fips\-provider\-validation (full) in projects: third_party

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched +full:fips +full:- +full:provider +full:- +full:validation (Results 1 – 25 of 29) sorted by relevance

/third_party/openssl/.github/workflows/
D	fips-old.yml	`8 name: Provider old versions compat 15 fips-provider-validation: 20 dir: openssl-3.0.0, 21 tgz: openssl-3.0.0.tar.gz, 22 url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz" 25 runs-on: ubuntu-latest 27 - name: create directory 29 - uses: actions/checkout@v2 32 - name: download module source 33 run: wget --no-verbose ${{ matrix.module.url }} [all …]`
/third_party/openssl/doc/man7/
D	EVP_PKEY-DSA.pod	5 EVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support 9 For B<DSA> the FIPS186-4 standard specifies that the values used for FFC 10 parameter generation are also required for parameter validation. 12 and I<gindex> may need to be stored for validation purposes. For B<DSA> these 14 validation is required. 19 L<EVP_PKEY-FFC(7)/FFC parameters>). 24 L<EVP_PKEY-FFC(7)/FFC key generation parameters> 32 =head2 DSA key validation 35 The OpenSSL FIPS provider conforms to the rules within the FIPS186-4 36 standard for FFC parameter validation. For backwards compatibility the OpenSSL [all …]
D	EVP_PKEY-DH.pod	5 EVP_PKEY-DH, EVP_PKEY-DHX, EVP_KEYMGMT-DH, EVP_KEYMGMT-DHX 6 - EVP_PKEY DH and DHX keytype and algorithm support 11 "safe" domain parameters that are associated with approved named safe-prime 12 groups, and a class of "FIPS186-type" domain parameters. FIPS186-type domain 14 applications that cannot be upgraded to use the approved safe-prime groups. 16 See L<EVP_PKEY-FFC(7)> for more information about FFC keys. 21 must be used for FIPS186-4. If key validation is required, users should be aware 22 of the nuances associated with FIPS186-4 style parameters as discussed in 23 L</DH key validation>. 28 (see L<EVP_PKEY-FFC(7)/FFC parameters>) the B<DHX> and B<DH> keytype [all …]
D	EVP_PKEY-RSA.pod	5 EVP_PKEY-RSA, EVP_KEYMGMT-RSA, RSA 6 - EVP_PKEY RSA keytype and algorithm support 10 The B<RSA> keytype is implemented in OpenSSL's default and FIPS providers. 19 L<provider-keymgmt(7)/Common parameters>), the B<RSA> keytype implementation 36 =item "rsa-factor1" (B<OSSL_PKEY_PARAM_RSA_FACTOR1>) <unsigned integer> 38 =item "rsa-factor2" (B<OSSL_PKEY_PARAM_RSA_FACTOR2>) <unsigned integer> 40 =item "rsa-factor3" (B<OSSL_PKEY_PARAM_RSA_FACTOR3>) <unsigned integer> 42 =item "rsa-factor4" (B<OSSL_PKEY_PARAM_RSA_FACTOR4>) <unsigned integer> 44 =item "rsa-factor5" (B<OSSL_PKEY_PARAM_RSA_FACTOR5>) <unsigned integer> 46 =item "rsa-factor6" (B<OSSL_PKEY_PARAM_RSA_FACTOR6>) <unsigned integer> [all …]
D	fips_module.pod	5 fips_module - OpenSSL fips module guide 14 with the FIPS module. Which is the correct approach to use will depend on your 20 Applications written to use the OpenSSL 3.0 FIPS module should not use any 21 legacy APIs or features that avoid the FIPS module. Specifically this includes: 41 All of the above APIs are deprecated in OpenSSL 3.0 - so a simple rule is to 45 =head2 Making all applications use the FIPS module by default 48 use the FIPS module for cryptographic algorithms by default. 53 FIPS module without the need for any further code changes. 60 $ openssl version -d 67 $ openssl version -v [all …]
D	migration_guide.pod	5 migration_guide - OpenSSL migration guide 32 OpenSSL 3.0 such as the availability of the FIPS module. 37 licenses\|https://www.openssl.org/source/license-openssl-ssleay.txt> 39 L<Apache License v2\|https://www.openssl.org/source/apache-license-2.0.txt>. 41 =head3 Providers and FIPS support 43 One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider 53 One of the standard providers available is the FIPS provider. This makes 54 available FIPS validated cryptographic algorithms. 55 The FIPS provider is disabled by default and needs to be enabled explicitly 56 at configuration time using the C<enable-fips> option. If it is enabled, [all …]
D	EVP_PKEY-EC.pod	`5 EVP_PKEY-EC, 6 EVP_KEYMGMT-EC 7 - EVP_PKEY EC keytype and algorithm support 11 The B<EC> keytype is implemented in OpenSSL's default provider. 17 used that specify "field-type", "p", "a", "b", "generator" and "order". 23 built-in EC algorithm: 31 =item "field-type" (B<OSSL_PKEY_PARAM_EC_FIELD_TYPE>) <UTF8 string> 33 The value should be either "prime-field" or "characteristic-two-field", 39 represents the irreducible polynomial - each bit represents a term in the 67 I<order> - 1. [all …]`
D	EVP_PKEY-FFC.pod	5 EVP_PKEY-FFC - EVP_PKEY DSA and DH/DHX shared FFC parameters. 11 Diffie-Hellman key establishment algorithms specified in SP800-56A can also be 15 FIPS providers. 20 For B<DSA> (and B<DH> that is not a named group) the FIPS186-4 standard 22 for parameter validation. 24 and I<gindex> may need to be stored for validation purposes. 27 the ASN1 data so they need to be stored externally if validation is required. 31 must be used for FIPS186-4. 36 L<provider-keymgmt(7)/Common parameters>), the B<DSA>, B<DH> and B<DHX> keytype 57 A DSA or Diffie-Hellman prime "p" value. [all …]
/third_party/openssl/doc/man3/
D	EVP_PKEY_check.pod	8 - key and parameter validation functions 30 implementations may offer a quicker form of validation that omits some checks in 38 implementations may offer a quicker form of validation that omits some checks in 51 Key validation used by the OpenSSL FIPS provider complies with the rules 52 within SP800-56A and SP800-56B. For backwards compatibility reasons the OpenSSL 53 default provider may use checks that are not as restrictive for certain key types. 54 For further information see L<EVP_PKEY-DSA(7)/DSA key validation>, 55 L<EVP_PKEY-DH(7)/DH key validation>, L<EVP_PKEY-EC(7)/EC key validation> and 56 L<EVP_PKEY-RSA(7)/RSA key validation>. 58 Refer to SP800-56A and SP800-56B for rules relating to when these functions [all …]
D	EVP_PKEY_CTX_ctrl.pod	73 - algorithm specific control operations 198 type used must match I<keytype> if it is not -1. The parameter I<optype> is a 216 command line pages for the option I<-pkeyopt> which is supported by the 315 implementation for the selected provider supports it then the digest will be 332 EVP_MD object instead. Note that only known, built-in EVP_MD objects will be 334 as a digest only implemented in a third party provider). 338 implementation for the selected provider supports it then the digest will be 355 EVP_MD object instead. Note that only known, built-in EVP_MD objects will be 357 as a digest only implemented in a third party provider). 371 pre-master secret in a TLS ClientKeyExchange message. It is the same as [all …]
/third_party/openssl/crypto/dsa/
D	dsa_check.c	2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 25 return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, in ossl_dsa_check_params() 29 * Do full FFC domain params validation according to FIPS-186-4 in ossl_dsa_check_params() 30 * - always in FIPS_MODULE in ossl_dsa_check_params() 31 * - only if possible (i.e., seed is set) in default provider in ossl_dsa_check_params() 33 return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params, in ossl_dsa_check_params() 38 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation. 42 return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); in ossl_dsa_check_pub_key() 46 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation. 48 * safe-prime groups. [all …]
/third_party/openssl/
D	INSTALL.md	`11 - [Prerequisites](#prerequisites) 12 - [Notational Conventions](#notational-conventions) 13 - [Quick Installation Guide](#quick-installation-guide) 14 - [Building OpenSSL](#building-openssl) 15 - [Installing OpenSSL](#installing-openssl) 16 - [Configuration Options](#configuration-options) 17 - [API Level](#api-level) 18 - [Cross Compile Prefix](#cross-compile-prefix) 19 - [Build Type](#build-type) 20 - [Directories](#directories) [all …]`
D	NEWS.md	`8 ---------------- 10 - [OpenSSL 3.0](#openssl-30) 11 - [OpenSSL 1.1.1](#openssl-111) 12 - [OpenSSL 1.1.0](#openssl-110) 13 - [OpenSSL 1.0.2](#openssl-102) 14 - [OpenSSL 1.0.1](#openssl-101) 15 - [OpenSSL 1.0.0](#openssl-100) 16 - [OpenSSL 0.9.x](#openssl-09x) 19 ----------- 21 ([CVE-2023-4807]) [all …]`
D	CHANGES.md	`4 This is a high-level summary of the most important changes. 11 ---------------- 13 - [OpenSSL 3.0](#openssl-30) 14 - [OpenSSL 1.1.1](#openssl-111) 15 - [OpenSSL 1.1.0](#openssl-110) 16 - [OpenSSL 1.0.2](#openssl-102) 17 - [OpenSSL 1.0.1](#openssl-101) 18 - [OpenSSL 1.0.0](#openssl-100) 19 - [OpenSSL 0.9.x](#openssl-09x) 22 ----------- [all …]`
/third_party/wpa_supplicant/wpa_supplicant-2.9/wpa_supplicant/
D	ChangeLog	`3 2019-08-07 - v2.9 5 - disable use of groups using Brainpool curves 6 - improved protection against side channel attacks 7 [https://w1.fi/security/2019-6/] 8 * EAP-pwd changes 9 - disable use of groups using Brainpool curves 10 - allow the set of groups to be configured (eap_pwd_groups) 11 - improved protection against side channel attacks 12 [https://w1.fi/security/2019-6/] 13 * fixed FT-EAP initial mobility domain association using PMKSA caching [all …]`
/third_party/openssl/providers/implementations/keymgmt/
D	rsa_kmgmt.c	2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 245 /* In fips mode there are no multi-primes. / 296 This provider can export everything in an RSA key, so we use the exact 349 * For restricted RSA-PSS keys, we ignore the default digest request. in rsa_get_params() 350 * With RSA-OAEP keys, this may need to be amended. in rsa_get_params() 360 * For non-RSA-PSS keys, we ignore the mandatory digest request. in rsa_get_params() 361 * With RSA-OAEP keys, this may need to be amended. in rsa_get_params() 403 /* If the whole key is selected, we do a pairwise validation */ in rsa_validate() 447 return gctx->cb(params, gctx->cbarg); in rsa_gencb() 463 gctx->libctx = libctx; in gen_init() [all …]
/third_party/wpa_supplicant/wpa_supplicant-2.9_standard/wpa_supplicant/
D	ChangeLog	`3 2022-01-16 - v2.10 5 - improved protection against side channel attacks 6 [https://w1.fi/security/2022-1/] 7 - added support for the hash-to-element mechanism (sae_pwe=1 or 10 - fixed PMKSA caching with OKC 11 - added support for SAE-PK 12 * EAP-pwd changes 13 - improved protection against side channel attacks 14 [https://w1.fi/security/2022-1/] 17 [https://w1.fi/security/2021-1/] [all …]`
/third_party/openssl/crypto/err/
D	openssl.txt	1 # Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. 442 CRYPTO_R_PROVIDER_ALREADY_EXISTS:104:provider already exists 443 CRYPTO_R_PROVIDER_SECTION_ERROR:105:provider section error 696 EVP_R_INVALID_PROVIDER_FUNCTIONS:193:invalid provider functions 982 PROV_R_FIPS_MODULE_CONDITIONAL_ERROR:227:fips module conditional error 983 PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE:224:fips module entering error state 984 PROV_R_FIPS_MODULE_IN_ERROR_STATE:225:fips module in error state 1358 SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type
/third_party/openssl/test/
D	sslapitest.c	2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 32 #include <openssl/provider.h> 49 * If we don't have ec or dh then there are no built-in groups that are usable 55 /* Defined in tls-provider.c / 153 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) { in client_keylog_callback() 169 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { in server_keylog_callback() 225 hex-encoded encrypted secret, then the hex-encoded pre-master in test_keylog_output() 242 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output() 243 * client random, then the hex-encoded master secret. in test_keylog_output() 280 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output() [all …]
D	ssl_old_test.c	2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 57 #include <openssl/provider.h> 124 outlen = sizeof(NEXT_PROTO_STRING) - 2; in cb_client_npn() 132 len = sizeof(NEXT_PROTO_STRING) - 1; in cb_server_npn() 168 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 \|\| in verify_npn() 170 return -1; in verify_npn() 171 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 \|\| in verify_npn() 173 return -1; in verify_npn() 176 return -1; in verify_npn() 178 return -1; in verify_npn() [all …]
/third_party/node/doc/changelogs/
D	CHANGELOG_IOJS.md	3 <!--lint disable prohibited-strings--> 4 <!--lint disable maximum-line-length--> 5 <!--lint disable no-literal-urls--> 83 ## 2015-09-15, io.js Version 3.3.1 @rvagg 92 * node-gyp: Float v3.0.3 which has improved support for Node.js and io.js v0.10 to v4+ (Rod Vag… 94 …/node-v0.x-archive#8751](https://github.com/nodejs/node-v0.x-archive/pull/8751) [nodejs/node-v0.x-… 98 See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and current list of known iss… 109 * [[`b73ff52fe6`](https://github.com/nodejs/node/commit/b73ff52fe6)] - bindings: close after re… 110 * [[`aa1140e59a`](https://github.com/nodejs/node/commit/aa1140e59a)] - buffer: SlowBuffer only … 111 * [[`574475d56e`](https://github.com/nodejs/node/commit/574475d56e)] - build: clean up the gene… [all …]
D	CHANGELOG_V11.md	3 <!--lint disable prohibited-strings--> 4 <!--lint disable maximum-line-length--> 5 <!--lint disable no-literal-urls--> 51 ## 2019-04-30, Version 11.15.0 (Current), @codebytere 55 * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](https://github.com/nodejs… 58 * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951) 67 * [[`7da23dcbfa`](https://github.com/nodejs/node/commit/7da23dcbfa)] - deps: V8: backport 61f4c… 68 …e`](https://github.com/nodejs/node/commit/8db791d0fe)] - deps: update archs files for OpenSSL-… 69 …//github.com/nodejs/node/commit/1c98b720b1)] - (SEMVER-MINOR) deps: add s390 asm rules for… 70 * [[`d8cc478ae9`](https://github.com/nodejs/node/commit/d8cc478ae9)] - deps: upgrade openssl so… [all …]
D	CHANGELOG_V9.md	3 <!--lint disable prohibited-strings--> 4 <!--lint disable maximum-line-length--> 5 <!--lint disable no-literal-urls--> 52 ## 2018-06-12, Version 9.11.2 (Current), @evanlucas 56 * Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases t… 57 * buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() cou… 59 …* (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to n… 60 * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 61 * tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation… 65 …65ed3213ca)] - deps: update to nghttp2 1.32.0 (James M Snell) [nodejs-private/node-private#124… [all …]
D	CHANGELOG_V14.md	`3 <!--lint disable prohibited-strings--> 4 <!--lint disable maximum-line-length--> 5 <!--lint disable no-literal-urls--> 83 ## 2022-12-13, Version 14.21.2 'Fermium' (LTS), @richardlau 98 * D-TRUST BR Root CA 1 2020 99 * D-TRUST EV Root CA 1 2020 102 * E-Tugra Global Root CA ECC v3 103 * E-Tugra Global Root CA RSA v3 104 * HiPKI Root CA - G1 115 * GlobalSign Root CA - R2 [all …]`
/third_party/node/doc/api/
D	all.json	21 …- Deprecated. The feature may emit warnings. Backward\ncompatibility is not guaranteed.</p>\n</blo… 26 "desc": "<!-- STABILITY_OVERVIEW_SLOT_BEGIN -->\n<!-- STABILITY_OVERVIEW_SLOT_END -->", 58 …-linked shared objects written in C++. The\n<a href=\"modules.html#modules_require_id\"><code>requ… 63 …-js\">module.exports.hello = () => 'world';\n</code></pre>\n<p>First, create the file <code>hello.… 66 "textRaw": "Context-aware addons", 67 "name": "context-aware_addons", 68 …-aware addon can be constructed by using the macro\n<code>NODE_MODULE_INITIALIZER</code>, which ex… 77 "pr-url": "https://github.com/nodejs/node/pull/34572", 82 …-on needs to either:</p>\n<ul>\n<li>Be an Node-API addon, or</li>\n<li>Be declared as context-awar… 88 "displayName": "Context-aware addons" [all …]