Name Description Size
aes-armv8.c Rounds 35181
aes-armv8.h 6253
aes-x86.c aes-ni 7628
aeskeywrap.c for PRUintXX 20139
alghmac.c required by FIPS 198 Section 3 5832
alghmac.h destroy HMAC context 2255
altivec-types.h 714
arcfive.c / /* * RC5 symmetric block cypher -- 64-bit block size 2660
arcfour-amd64-gas.s 2478
arcfour-amd64-masm.asm 3882
arcfour-amd64-sun.s 2378
arcfour.c Architecture-dependent defines 19132
blake2b.c This contains the BLAKE2b initialization vectors. 11739
blake2b.h chained state 769
blapi.h RSA encryption/decryption. When encrypting/decrypting the output * buffer must be at least the size of the public key modulus. 68734
blapii.h max block size of supported block ciphers 3111
blapit.h RC2 operation modes 13866
blinit.c for _xgetbv() 16015
blname.c getLibName() returns the name of the library to load. 3063
camellia.c for SHA_HTONL and related configuration macros 71200
camellia.h bytes 1520
chacha20-ppc64le.S 12749
chacha20poly1305-ppc.c Forward declaration from chacha20-ppc64le.S 19596
chacha20poly1305.c 17351
chacha20poly1305.h ChaCha20Poly1305ContextStr saves the key and tag length for a ChaCha20+Poly1305 AEAD operation. 612
cmac.c Information about the block cipher to use internally. The cipher should be placed in ECB mode so that we can use it to directly encrypt blocks. To add a new cipher, add an entry to CMACCipher, update CMAC_Init, cmac_Encrypt, and CMAC_Destroy methods to handle the new cipher, and add a new Context pointer to the cipher union with the correct type. 9962
cmac.h Enum for identifying the underlying block cipher we're using internally. 1586 2329
crypto_primitives.c This file holds useful functions and macros for crypto code. 1004
crypto_primitives.h This file holds useful functions and macros for crypto code. 1744
ctr.c Invariant: 0 < ctr->bufPtr <= AES_BLOCK_SIZE 8097
ctr.h This structure is defined in this header because both ctr.c and gcm.c need it. 1890
cts.c iv stores the last ciphertext block of the previous message. Only used by decrypt. 11308
cts.h The context argument is the inner cipher context to use with cipher. The CTSContext does not own context. context needs to remain valid for as long as the CTSContext is valid. The cipher argument is a block cipher in the CBC mode. 1282
deprecated 3
des.c for ptrdiff_t 27536
des.h key schedule, 16 internal keys, each with 8 6-bit parts 1037
desblapi.c Intel X86 CPUs do unaligned loads and stores without complaint. 7205
det_rng.c --- LOCKED --- 3795
det_rng.h __det_rng_h_ 465
dh.c Diffie-Hellman parameter generation, key generation, and secret derivation. KEA secret generation and verification. 14197
drbg.c for RNG_SystemRNG() 38653
dsa.c FIPS 186-2 requires result from random output to be reduced mod q when generating random numbers for DSA. Input: w, 2*qLen bytes q, qLen bytes Output: xj, qLen bytes 21342
ec.c Returns true if pointP is the point at infinity, false otherwise 33948
ec.h __ec_h_ 602
ecdecode.c Copy all of the fields from srcParams into dstParams 8239
ecl This Source Code Form is subject to the terms of the Mozilla Public 24
exports.gyp 1189
fipsfreebl.c $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 Exp $ 86898
freebl_base.gypi 5590
freebl_hash_vector.def 1303
freebl_hash.def 1402
freebl.def 1158
freebl.gyp 25098
freebl.rc 1947
freeblver.c Library identity and versioning 473
gcm-aarch64.c old gcc doesn't support some poly64x2_t intrinsic 3344
gcm-arm32-neon.c Carry-less multiplication. a * b = ret. 6997
gcm-ppc.c Clang uses a different name 3135
gcm-x86.c clmul 4535
gcm.c Thanks to Thomas Pornin for the ideas how to implement the constat time binary multiplication. 37761
gcm.h GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 4493
genload.c This file is meant to be included by other .c files. This file takes a "parameter", the scope which includes this code shall declare this variable: const char *NameOfThisSharedLib; NameOfThisSharedLib: The file name of the shared library that shall be used as the "reference library". The loader will attempt to load the requested library from the same directory as the reference library. 5358
hmacct.c MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length field. (SHA-384/512 have 128-bit length.) 12870
hmacct.h 1029
intel-aes-x64-masm.asm 21141
intel-aes-x86-masm.asm 20146
intel-aes.h Prototypes of the functions defined in the assembler file. 9166
intel-aes.s 101162
intel-gcm-wrap.c Copyright(c) 2013, Intel Corp. 14364
intel-gcm-x64-masm.asm 34729
intel-gcm-x86-masm.asm 31751
intel-gcm.h This submission to NSS is to be made available under the terms of the 5317
intel-gcm.s 32842
jpake.c Hash an item's length and then its value. Only items smaller than 2^16 bytes are allowed. Lengths are hashed in network byte order. This is designed to match the OpenSSL J-PAKE implementation. 13609
ldvector.c End of Version 3.001. 9078
loader.c This function must be run only once. 70612
loader.h of this struct in bytes 44448
lowhash_vector.c pretty much only glibc uses this, make sure we don't have any depenencies on nspr.. 5449
Makefile 28881 3966
md2.c The X array, [CV | INPUT | TMP VARS] 7318
md5.c no need to ZAlloc, MD5_Begin will init the context 15455
mknewpc2.c two 28-bit registers defined in key schedule production process 6191
mksp.c sboxes - the tables for the s-box functions from FIPS 46, pages 15-16. 3826
mpi This Source Code Form is subject to the terms of the Mozilla Public 53
nsslowhash.c LINUX 3232
nsslowhash.h Provide FIPS validated hashing for applications that only need hashing. NOTE: mac'ing requires keys and will not work in this interface. Also NOTE: this only works with Hashing. Only the FIPS interface is enabled. 1297
ppc-crypto.h The ghash freebl test tries to use this in C++, and gcc defines conflict. 937
ppc-gcm-wrap.c Copyright(c) 2013, Intel Corp. 13458
ppc-gcm.h This submission to NSS is to be made available under the terms of the 3748
ppc-gcm.s 23184
pqg.c PQG parameter generation/verification. Based on FIPS 186-3. 66654
pqg.h pqg.h header file for pqg functions exported just to freebl 962
rawhash.c below the line 5250
ret_cr16.s 629
rijndael_tables.c what follows is code thrown together to generate the myriad of tables used by Rijndael, the AES cipher. 9163
rijndael.c USE_HW_AES 39516
rijndael.h GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 2543 79013
rsa.c RSA key generation, public key op, private key op. 52916
rsapkcs.c RSA PKCS#1 v2.1 (RFC 3447) operations 50554
scripts 4
secmpi.c 594
secmpi.h Fill the `used` digits of an mp_int with random bits 2926
secrng.h secrng.h - public data structures and prototypes for the secure random number generator 1886
sha_fast.c SHA: initialize context 17053
sha_fast.h input buffer 5154
sha-fast-amd64-sun.s 37585
sha1-armv8.c SHA: Add data to context. 6857
sha256-armv8.c for PRUintXX 6623
sha256-x86.c for PRUintXX 7993
sha256.h message schedule, input buffer, plus 48 words 841
sha512-p8.s 16014
sha512.c for PRUintXX 49640
shsign.h _SHSIGN_H_ 442
shvfy.c Most modern version of Linux support a speed optimization scheme where an application called prelink modifies programs and shared libraries to quickly load if they fit into an already designed address space. In short, prelink scans the list of programs and libraries on your system, assigns them a predefined space in the the address space, then provides the fixups to the library. The modification of the shared library is correctly detected by the freebl FIPS checksum scheme where we check a signed hash of the library against the library itself. The prelink command itself can reverse the process of modification and output the prestine shared library as it was before prelink made it's changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the original copy of the shared library before prelink modified it. 14961
stubs.c Allow freebl and softoken to be loaded without util or NSPR. These symbols are overridden once real NSPR, and libutil are attached. 20056
stubs.h Allow freebl and softoken to be loaded without util or NSPR. These symbols are overridden once real NSPR, and libutil are attached. 2349
sysrand.c 499
tlsprfalg.c TLS P_hash function 3979
unix_rand.c When copying data to the buffer we want the least signicant bytes from the input since those bits are changing the fastest. The address of least significant byte depends upon whether we are running on a big-endian or little-endian machine. Does this mean the least signicant bytes are the most significant to us? :-) 21840
unix_urandom.c syscall getentropy() is limited to retrieving 256 bytes 2429
verified 24
win_rand.c The RtlGenRandom function is declared in <ntsecapi.h>, but the declaration is missing a calling convention specifier. So we declare it manually here. 4373