=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+This option is used by the OpenSSL FIPS provider.
+
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling a cipher final operation such as
EVP_EncryptFinal_ex(). It may return 0 if the "encrypt-check" option is set to 0.
=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
+This option is used by the OpenSSL FIPS provider.
+
If required this parameter should be set early via an cipher encrypt init
function such as EVP_EncryptInit_ex2().
The default value of 1 causes an error when an encryption operation is triggered.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to
0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
-=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-
-=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
-
=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
-=item "pkcs15-padding-disabled" (B<OSSL_ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED>) <integer>
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
+=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
+
+See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
+
+=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer>
-If nonzero, PKCS#1 version 1.5 padding is disabled.
-This option is used by the OpenSSL FIPS provider.
+The default value of 1 causes an error during encryption if the RSA padding
+mode is set to "pkcs1".
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=back
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
-related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
+This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
+is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
Supported values are B<8>, B<16>, B<24>, and B<32>.
The default value of B<32> will be used if unspecified.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
-related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
+This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
+is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
The default provider uses a default mode of 1 for backwards compatibility,
and the FIPS provider uses a default mode of 0.
-
-The value string is expected to be a decimal number 0 or 1.
-Setting this to zero will ignore the error and set the approved "fips-indicator"
-to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+This option is used by the OpenSSL FIPS provider.
+
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling EVP_KDF_derive. It returns 0 if the "pkcs5"
+This may be used after calling EVP_KDF_derive. It returns 0 if "pkcs5"
is set to 1 and the derived key length, salt length or iteration count test
fails.
-This option is used by the OpenSSL FIPS provider.
=back
This parameter sets an optional value for fixedinfo, also known as otherinfo.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
-related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
+This may be used after calling EVP_KDF_derive. It returns 0 if "key-check"
+is set to 0 and the check fails.
=item "key-check" (B<OSSL_KDF_PARAM_FIPS_KEY_CHECK>) <integer>
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=back
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
According to SP 800-135r1, the following are approved digest algorithms: SHA-1,
SHA2-224, SHA2-256, SHA2-384, SHA2-512.
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
This parameter sets the mode for the TLS 1.3 KDF operation.
There are two modes that are currently defined:
+=over 4
+
+=item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
+
+In this mode calling L<EVP_KDF_derive(3)> will just perform the extract
+operation. The value returned will be the intermediate fixed-length pseudorandom
+key K. The I<keylen> parameter must match the size of K, which can be looked
+up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest.
+
+The digest, key and salt values must be set before a key is derived otherwise
+an error will occur.
+
+=item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY>
+
+In this mode calling L<EVP_KDF_derive(3)> will just perform the expand
+operation. The input key should be set to the intermediate fixed-length
+pseudorandom key K returned from a previous extract operation.
+
+The digest, key and info values must be set before a key is derived otherwise
+an error will occur.
+
+=back
+
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
According to RFC 8446, the following are approved digest algorithms: SHA2-256,
SHA2-384.
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
-
-=over 4
-
-=item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
-
-In this mode calling L<EVP_KDF_derive(3)> will just perform the extract
-operation. The value returned will be the intermediate fixed-length pseudorandom
-key K. The I<keylen> parameter must match the size of K, which can be looked
-up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest.
-
-The digest, key and salt values must be set before a key is derived otherwise
-an error will occur.
-
-=item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY>
-
-In this mode calling L<EVP_KDF_derive(3)> will just perform the expand
-operation. The input key should be set to the intermediate fixed-length
-pseudorandom key K returned from a previous extract operation.
-
-The digest, key and info values must be set before a key is derived otherwise
-an error will occur.
-
-=back
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
The length of the context seed cannot exceed 1024 bytes;
this should be more than enough for any normal use of the TLS PRF.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
=item "ems_check" (B<OSSL_KDF_PARAM_FIPS_EMS_CHECK>) <integer>
The default value of 1 causes an error during EVP_KDF_derive() if
"master secret" is used instead of "extended master secret" Setting this to zero
will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <integer>
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
According to SP 800-135r1, the following are approved digest algorithms:
SHA2-256, SHA2-384, SHA2-512.
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
This parameter specifies an optional value for shared info.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check"
related parameter is set to 0 and the check fails.
-This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
used digest is not approved.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
According to ANSI X9.63-2001, the following are approved digest algorithms:
SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
bits.
Setting this to zero will ignore the error and set the approved
"fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should before OSSL_FUNC_keyexch_derive().
The default value of 1 causes an error during the OSSL_FUNC_keyexch_derive if
the EC curve has a cofactor that is not 1, and the cofactor is not used.
-Setting this to 0 will ignore the error and set the approved "fips-indicator" to
-0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance
-if set to 0.
+Setting this to 0 will ignore the error and set the approved
+"fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
+This option is used by the OpenSSL FIPS provider.
If required this parameter should be set before EVP_MAC_init()
The default value of 1 causes an error when a unapproved Triple-DES encryption
operation is triggered.
-Setting this to 0 will ignore the error and set the approved "fips-indicator" to
-0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+Setting this to 0 will ignore the error and set the approved
+"fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+This option is used by the OpenSSL FIPS provider.
+
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling EVP_MAC_final().
It may return 0 if the "encrypt-check" option is set to 0.
=head1 DESCRIPTION
-For B<DSA> the FIPS186-4 standard specifies that the values used for FFC
+For B<DSA> the FIPS 186-4 standard specifies that the values used for FFC
parameter generation are also required for parameter validation.
This means that optional FFC domain parameter values for I<seed>, I<pcounter>
and I<gindex> may need to be stored for validation purposes. For B<DSA> these
fields are not stored in the ASN1 data so they need to be stored externally if
validation is required.
+As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
+signature validation, but is still allowed for signature verification.
+
=head2 DSA parameters
The B<DSA> key type supports the FFC parameters (see
L<EVP_PKEY-FFC(7)/FFC parameters>).
+It also supports the following parameters:
+
+=over 4
+
+=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer
+
+=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+See L<provider-keymgmt(7)/Common Information Parameters> for more information.
+
+=back
+
=head2 DSA key generation parameters
The B<DSA> key type supports the FFC key generation parameters (see
L<OSSL_PROVIDER-default(7)>,
L<OSSL_PROVIDER-FIPS(7)>
+=head1 HISTORY
+
+DSA Key generation and signature generation are no longer FIPS approved in
+OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
+
=head1 COPYRIGHT
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
+=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
+
+These parameters work as described in L<provider-rand(7)/PARAMETERS>.
+
=back
=head1 NOTES
These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
+=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
+
+These parameters work as described in L<provider-rand(7)/PARAMETERS>.
+
=back
=head1 NOTES
Support for computing DSA signatures.
See L<EVP_PKEY-DSA(7)> for information related to DSA keys.
+As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
+signature validation, but is still allowed for signature verification.
+
=head2 Signature Parameters
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
L<EVP_PKEY_verify(3)>,
L<provider-signature(7)>,
+=head1 HISTORY
+
+DSA Key generation and signature generation are no longer FIPS approved in
+OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
+
=head1 COPYRIGHT
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
These are not supported with the RSA signature schemes that already include a
message digest algorithm, See L</Algorithm Names> above.
-=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
-
-=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
-
-=item "sign-x931-pad-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
-
These common parameters are described in L<provider-signature(7)>.
=item "pad-mode" (B<OSSL_SIGNATURE_PARAM_PAD_MODE>) <UTF8 string>
=back
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
+=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
+
+=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
+
+=item "sign-x931-pad-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
+
+These parameters are described in L<provider-signature(7)>.
+
=item "rsa-pss-saltlen-check" (B<OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK>) <integer>
The default value of 1 causes an error during signature generation or
zero and the output block size of the digest function (inclusive).
Setting this to zero will ignore the error and set the approved "fips-indicator"
to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
if the code using the RSA decryption API is not implemented in side-channel
free manner. Set by default. Requires provider support.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_asym_cipher_encrypt() or
OSSL_FUNC_asym_cipher_decrypt(). It may return 0 if "key-check" is set to 0.
-This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
the OSSL_FUNC_kem_get_ctx_params() and OSSL_FUNC_kem_set_ctx_params()
functions.
-Common parameters currently recognised by built-in key encapsulation algorithms
-are as follows.
+The OpenSSL FIPS provider also supports the following parameters:
=over 4
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either OSSL_FUNC_kem_encapsulate() or
OSSL_FUNC_kem_decapsulate(). It may return 0 if the "key-check" is set to 0.
-This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
+=head2 Asymmetric Key Encapsulation Parameter Functions
+
OSSL_FUNC_kem_get_ctx_params() gets asymmetric KEM parameters associated
with the given provider side asymmetric kem context I<ctx> and stores them in
I<params>.
is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_keyexch_derive(). It may
return 0 if either the "digest-check" or the "key-check" are set to 0.
-This option is used by the OpenSSL FIPS provider.
=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved. Setting this to 0 will ignore the error and set the
approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
with the corresponding signature operation, but may be specified as an
option.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
+=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling OSSL_FUNC_keymgmt_gen() function. It may
+return 0 if either the "key-check", or "sign-check" are set to 0.
+
=item "key-check" (B<OSSL_PKEY_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set using OSSL_FUNC_keymgmt_gen_set_params()
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits). Setting
this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
-=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <int>
+=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer>
If required this parameter should be set before the OSSL_FUNC_keymgmt_gen()
function. This value is not supported by all keygen algorithms.
The default value of 1 will cause an error if the generated key is not
allowed to be used for signing.
Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
-
-=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
-
-A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling OSSL_FUNC_keymgmt_gen() function. It may
-return 0 if either the "key-check", or "sign-check" are set to 0.
-This option is used by the OpenSSL FIPS provider.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=back
+=back
+
+The OpenSSL FIPS provider may support the following parameters:
+
=over 4
=item "fips-indicator" (B<OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR>) <int>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling the final function. It may return 0 if
either "no-short-mac" or "key-check" are set to 0.
-This option is used by the OpenSSL FIPS provider.
-
-=back
-
-=over 4
=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
If required this parameter should be set early via an init function.
The default value of 1 causes an error when too short MAC output is
asked for. Setting this to 0 will ignore the error and set the approved
-"fips-indicator" to 0. This option is used by the OpenSSL FIPS provider,
-and breaks FIPS compliance if set to 0.
+"fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "key-check" (B<OSSL_MAC_PARAM_FIPS_KEY_CHECK>) <integer>
If required this parameter should be set before OSSL_FUNC_mac_init.
The default value of 1 causes an error when small key sizes are
asked for. Setting this to 0 will ignore the error and set the approved
-"fips-indicator" to 0. This option is used by the OpenSSL FIPS provider,
-and breaks FIPS compliance if set to 0.
-
-=back
+"fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
=head1 HISTORY
The provider MAC interface was introduced in OpenSSL 3.0.
+The parameters "no-short-mac" and "fips-indicator" were added in OpenSSL 3.4.
=head1 COPYRIGHT
This must be given together with the algorithm naming parameter to be
considered valid.
+=back
+
+The OpenSSL FIPS provider also supports the following parameters:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling OSSL_FUNC_rand_generate(). It may
return 0 if the "digest-check" is set to 0.
-This option is used by the OpenSSL FIPS provider.
=item "digest-check" (B<OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK>) <integer>
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved (e.g. truncated digests). Setting this to 0 will ignore
the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
Known answer tests can be performed if the random generator is overridden to
supply known values that either pass or fail.
+=back
+
+The following parameters are used by the OpenSSL FIPS provider:
+
+=over 4
+
=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
This may be used after calling either the sign or verify final functions. It may
return 0 if either the "digest-check", "key-check", or "sign-check" are set to 0.
-This option is used by the OpenSSL FIPS provider.
=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer>
The default value of 1 causes an error during the init if the key is not FIPS
approved (e.g. The key has a security strength of less than 112 bits).
Setting this to 0 will ignore the error and set the approved "indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
The default value of 1 causes an error when the digest is set if the digest is
not FIPS approved (e.g. SHA1 is used for signing). Setting this to 0 will ignore
the error and set the approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=item "sign-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK>) <integer>
The default value of 1 causes an error when a signing algorithm is used. (This
is triggered by deprecated signing algorithms).
Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator" to
+return 0.
=item "sign-x931-pad-check" (B<SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
-If required this parameter should be set before the padding mode is set
+If required this parameter should be set before the padding mode is set.
The default value of 1 causes an error if the padding mode is set to X9.31 padding
for a RSA signing operation. Setting this to 0 will ignore the error and set the
approved "fips-indicator" to 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
=back
projects / thirdparty / openssl.git / commitdiff
