Home
last modified time | relevance | path

Searched refs:fips (Results 1 – 25 of 57) sorted by relevance

123

/freebsd/crypto/openssl/test/recipes/30-test_evp_data/
H A Devppkey_ecdsa.txt164 # Test that a nist curve with < 112 bits is allowed in fips mode for verifying
170 # Test that a nist curve with SHA3 is allowed in fips mode
177 # Test that a explicit curve that is a named curve is allowed in fips mode
185 # Test that a explicit curve is not allowed in fips mode
186 Availablein = fips
193 # Test that a curve with < 112 bits is not allowed in fips mode for signing
194 Availablein = fips
201 # Test that a non nist curve is not allowed in fips mode
202 Availablein = fips
209 # Test that SHA1 is not allowed in fips mode for signing
[all …]
H A Devppkey_dsa.txt271 # Test sign with a 2048 bit key with N == 160 is not allowed in fips mode
272 Availablein = fips
280 # Test sign with a 2048 bit key with N == 224 is allowed in fips mode
287 # Test sign with a 2048 bit key with N == 256 is allowed in fips mode
293 # Test sign with a 3072 bit key with N == 256 is allowed in fips mode
299 # Test sign with a 2048 bit SHA3 is allowed in fips mode
305 # Test verify with a 1024 bit key is allowed in fips mode
311 # Test verify with SHA1 is allowed in fips mode
317 # Test verify with a 2048/160 bit key is allowed in fips mode
326 # Test sign with a 1024 bit key is not allowed in fips mode
[all …]
H A Devppkey_rsa_common.txt1333 # Verifying with SHA1 is permitted in fips mode for older applications
1339 # Verifying with a 1024 bit key is permitted in fips mode for older applications
1345 # Signing with SHA1 is not allowed in fips mode
1346 Availablein = fips
1354 # Signing with a 1024 bit key is not allowed in fips mode
1355 Availablein = fips
1362 # Verifying with a legacy digest in fips mode is not allowed
1363 Availablein = fips
1370 # Verifying with a key smaller than 1024 bits in fips mode is not allowed
1371 Availablein = fips
/freebsd/crypto/openssl/
H A DREADME-FIPS.md26 The OpenSSL FIPS provider is a shared library called `fips.so` (on Unix), or
27 resp. `fips.dll` (on Windows). The FIPS provider does not get built and
29 the `enable-fips` option.
58 $ make install_fips # for `enable-fips` only
66 /usr/local/lib/ossl-modules/fips.so on Unix, and
67 C:\Program Files\OpenSSL\lib\ossl-modules\fips.dll on Windows.
83 … openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so
103 $ ./Configure enable-fips
115 $ ./Configure enable-fips
125 $ cp ../openssl-3.0.0/providers/fips.so providers/.
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-fipsinstall.pod.in54 The default value of '1' will cause the fips module error state to be entered.
102 The default value is C<fips>.
205 If the base configuration file is set up to autoload the fips module, then the
206 fips module will be loaded and self tested BEFORE the fipsinstall application
210 when generating the fips configuration file.
214 Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
215 for the module, and save the F<fips.cnf> configuration file:
217 openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
219 Verify that the configuration file F<fips.cnf> contains the correct info:
221 openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
[all …]
/freebsd/crypto/openssl/test/ssl-tests/
H A Dprotocol_version.pm105 my ($dtls, $fips) = @_;
106 if ($dtls && $fips) {
115 my $fips = shift;
126 if ($fips) {
140 if (no_tests($dtls, $fips)) {
223 my $fips = shift;
233 if ($fips) {
/freebsd/crypto/openssl/test/recipes/
H A D90-test_fipsload.t28 my $fips = bldtop_file('providers', platform->dso('fips'));
30 ok(run(test(['moduleloadtest', $fips, 'OSSL_provider_init'])),
31 "trying to load $fips in its own");
/freebsd/crypto/openssl/doc/man3/
H A DEVP_set_default_properties.pod31 EVP_default_properties_enable_fips() sets the 'fips=yes' to be a default property
32 if I<enable> is non zero, otherwise it clears 'fips' from the default property
33 query for the given I<libctx>. It merges the fips default property query with any
36 EVP_default_properties_is_fips_enabled() indicates if 'fips=yes' is a default
51 EVP_default_properties_is_fips_enabled() returns 1 if the 'fips=yes' default
/freebsd/crypto/openssl/doc/man7/
H A Dfips_module.pod5 fips_module - OpenSSL fips module guide
88 fips = fips_sect
184 OSSL_PROVIDER *fips;
187 fips = OSSL_PROVIDER_load(NULL, "fips");
188 if (fips == NULL) {
194 OSSL_PROVIDER_unload(fips);
202 OSSL_PROVIDER_unload(fips);
236 standards you can specify the property query C<fips=yes> like this:
240 sha256 = EVP_MD_fetch(NULL, "SHA2-256", "fips=yes");
254 example sets the default property query of C<fips=yes> for all fetches within
[all …]
H A Dproperty.pod58 Likewise, OpenSSL's FIPS provider defines I<provider=fips> and the legacy
64 For example, "fips=yes", "provider!=default" or "?iteration.count=3".
135 For example, a context property query that contains "fips=yes" would normally
136 result in implementations that have "fips=yes".
138 However, if the setting of the "fips" property is irrelevant to the
140 clause "-fips".
141 Note that the local property query could not use "fips=no" because that would
142 disallow any implementations with "fips=yes" rather than not caring about the
H A DEVP_MAC-KMAC.pod19 =item "KMAC-128", "provider=default" or "provider=fips"
21 =item "KMAC-256", "provider=default" or "provider=fips"
/freebsd/crypto/openssl/providers/
H A Dbuild.info97 # diverse build.info files. libfips.a, fips.so and their sources aren't
100 IF[{- !$disabled{fips} -}]
101 SUBDIRS=fips
102 $FIPSGOAL=fips
106 MODULES{fips}=$FIPSGOAL
113 SOURCE[$FIPSGOAL]=fips.ld
114 GENERATE[fips.ld]=../util/providers.num
124 GENERATE[fips.rc]=../util/mkrc.pl fips
125 SOURCE[$FIPSGOAL]=fips.rc
H A Dfips.checksum1 01b31117f96429fe4c8efbf7f4f10ef32efa2b11c69851fd227e4194db116b6f providers/fips-sources.checksums
H A Ddecoders.inc30 "provider=" DECODER_PROVIDER ",fips=" #_fips ",input=" #_input, \
34 "provider=" DECODER_PROVIDER ",fips=" #_fips ",input=" #_input \
H A Dfips.module.sources497 providers/fips/fips_entry.c
498 providers/fips/fipsprov.c
499 providers/fips/self_test.c
500 providers/fips/self_test.h
501 providers/fips/self_test_data.inc
502 providers/fips/self_test_kats.c
/freebsd/crypto/openssl/test/
H A Dendecode_test.c549 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) in test_unprotected_via_DER() argument
557 dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); in test_unprotected_via_DER()
571 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) in test_unprotected_via_PEM() argument
579 dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); in test_unprotected_via_PEM()
726 static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) in test_protected_via_DER() argument
735 dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); in test_protected_via_DER()
749 static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) in test_protected_via_PEM() argument
758 dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); in test_protected_via_PEM()
819 static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) in test_public_via_DER() argument
827 fips ? 0 : FLAG_FAIL_IF_FIPS); in test_public_via_DER()
[all …]
H A Dfips.cnf16 default_properties = "fips=yes"
19 fips = fips_sect
H A Ddefault-and-fips.cnf13 fips = fips_sect
H A Dfips-and-base.cnf12 fips = fips_sect
H A Dfips-alt.cnf16 fips = fips_sect
/freebsd/crypto/openssl/Configurations/
H A Dunix-Makefile.tmpl104 && $unified_info{attributes}->{modules}->{$_}->{fips} }
183 && !$unified_info{attributes}->{modules}->{$_}->{fips} }
191 && $unified_info{attributes}->{modules}->{$_}->{fips} }
550 install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -}
552 uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
593 $(RM) providers/fips*.new
620 {- output_off() if $disabled{fips}; "" -}
640 {- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -}
642 @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option"
645 @$(ECHO) "The 'uninstall_fips' target requires the 'enable-fips' option"
[all …]
H A Dwindows-makefile.tmpl66 && $unified_info{attributes}->{modules}->{$_}->{fips} }
120 && !$unified_info{attributes}->{modules}->{$_}->{fips} }
132 && $unified_info{attributes}->{modules}->{$_}->{fips} }
458 install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -}
460 uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
502 {- output_off() if $disabled{fips}; "" -}
519 {- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -}
521 @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option"
524 @$(ECHO) "The 'uninstall_fips' target requires the 'enable-fips' option"
525 {- output_on() if !$disabled{fips}; "" -}
/freebsd/crypto/openssl/providers/fips/
H A Dbuild.info6 SOURCE[../fips]=fips_entry.c
/freebsd/contrib/sendmail/cf/feature/
H A Dfips3.m414 ifelse(defn(`_ARG_'), `', `/etc/mail/fips.ossl', `_ARG_'))dnl
/freebsd/crypto/openssl/doc/man5/
H A Dfips_config.pod32 whose name is identified by the B<fips> option in the B<providers>
44 A version number for the fips install process. Should be 1.

123