Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | doc: explicitly state that rng self_test mustn't require rng initialization | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -1/+2 |
| | |||||
* | several spacing fixes to keep syntax-check happy | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -1/+1 |
| | |||||
* | gnutls_fips140_mode_enabled: changed return type to unsigned | Nikos Mavrogiannopoulos | 2016-08-05 | 1 | -1/+1 |
| | |||||
* | env: use secure_getenv when reading environment variables | Nikos Mavrogiannopoulos | 2016-05-27 | 1 | -2/+2 |
| | |||||
* | fips140: set the key via a configure argument | Nikos Mavrogiannopoulos | 2015-09-22 | 1 | -3/+1 |
| | |||||
* | Removed the 'gnutls_' prefix from files to simplify file naming | Nikos Mavrogiannopoulos | 2015-08-23 | 1 | -2/+2 |
| | |||||
* | fips140: corrected hex decoding | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -2/+2 |
| | |||||
* | fips: use gnutls_hex_decode for MAC decoding | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -2/+3 |
| | |||||
* | fips140: better debug messages when verifying MAC | Nikos Mavrogiannopoulos | 2015-06-08 | 1 | -2/+1 |
| | |||||
* | fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform ↵ | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -19/+27 |
| | | | | integrity tests | ||||
* | use a FIPS key that agree's with fedora's fipshmac | Nikos Mavrogiannopoulos | 2015-01-15 | 1 | -1/+1 |
| | |||||
* | properly reset the zombie mode in FIPS mode | Nikos Mavrogiannopoulos | 2014-11-16 | 1 | -3/+9 |
| | | | | This amends 9158f590f4a18c84fc9eb41877b29d73b30af879 | ||||
* | the FIPS140-2 testing mode is disabled after self-checks | Nikos Mavrogiannopoulos | 2014-11-13 | 1 | -13/+17 |
| | |||||
* | fips140: check the integrity of GMP | Nikos Mavrogiannopoulos | 2014-09-03 | 1 | -5/+27 |
| | |||||
* | perform the FIPS140-2 self tests in two rounds | Nikos Mavrogiannopoulos | 2014-09-02 | 1 | -2/+29 |
| | | | | | | One round is before the AES acceleration is registered, and the second is after. That is to allow testing of the AES implementation used in the DRBG. That is a hack until nettle handles all cipher acceleration. | ||||
* | The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the ↵ | Nikos Mavrogiannopoulos | 2014-08-14 | 1 | -1/+13 |
| | | | | FIPS-140-2 mode | ||||
* | fips140-2: do not check the libtasn1's integrity | Nikos Mavrogiannopoulos | 2014-07-22 | 1 | -7/+0 |
| | |||||
* | FIPS140-2 tests: no need for MD5 check | Nikos Mavrogiannopoulos | 2014-07-08 | 1 | -6/+0 |
| | |||||
* | FIPS140-2 tests: removed redundant checks | Nikos Mavrogiannopoulos | 2014-07-08 | 1 | -25/+1 |
| | | | | | We keep on check per cipher which is required, and avoid multiple (and time-consuming) tests. | ||||
* | Include the correct header for the self tests functions | Nikos Mavrogiannopoulos | 2014-04-28 | 1 | -0/+1 |
| | |||||
* | Test for the existance of the /etc/system-fips file | Kurt Roeckx | 2014-04-27 | 1 | -1/+1 |
| | | | | | | | We don't read it, the existance of the file is enough to say in what mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | Add _gnutls_fips_mode_enabled() return values. | Kurt Roeckx | 2014-04-27 | 1 | -0/+5 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | corrected uninitialized value | Nikos Mavrogiannopoulos | 2014-04-17 | 1 | -1/+1 |
| | |||||
* | Changes to account for the reduced included gnulib | Nikos Mavrogiannopoulos | 2014-03-04 | 1 | -1/+2 |
| | |||||
* | Correctly detect the FIPS140-2 HMAC file. | Nikos Mavrogiannopoulos | 2013-12-11 | 1 | -2/+16 |
| | |||||
* | FIPS140 mode is detected on run-time. | Nikos Mavrogiannopoulos | 2013-12-09 | 1 | -3/+10 |
| | | | | | That allows a library compiled in FIPS140 mode to operate as the full library if the system is not in FIPS mode. | ||||
* | removed zombie mode, and no longer use fips140.h | Nikos Mavrogiannopoulos | 2013-12-04 | 1 | -2/+0 |
| | |||||
* | simplified func | Nikos Mavrogiannopoulos | 2013-12-04 | 1 | -3/+1 |
| | |||||
* | constructor and destructors were moved outside the FIPS140 mode. | Nikos Mavrogiannopoulos | 2013-11-30 | 1 | -15/+0 |
| | |||||
* | fips140_simulate_error -> lib_simulate_error | Nikos Mavrogiannopoulos | 2013-11-30 | 1 | -1/+1 |
| | |||||
* | The library state is used even when not in FIPS mode. | Nikos Mavrogiannopoulos | 2013-11-30 | 1 | -11/+8 |
| | | | | | This allows having an error state that blocks the library usage even when not in FIPS mode. | ||||
* | Merged the FIPS140-2 support code. | Nikos Mavrogiannopoulos | 2013-11-30 | 1 | -1/+1 |
| | | | | | | Conflicts: lib/gnutls_global.c tests/mini-overhead.c | ||||
* | Added destructor and moved both *structors to fips.c | Nikos Mavrogiannopoulos | 2013-11-28 | 1 | -0/+15 |
| | |||||
* | Added known answer test for Diffie-Hellman key exchange. | Nikos Mavrogiannopoulos | 2013-11-28 | 1 | -0/+6 |
| | |||||
* | Perform an integrity check on all supporting libraries | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -16/+74 |
| | |||||
* | separate zombie mode from operational fips mode | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -2/+5 |
| | |||||
* | Added an audit message in self test failure | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -0/+1 |
| | |||||
* | binary integrity self test moved to end | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -7/+7 |
| | |||||
* | Better handling of FIPS140-2 initialization | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -12/+37 |
| | |||||
* | Ported libgcrypt's AES-based DRBG. | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -0/+12 |
| | |||||
* | zeroize ECC secret scalars and points. | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -3/+0 |
| | |||||
* | Updated FIPS140 initialization and added a self test for it. | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -21/+52 |
| | |||||
* | Added binary integrity test | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -12/+91 |
| | |||||
* | Added support for fips states. | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -0/+146 |
This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h |