| /freebsd/share/man/man4/ |
| H A D | rndtest.4 | 1 .\"-
10 .\" 2. Redistributions in binary form must reproduce the above copyright
31 .Nd FIPS 140-2 random number generator test monitor
43 This data is periodically tested for FIPS 140-2 compliance and
45 If the harvested entropy fails any of the FIPS test suite, then
|
| /freebsd/crypto/openssl/ |
| H A D | README-FIPS.md | 1 OpenSSL FIPS support
5 FIPS validated. The module is implemented as an OpenSSL provider.
7 cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
10 A cryptographic module is only FIPS validated after it has gone through the complex
11 FIPS 140 validation process. As this process takes a very long time, it is not
13 If you need a FIPS validated module then you must ONLY generate a FIPS provider
14 using OpenSSL versions that have valid FIPS certificates. A FIPS certificate
16 in the Security Policy in order to be FIPS compliant.
18 FIPS certificates and Security Policies.
22 legacy providers) without any restrictions, but the FIPS provider must be built
[all …]
|
| /freebsd/lib/libsecureboot/ |
| H A D | Makefile.inc | 10 CFLAGS+= -I${libsecureboot_src}/h
12 CFLAGS+= -DHAVE_BR_X509_TIME_CHECK
29 BRSSL_CFLAGS+= -I${BEARSSL}/tools
53 …sed "1,`grep -n .-END ${.ALLSRC:M*.pem} | tail -2 | head -1 | sed 's,:.*,,'`d" ${.ALLSRC:M*.pem} >…
55 # extract 2nd last cert from chain - we use this for self-test
57 sed -n "`grep -n .-BEGIN ${.ALLSRC:M*.pem} | tail -2 | \
58 sed 's,:.*,,' | xargs | (read a b; echo $$a,$$(($$b - 1)))`p" ${.ALLSRC:M*.pem} > ${.TARGET}
62 .-include "local.trust.mk"
77 # needs to be yes for FIPS 140-2 compliance
80 CFLAGS+= -I.
[all …]
|
| H A D | README.rst | 17 That signing server is freely available - see
18 http://www.crufty.net/sjg/docs/signing-server.htm
37 GNUPGHOME=$PWD/.gnupg gpg --openpgp \
38 --quick-generate-key --batch --passphrase '' "keyname" RSA
44 GNUPGHOME=$PWD/.gnupg gpg --openpgp --list-keys
50 ---------------------------------
51 pub rsa2048 2018-03-26 [SC] [expires: 2020-03-25]
61 GNUPGHOME=$PWD/.gnupg gpg --openpgp \
62 --export --armor > ACA72B4719FD2523.pub.asc
63 GNUPGHOME=$PWD/.gnupg gpg --openpgp \
[all …]
|
| /freebsd/sys/contrib/device-tree/Bindings/rng/ |
| H A D | silex-insight,ba431-rng.yaml | 1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/rng/silex-insight,ba431-rng.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 The BA431 hardware random number generator is an IP that is FIPS-140-2/3
14 - Olivier Sobrie <olivier.sobrie@silexinsight.com>
18 const: silex-insight,ba431-rng
24 - compatible
25 - reg
30 - |
[all …]
|
| /freebsd/crypto/openssl/doc/man7/ |
| H A D | OSSL_PROVIDER-FIPS.pod | 5 OSSL_PROVIDER-FIPS - OpenSSL FIPS provider
9 The OpenSSL FIPS provider is a special provider that conforms to the Federal
10 Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module'
21 =item "provider=fips"
23 =item "fips=yes"
35 The "fips=yes" property can be use to make sure only FIPS approved
37 other non-crypto support operations that are not in the FIPS provider,
39 see L<OSSL_PROVIDER-default(7)/Asymmetric Key Management>.
43 The OpenSSL FIPS provider supports these operations and algorithms:
49 =item SHA1, see L<EVP_MD-SHA1(7)>
[all …]
|
| H A D | openssl-glossary.pod | 5 openssl-glossary - An OpenSSL Glossary
9 =for comment Please keep the items in case-insensitive alphabetical order
24 types and values. It is defined in the ITU-T documents X.680 to X.683:
26 L<https://www.itu.int/rec/T-REC-X.680>,
27 L<https://www.itu.int/rec/T-REC-X.681>,
28 L<https://www.itu.int/rec/T-REC-X.682>,
29 L<https://www.itu.int/rec/T-REC-X.683>
37 L<OSSL_PROVIDER-base(7)>
53 L<OSSL_PROVIDER-default(7)>
61 It is defined in ITU-T document X.690:
[all …]
|
| H A D | crypto.pod | 5 crypto - OpenSSL cryptographic library
21 pseudo-random number generators, message authentication codes (MACs), key
29 a "default" implementation suitable for general use, and a "fips" implementation
30 which has been validated to FIPS standards for situations where that is
52 OpenSSL built-in "default" provider will be automatically loaded.
75 automatically destroyed. No explicit de-initialisation steps need to be taken.
80 =head2 Multi-threaded applications
83 on most platforms) then most OpenSSL I<functions> are thread-safe in the sense
85 time. However most OpenSSL I<data structures> are not thread-safe. For example
97 See L<openssl-threads(7)> for a more detailed discussion on OpenSSL threading
[all …]
|
| /freebsd/crypto/openssl/crypto/des/ |
| H A D | set_key.c | 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
10 /*-
12 * 1.4 Speed up by 400% :-)
31 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
41 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
79 b ^= b >> 2; in DES_check_key_parity()
86 /*-
100 /* semi-weak keys */
131 /*-
139 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man7/ |
| H A D | OSSL_PROVIDER-FIPS.7 | 18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
62 . tm Index:\\$1\t\\n%\t"\\$2"
64 . if !\nF==2 \{\
66 . nr F 2
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
[all …]
|
| H A D | openssl-glossary.7 | 18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
62 . tm Index:\\$1\t\\n%\t"\\$2"
64 . if !\nF==2 \{\
66 . nr F 2
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
[all …]
|
| H A D | crypto.7 | 18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
62 . tm Index:\\$1\t\\n%\t"\\$2"
64 . if !\nF==2 \{\
66 . nr F 2
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
[all …]
|
| /freebsd/crypto/openssl/crypto/dsa/ |
| H A D | dsa_key.c | 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
37 if (dsa->meth->dsa_keygen != NULL) in DSA_generate_key()
38 return dsa->meth->dsa_keygen(dsa); in DSA_generate_key()
54 if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) in ossl_dsa_generate_public_key()
68 if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) in dsa_keygen()
71 if (dsa->priv_key == NULL) { in dsa_keygen()
75 priv_key = dsa->priv_key; in dsa_keygen()
79 if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, in dsa_keygen()
84 * For FFC FIPS 186-4 keygen in dsa_keygen()
88 if (!ossl_ffc_generate_private_key(ctx, &dsa->params, in dsa_keygen()
[all …]
|
| /freebsd/crypto/openssl/providers/fips/ |
| H A D | self_test.c | 2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
23 * We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
34 #define FIPS_STATE_RUNNING 2
78 * See FIPS 140-2 IG 9.10
85 * this has side-effect of _WIN32 getting defined, which otherwise is
148 * We force the self-tests to run as part of the FIPS provider initialisation
189 OSSL_PARAM params[2], *p = params; in verify_integrity()
233 /* This API is triggered either on loading of the FIPS module or on demand */
274 || st->module_checksum_data == NULL) { in SELF_TEST_post()
279 ev = OSSL_SELF_TEST_new(st->cb, st->cb_arg); in SELF_TEST_post()
[all …]
|
| /freebsd/crypto/openssl/crypto/rsa/ |
| H A D | rsa_lib.c | 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
41 return rsa->meth; in RSA_get_method()
51 mtmp = rsa->meth; in RSA_set_method()
52 if (mtmp->finish) in RSA_set_method()
53 mtmp->finish(rsa); in RSA_set_method()
55 ENGINE_finish(rsa->engine); in RSA_set_method()
56 rsa->engine = NULL; in RSA_set_method()
58 rsa->meth = meth; in RSA_set_method()
59 if (meth->init) in RSA_set_method()
60 meth->init(rsa); in RSA_set_method()
[all …]
|
| /freebsd/sys/dev/qat/qat_api/include/ |
| H A D | icp_sal_nrbg_ht.h | 1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /* Copyright(c) 2007-2022 Intel Corporation */
25 * number generator test failures for n=64 bits, refer to FIPS 140-2
26 * section 4.9.2 for details. A non-zero value for the counter does
|
| /freebsd/contrib/ntp/ntpd/ |
| H A D | ntp.keys.5man | 5 .\" It has been AutoGen-ed May 25, 2024 at 12:04:05 AM by AutoGen 5.18.16
7 .\" and the template file agman-file.tpl
14 ntp.keys \- NTP symmetric key file format configuration file
16 . it 1 an-trap
20 .ds B-Font [CB]
21 .ds I-Font [CI]
22 .ds R-Font [CR]
24 .ds B-Font B
25 .ds I-Font I
26 .ds R-Fon
[all...] |
| H A D | ntp.keys.man.in | 5 .\" It has been AutoGen-ed May 25, 2024 at 12:04:05 AM by AutoGen 5.18.16
7 .\" and the template file agman-file.tpl
14 ntp.keys \- NTP symmetric key file format configuration file
16 . it 1 an-trap
20 .ds B-Font [CB]
21 .ds I-Font [CI]
22 .ds R-Font [CR]
24 .ds B-Font B
25 .ds I-Font I
26 .ds R-Fon
[all...] |
| H A D | ntp.keys.5mdoc | 3 .Os FreeBSD 12.1-RELEASE_SI
6 .\" It has been AutoGen-ed May 25, 2024 at 12:03:52 AM by AutoGen 5.18.16
8 .\" and the template file agmdoc-file.tpl
18 .Op Fl \-option\-name
19 .Op Fl \-option\-name Ar value
57 is an optional comma\-separated list of IPs
71 any properly\-authenticated message will be
88 However, if compliance with FIPS 14
[all...] |
| H A D | ntp.keys.mdoc.in | 3 .Os FreeBSD 12.1-RELEASE_SI
6 .\" It has been AutoGen-ed May 25, 2024 at 12:03:52 AM by AutoGen 5.18.16
8 .\" and the template file agmdoc-file.tpl
18 .Op Fl \-option\-name
19 .Op Fl \-option\-name Ar value
57 is an optional comma\-separated list of IPs
71 any properly\-authenticated message will be
88 However, if compliance with FIPS 14
[all...] |
| H A D | invoke-ntp.keys.texi | 7 # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
9 # It has been AutoGen-ed May 25, 2024 at 12:03:59 AM by AutoGen 5.18.16
11 # and the template file agtexi-file.tpl
25 @code{-k}
51 is an optional comma-separated list of IPs
65 any properly-authenticated message will be
82 However, if compliance with FIPS 140-2 i
[all...] |
| H A D | ntp.keys.def | 1 /* -*- Mode: Text -*- */
8 // We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9 // to be ntp.keys - the latter is also how autogen produces the output
11 prog-name = "ntp.keys";
12 file-path = "/etc/ntp.keys";
13 prog-title = "Network Time Protocol symmetric key format";
16 explain = <<- _END_EXPLAIN
19 doc-section = {
20 ds-type = 'DESCRIPTION';
21 ds-format = 'mdoc';
[all …]
|
| /freebsd/contrib/ntp/html/ |
| H A D | keygen.html | 1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4 <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
6 <title>ntp-keygen - generate public and private keys</title>
10 <h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
14 <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
31 …<p id="intro"><tt>ntp-keygen [ -deGHIMPT ] [ -b <i>modulus</i> ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA
32 | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ]
33 [ -C <i>cipher</i> ] [-i <i>group</i> ] [ -l <em>days</em>]
34 [ -m <i>modulus</i> ] [ -p <i>passwd1</i> ] [ -q <i>passwd2</i> ]
35 [ -S [ RSA | DSA ] ] [ -s <i>host</i> ] [ -V <i>nkeys</i> ]</tt></p>
[all …]
|
| /freebsd/crypto/openssl/providers/implementations/ciphers/ |
| H A D | ciphercommon_gcm.c | 2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
35 ctx->pad = 1; in ossl_gcm_initctx()
36 ctx->mode = EVP_CIPH_GCM_MODE; in ossl_gcm_initctx()
37 ctx->taglen = UNINITIALISED_SIZET; in ossl_gcm_initctx()
38 ctx->tls_aad_len = UNINITIALISED_SIZET; in ossl_gcm_initctx()
39 ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN); in ossl_gcm_initctx()
40 ctx->keylen = keybits / 8; in ossl_gcm_initctx()
41 ctx->hw = hw; in ossl_gcm_initctx()
42 ctx->libctx = PROV_LIBCTX_OF(provctx); in ossl_gcm_initctx()
57 ctx->enc = enc; in gcm_init()
[all …]
|
| /freebsd/crypto/openssl/providers/implementations/rands/ |
| H A D | crngt.c | 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
12 * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
59 CRYPTO_THREAD_lock_free(crngt_glob->lock); in rand_crng_ossl_ctx_free()
60 EVP_MD_free(crngt_glob->md); in rand_crng_ossl_ctx_free()
71 if ((crngt_glob->md = EVP_MD_fetch(ctx, "SHA256", "")) == NULL) { in rand_crng_ossl_ctx_new()
76 if ((crngt_glob->lock = CRYPTO_THREAD_lock_new()) == NULL) { in rand_crng_ossl_ctx_new()
77 EVP_MD_free(crngt_glob->md); in rand_crng_ossl_ctx_new()
114 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); in ossl_crngt_get_entropy()
125 if (!CRYPTO_THREAD_write_lock(crngt_glob->lock)) in ossl_crngt_get_entropy()
128 if (!crngt_glob->preloaded) { in ossl_crngt_get_entropy()
[all …]
|