| aes-armv8.c |
Rounds |
35181 |
- |
| aes-armv8.h |
|
5053 |
- |
| aes-x86.c |
aes-ni |
7628 |
- |
| aeskeywrap.c |
for PRUintXX |
20135 |
- |
| alghmac.c |
required by FIPS 198 Section 3 |
5832 |
- |
| alghmac.h |
destroy HMAC context |
2255 |
- |
| altivec-types.h |
|
714 |
- |
| arcfive.c |
/
/*
* RC5 symmetric block cypher -- 64-bit block size
|
2660 |
- |
| arcfour-amd64-gas.s |
|
2478 |
- |
| arcfour-amd64-masm.asm |
|
3882 |
- |
| arcfour-amd64-sun.s |
|
2378 |
- |
| arcfour.c |
Architecture-dependent defines |
19061 |
- |
| blake2b.c |
This contains the BLAKE2b initialization vectors.
|
11739 |
- |
| blake2b.h |
chained state |
769 |
- |
| blapi.h |
RSA encryption/decryption. When encrypting/decrypting the output
* buffer must be at least the size of the public key modulus.
|
77383 |
- |
| blapii.h |
max block size of supported block ciphers |
3433 |
- |
| blapit.h |
RC2 operation modes |
15866 |
- |
| blinit.c |
for _xgetbv() |
17541 |
- |
| blname.c |
getLibName() returns the name of the library to load. |
3063 |
- |
| camellia.c |
for SHA_HTONL and related configuration macros |
71196 |
- |
| camellia.h |
bytes |
1520 |
- |
| chacha20-ppc64le.S |
|
12749 |
- |
| chacha20poly1305-ppc.c |
Forward declaration from chacha20-ppc64le.S |
19596 |
- |
| chacha20poly1305.c |
|
18255 |
- |
| chacha20poly1305.h |
ChaCha20Poly1305ContextStr saves the key and tag length for a
ChaCha20+Poly1305 AEAD operation. |
612 |
- |
| cmac.c |
Information about the block cipher to use internally. The cipher should
be placed in ECB mode so that we can use it to directly encrypt blocks.
To add a new cipher, add an entry to CMACCipher, update CMAC_Init,
cmac_Encrypt, and CMAC_Destroy methods to handle the new cipher, and
add a new Context pointer to the cipher union with the correct type. |
9962 |
- |
| cmac.h |
Enum for identifying the underlying block cipher we're using internally. |
1586 |
- |
| config.mk |
|
2385 |
- |
| crypto_primitives.c |
This file holds useful functions and macros for crypto code. |
1004 |
- |
| crypto_primitives.h |
This file holds useful functions and macros for crypto code. |
1744 |
- |
| ctr.c |
Invariant: 0 < ctr->bufPtr <= AES_BLOCK_SIZE |
8097 |
- |
| ctr.h |
This structure is defined in this header because both ctr.c and gcm.c
need it. |
1890 |
- |
| cts.c |
iv stores the last ciphertext block of the previous message.
Only used by decrypt. |
11316 |
- |
| cts.h |
The context argument is the inner cipher context to use with cipher. The
CTSContext does not own context. context needs to remain valid for as long
as the CTSContext is valid.
The cipher argument is a block cipher in the CBC mode.
|
1282 |
- |
| deprecated |
|
|
- |
| des.c |
for ptrdiff_t |
27537 |
- |
| des.h |
key schedule, 16 internal keys, each with 8 6-bit parts |
1037 |
- |
| desblapi.c |
Intel X86 CPUs do unaligned loads and stores without complaint. |
7205 |
- |
| det_rng.c |
--- LOCKED --- |
3992 |
- |
| det_rng.h |
__det_rng_h_ |
465 |
- |
| dh.c |
Diffie-Hellman parameter generation, key generation, and secret derivation.
KEA secret generation and verification.
|
14931 |
- |
| drbg.c |
for RNG_SystemRNG() |
38762 |
- |
| dsa.c |
FIPS 186-2 requires result from random output to be reduced mod q when
generating random numbers for DSA.
Input: w, 2*qLen bytes
q, qLen bytes
Output: xj, qLen bytes
|
21339 |
- |
| ec.c |
Generates a new EC key pair. The private key is a supplied
value and the public key is the result of performing a scalar
point multiplication of that value with the curve's base point.
|
22738 |
- |
| ec.h |
__ec_h_ |
1067 |
- |
| ecdecode.c |
Copy all of the fields from srcParams into dstParams
|
8886 |
- |
| ecl |
|
|
- |
| exports.gyp |
|
1189 |
- |
| fipsfreebl.c |
$Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ |
80019 |
- |
| freebl.def |
|
1158 |
- |
| freebl.gyp |
|
19303 |
- |
| freebl.rc |
|
1947 |
- |
| freebl_base.gypi |
|
5319 |
- |
| freebl_hash.def |
|
1402 |
- |
| freebl_hash_vector.def |
|
1303 |
- |
| freeblver.c |
Library identity and versioning |
473 |
- |
| gcm.c |
Thanks to Thomas Pornin for the ideas how to implement the constat time
binary multiplication. |
44206 |
- |
| gcm.gyp |
|
2658 |
- |
| gcm.h |
GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 |
4493 |
- |
| genload.c |
This file is meant to be included by other .c files.
This file takes a "parameter", the scope which includes this
code shall declare this variable:
const char *NameOfThisSharedLib;
NameOfThisSharedLib:
The file name of the shared library that shall be used as the
"reference library". The loader will attempt to load the requested
library from the same directory as the reference library.
|
5358 |
- |
| ghash-aarch64.c |
old gcc doesn't support some poly64x2_t intrinsic |
3413 |
- |
| ghash-arm32-neon.c |
Carry-less multiplication. a * b = ret. |
7065 |
- |
| ghash-ppc.c |
Clang uses a different name |
3205 |
- |
| ghash-x86.c |
clmul |
4620 |
- |
| ghash.gyp |
|
2626 |
- |
| Hacl_Hash_SHA2_shim.h |
|
980 |
- |
| hmacct.c |
MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
field. (SHA-384/512 have 128-bit length.) |
12866 |
- |
| hmacct.h |
|
1029 |
- |
| intel-aes-x64-masm.asm |
|
21141 |
- |
| intel-aes-x86-masm.asm |
|
20146 |
- |
| intel-aes.h |
Prototypes of the functions defined in the assembler file. |
7890 |
- |
| intel-aes.S |
|
102548 |
- |
| intel-gcm-wrap.c |
Copyright(c) 2013, Intel Corp. |
16606 |
- |
| intel-gcm-wrap.gyp |
|
1428 |
- |
| intel-gcm-x64-masm.asm |
|
34729 |
- |
| intel-gcm-x86-masm.asm |
|
31751 |
- |
| intel-gcm.S |
|
33530 |
- |
| jpake.c |
Hash an item's length and then its value. Only items smaller than 2^16 bytes
are allowed. Lengths are hashed in network byte order. This is designed
to match the OpenSSL J-PAKE implementation.
|
13609 |
- |
| kyber-pqcrystals-ref.c |
begin: ref/AUTHORS **
Joppe Bos,
Léo Ducas,
Eike Kiltz,
Tancrède Lepoint,
Vadim Lyubashevsky,
John Schanck,
Peter Schwabe,
Gregor Seiler,
Damien Stehlé
* end: ref/AUTHORS * |
90148 |
- |
| kyber-pqcrystals-ref.h |
begin: ref/AUTHORS **
Joppe Bos,
Léo Ducas,
Eike Kiltz,
Tancrède Lepoint,
Vadim Lyubashevsky,
John Schanck,
Peter Schwabe,
Gregor Seiler,
Damien Stehlé
* end: ref/AUTHORS * |
7612 |
- |
| kyber.c |
Consistency check between kyber-pqcrystals-ref.h and kyber.h |
12485 |
- |
| ldvector.c |
End of Version 3.001. |
10125 |
- |
| loader.c |
This function must be run only once. |
84955 |
- |
| loader.h |
of this struct in bytes |
51229 |
- |
| lowhash_vector.c |
pretty much only glibc uses this, make sure we don't have any depenencies
on nspr.. |
5449 |
- |
| Makefile |
|
28544 |
- |
| manifest.mn |
|
4162 |
- |
| md2.c |
The X array, [CV | INPUT | TMP VARS] |
7310 |
- |
| md5.c |
no need to ZAlloc, MD5_Begin will init the context |
15455 |
- |
| mknewpc2.c |
two 28-bit registers defined in key schedule production process |
6191 |
- |
| mksp.c |
sboxes - the tables for the s-box functions
from FIPS 46, pages 15-16.
|
3826 |
- |
| ml_dsa.c |
include other ml-dsa library specific includes here |
3142 |
- |
| mpi |
|
|
- |
| nsslowhash.c |
make sure the FIPS product is installed if we are trying to
go into FIPS mode |
2871 |
- |
| nsslowhash.h |
Provide FIPS validated hashing for applications that only need hashing.
NOTE: mac'ing requires keys and will not work in this interface.
Also NOTE: this only works with Hashing. Only the FIPS interface is enabled.
|
1297 |
- |
| platform-gcm.h |
|
2388 |
- |
| ppc-crypto.h |
The ghash freebl test tries to use this in C++, and gcc defines conflict. |
937 |
- |
| ppc-gcm-wrap.c |
Copyright(c) 2013, Intel Corp. |
15156 |
- |
| ppc-gcm-wrap.gyp |
|
816 |
- |
| ppc-gcm.s |
|
23184 |
- |
| pqg.c |
PQG parameter generation/verification. Based on FIPS 186-3.
|
66873 |
- |
| pqg.h |
pqg.h
header file for pqg functions exported just to freebl
|
1082 |
- |
| rawhash.c |
below the line |
8444 |
- |
| ret_cr16.s |
|
629 |
- |
| rijndael.c |
USE_HW_AES |
45966 |
- |
| rijndael.h |
GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 |
2543 |
- |
| rijndael_tables.c |
what follows is code thrown together to generate the myriad of tables
used by Rijndael, the AES cipher.
|
9082 |
- |
| rijndael32.tab |
|
79013 |
- |
| rsa.c |
RSA key generation, public key op, private key op.
|
55446 |
- |
| rsa_blind.c |
Implementation of RSA Blind Signatures.
(https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/)
|
13172 |
- |
| rsapkcs.c |
RSA PKCS#1 v2.1 (RFC 3447) operations
|
50921 |
- |
| scripts |
|
|
- |
| secmpi.c |
Number of times to attempt to generate a prime (p or q) from a random
* seed (the seed changes for each iteration).
|
1973 |
- |
| secmpi.h |
Fill the `used` digits of an mp_int with random bits |
2982 |
- |
| secrng.h |
secrng.h - public data structures and prototypes for the secure random
number generator
|
1886 |
- |
| sha-fast-amd64-sun.s |
|
37585 |
- |
| sha_fast.c |
SHA: initialize context
|
17065 |
- |
| sha_fast.h |
input buffer |
5154 |
- |
| sha1-armv8.c |
SHA: Add data to context.
|
6825 |
- |
| sha3.c |
for PRUintXX |
6824 |
- |
| sha256-armv8.c |
for PRUintXX |
6623 |
- |
| sha256-x86.c |
for PRUintXX |
7993 |
- |
| sha256.h |
message schedule, input buffer, plus 48 words |
841 |
- |
| sha512-p8.s |
|
16014 |
- |
| sha512.c |
for PRUintXX |
49639 |
- |
| shake.c |
for PRUintXX |
3173 |
- |
| shsign.h |
new hmac based signatures |
816 |
- |
| shvfy.c |
Most modern version of Linux support a speed optimization scheme where an
application called prelink modifies programs and shared libraries to quickly
load if they fit into an already designed address space. In short, prelink
scans the list of programs and libraries on your system, assigns them a
predefined space in the the address space, then provides the fixups to the
library.
The modification of the shared library is correctly detected by the freebl
FIPS checksum scheme where we check a signed hash of the library against the
library itself.
The prelink command itself can reverse the process of modification and
output the prestine shared library as it was before prelink made it's
changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the
original copy of the shared library before prelink modified it.
|
17891 |
- |
| stubs.c |
Allow freebl and softoken to be loaded without util or NSPR.
These symbols are overridden once real NSPR, and libutil are attached.
|
23025 |
- |
| stubs.h |
Allow freebl and softoken to be loaded without util or NSPR.
These symbols are overridden once real NSPR, and libutil are attached.
|
2557 |
- |
| sysrand.c |
|
535 |
- |
| tlsprfalg.c |
TLS P_hash function |
3977 |
- |
| unix_fips140_3.c |
if you don't have get random, you'll need to add your platform specific
support for FIPS 104-3 compliant random seed source here |
2242 |
- |
| unix_rand.c |
When copying data to the buffer we want the least signicant bytes
from the input since those bits are changing the fastest. The address
of least significant byte depends upon whether we are running on
a big-endian or little-endian machine.
Does this mean the least signicant bytes are the most significant
to us? :-)
|
19856 |
- |
| unix_urandom.c |
syscall getentropy() is limited to retrieving 256 bytes |
2554 |
- |
| verified |
|
|
- |
| win_rand.c |
The RtlGenRandom function is declared in <ntsecapi.h>, but the
declaration is missing a calling convention specifier. So we
declare it manually here.
|
4373 |
- |