| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Add support for computing AES-GMAC using MAC API, as requested by Samba
for SMB3 support.
Resolves: #781
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
| |
If nettle's XTS is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
That would allow FIPS140-2 compliant applications to use forbidden
algorithms by switching to a lax FIPS140-2 mode.
Resolves #352
Resolves #353
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This allows recovering from _gnutls_lib_simulate_error() which in
turn allows more advanced tests. Not documented, and intended to
be an internal symbol only.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This avoids relying on abort() for RNG errors in PK wrappers.
We use instead the library state originally added for FIPS140-2
support, and if the state indicates failure the operation will
fail.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
|
|
|
|
|
|
| |
One round is before the AES acceleration is registered, and the second
is after. That is to allow testing of the AES implementation used in the
DRBG. That is a hack until nettle handles all cipher acceleration.
|
| |
|
|
|
|
|
| |
That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.
|
| |
|
| |
|
|
|
|
|
| |
This allows having an error state that blocks the library usage
even when not in FIPS mode.
|
| |
|
|
|
|
| |
FIPS140-2 mode.
|
| |
|
| |
|
| |
|
|
This implies that when in FIPS mode and the library is not in operational
state (i.e., all self checks succeeded), crypto functionality of the library will fail.
This includes:
* API functions of gnutls/crypto.h
* API functions of gnutls/abstract.h
* API functions of gnutls/x509.h
* gnutls_init()
* API functions of gnutls/xssl.h
|