Name Description Size
aes-armv8.c Rounds 35181
aes-armv8.h 6253
aes-x86.c aes-ni 7628
aeskeywrap.c for PRUintXX 20139
alghmac.c required by FIPS 198 Section 3 5832
alghmac.h destroy HMAC context 2255
altivec-types.h 714
arcfive.c / /* * RC5 symmetric block cypher -- 64-bit block size 2660
arcfour-amd64-gas.s 2478
arcfour-amd64-masm.asm 3882
arcfour-amd64-sun.s 2378
arcfour.c Architecture-dependent defines 19115
blake2b.c This contains the BLAKE2b initialization vectors. 11739
blake2b.h chained state 769
blapi.h RSA encryption/decryption. When encrypting/decrypting the output * buffer must be at least the size of the public key modulus. 76021
blapii.h max block size of supported block ciphers 3509
blapit.h RC2 operation modes 15068
blinit.c for _xgetbv() 17538
blname.c getLibName() returns the name of the library to load. 3063
camellia.c for SHA_HTONL and related configuration macros 71196
camellia.h bytes 1520
chacha20-ppc64le.S 12749
chacha20poly1305-ppc.c Forward declaration from chacha20-ppc64le.S 19596
chacha20poly1305.c 18061
chacha20poly1305.h ChaCha20Poly1305ContextStr saves the key and tag length for a ChaCha20+Poly1305 AEAD operation. 612
cmac.c Information about the block cipher to use internally. The cipher should be placed in ECB mode so that we can use it to directly encrypt blocks. To add a new cipher, add an entry to CMACCipher, update CMAC_Init, cmac_Encrypt, and CMAC_Destroy methods to handle the new cipher, and add a new Context pointer to the cipher union with the correct type. 9962
cmac.h Enum for identifying the underlying block cipher we're using internally. 1586 2329
crypto_primitives.c This file holds useful functions and macros for crypto code. 1004
crypto_primitives.h This file holds useful functions and macros for crypto code. 1744
ctr.c Invariant: 0 < ctr->bufPtr <= AES_BLOCK_SIZE 8097
ctr.h This structure is defined in this header because both ctr.c and gcm.c need it. 1890
cts.c iv stores the last ciphertext block of the previous message. Only used by decrypt. 11308
cts.h The context argument is the inner cipher context to use with cipher. The CTSContext does not own context. context needs to remain valid for as long as the CTSContext is valid. The cipher argument is a block cipher in the CBC mode. 1282
des.c for ptrdiff_t 27536
des.h key schedule, 16 internal keys, each with 8 6-bit parts 1037
desblapi.c Intel X86 CPUs do unaligned loads and stores without complaint. 7205
det_rng.c --- LOCKED --- 3992
det_rng.h __det_rng_h_ 465
dh.c Diffie-Hellman parameter generation, key generation, and secret derivation. KEA secret generation and verification. 14197
drbg.c for RNG_SystemRNG() 38653
dsa.c FIPS 186-2 requires result from random output to be reduced mod q when generating random numbers for DSA. Input: w, 2*qLen bytes q, qLen bytes Output: xj, qLen bytes 21342
ec.c Returns true if pointP is the point at infinity, false otherwise 42976
ec.h __ec_h_ 1034
ecdecode.c Copy all of the fields from srcParams into dstParams 9155
exports.gyp 1189
fipsfreebl.c $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 Exp $ 79533
freebl.def 1158
freebl.gyp 25663
freebl.rc 1947
freebl_base.gypi 6174
freebl_hash.def 1402
freebl_hash_vector.def 1303
freeblver.c Library identity and versioning 473
gcm-aarch64.c old gcc doesn't support some poly64x2_t intrinsic 3344
gcm-arm32-neon.c Carry-less multiplication. a * b = ret. 6997
gcm-ppc.c Clang uses a different name 3135
gcm-x86.c clmul 4535
gcm.c Thanks to Thomas Pornin for the ideas how to implement the constat time binary multiplication. 37843
gcm.h GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 4493
genload.c This file is meant to be included by other .c files. This file takes a "parameter", the scope which includes this code shall declare this variable: const char *NameOfThisSharedLib; NameOfThisSharedLib: The file name of the shared library that shall be used as the "reference library". The loader will attempt to load the requested library from the same directory as the reference library. 5358
Hacl_Hash_SHA2_shim.h 980
hmacct.c MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length field. (SHA-384/512 have 128-bit length.) 12870
hmacct.h 1029
intel-aes-x64-masm.asm 21141
intel-aes-x86-masm.asm 20146
intel-aes.h Prototypes of the functions defined in the assembler file. 9166
intel-aes.s 101162
intel-gcm-wrap.c Copyright(c) 2013, Intel Corp. 14652
intel-gcm-x64-masm.asm 34729
intel-gcm-x86-masm.asm 31751
intel-gcm.h This submission to NSS is to be made available under the terms of the 5317
intel-gcm.s 32842
jpake.c Hash an item's length and then its value. Only items smaller than 2^16 bytes are allowed. Lengths are hashed in network byte order. This is designed to match the OpenSSL J-PAKE implementation. 13609
kyber-pqcrystals-ref.c begin: ref/AUTHORS ** Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John Schanck, Peter Schwabe, Gregor Seiler, Damien Stehlé * end: ref/AUTHORS * 89414
kyber-pqcrystals-ref.h begin: ref/AUTHORS ** Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John Schanck, Peter Schwabe, Gregor Seiler, Damien Stehlé * end: ref/AUTHORS * 7611
kyber.c Consistency check between kyber-pqcrystals-ref.h and kyber.h 6169
ldvector.c End of Version 3.001. 9766
loader.c This function must be run only once. 82186
loader.h of this struct in bytes 50070
lowhash_vector.c pretty much only glibc uses this, make sure we don't have any depenencies on nspr.. 5449
Makefile 28727 4331
md2.c The X array, [CV | INPUT | TMP VARS] 7318
md5.c no need to ZAlloc, MD5_Begin will init the context 15455
mknewpc2.c two 28-bit registers defined in key schedule production process 6191
mksp.c sboxes - the tables for the s-box functions from FIPS 46, pages 15-16. 3826
nsslowhash.c make sure the FIPS product is installed if we are trying to go into FIPS mode 2871
nsslowhash.h Provide FIPS validated hashing for applications that only need hashing. NOTE: mac'ing requires keys and will not work in this interface. Also NOTE: this only works with Hashing. Only the FIPS interface is enabled. 1297
ppc-crypto.h The ghash freebl test tries to use this in C++, and gcc defines conflict. 937
ppc-gcm-wrap.c Copyright(c) 2013, Intel Corp. 13458
ppc-gcm.h This submission to NSS is to be made available under the terms of the 3748
ppc-gcm.s 23184
pqg.c PQG parameter generation/verification. Based on FIPS 186-3. 66679
pqg.h pqg.h header file for pqg functions exported just to freebl 1082
rawhash.c below the line 7090
ret_cr16.s 629
rijndael.c USE_HW_AES 39516
rijndael.h GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 2543
rijndael_tables.c what follows is code thrown together to generate the myriad of tables used by Rijndael, the AES cipher. 9082 79013
rsa.c RSA key generation, public key op, private key op. 56233
rsa_blind.c Implementation of RSA Blind Signatures. ( 13177
rsapkcs.c RSA PKCS#1 v2.1 (RFC 3447) operations 50926
secmpi.c 594
secmpi.h Fill the `used` digits of an mp_int with random bits 2926
secrng.h secrng.h - public data structures and prototypes for the secure random number generator 1886
sha-fast-amd64-sun.s 37585
sha_fast.c SHA: initialize context 17053
sha_fast.h input buffer 5154
sha1-armv8.c SHA: Add data to context. 6857
sha3.c for PRUintXX 6824
sha256-armv8.c for PRUintXX 6623
sha256-x86.c for PRUintXX 7993
sha256.h message schedule, input buffer, plus 48 words 841
sha512-p8.s 16014
sha512.c for PRUintXX 49639
shake.c for PRUintXX 3173
shsign.h new hmac based signatures 816
shvfy.c Most modern version of Linux support a speed optimization scheme where an application called prelink modifies programs and shared libraries to quickly load if they fit into an already designed address space. In short, prelink scans the list of programs and libraries on your system, assigns them a predefined space in the the address space, then provides the fixups to the library. The modification of the shared library is correctly detected by the freebl FIPS checksum scheme where we check a signed hash of the library against the library itself. The prelink command itself can reverse the process of modification and output the prestine shared library as it was before prelink made it's changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the original copy of the shared library before prelink modified it. 17855
stubs.c Allow freebl and softoken to be loaded without util or NSPR. These symbols are overridden once real NSPR, and libutil are attached. 22621
stubs.h Allow freebl and softoken to be loaded without util or NSPR. These symbols are overridden once real NSPR, and libutil are attached. 2516
sysrand.c 457
tlsprfalg.c TLS P_hash function 3979
unix_rand.c When copying data to the buffer we want the least signicant bytes from the input since those bits are changing the fastest. The address of least significant byte depends upon whether we are running on a big-endian or little-endian machine. Does this mean the least signicant bytes are the most significant to us? :-) 19910
unix_urandom.c syscall getentropy() is limited to retrieving 256 bytes 2429
win_rand.c The RtlGenRandom function is declared in <ntsecapi.h>, but the declaration is missing a calling convention specifier. So we declare it manually here. 4373