mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cleanups for FIPS indicator documentation

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)
This commit is contained in:
slontis 2024-08-15 16:20:26 +10:00 committed by Pauli
parent 5139b51cea
commit 8e7f39e883
24 changed files with 274 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/man3/EVP_EncryptInit.pod
View File

@ -901,6 +901,8 @@ Used to pass the TLS MAC data.
=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
This option is used by the OpenSSL FIPS provider.
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling a cipher final operation such as
EVP_EncryptFinal_ex(). It may return 0 if the "encrypt-check" option is set to 0.
@ -1063,13 +1065,15 @@ The default value is "GB".
=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
This option is used by the OpenSSL FIPS provider.
If required this parameter should be set early via an cipher encrypt init
function such as EVP_EncryptInit_ex2().
The default value of 1 causes an error when an encryption operation is triggered.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to
0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

26
doc/man7/EVP_ASYM_CIPHER-RSA.pod
View File

@ -65,10 +65,6 @@ See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details.
=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
@ -79,10 +75,26 @@ See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>
See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
=item "pkcs15-padding-disabled" (B<OSSL_ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED>) <integer>
=back
If nonzero, PKCS#1 version 1.5 padding is disabled.
This option is used by the OpenSSL FIPS provider.
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer>
The default value of 1 causes an error during encryption if the RSA padding
mode is set to "pkcs1".
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

15
doc/man7/EVP_KDF-HKDF.pod
View File

@ -80,12 +80,17 @@ an error will occur.
=back
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
@ -94,8 +99,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

15
doc/man7/EVP_KDF-KB.pod
View File

@ -65,12 +65,17 @@ Set the fixed value 'r', indicating the length of the counter in bits.
Supported values are B<8>, B<16>, B<24>, and B<32>.
The default value of B<32> will be used if unspecified.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
@ -79,8 +84,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

11
doc/man7/EVP_KDF-PBKDF2.pod
View File

@ -57,18 +57,17 @@ The checks performed are:
The default provider uses a default mode of 1 for backwards compatibility,
and the FIPS provider uses a default mode of 0.
The value string is expected to be a decimal number 0 or 1.
Setting this to zero will ignore the error and set the approved "fips-indicator"
to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
This option is used by the OpenSSL FIPS provider.
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if the "pkcs5"
This may be used after calling EVP_KDF_derive. It returns 0 if "pkcs5"
is set to 1 and the derived key length, salt length or iteration count test
fails.
This option is used by the OpenSSL FIPS provider.
=back

15
doc/man7/EVP_KDF-SS.pod
View File

@ -61,12 +61,17 @@ This parameter set the shared secret that is used for key derivation.
This parameter sets an optional value for fixedinfo, also known as otherinfo.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
@ -75,8 +80,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

15
doc/man7/EVP_KDF-SSHKDF.pod
View File

@ -80,12 +80,17 @@ A single char of value 70 (ASCII char 'F').
=back
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
@ -93,8 +98,8 @@ The default value of 1 causes an error during EVP_KDF_CTX_set_params() if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
According to SP 800-135r1, the following are approved digest algorithms: SHA-1,
SHA2-224, SHA2-256, SHA2-384, SHA2-512.
@ -106,8 +111,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

63
doc/man7/EVP_KDF-TLS13_KDF.pod
View File

@ -54,35 +54,6 @@ Refer to RFC 8446 section 7.1 "Key Schedule" for details.
This parameter sets the mode for the TLS 1.3 KDF operation.
There are two modes that are currently defined:
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_CTX_set_params() if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
According to RFC 8446, the following are approved digest algorithms: SHA2-256,
SHA2-384.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the
length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
=over 4
=item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
@ -108,6 +79,40 @@ an error will occur.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_CTX_set_params() if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
According to RFC 8446, the following are approved digest algorithms: SHA2-256,
SHA2-384.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the
length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back
=head1 NOTES
This KDF is intended for use by the TLS 1.3 implementation in libssl.

19
doc/man7/EVP_KDF-TLS1_PRF.pod
View File

@ -44,20 +44,25 @@ This parameter sets the context seed.
The length of the context seed cannot exceed 1024 bytes;
this should be more than enough for any normal use of the TLS PRF.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
=item "ems_check" (B<OSSL_KDF_PARAM_FIPS_EMS_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_derive() if
"master secret" is used instead of "extended master secret" Setting this to zero
will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
@ -65,8 +70,8 @@ The default value of 1 causes an error during EVP_KDF_CTX_set_params() if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
According to SP 800-135r1, the following are approved digest algorithms:
SHA2-256, SHA2-384, SHA2-512.
@ -78,8 +83,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_SECRET>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

15
doc/man7/EVP_KDF-X963.pod
View File

@ -36,12 +36,17 @@ This parameter sets the secret.
This parameter specifies an optional value for shared info.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
@ -49,8 +54,8 @@ The default value of 1 causes an error during EVP_KDF_CTX_set_params() if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
According to ANSI X9.63-2001, the following are approved digest algorithms:
SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
@ -63,8 +68,8 @@ length of used key-derivation key (B<OSSL_KDF_PARAM_KEY>) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

13
doc/man7/EVP_KEYEXCH-ECDH.pod
View File

@ -41,6 +41,12 @@ per-key basis.
=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
@ -54,9 +60,10 @@ See L<provider-keyexch(7)/Common Key Exchange parameters>.
If required this parameter should before OSSL_FUNC_keyexch_derive().
The default value of 1 causes an error during the OSSL_FUNC_keyexch_derive if
the EC curve has a cofactor that is not 1, and the cofactor is not used.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to
0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance
if set to 0.
Setting this to 0 will ignore the error and set the approved
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

11
doc/man7/EVP_MAC-CMAC.pod
View File

@ -49,14 +49,15 @@ valid.
=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
This option is used by the OpenSSL FIPS provider.
If required this parameter should be set before EVP_MAC_init()
The default value of 1 causes an error when a unapproved Triple-DES encryption
operation is triggered.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to
0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
Setting this to 0 will ignore the error and set the approved
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back
@ -78,6 +79,8 @@ EVP_MAC_CTX_get_block_size().
=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
This option is used by the OpenSSL FIPS provider.
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_MAC_final().
It may return 0 if the "encrypt-check" option is set to 0.

22
doc/man7/EVP_PKEY-DSA.pod
View File

@ -6,18 +6,33 @@ EVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support
=head1 DESCRIPTION
For B<DSA> the FIPS186-4 standard specifies that the values used for FFC
For B<DSA> the FIPS 186-4 standard specifies that the values used for FFC
parameter generation are also required for parameter validation.
This means that optional FFC domain parameter values for I<seed>, I<pcounter>
and I<gindex> may need to be stored for validation purposes. For B<DSA> these
fields are not stored in the ASN1 data so they need to be stored externally if
validation is required.
As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
signature validation, but is still allowed for signature verification.
=head2 DSA parameters
The B<DSA> key type supports the FFC parameters (see
L<EVP_PKEY-FFC(7)/FFC parameters>).
It also supports the following parameters:
=over 4
=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer
=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
See L<provider-keymgmt(7)/Common Information Parameters> for more information.
=back
=head2 DSA key generation parameters
The B<DSA> key type supports the FFC key generation parameters (see
@ -111,6 +126,11 @@ L<EVP_KEYMGMT(3)>,
L<OSSL_PROVIDER-default(7)>,
L<OSSL_PROVIDER-FIPS(7)>
=head1 HISTORY
DSA Key generation and signature generation are no longer FIPS approved in
OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
=head1 COPYRIGHT
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.

6
doc/man7/EVP_RAND-HASH-DRBG.pod
View File

@ -50,6 +50,12 @@ The supported parameters are:
These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
These parameters work as described in L<provider-rand(7)/PARAMETERS>.
=back
=head1 NOTES

6
doc/man7/EVP_RAND-HMAC-DRBG.pod
View File

@ -52,6 +52,12 @@ The supported parameters are:
These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
These parameters work as described in L<provider-rand(7)/PARAMETERS>.
=back
=head1 NOTES

8
doc/man7/EVP_SIGNATURE-DSA.pod
View File

@ -10,6 +10,9 @@ EVP_SIGNATURE-DSA
Support for computing DSA signatures.
See L<EVP_PKEY-DSA(7)> for information related to DSA keys.
As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
signature validation, but is still allowed for signature verification.
=head2 Signature Parameters
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
@ -59,6 +62,11 @@ L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<provider-signature(7)>,
=head1 HISTORY
DSA Key generation and signature generation are no longer FIPS approved in
OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
=head1 COPYRIGHT
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.

24
doc/man7/EVP_SIGNATURE-RSA.pod
View File

@ -63,12 +63,6 @@ using EVP_PKEY_sign_init_ex() or EVP_PKEY_verify_init_ex().
These are not supported with the RSA signature schemes that already include a
message digest algorithm, See L</Algorithm Names> above.
=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
=item "sign-x931-pad-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
These common parameters are described in L<provider-signature(7)>.
=item "pad-mode" (B<OSSL_SIGNATURE_PARAM_PAD_MODE>) <UTF8 string>
@ -126,6 +120,20 @@ digest size when signing to comply with FIPS 186-4 section 5.5.
=back
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
=item "sign-x931-pad-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
These parameters are described in L<provider-signature(7)>.
=item "rsa-pss-saltlen-check" (B<OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK>) <integer>
The default value of 1 causes an error during signature generation or
@ -133,8 +141,8 @@ verification if salt length (B<OSSL_SIGNATURE_PARAM_PSS_SALTLEN>) is not between
zero and the output block size of the digest function (inclusive).
Setting this to zero will ignore the error and set the approved "fips-indicator"
to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

11
doc/man7/provider-asym_cipher.pod
View File

@ -243,12 +243,17 @@ This makes exploitation of the Bleichenbacher significantly harder, even
if the code using the RSA decryption API is not implemented in side-channel
free manner. Set by default. Requires provider support.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_asym_cipher_encrypt() or
OSSL_FUNC_asym_cipher_decrypt(). It may return 0 if "key-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
@ -257,8 +262,8 @@ OSSL_FUNC_asym_cipher_encrypt_init() or OSSL_FUNC_asym_cipher_decrypt_init().
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

10
doc/man7/provider-kem.pod
View File

@ -186,8 +186,7 @@ See L<OSSL_PARAM(3)> for further details on the parameters structure used by
the OSSL_FUNC_kem_get_ctx_params() and OSSL_FUNC_kem_set_ctx_params()
functions.
Common parameters currently recognised by built-in key encapsulation algorithms
are as follows.
The OpenSSL FIPS provider also supports the following parameters:
=over 4
@ -196,7 +195,6 @@ are as follows.
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_kem_encapsulate() or
OSSL_FUNC_kem_decapsulate(). It may return 0 if the "key-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>
@ -205,11 +203,13 @@ or OSSL_FUNC_kem_decapsulate_init().
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back
=head2 Asymmetric Key Encapsulation Parameter Functions
OSSL_FUNC_kem_get_ctx_params() gets asymmetric KEM parameters associated
with the given provider side asymmetric kem context I<ctx> and stores them in
I<params>.

15
doc/man7/provider-keyexch.pod
View File

@ -204,12 +204,17 @@ usually do not need to support this gettable parameter as its sole purpose
is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_keyexch_derive(). It may
return 0 if either the "digest-check" or the "key-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
@ -217,8 +222,8 @@ If required this parameter should be set using OSSL_FUNC_keyexch_init().
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
@ -226,8 +231,8 @@ If required this parameter should be set before any optional digest is set.
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved. Setting this to 0 will ignore the error and set the
approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

29
doc/man7/provider-keymgmt.pod
View File

@ -436,6 +436,18 @@ its argument I<mdname>. This signifies that no digest has to be specified
with the corresponding signature operation, but may be specified as an
option.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_keymgmt_gen() function. It may
return 0 if either the "key-check", or "sign-check" are set to 0.
=item "key-check" (B<OSSL_PKEY_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set using OSSL_FUNC_keymgmt_gen_set_params()
@ -443,25 +455,18 @@ or OSSL_FUNC_keymgmt_gen_init().
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <int>
=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer>
If required this parameter should be set before the OSSL_FUNC_keymgmt_gen()
function. This value is not supported by all keygen algorithms.
The default value of 1 will cause an error if the generated key is not
allowed to be used for signing.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_keymgmt_gen() function. It may
return 0 if either the "key-check", or "sign-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

22
doc/man7/provider-mac.pod
View File

@ -191,6 +191,10 @@ Can be used to get the MAC block size (if supported by the algorithm).
=back
=back
The OpenSSL FIPS provider may support the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR>) <int>
@ -198,29 +202,24 @@ Can be used to get the MAC block size (if supported by the algorithm).
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling the final function. It may return 0 if
either "no-short-mac" or "key-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
=back
=over 4
=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
If required this parameter should be set early via an init function.
The default value of 1 causes an error when too short MAC output is
asked for. Setting this to 0 will ignore the error and set the approved
"fips-indicator" to 0. This option is used by the OpenSSL FIPS provider,
and breaks FIPS compliance if set to 0.
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "key-check" (B<OSSL_MAC_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set before OSSL_FUNC_mac_init.
The default value of 1 causes an error when small key sizes are
asked for. Setting this to 0 will ignore the error and set the approved
"fips-indicator" to 0. This option is used by the OpenSSL FIPS provider,
and breaks FIPS compliance if set to 0.
=back
"fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back
@ -254,6 +253,7 @@ L<life_cycle-mac(7)>, L<EVP_MAC(3)>
=head1 HISTORY
The provider MAC interface was introduced in OpenSSL 3.0.
The parameters "no-short-mac" and "fips-indicator" were added in OpenSSL 3.4.
=head1 COPYRIGHT

11
doc/man7/provider-rand.pod
View File

@ -260,12 +260,17 @@ Sets the properties to be queried when trying to fetch an underlying algorithm.
This must be given together with the algorithm naming parameter to be
considered valid.
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_rand_generate(). It may
return 0 if the "digest-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
@ -273,8 +278,8 @@ If required this parameter should be set before the digest is set.
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved (e.g. truncated digests). Setting this to 0 will ignore
the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back

23
doc/man7/provider-signature.pod
View File

@ -388,12 +388,17 @@ was successful.
Known answer tests can be performed if the random generator is overridden to
supply known values that either pass or fail.
=back
The following parameters are used by the OpenSSL FIPS provider:
=over 4
=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either the sign or verify final functions. It may
return 0 if either the "digest-check", "key-check", or "sign-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer>
@ -411,8 +416,8 @@ If required this parameter should be set early via an init function
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits).
Setting this to 0 will ignore the error and set the approved "indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
@ -420,8 +425,8 @@ If required this parameter should be set before the signature digest is set.
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved (e.g. SHA1 is used for signing). Setting this to 0 will ignore
the error and set the approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=item "sign-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK>) <integer>
@ -429,15 +434,17 @@ If required this parameter should be set early via an init function.
The default value of 1 causes an error when a signing algorithm is used. (This
is triggered by deprecated signing algorithms).
Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator" to
return 0.
=item "sign-x931-pad-check" (B<SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
If required this parameter should be set before the padding mode is set
If required this parameter should be set before the padding mode is set.
The default value of 1 causes an error if the padding mode is set to X9.31 padding
for a RSA signing operation. Setting this to 0 will ignore the error and set the
approved "fips-indicator" to 0.
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
=back