Lines Matching refs:FIPS

1 # FIPS 140-2
3 …FIPS validated. However, there is a core library (called BoringCrypto) that has been FIPS validate…
5 Please note that we cannot answer questions about FIPS, nor about using BoringSSL in a FIPS-complia…
22 In order to demonstrate failures of the various FIPS 140 tests, BoringSSL can be built in ways that…
38 …FIPS module inside a binary and thus trigger a failure of the integrity test. Note that the binary…
42 FIPS 140-2 requires that one of its PRNGs be used (which they call DRBGs). In BoringCrypto, we use …
46 In FIPS mode, each of those entropy sources is subject to a 10× overread. That is, when *n* bytes o…
50 …FIPS PRNGs allow “additional input” to be fed into a given call. We use this feature to be as robu…
52 …DSA nonce. This allows ECDSA to be robust to entropy failures while still following the FIPS rules.
54 FIPS requires that RNG state be zeroed when the process exits. In order to implement this, all per-…
58 FIPS-140 mandates that a module calculate an HMAC of its own code in a constructor function and com…
64 … order to produce an object file containing all the code and data for the FIPS module without that…
112 …tps://www.openssl.org/docs/fips/UserGuide-2.0.pdf) and inspecting the code of OpenSSL FIPS 2.0.12.)