Non FIPS algorithms are not normally allowed in FIPS mode.
Any attempt to use them via high level functions will return an error.
The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.
There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.
For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().
For high level functions an override is performed by setting a flag in
the context.
OpenSSL-fips-0_9_7-stable.
Since the 0.9.7-stable branch is supposed to be in freeze and should
only contain bug corrections, this change removes the FIPS changes
from that branch.
bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
was that they weren't really needed any more for EVP itself. However,
it seems like soma applications (I know about OpenSSH, but there may
be more) used evp.h as the 'load all' header file, which makes sense
since we try our best to promote the use of EVP instead of the lower
level crypto algorithms. Therefore, I put the inclusions back so
the application authors don't get too shocked by all the errors they
would otherwise get.
Thanks to Theo de Raadt for making us aware of this.
See crypto/engine/README for details.
- it also removes openbsd_hw.c from the build (that functionality is
going to be available in the openbsd ENGINE in a upcoming commit)
- evp_test has had the extra initialisation added so it will use (if
possible) any ENGINEs supporting the algorithms required.
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway). To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent. Instead, callers can use
CRYPTO_push_info() to track down memory leaks.