=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
-=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
The length of the context seed cannot exceed 1024 bytes;
this should be more than enough for any normal use of the TLS PRF.
-=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if the "ems_check"
is set to 0 and the "extended master secret" test fails.
This option is used by the OpenSSL FIPS provider.
-=item "ems_check" (B<OSSL_KDF_PARAM_FIPS_EMS_CHECK>) <int>
+=item "ems_check" (B<OSSL_KDF_PARAM_FIPS_EMS_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_derive() if
"master secret" is used instead of "extended master secret" Setting this to zero
This can be set using EVP_PKEY_CTX_set_kem_op().
-=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>
These parameters are described in L<provider-kem(7)>.
=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
-=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
-=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
See L<provider-keyexch(7)/Common Key Exchange parameters>.
=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
-=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
-=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
See L<provider-keyexch(7)/Common Key Exchange parameters>.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
-=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
-=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
The settable parameters are described in L<provider-signature(7)>.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
-=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
The gettable parameters are described in L<provider-signature(7)>.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
-=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
-=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
These parameters are described in L<provider-signature(7)>.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
-=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
The parameters are described in L<provider-signature(7)>.
=item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
-=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
-=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
These common parameters are described in L<provider-signature(7)>.
=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
-=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
These common parameter are described in L<provider-signature(7)>.
if the code using the RSA decryption API is not implemented in side-channel
free manner. Set by default. Requires provider support.
-=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_asym_cipher_encrypt() or
OSSL_FUNC_asym_cipher_decrypt(). It may return 0 if "key-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
-=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set using either
OSSL_FUNC_asym_cipher_encrypt_init() or OSSL_FUNC_asym_cipher_decrypt_init().
=over 4
-=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_kem_encapsulate() or
OSSL_FUNC_kem_decapsulate(). It may return 0 if the "key-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
-=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set using OSSL_FUNC_kem_encapsulate_init()
or OSSL_FUNC_kem_decapsulate_init().
is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions.
-=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_keyexch_derive(). It may
return 0 if either the "digest-check" or the "key-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
-=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set using OSSL_FUNC_keyexch_init().
The default value of 1 causes an error during the init if the key is not FIPS
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
-=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
If required this parameter should be set before any optional digest is set.
The default value of 1 causes an error when the digest is set if the digest is
This must be given together with the algorithm naming parameter to be
considered valid.
-=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_rand_generate(). It may
return 0 if the "digest-check" is set to 0.
This option is used by the OpenSSL FIPS provider.
-=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
If required this parameter should be set before the digest is set.
The default value of 1 causes an error when the digest is set if the digest is
Known answer tests can be performed if the random generator is overridden to
supply known values that either pass or fail.
-=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either the sign or verify final functions. It may
return 0 if either the "digest-check" or the "key-check" are set to 0.
This option is used by the OpenSSL FIPS provider.
-=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <int>
+=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set early via an init function
(e.g. OSSL_FUNC_signature_sign_init() or OSSL_FUNC_signature_verify_init()).
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
-=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <int>
+=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
If required this parameter should be set before the signature digest is set.
The default value of 1 causes an error when the digest is set if the digest is
projects / thirdparty / openssl.git / commitdiff
