Home
last modified time | relevance | path

Searched refs:approved (Results 1 – 25 of 64) sorted by relevance

123

/openssl/providers/common/
H A Dsecuritycheck_fips.c86 int approved = (nid != NID_undef && nid != NID_sha1); in ossl_fips_ind_digest_exch_check() local
88 if (!approved) { in ossl_fips_ind_digest_exch_check()
104 int approved; in ossl_fips_ind_digest_sign_check() local
107 approved = 0; in ossl_fips_ind_digest_sign_check()
109 approved = sha1_allowed || nid != NID_sha1; in ossl_fips_ind_digest_sign_check()
111 if (!approved) { in ossl_fips_ind_digest_sign_check()
/openssl/doc/designs/
H A Dfips_indicator.md21 - A module must have an approved mode of operation that requires at least one service to use an app…
23 - If a module only supports approved services in an approved manner an implicit indicator can be us…
98 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->approved))
112 ctx->approved = 1;
124 int approved;
127 if (!approved) {
128 ctx->approved = 0;
195 the approved flag.
199 unsigned char approved;
278 - ED25519/ED448 is now approved.
[all …]
/openssl/doc/man3/
H A DOSSL_INDICATOR_set_callback.pod23 I<libctx> that will be called when a non approved FIPS operation is detected.
26 to indicate different approved mode checks have failed.
28 Non approved operations may only occur if the user has deliberately chosen to do
33 contain the algorithm type and operation that is not approved.
47 A simple indicator callback to log non approved FIPS operations
53 fprintf(stdout, "%s %s is not approved\n", type, desc);
/openssl/doc/man7/
H A DEVP_KDF-TLS1_PRF.pod57 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
65 will ignore the error and set the approved "fips-indicator" to 0.
66 This option breaks FIPS compliance if it causes the approved "fips-indicator"
72 used digest is not approved.
73 Setting this to zero will ignore the error and set the approved
75 This option breaks FIPS compliance if it causes the approved "fips-indicator"
78 According to SP 800-135r1, the following are approved digest algorithms:
86 Setting this to zero will ignore the error and set the approved
88 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-X963.pod49 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
56 used digest is not approved.
57 Setting this to zero will ignore the error and set the approved
59 This option breaks FIPS compliance if it causes the approved "fips-indicator"
62 According to ANSI X9.63-2001, the following are approved digest algorithms:
71 Setting this to zero will ignore the error and set the approved
73 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-SSHKDF.pod93 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
100 used digest is not approved.
101 Setting this to zero will ignore the error and set the approved
103 This option breaks FIPS compliance if it causes the approved "fips-indicator"
106 According to SP 800-135r1, the following are approved digest algorithms: SHA-1,
114 Setting this to zero will ignore the error and set the approved
116 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-TLS13_KDF.pod90 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
97 used digest is not approved.
98 Setting this to zero will ignore the error and set the approved
100 This option breaks FIPS compliance if it causes the approved "fips-indicator"
103 According to RFC 8446, the following are approved digest algorithms: SHA2-256,
111 Setting this to zero will ignore the error and set the approved
113 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_MAC-CMAC.pod57 Setting this to 0 will ignore the error and set the approved
59 This option breaks FIPS compliance if it causes the approved "fips-indicator"
84 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
H A Dprovider-keyexch.pod215 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
223 approved (e.g. The key has a security strength of less than 112 bits). Setting
224 this to 0 will ignore the error and set the approved "fips-indicator" to 0.
225 This option breaks FIPS compliance if it causes the approved "fips-indicator"
232 not FIPS approved. Setting this to 0 will ignore the error and set the
233 approved "fips-indicator" to 0.
234 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A Dprovider-mac.pod202 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
210 asked for. Setting this to 0 will ignore the error and set the approved
212 This option breaks FIPS compliance if it causes the approved "fips-indicator"
219 asked for. Setting this to 0 will ignore the error and set the approved
221 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-SS.pod74 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
83 Setting this to zero will ignore the error and set the approved
85 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-X942-ASN1.pod88 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
97 Setting this to zero will ignore the error and set the approved
99 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_ASYM_CIPHER-RSA.pod94 Setting this to zero will ignore the error and set the approved
96 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A Dprovider-signature.pod509 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
517 indicates likely non-approved usage of the FIPS provider. This flag is
527 approved (e.g. The key has a security strength of less than 112 bits).
528 Setting this to 0 will ignore the error and set the approved "indicator" to 0.
529 This option breaks FIPS compliance if it causes the approved "fips-indicator"
536 not FIPS approved (e.g. SHA1 is used for signing). Setting this to 0 will ignore
537 the error and set the approved "fips-indicator" to 0.
538 This option breaks FIPS compliance if it causes the approved "fips-indicator"
547 This option breaks FIPS compliance if it causes the approved "fips-indicator" to
555 approved "fips-indicator" to 0.
[all …]
H A Dfips_module.pod343 * approved algorithms in the FIPS provider for backward compatibility reasons.
449 * The "fips=yes" property includes all FIPS approved algorithms
478 approved algorithms. An algorithm is approved if it passes all required checks
485 unapproved algorithms. At the end of any algorithm operation the approved status
492 is approved:
498 DSA Key generation is no longer approved.
503 DSA Signature generation is no longer approved.
516 "pkcs1" padding is no longer approved.
532 Triple-DES is not longer approved for encryption.
593 require FIPS-approved functionality, it is essential to build your FIPS
[all …]
H A DEVP_KDF-PBKDF2.pod62 This option breaks FIPS compliance if it causes the approved "fips-indicator"
69 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
H A DEVP_KDF-KB.pod78 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
87 Setting this to zero will ignore the error and set the approved
89 This option breaks FIPS compliance if it causes the approved "fips-indicator"
H A DEVP_KDF-HKDF.pod93 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
102 Setting this to zero will ignore the error and set the approved
104 This option breaks FIPS compliance if it causes the approved "fips-indicator"
/openssl/providers/fips/
H A Dfipsindicator.c27 ind->approved = 1; in ossl_FIPS_IND_set_approved()
64 ind->approved = 0; in ossl_FIPS_IND_on_unapproved()
98 return p == NULL || OSSL_PARAM_set_int(p, ind->approved); in ossl_FIPS_IND_get_ctx_param()
/openssl/test/recipes/30-test_evp_data/
H A Devpciph_des3_common.txt43 # Test that DES3 CBC mode encryption fails because it is not FIPS approved
53 # Test that DES3 EBC mode encryption fails because it is not FIPS approved
64 # Test that DES3 CBC mode encryption is not FIPS approved
76 # Test that DES3 ECB mode encryption is not FIPS approved
/openssl/providers/implementations/macs/
H A Dhmac_prov.c167 int approved = ossl_mac_check_key_size(keylen); in hmac_setkey() local
169 if (!approved) { in hmac_setkey()
297 int approved = 0; in hmac_get_ctx_params() local
300 approved = OSSL_FIPS_IND_GET(macctx)->approved; in hmac_get_ctx_params()
301 if (!OSSL_PARAM_set_int(p, approved)) in hmac_get_ctx_params()
/openssl/providers/implementations/exchange/
H A Decx_exch.c193 int approved = 0; in ecx_get_ctx_params() local
197 if (p != NULL && !OSSL_PARAM_set_int(p, approved)) in ecx_get_ctx_params()
/openssl/test/
H A Dfips-alt.cnf10 # Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
H A Dfips.cnf13 # Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
H A Dfips-and-base.cnf10 # You MUST uncomment the following line to operate in a FIPS approved manner,

Completed in 37 milliseconds

123