Home
last modified time | relevance | path

Searched refs:approved (Results 1 – 25 of 102) sorted by relevance

12345

/src/crypto/openssl/providers/common/ !
H A Dsecuritycheck_fips.c86 int approved = (nid != NID_undef && nid != NID_sha1); in ossl_fips_ind_digest_exch_check() local
88 if (!approved) { in ossl_fips_ind_digest_exch_check()
105 int approved; in ossl_fips_ind_digest_sign_check() local
110 approved = 0; in ossl_fips_ind_digest_sign_check()
114 approved = sha512_trunc_allowed; in ossl_fips_ind_digest_sign_check()
118 approved = sha1_allowed; in ossl_fips_ind_digest_sign_check()
122 approved = 1; in ossl_fips_ind_digest_sign_check()
126 if (!approved) { in ossl_fips_ind_digest_sign_check()
/src/crypto/openssl/doc/designs/ !
H A Dfips_indicator.md21 - A module must have an approved mode of operation that requires at least one service to use an app…
22 …e requires a built-in service indicator capable of indicating the use of approved security services
23 - If a module only supports approved services in an approved manner an implicit indicator can be us…
24 - An approved algorithm is not considered to be an approved implementation if it does not have a CA…
25 - Documentation is required to demonstrate how to use indicators for each approved cryptographic al…
26 …on of whether the service utilizes an approved cryptographic algorithm, security function or proce…
27 …heir security policy called ‘Non-Approved Algorithms not allowed in the approved mode of operation…
43 The following rules will apply to any code that currently is not FIPS approved,
48 …OSSL_SELF_TEST will be added. This callback will be triggered whenever an approved mode test fails.
87 If the FIPS related approved mode check fails and either the ctx setter is zero
[all …]
/src/crypto/openssl/doc/man3/ !
H A DOSSL_INDICATOR_set_callback.pod23 I<libctx> that will be called when a non approved FIPS operation is detected.
26 to indicate different approved mode checks have failed.
28 Non approved operations may only occur if the user has deliberately chosen to do
33 contain the algorithm type and operation that is not approved.
47 A simple indicator callback to log non approved FIPS operations
53 fprintf(stdout, "%s %s is not approved\n", type, desc);
/src/crypto/openssl/doc/man7/ !
H A DEVP_KDF-TLS1_PRF.pod57 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
65 will ignore the error and set the approved "fips-indicator" to 0.
66 This option breaks FIPS compliance if it causes the approved "fips-indicator"
72 used digest is not approved.
73 Setting this to zero will ignore the error and set the approved
75 This option breaks FIPS compliance if it causes the approved "fips-indicator"
78 According to SP 800-135r1, the following are approved digest algorithms:
86 Setting this to zero will ignore the error and set the approved
88 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-X963.pod49 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
56 used digest is not approved.
57 Setting this to zero will ignore the error and set the approved
59 This option breaks FIPS compliance if it causes the approved "fips-indicator"
62 According to ANSI X9.63-2001, the following are approved digest algorithms:
71 Setting this to zero will ignore the error and set the approved
73 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-SSHKDF.pod93 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
100 used digest is not approved.
101 Setting this to zero will ignore the error and set the approved
103 This option breaks FIPS compliance if it causes the approved "fips-indicator"
106 According to SP 800-135r1, the following are approved digest algorithms: SHA-1,
114 Setting this to zero will ignore the error and set the approved
116 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-TLS13_KDF.pod90 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
97 used digest is not approved.
98 Setting this to zero will ignore the error and set the approved
100 This option breaks FIPS compliance if it causes the approved "fips-indicator"
103 According to RFC 8446, the following are approved digest algorithms: SHA2-256,
111 Setting this to zero will ignore the error and set the approved
113 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_MAC-CMAC.pod57 Setting this to 0 will ignore the error and set the approved
59 This option breaks FIPS compliance if it causes the approved "fips-indicator"
84 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
H A Dprovider-keyexch.pod215 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
223 approved (e.g. The key has a security strength of less than 112 bits). Setting
224 this to 0 will ignore the error and set the approved "fips-indicator" to 0.
225 This option breaks FIPS compliance if it causes the approved "fips-indicator"
232 not FIPS approved. Setting this to 0 will ignore the error and set the
233 approved "fips-indicator" to 0.
234 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A Dprovider-mac.pod208 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
216 asked for. Setting this to 0 will ignore the error and set the approved
218 This option breaks FIPS compliance if it causes the approved "fips-indicator"
225 asked for. Setting this to 0 will ignore the error and set the approved
227 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A Dfips_module.pod343 * approved algorithms in the FIPS provider for backward compatibility reasons.
449 * The "fips=yes" property includes all FIPS approved algorithms
478 approved algorithms. An algorithm is approved if it passes all required checks
485 unapproved algorithms. At the end of any algorithm operation the approved status
492 is approved:
498 DSA Key generation is no longer approved.
503 DSA Signature generation is no longer approved.
516 "pkcs1" padding is no longer approved.
532 Triple-DES is not longer approved for encryption.
593 require FIPS-approved functionality, it is essential to build your FIPS
[all …]
H A DEVP_KDF-X942-ASN1.pod88 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
97 Setting this to zero will ignore the error and set the approved
99 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-SS.pod74 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
83 Setting this to zero will ignore the error and set the approved
85 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_ASYM_CIPHER-RSA.pod95 Setting this to zero will ignore the error and set the approved
97 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-HKDF.pod93 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
102 Setting this to zero will ignore the error and set the approved
104 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-KB.pod78 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
87 Setting this to zero will ignore the error and set the approved
89 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-PBKDF2.pod62 This option breaks FIPS compliance if it causes the approved "fips-indicator"
69 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
/src/crypto/openssl/providers/fips/ !
H A Dfipsindicator.c27 ind->approved = 1; in ossl_FIPS_IND_set_approved()
64 ind->approved = 0; in ossl_FIPS_IND_on_unapproved()
98 return p == NULL || OSSL_PARAM_set_int(p, ind->approved); in ossl_FIPS_IND_get_ctx_param()
/src/crypto/openssl/test/recipes/30-test_evp_data/ !
H A Devpciph_des3_common.txt43 # Test that DES3 CBC mode encryption fails because it is not FIPS approved
53 # Test that DES3 EBC mode encryption fails because it is not FIPS approved
64 # Test that DES3 CBC mode encryption is not FIPS approved
76 # Test that DES3 ECB mode encryption is not FIPS approved
/src/crypto/openssl/providers/implementations/macs/ !
H A Dhmac_prov.c167 int approved = ossl_mac_check_key_size(keylen); in hmac_setkey() local
169 if (!approved) { in hmac_setkey()
298 int approved = 0; in hmac_get_ctx_params() local
301 approved = OSSL_FIPS_IND_GET(macctx)->approved; in hmac_get_ctx_params()
302 if (!OSSL_PARAM_set_int(p, approved)) in hmac_get_ctx_params()
/src/crypto/openssl/providers/implementations/exchange/ !
H A Decx_exch.c193 int approved = 0; in ecx_get_ctx_params() local
197 if (p != NULL && !OSSL_PARAM_set_int(p, approved)) in ecx_get_ctx_params()
/src/ !
H A DLOCKS3 approved by core.
/src/crypto/openssl/test/ !
H A Dfips-alt.cnf10 # Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
H A Dfips.cnf13 # Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
H A Dfips-and-base.cnf10 # You MUST uncomment the following line to operate in a FIPS approved manner,

12345