summaryrefslogtreecommitdiff
path: root/lib/fips.c
Commit message (Collapse)AuthorAgeFilesLines
* doc: explicitly state that rng self_test mustn't require rng initializationNikos Mavrogiannopoulos2016-11-041-1/+2
|
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-111-1/+1
|
* gnutls_fips140_mode_enabled: changed return type to unsignedNikos Mavrogiannopoulos2016-08-051-1/+1
|
* env: use secure_getenv when reading environment variablesNikos Mavrogiannopoulos2016-05-271-2/+2
|
* fips140: set the key via a configure argumentNikos Mavrogiannopoulos2015-09-221-3/+1
|
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-2/+2
|
* fips140: corrected hex decodingNikos Mavrogiannopoulos2015-07-311-2/+2
|
* fips: use gnutls_hex_decode for MAC decodingNikos Mavrogiannopoulos2015-07-211-2/+3
|
* fips140: better debug messages when verifying MACNikos Mavrogiannopoulos2015-06-081-2/+1
|
* fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform ↵Nikos Mavrogiannopoulos2015-06-041-19/+27
| | | | integrity tests
* use a FIPS key that agree's with fedora's fipshmacNikos Mavrogiannopoulos2015-01-151-1/+1
|
* properly reset the zombie mode in FIPS modeNikos Mavrogiannopoulos2014-11-161-3/+9
| | | | This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
* the FIPS140-2 testing mode is disabled after self-checksNikos Mavrogiannopoulos2014-11-131-13/+17
|
* fips140: check the integrity of GMPNikos Mavrogiannopoulos2014-09-031-5/+27
|
* perform the FIPS140-2 self tests in two roundsNikos Mavrogiannopoulos2014-09-021-2/+29
| | | | | | One round is before the AES acceleration is registered, and the second is after. That is to allow testing of the AES implementation used in the DRBG. That is a hack until nettle handles all cipher acceleration.
* The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the ↵Nikos Mavrogiannopoulos2014-08-141-1/+13
| | | | FIPS-140-2 mode
* fips140-2: do not check the libtasn1's integrityNikos Mavrogiannopoulos2014-07-221-7/+0
|
* FIPS140-2 tests: no need for MD5 checkNikos Mavrogiannopoulos2014-07-081-6/+0
|
* FIPS140-2 tests: removed redundant checksNikos Mavrogiannopoulos2014-07-081-25/+1
| | | | | We keep on check per cipher which is required, and avoid multiple (and time-consuming) tests.
* Include the correct header for the self tests functionsNikos Mavrogiannopoulos2014-04-281-0/+1
|
* Test for the existance of the /etc/system-fips fileKurt Roeckx2014-04-271-1/+1
| | | | | | | We don't read it, the existance of the file is enough to say in what mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Add _gnutls_fips_mode_enabled() return values.Kurt Roeckx2014-04-271-0/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* corrected uninitialized valueNikos Mavrogiannopoulos2014-04-171-1/+1
|
* Changes to account for the reduced included gnulibNikos Mavrogiannopoulos2014-03-041-1/+2
|
* Correctly detect the FIPS140-2 HMAC file.Nikos Mavrogiannopoulos2013-12-111-2/+16
|
* FIPS140 mode is detected on run-time.Nikos Mavrogiannopoulos2013-12-091-3/+10
| | | | | That allows a library compiled in FIPS140 mode to operate as the full library if the system is not in FIPS mode.
* removed zombie mode, and no longer use fips140.hNikos Mavrogiannopoulos2013-12-041-2/+0
|
* simplified funcNikos Mavrogiannopoulos2013-12-041-3/+1
|
* constructor and destructors were moved outside the FIPS140 mode.Nikos Mavrogiannopoulos2013-11-301-15/+0
|
* fips140_simulate_error -> lib_simulate_errorNikos Mavrogiannopoulos2013-11-301-1/+1
|
* The library state is used even when not in FIPS mode.Nikos Mavrogiannopoulos2013-11-301-11/+8
| | | | | This allows having an error state that blocks the library usage even when not in FIPS mode.
* Merged the FIPS140-2 support code.Nikos Mavrogiannopoulos2013-11-301-1/+1
| | | | | | Conflicts: lib/gnutls_global.c tests/mini-overhead.c
* Added destructor and moved both *structors to fips.cNikos Mavrogiannopoulos2013-11-281-0/+15
|
* Added known answer test for Diffie-Hellman key exchange.Nikos Mavrogiannopoulos2013-11-281-0/+6
|
* Perform an integrity check on all supporting librariesNikos Mavrogiannopoulos2013-11-271-16/+74
|
* separate zombie mode from operational fips modeNikos Mavrogiannopoulos2013-11-271-2/+5
|
* Added an audit message in self test failureNikos Mavrogiannopoulos2013-11-271-0/+1
|
* binary integrity self test moved to endNikos Mavrogiannopoulos2013-11-271-7/+7
|
* Better handling of FIPS140-2 initializationNikos Mavrogiannopoulos2013-11-271-12/+37
|
* Ported libgcrypt's AES-based DRBG.Nikos Mavrogiannopoulos2013-11-271-0/+12
|
* zeroize ECC secret scalars and points.Nikos Mavrogiannopoulos2013-11-271-3/+0
|
* Updated FIPS140 initialization and added a self test for it.Nikos Mavrogiannopoulos2013-11-271-21/+52
|
* Added binary integrity testNikos Mavrogiannopoulos2013-11-271-12/+91
|
* Added support for fips states.Nikos Mavrogiannopoulos2013-11-271-0/+146
This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
View Lorry Controller Status