summaryrefslogtreecommitdiff
path: root/lib/fips.h
Commit message (Collapse)AuthorAgeFilesLines
* lib: add support for AES-GMACDmitry Eremin-Solenikov2019-06-281-0/+3
| | | | | | | | | Add support for computing AES-GMAC using MAC API, as requested by Samba for SMB3 support. Resolves: #781 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Add or clean header guards in lib/Tim Rühsen2019-05-071-3/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Vendor in XTS functionality from NettleSimo Sorce2019-03-291-0/+2
| | | | | | | | If nettle's XTS is not available, use a vendored in version from master. This is necessary as long as we need to link against 3.4 for ABI compatibility reasons. Signed-off-by: Simo Sorce <simo@redhat.com>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Add selftests for CMACSimo Sorce2018-10-281-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add selftest for CFB8Simo Sorce2018-10-251-0/+3
|
* fips140: added function for applications to switch the FIPS140-2 modeNikos Mavrogiannopoulos2018-02-191-6/+37
| | | | | | | | | | That would allow FIPS140-2 compliant applications to use forbidden algorithms by switching to a lax FIPS140-2 mode. Resolves #352 Resolves #353 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fips140: enforcement of allowed ciphers moved to crypto-api.c and cipher_int.cNikos Mavrogiannopoulos2018-02-191-0/+27
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.cNikos Mavrogiannopoulos2018-02-191-0/+29
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added _gnutls_lib_force_operationalNikos Mavrogiannopoulos2017-03-061-0/+1
| | | | | | | | This allows recovering from _gnutls_lib_simulate_error() which in turn allows more advanced tests. Not documented, and intended to be an internal symbol only. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pk: always use _gnutls_switch_lib_stateNikos Mavrogiannopoulos2017-03-061-3/+3
| | | | | | | | | This avoids relying on abort() for RNG errors in PK wrappers. We use instead the library state originally added for FIPS140-2 support, and if the state indicates failure the operation will fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-1/+1
|
* properly reset the zombie mode in FIPS modeNikos Mavrogiannopoulos2014-11-161-0/+1
| | | | This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
* perform the FIPS140-2 self tests in two roundsNikos Mavrogiannopoulos2014-09-021-1/+2
| | | | | | One round is before the AES acceleration is registered, and the second is after. That is to allow testing of the AES implementation used in the DRBG. That is a hack until nettle handles all cipher acceleration.
* The FIPS140 random number generator is enabled conditionally when required.Nikos Mavrogiannopoulos2014-01-171-0/+1
|
* FIPS140 mode is detected on run-time.Nikos Mavrogiannopoulos2013-12-091-0/+5
| | | | | That allows a library compiled in FIPS140 mode to operate as the full library if the system is not in FIPS mode.
* removed zombie mode, and no longer use fips140.hNikos Mavrogiannopoulos2013-12-041-5/+3
|
* fips140_simulate_error -> lib_simulate_errorNikos Mavrogiannopoulos2013-11-301-1/+1
|
* The library state is used even when not in FIPS mode.Nikos Mavrogiannopoulos2013-11-301-30/+19
| | | | | This allows having an error state that blocks the library usage even when not in FIPS mode.
* Better handling of FIPS140-2 initializationNikos Mavrogiannopoulos2013-11-271-5/+6
|
* gnutls_key_generate() is restricted by the size of the initial RNG seed in ↵Nikos Mavrogiannopoulos2013-11-271-0/+2
| | | | FIPS140-2 mode.
* zeroize ECC secret scalars and points.Nikos Mavrogiannopoulos2013-11-271-0/+3
|
* Updated FIPS140 initialization and added a self test for it.Nikos Mavrogiannopoulos2013-11-271-1/+4
|
* Added binary integrity testNikos Mavrogiannopoulos2013-11-271-0/+1
|
* Added support for fips states.Nikos Mavrogiannopoulos2013-11-271-0/+70
This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
View Lorry Controller Status