TLS1\-PRF,\s0 see \s-1\fBEVP_KDF\-TLS1_PRF\s0\fR\|(7)" 4
222 .IX Item "TLS1-PRF, see EVP_KDF-TLS1_PRF"
223 .IP "\s-1KBKDF,\s0 see \s-1\fBEVP_KDF\-KB\s0\fR\|(7)" 4
224 .IX Item "KBKDF, see EVP_KDF-KB"
225 .IP "X942KDF\-ASN1, see \s-1\fBEVP_KDF\-X942\-ASN1\s0\fR\|(7)" 4
226 .IX Item "X942KDF-ASN1, see EVP_KDF-X942-ASN1"
227 .IP "X942KDF\-CONCAT, see \s-1\fBEVP_KDF\-X942\-CONCAT\s0\fR\|(7)" 4
228 .IX Item "X942KDF-CONCAT, see EVP_KDF-X942-CONCAT"
229 .IP "X963KDF, see \s-1\fBEVP_KDF\-X963\s0\fR\|(7)" 4
230 .IX Item "X963KDF, see EVP_KDF-X963"
234 .IP "\s-1DH,\s0 see \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)" 4
235 .IX Item "DH, see EVP_KEYEXCH-DH"
237 .IP "\s-1ECDH,\s0 see \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7)" 4
238 .IX Item "ECDH, see EVP_KEYEXCH-ECDH"
239 .IP "X25519, see \s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7)" 4
240 .IX Item "X25519, see EVP_KEYEXCH-X25519"
241 .IP "X448, see \s-1\fBEVP_KEYEXCH\-X448\s0\fR\|(7)" 4
242 .IX Item "X448, see EVP_KEYEXCH-X448"
246 .IP "\s-1RSA,\s0 see \s-1\fBEVP_SIGNATURE\-RSA\s0\fR\|(7)" 4
247 .IX Item "RSA, see EVP_SIGNATURE-RSA"
249 .IP "X25519, see \s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7)" 4
250 .IX Item "X25519, see EVP_SIGNATURE-ED25519"
251 .IP "X448, see \s-1\fBEVP_SIGNATURE\-ED448\s0\fR\|(7)" 4
252 .IX Item "X448, see EVP_SIGNATURE-ED448"
253 .IP "\s-1HMAC,\s0 see \s-1\fBEVP_SIGNATURE\-HMAC\s0\fR\|(7)" 4
254 .IX Item "HMAC, see EVP_SIGNATURE-HMAC"
255 .IP "\s-1CMAC,\s0 see \s-1\fBEVP_SIGNATURE\-CMAC\s0\fR\|(7)" 4
256 .IX Item "CMAC, see EVP_SIGNATURE-CMAC"
260 .IP "\s-1RSA,\s0 see \s-1\fBEVP_ASYM_CIPHER\-RSA\s0\fR\|(7)" 4
261 .IX Item "RSA, see EVP_ASYM_CIPHER-RSA"
265 .IP "\s-1RSA,\s0 see \s-1\fBEVP_KEM\-RSA\s0\fR\|(7)" 4
266 .IX Item "RSA, see EVP_KEM-RSA"
270 .IP "\s-1DH,\s0 see \s-1\fBEVP_KEYMGMT\-DH\s0\fR\|(7)" 4
271 .IX Item "DH, see EVP_KEYMGMT-DH"
273 .IP "\s-1DHX,\s0 see \s-1\fBEVP_KEYMGMT\-DHX\s0\fR\|(7)" 4
274 .IX Item "DHX, see EVP_KEYMGMT-DHX"
275 .IP "\s-1DSA,\s0 see \s-1\fBEVP_KEYMGMT\-DSA\s0\fR\|(7)" 4
276 .IX Item "DSA, see EVP_KEYMGMT-DSA"
277 .IP "\s-1RSA,\s0 see \s-1\fBEVP_KEYMGMT\-RSA\s0\fR\|(7)" 4
278 .IX Item "RSA, see EVP_KEYMGMT-RSA"
279 .IP "\s-1EC,\s0 see \s-1\fBEVP_KEYMGMT\-EC\s0\fR\|(7)" 4
280 .IX Item "EC, see EVP_KEYMGMT-EC"
281 .IP "X25519, see \s-1\fBEVP_KEYMGMT\-X25519\s0\fR\|(7)" 4
282 .IX Item "X25519, see EVP_KEYMGMT-X25519"
283 .IP "X448, see \s-1\fBEVP_KEYMGMT\-X448\s0\fR\|(7)" 4
284 .IX Item "X448, see EVP_KEYMGMT-X448"
288 .IP "CTR-DRBG, see \s-1\fBEVP_RAND\-CTR\-DRBG\s0\fR\|(7)" 4
289 .IX Item "CTR-DRBG, see EVP_RAND-CTR-DRBG"
291 .IP "HASH-DRBG, see \s-1\fBEVP_RAND\-HASH\-DRBG\s0\fR\|(7)" 4
292 .IX Item "HASH-DRBG, see EVP_RAND-HASH-DRBG"
293 .IP "HMAC-DRBG, see \s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7)" 4
294 .IX Item "HMAC-DRBG, see EVP_RAND-HMAC-DRBG"
295 .IP "TEST-RAND, see \s-1\fBEVP_RAND\-TEST\-RAND\s0\fR\|(7)" 4
296 .IX Item "TEST-RAND, see EVP_RAND-TEST-RAND"
298 TEST-RAND is an unapproved algorithm.
301 One of the requirements for the \s-1FIPS\s0 module is self testing. An optional callback
307 The OpenSSL \s-1FIPS\s0 module uses the following mechanism to provide information
314 The \s-1FIPS\s0 module passes the following type(s) to \fBOSSL_SELF_TEST_onbegin()\fR.
318 Uses \s-1HMAC SHA256\s0 on the module file to validate that the module has not been
324 Uses \s-1HMAC SHA256\s0 on a fixed string to validate that the installation process
325 has already been performed and the self test \s-1KATS\s0 have already been tested,
379 The \s-1FIPS\s0 module passes the following descriptions(s) to \fBOSSL_SELF_TEST_onbegin()\fR.
404 \&\*(L"KAT_AsymmetricCipher\*(R" uses this to indicate an encrypt or decrypt \s-1KAT.\s0
449 Key agreement tests used with the \*(L"\s-1KAT_KA\*(R"\s0 type.
482 Key Derivation Function tests used with the \*(L"\s-1KAT_KDF\*(R"\s0 type.
494 \&\s-1DRBG\s0 tests used with the \*(L"\s-1DRBG\*(R"\s0 type.
496 = item \*(L"\s-1RNG\*(R"\s0 (\fB\s-1OSSL_SELF_TEST_DESC_RNG\s0\fR)
512 \& const char *phase = NULL, *type = NULL, *desc = NULL;
515 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
517 \& phase = (const char *)p\->data;
520 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
522 \& desc = (const char *)p\->data;
525 \& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING)
527 \& type = (const char *)p\->data;
530 \& if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
532 \& if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
533 \& || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
534 \& BIO_printf(bio_out, "%s\en", phase);
536 \& /* Corrupt the SHA1 self test during the \*(Aqcorrupt\*(Aq phase by returning 0 */
537 \& if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
539 \& BIO_printf(bio_out, "%s %s", phase, desc);
550 \&\s-1FIPS\s0 provider. To determine which versions have undergone
553 require FIPS-approved functionality, it is essential to build your \s-1FIPS\s0
555 it is possible to utilize a \s-1FIPS\s0 provider constructed from one of the
558 you to address bug fixes and CVEs that fall outside the \s-1FIPS\s0 boundary.
561 \&\fBopenssl\-fipsinstall\fR\|(1),
565 \&\s-1\fBOSSL_PARAM\s0\fR\|(3),
566 \&\fBopenssl\-core.h\fR\|(7),
567 \&\fBopenssl\-core_dispatch.h\fR\|(7),
575 Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved.
579 in the file \s-1LICENSE\s0 in the source distribution or at