Home
last modified time | relevance | path

Searched +full:fips +full:- +full:140 +full:- +full:2 (Results 1 – 25 of 96) sorted by relevance

1234

/freebsd/crypto/openssl/doc/designs/
H A Dfips_indicator.md1 OpenSSL FIPS Indicators
4 The following document refers to behaviour required by the OpenSSL FIPS provider,
8 ----------
10 - [1] FIPS 140-3 Standards: <https://csrc.nist.gov/projects/cryptographic-module-validation-program…
11 - [2] Approved Security Functions: <https://csrc.nist.gov/projects/cryptographic-module-validation-
12 - [3] Approved SSP generation and Establishment methods: <https://csrc.nist.gov/projects/cryptograp…
13 - [4] Key transitions: <https://csrc.nist.gov/pubs/sp/800/131/a/r2/final>
14 - [5] FIPS 140-3 Implementation Guidance: <https://csrc.nist.gov/csrc/media/Projects/cryptographic-
17 ------------
19 The following information was extracted from the FIPS 140-3 IG [5] “2.4.C Approved Security Service…
[all …]
/freebsd/secure/usr.bin/openssl/man/
H A Dopenssl-fipsinstall.11 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "OPENSSL-FIPSINSTALL 1ossl"
58 .TH OPENSSL-FIPSINSTALL 1ossl 2025-07-24 3.5.1 OpenSSL
64 openssl\-fipsinstall \- perform FIPS configuration installation
68 [\fB\-help\fR]
69 [\fB\-in\fR \fIconfigfilename\fR]
70 [\fB\-out\fR \fIconfigfilename\fR]
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-fipsinstall.pod.in2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-fipsinstall - perform FIPS configuration installation
11 [B<-help>]
12 [B<-in> I<configfilename>]
13 [B<-out> I<configfilename>]
14 [B<-module> I<modulefilename>]
15 [B<-provider_name> I<providername>]
16 [B<-section_name> I<sectionname>]
17 [B<-verify>]
18 [B<-mac_name> I<macname>]
[all …]
/freebsd/crypto/openssl/test/recipes/
H A D03-test_fipsinstall.t2 # Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
25 plan skip_all => "Test only supported in a fips build" if disabled("fips");
27 # Compatible options for pedantic FIPS compliance
33 # Incompatible options for pedantic FIPS compliance
41 ( 'ems_check', 'tls1-prf-ems-check' ),
42 ( 'no_short_mac', 'no-short-mac' ),
43 ( 'no_drbg_truncated_digests', 'drbg-no-trunc-md' ),
44 ( 'signature_digest_check', 'signature-digest-check' ),
45 ( 'hkdf_digest_check', 'hkdf-digest-check' ),
46 ( 'tls13_kdf_digest_check', 'tls13-kdf-digest-check' ),
[all …]
H A D15-test_gendsa.t2 # Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
24 plan skip_all => "This test is unsupported in a no-dsa build"
27 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
30 ($no_fips ? 0 : 2) # FIPS related tests
33 ok(run(app([ 'openssl', 'genpkey', '-genparam',
34 '-algorithm', 'DSA',
35 '-pkeyopt', 'gindex:1',
36 '-pkeyopt', 'type:fips186_4',
37 '-text'])),
40 ok(run(app([ 'openssl', 'genpkey', '-genparam',
[all …]
/freebsd/secure/lib/libcrypto/man/man7/
H A DEVP_ASYM_CIPHER-RSA.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_ASYM_CIPHER-RSA 7ossl"
58 .TH EVP_ASYM_CIPHER-RSA 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_ASYM_CIPHER\-RSA
65 \&\- RSA Asymmetric Cipher algorithm support
71 .IP """pad-mode"" (\fBOSSL_ASYM_CIPHER_PARAM_PAD_MODE\fR) <UTF8 string>" 4
72 .IX Item """pad-mode"" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) <UTF8 string>"
[all …]
H A DEVP_RAND-HASH-DRBG.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_RAND-HASH-DRBG 7ossl"
58 .TH EVP_RAND-HASH-DRBG 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_RAND\-HASH\-DRBG \- The HASH DRBG EVP_RAND implementation
71 "HASH-DRBG" is the name for this implementation; it can be used with the
107 .IP """fips-indicator"" (\fBOSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
108 .IX Item """fips-indicator"" (OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
[all …]
H A DEVP_RAND-HMAC-DRBG.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_RAND-HMAC-DRBG 7ossl"
58 .TH EVP_RAND-HMAC-DRBG 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_RAND\-HMAC\-DRBG \- The HMAC DRBG EVP_RAND implementation
71 "HMAC-DRBG" is the name for this implementation; it can be used with the
109 .IP """fips-indicator"" (\fBOSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
110 .IX Item """fips-indicator"" (OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
[all …]
H A DEVP_KEYEXCH-X25519.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_KEYEXCH-X25519 7ossl"
58 .TH EVP_KEYEXCH-X25519 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_KEYEXCH\-X25519,
65 EVP_KEYEXCH\-X448
66 \&\- X25519 and X448 Key Exchange algorithm support
75 .IP """fips-indicator"" (\fBOSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
[all …]
H A DEVP_PKEY-DSA.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_PKEY-DSA 7ossl"
58 .TH EVP_PKEY-DSA 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_PKEY\-DSA, EVP_KEYMGMT\-DSA \- EVP_PKEY DSA keytype and algorithm support
67 For \fBDSA\fR the FIPS 186\-4 standard specifies that the values used for FFC
74 As part of FIPS 140\-3 DSA is not longer FIPS approved for key generation and
79 "FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7)).
[all …]
H A DOSSL_PROVIDER-FIPS.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "OSSL_PROVIDER-FIPS 7ossl"
58 .TH OSSL_PROVIDER-FIPS 7ossl 2025-07-01 3.5.1 OpenSSL
64 OSSL_PROVIDER\-FIPS \- OpenSSL FIPS provider
67 The OpenSSL FIPS provider is a special provider that conforms to the Federal
68 Information Processing Standards (FIPS) specified in FIPS 140\-3. This 'module'
75 .IP """provider=fips""" 4
[all …]
H A DEVP_PKEY-X25519.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_PKEY-X25519 7ossl"
58 .TH EVP_PKEY-X25519 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_PKEY\-X25519, EVP_PKEY\-X448, EVP_PKEY\-ED25519, EVP_PKEY\-ED448,
65 EVP_KEYMGMT\-X25519, EVP_KEYMGMT\-X448, EVP_KEYMGMT\-ED25519, EVP_KEYMGMT\-ED448
66 \&\- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
70 implemented in OpenSSL's default and FIPS providers. These implementations
[all …]
H A DEVP_SIGNATURE-DSA.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_SIGNATURE-DSA 7ossl"
58 .TH EVP_SIGNATURE-DSA 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_SIGNATURE\-DSA
65 \&\- The EVP_PKEY DSA signature implementation
70 RFC 3279, section 2.2.2.
71 See \fBEVP_PKEY\-DSA\fR\|(7) for information related to DSA keys.
[all …]
H A DEVP_SIGNATURE-RSA.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "EVP_SIGNATURE-RSA 7ossl"
58 .TH EVP_SIGNATURE-RSA 7ossl 2025-07-01 3.5.1 OpenSSL
64 EVP_SIGNATURE\-RSA
65 \&\- The EVP_PKEY RSA signature implementation
69 See \fBEVP_PKEY\-RSA\fR\|(7) for information related to RSA keys.
84 .IP """RSA\-RIPEMD160"", ""ripemd160WithRSA"", ""1.3.36.3.3.1.2""" 4
[all …]
H A Dopenssl-glossary.71 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
48 . if !\nF==2 \{\
50 . nr F 2
57 .IX Title "OPENSSL-GLOSSARY 7ossl"
58 .TH OPENSSL-GLOSSARY 7ossl 2025-07-01 3.5.1 OpenSSL
64 openssl\-glossary \- An OpenSSL Glossary
77 types and values. It is defined in the ITU-T documents X.680 to X.683:
79 <https://www.itu.int/rec/T\-REC\-X.680>,
80 <https://www.itu.int/rec/T\-REC\-X.681>,
[all …]
/freebsd/crypto/openssl/doc/man7/
H A DEVP_RAND-HASH-DRBG.pod5 EVP_RAND-HASH-DRBG - The HASH DRBG EVP_RAND implementation
14 "HASH-DRBG" is the name for this implementation; it can be used with the
53 =item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
55 =item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
57 These parameters work as described in L<provider-rand(7)/PARAMETERS>.
63 When the FIPS provider is installed using the B<-no_drbg_truncated_digests>
65 L<FIPS 140-3 IG D.R|https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-progr…
67 The default HASH-DRBG implementation attempts to fetch the required internal
75 =item SHA-1
77 =item SHA2-256
[all …]
H A DEVP_PKEY-DSA.pod5 EVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support
9 For B<DSA> the FIPS 186-4 standard specifies that the values used for FFC
16 As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
22 L<EVP_PKEY-FFC(7)/FFC parameters>).
28 =item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer
30 =item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
32 See L<provider-keymgmt(7)/Common Information Parameters> for more information.
39 L<EVP_PKEY-FFC(7)/FFC key generation parameters>
50 The OpenSSL FIPS provider conforms to the rules within the FIPS186-4
60 L<EVP_PKEY_pairwise_check(3)> the OpenSSL default and FIPS providers conform to
[all …]
H A DEVP_SIGNATURE-DSA.pod5 EVP_SIGNATURE-DSA
6 - The B<EVP_PKEY> DSA signature implementation
12 RFC 3279, section 2.2.2.
13 See L<EVP_PKEY-DSA(7)> for information related to DSA keys.
15 As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
31 L<EC keys|EVP_PKEY-EC(7)>) with L<EVP_DigestSignInit(3)> and
36 =item "DSA-SHA1", "DSA-SHA-1", "dsaWithSHA1", "1.2.840.10040.4.3"
38 =item "DSA-SHA2-224", "DSA-SHA224", "dsa_with_SHA224", "2.16.840.1.101.3.4.3.1"
40 =item "DSA-SHA2-256", "DSA-SHA256", "dsa_with_SHA256", "2.16.840.1.101.3.4.3.2"
42 =item "DSA-SHA2-384", "DSA-SHA384", "dsa_with_SHA384", "id-dsa-with-sha384", "1.2.840.1.101.3.4.3.3"
[all …]
H A DEVP_SIGNATURE-RSA.pod5 EVP_SIGNATURE-RSA
6 - The EVP_PKEY RSA signature implementation
11 See L<EVP_PKEY-RSA(7)> for information related to RSA keys.
26 L<RSA keys|EVP_PKEY-RSA(7)>) with L<EVP_DigestSignInit(3)> and
31 =item "RSA-RIPEMD160", "ripemd160WithRSA", "1.3.36.3.3.1.2"
33 =item "RSA-SHA2-256", "RSA-SHA256", "sha256WithRSAEncryption", "1.2.840.113549.1.1.11"
35 =item "RSA-SHA2-384", "RSA-SHA384", "sha384WithRSAEncryption", "1.2.840.113549.1.1.12"
37 =item "RSA-SHA2-512", "RSA-SHA512", "sha512WithRSAEncryption", "1.2.840.113549.1.1.13"
39 =item "RSA-SHA2-224", "RSA-SHA224", "sha224WithRSAEncryption", "1.2.840.113549.1.1.14"
41 =item "RSA-SHA2-512/224", "RSA-SHA512-224", "sha512-224WithRSAEncryption", "1.2.840.113549.1.1.15"
[all …]
/freebsd/share/man/man4/
H A Drndtest.41 .\"-
10 .\" 2. Redistributions in binary form must reproduce the above copyright
31 .Nd FIPS 140-2 random number generator test monitor
43 This data is periodically tested for FIPS 140-2 compliance and
45 If the harvested entropy fails any of the FIPS test suite, then
/freebsd/crypto/openssl/crypto/dsa/
H A Ddsa_key.c2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
36 if (dsa->meth->dsa_keygen != NULL) in DSA_generate_key()
37 return dsa->meth->dsa_keygen(dsa); in DSA_generate_key()
53 if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) in ossl_dsa_generate_public_key()
63 * Refer: FIPS 140-3 IG 10.3.A Additional Comment 1
72 * agreement, the only PCT defined in SP 800-56A is that of Section 5.6.2.4:
93 if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key2)) in dsa_keygen_knownanswer_test()
101 ret = !BN_cmp(dsa->pub_key, pub_key2); in dsa_keygen_knownanswer_test()
111 * FIPS 140-2 IG 9.9 AS09.33
153 if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) in dsa_keygen()
[all …]
/freebsd/crypto/openssl/
H A DREADME-FIPS.md1 OpenSSL FIPS support
5 FIPS validated. The module is implemented as an OpenSSL provider.
7 cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
10 A cryptographic module is only FIPS validated after it has gone through the complex
11 FIPS 140 validation process. As this process takes a very long time, it is not
13 If you need a FIPS validated module then you must ONLY generate a FIPS provider
14 using OpenSSL versions that have valid FIPS certificates. A FIPS certificate
16 in the Security Policy in order to be FIPS compliant.
18 FIPS certificates and Security Policies.
22 legacy providers) without any restrictions, but the FIPS provider must be built
[all …]
/freebsd/lib/libsecureboot/
H A DMakefile.inc10 CFLAGS+= -I${libsecureboot_src}/h
12 CFLAGS+= -DHAVE_BR_X509_TIME_CHECK
29 BRSSL_CFLAGS+= -I${BEARSSL}/tools
53 …sed "1,`grep -n .-END ${.ALLSRC:M*.pem} | tail -2 | head -1 | sed 's,:.*,,'`d" ${.ALLSRC:M*.pem} >…
55 # extract 2nd last cert from chain - we use this for self-test
57 sed -n "`grep -n .-BEGIN ${.ALLSRC:M*.pem} | tail -2 | \
58 sed 's,:.*,,' | xargs | (read a b; echo $$a,$$(($$b - 1)))`p" ${.ALLSRC:M*.pem} > ${.TARGET}
62 .-include "local.trust.mk"
77 # needs to be yes for FIPS 140-2 compliance
80 CFLAGS+= -I.
[all …]
/freebsd/sys/contrib/device-tree/Bindings/rng/
H A Dsilex-insight,ba431-rng.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/rng/silex-insight,ba431-rng.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 The BA431 hardware random number generator is an IP that is FIPS-140-2/3
14 - Olivier Sobrie <olivier.sobrie@silexinsight.com>
18 const: silex-insight,ba431-rng
24 - compatible
25 - reg
30 - |
[all …]
/freebsd/crypto/openssl/crypto/des/
H A Dset_key.c2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
10 /*-
12 * 1.4 Speed up by 400% :-)
31 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
41 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
79 b ^= b >> 2; in DES_check_key_parity()
86 /*-
100 /* semi-weak keys */
131 /*-
139 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
[all …]

1234