projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 12dfa84) | patch
FIPS algorithm blocking.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2005 20:00:40 +0000 (20:00 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2005 20:00:40 +0000 (20:00 +0000)
commitd0edffc7da3bd2572bd899411943b8062b1c6d8a
tree2a6b5b135b53a3650ceae901f2f0f23d5b494e36tree | snapshot
parent12dfa8431092e61c3fa6bb37cd304ab8d26d568bcommit | diff
FIPS algorithm blocking.

Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
53 files changed:
apps/dgst.c diff | blob | history
apps/pkcs12.c diff | blob | history
crypto/bf/bf_skey.c diff | blob | history
crypto/bf/blowfish.h diff | blob | history
crypto/cast/c_skey.c diff | blob | history
crypto/cast/cast.h diff | blob | history
crypto/crypto.h diff | blob | history
crypto/evp/bio_md.c diff | blob | history
crypto/evp/digest.c diff | blob | history
crypto/evp/e_aes.c diff | blob | history
crypto/evp/e_des.c diff | blob | history
crypto/evp/e_des3.c diff | blob | history
crypto/evp/evp.h diff | blob | history
crypto/evp/evp_enc.c diff | blob | history
crypto/evp/evp_err.c diff | blob | history
crypto/evp/evp_locl.h diff | blob | history
crypto/evp/m_dss.c diff | blob | history
crypto/evp/m_md2.c diff | blob | history
crypto/evp/m_md4.c diff | blob | history
crypto/evp/m_md5.c diff | blob | history
crypto/evp/m_mdc2.c diff | blob | history
crypto/evp/m_sha.c diff | blob | history
crypto/evp/m_sha1.c diff | blob | history
crypto/evp/names.c diff | blob | history
crypto/hmac/hmac.c diff | blob | history
crypto/hmac/hmac.h diff | blob | history
crypto/idea/i_skey.c diff | blob | history
crypto/idea/idea.h diff | blob | history
crypto/md2/md2.h diff | blob | history
crypto/md2/md2_dgst.c diff | blob | history
crypto/md32_common.h diff | blob | history
crypto/md4/md4.h diff | blob | history
crypto/md4/md4_dgst.c diff | blob | history
crypto/md5/md5.h diff | blob | history
crypto/md5/md5_dgst.c diff | blob | history
crypto/mdc2/mdc2.h diff | blob | history
crypto/mdc2/mdc2dgst.c diff | blob | history
crypto/rc2/rc2.h diff | blob | history
crypto/rc2/rc2_skey.c diff | blob | history
crypto/rc4/rc4.h diff | blob | history
crypto/rc4/rc4_skey.c diff | blob | history
crypto/rc5/rc5.h diff | blob | history
crypto/rc5/rc5_skey.c diff | blob | history
crypto/ripemd/ripemd.h diff | blob | history
crypto/ripemd/rmd_dgst.c diff | blob | history
crypto/sha/sha.h diff | blob | history
crypto/sha/sha_locl.h diff | blob | history
crypto/x509/x509_cmp.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
ssl/s3_clnt.c diff | blob | history
ssl/s3_enc.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
ssl/t1_enc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.