wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/apps
History
Dr. Stephen Henson d0edffc7da FIPS algorithm blocking. 
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
..
demoCA Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
set Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
.cvsignore Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
app_rand.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
apps.c Remove VMS_strcasecmp() from apps.c, it's not used any more. And 2005-01-11 06:53:30 +00:00
apps.h Make sure the applications know when we are running in FIPS mode. We 2004-05-17 04:30:06 +00:00
asn1pars.c Don't try to parse none string types. 2004-07-01 18:50:12 +00:00
ca-cert.srl Update test server certificate in apps/server.pem (it was expired). 2000-10-16 22:56:10 +00:00
ca-key.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
ca-req.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
ca.c Use the default_md config file value when signing CRLs. 2004-11-11 13:46:44 +00:00
CA.com A hack to make sure access() will give us the correct answer about the 2000-02-11 18:12:47 +00:00
CA.pl.in Port the random serial number generation to 0.9.7-stable. 2004-04-22 12:19:48 +00:00
CA.sh ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
cert.pem Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ciphers.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
client.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
crl.c Don't return an error with crl -noout. 2004-11-11 02:12:48 +00:00
crl2p7.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
dgst.c FIPS algorithm blocking. 2005-01-26 20:00:40 +00:00
dh.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
dh512.pem Include SKIP DH parameters with OpenSSL. 2000-08-02 09:04:44 +00:00
dh1024.pem Include SKIP DH parameters with OpenSSL. 2000-08-02 09:04:44 +00:00
dh2048.pem Include SKIP DH parameters with OpenSSL. 2000-08-02 09:04:44 +00:00
dh4096.pem Include SKIP DH parameters with OpenSSL. 2000-08-02 09:04:44 +00:00
dhparam.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
dsa-ca.pem Fix the gendsa program and add it to the app list. The progs.h file is 1999-01-09 17:29:34 +00:00
dsa-pca.pem Fix the gendsa program and add it to the app list. The progs.h file is 1999-01-09 17:29:34 +00:00
dsa.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
dsa512.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
dsa1024.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
dsap.pem Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
dsaparam.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
enc.c Typo corretced. 2004-05-17 04:47:26 +00:00
engine.c Use BUF_strlcpy() instead of strcpy(). 2003-12-27 14:40:57 +00:00
errstr.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
gendh.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
gendsa.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
genrsa.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
install.com VMS support. 1999-05-13 11:37:32 +00:00
makeapps.com Another missing module in the VMS build files. I believe this is the 2004-08-11 20:34:12 +00:00
Makefile Zap obsolete der_chop script. 2004-11-13 23:56:15 +00:00
nseq.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
ocsp.c Incorporate the following changes from 0.9.8-dev: 2004-03-08 02:53:46 +00:00
oid.cnf Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
openssl-vms.cnf make update 2004-05-13 21:38:37 +00:00
openssl.c Use EXIT() instead of exit(). 2005-01-11 18:25:28 +00:00
openssl.cnf make update 2004-05-13 21:38:37 +00:00
passwd.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
pca-cert.srl Update test server certificate in apps/server.pem (it was expired). 2000-10-16 22:56:10 +00:00
pca-key.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pca-req.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pkcs7.c Call autoconfig code in pkcs7 utility. 2004-03-05 23:45:08 +00:00
pkcs8.c Memory leak fixes from main branch. 2004-06-24 13:05:50 +00:00
pkcs12.c FIPS algorithm blocking. 2005-01-26 20:00:40 +00:00
prime.c Remove unnecessary check and call BIO_free_all() on bio_out to avoid a 2004-11-27 13:02:34 +00:00
privkey.pem Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
progs.h Add primality tester. 2004-06-19 13:54:59 +00:00
progs.pl exclude disabled message digests 2001-09-10 17:18:56 +00:00
rand.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
req.c In "req" exit immediately if configuration file is needed and it can't 2004-11-17 18:36:43 +00:00
req.pem Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
rsa.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
rsa8192.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
rsautl.c -passin argument to rsautl 2004-03-04 21:58:13 +00:00
s512-key.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
s512-req.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
s1024key.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
s1024req.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
s_apps.h Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>. 2003-09-27 21:56:12 +00:00
s_cb.c Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
s_client.c DJGPP update. 2005-01-04 10:21:55 +00:00
s_server.c Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>. 2003-09-27 21:56:12 +00:00
s_socket.c DJGPP update. 2005-01-04 10:21:55 +00:00
s_time.c Use BUF_strlcpy() instead of strcpy(). 2003-12-27 14:40:57 +00:00
server.pem Update test server certificate in apps/server.pem (it was expired). 2000-10-16 22:56:10 +00:00
server.srl Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
server2.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
sess_id.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
smime.c Various S/MIME bug and compatibility fixes. 2003-06-01 20:45:44 +00:00
speed.c Make the tests of EVP operations without padding. As a consequence, 2004-06-28 16:32:14 +00:00
spkac.c Add the possibility to build without the ENGINE framework. 2003-01-30 17:37:49 +00:00
testCA.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testdsa.h openssl speed is quite useful for testing hardware support (among other 2001-07-11 18:59:25 +00:00
testrsa.h cleaning up a little 2000-03-12 23:27:14 +00:00
verify.c Make an explicit check during certificate validation to see that the 2004-11-29 11:18:00 +00:00
version.c EXIT() may mean return(). That's confusing, so let's have it really mean 2002-12-03 16:34:28 +00:00
winrand.c Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
x509.c Use X509_cmp_time() in -checkend option, to support GeneralizedTime. 2004-12-05 18:26:48 +00:00