openssl/crypto/x509
Dr. Stephen Henson d0edffc7da FIPS algorithm blocking.
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
..
.cvsignore
by_dir.c Typo... 2004-01-22 22:36:48 +00:00
by_file.c In by_file.c check last error for no start line, not first error. 2004-12-04 21:26:11 +00:00
Makefile Don't use $(EXHEADER) directly in for loops, as most shells will break 2004-11-02 23:53:31 +00:00
x509.h Fix race condition when CRL checking is enabled. 2004-10-04 16:27:36 +00:00
x509_att.c Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
x509_cmp.c FIPS algorithm blocking. 2005-01-26 20:00:40 +00:00
x509_d2.c Make all configuration macros available for application by making 2001-02-19 16:06:34 +00:00
x509_def.c
x509_err.c Make the necessary changes to work with the recent "ex_data" overhaul. 2001-09-01 20:02:13 +00:00
x509_ext.c X509V3_add_i2d() needs to be able to allocate a 2000-12-27 13:42:43 +00:00
x509_lu.c Make the necessary changes to work with the recent "ex_data" overhaul. 2001-09-01 20:02:13 +00:00
x509_obj.c Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
x509_r2x.c Add lots of checks for memory allocation failure, error codes to indicate 2004-12-05 01:04:44 +00:00
x509_req.c Oops, forgot to reorder extension request nids. 2004-09-13 22:39:49 +00:00
x509_set.c Make NEG_PUBKEY_BUG on by default. 2000-07-26 01:18:37 +00:00
x509_trs.c Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 2003-06-11 21:22:34 +00:00
x509_txt.c Make an explicit check during certificate validation to see that the 2004-11-29 11:18:00 +00:00
x509_v3.c Typo in X509v3_get_ext_by_critical 2002-12-04 00:14:00 +00:00
x509_vfy.c FIPS algorithm blocking. 2005-01-26 20:00:40 +00:00
x509_vfy.h Make an explicit check during certificate validation to see that the 2004-11-29 11:18:00 +00:00
x509cset.c Automatically mark the CRL cached encoding as invalid when some operations 2004-12-09 13:34:41 +00:00
x509name.c Make V_ASN1_APP_CHOOSE work again. 2000-03-14 03:29:57 +00:00
x509rset.c
x509spki.c Merge from the ASN1 branch of new ASN1 code 2000-12-08 19:09:35 +00:00
x509type.c 1024 is the export key bits limit according to current regulations, not 512. 2003-11-28 22:39:23 +00:00
x_all.c Automatically mark the CRL cached encoding as invalid when some operations 2004-12-09 13:34:41 +00:00