Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fips: make FIPS140-2 mode enablement logic simpler | Daiki Ueno | 2020-05-20 | 1 | -2/+2 |
| | | | | | | | | | | | | | | Previously, to enable the FIPS140-2 mode, both /etc/system-fips and the fips=1 kernel command line need to be set. While this was designed to be consistent, the convention is not well followed by the other crypto libraries and the former tends to be ignored. This aligns the behavior to the latter, i.e. if fips=1 is set, the library enables the FIPS140-2 mode regardless of the existence of /etc/system-fips. Suggested by Alexander Sosedkin. Signed-off-by: Daiki Ueno <dueno@redhat.com> | ||||
* | Use https:// for www.gnu.org and www.example.com | Tim Rühsen | 2019-03-13 | 1 | -1/+1 |
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> | ||||
* | fips140: added function for applications to switch the FIPS140-2 mode | Nikos Mavrogiannopoulos | 2018-02-19 | 1 | -7/+1 |
| | | | | | | | | | | That would allow FIPS140-2 compliant applications to use forbidden algorithms by switching to a lax FIPS140-2 mode. Resolves #352 Resolves #353 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | fuzzer: added a fuzzer target | Nikos Mavrogiannopoulos | 2017-08-16 | 1 | -1/+10 |
| | | | | | | | | This allows to compile the library with flags which will add predictable random generation and eliminate some crypto checks, in order for the library to be used for testing (fuzzying). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | random: keep global list of initialized contexts | Nikos Mavrogiannopoulos | 2017-03-06 | 1 | -4/+50 |
| | | | | | | | This allows to properly deinitialize all random generator contexts on library deinitialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Use a thread local random generator. | Nikos Mavrogiannopoulos | 2017-03-06 | 1 | -32/+9 |
| | | | | | | | | | | | This allows accessing the per-thread random generator in a lock-free way, at the cost of additional memory per thread. The default random generator imposes around 640 bytes per thread on 64-bit architectures. Resolves: #141 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_rnd: document the available values of level [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+3 |
| | | | | This enables using the function by only checking the man page. | ||||
* | rng: split initialization in preinit and init | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -11/+74 |
| | | | | | | | | This makes gnutls to initialize its random generator on the first call to gnutls_rnd(). That prevents blocking due to getrandom() on a constructor; that change allows to use gnutls-linked applications even in early boot in systems where getrandom() blocks waiting for entropy. | ||||
* | Removed the 'gnutls_' prefix from files to simplify file naming | Nikos Mavrogiannopoulos | 2015-08-23 | 1 | -2/+2 |
| | |||||
* | gnutls_rnd: doc update | Nikos Mavrogiannopoulos | 2014-12-12 | 1 | -1/+3 |
| | |||||
* | fixed compilation warnings | Nikos Mavrogiannopoulos | 2014-09-25 | 1 | -1/+1 |
| | |||||
* | register FIPS140 random generator prior to initialization | Nikos Mavrogiannopoulos | 2014-01-22 | 1 | -7/+7 |
| | |||||
* | The FIPS140 random number generator is enabled conditionally when required. | Nikos Mavrogiannopoulos | 2014-01-17 | 1 | -0/+13 |
| | |||||
* | The library state is used even when not in FIPS mode. | Nikos Mavrogiannopoulos | 2013-11-30 | 1 | -1/+1 |
| | | | | | This allows having an error state that blocks the library usage even when not in FIPS mode. | ||||
* | Added support for fips states. | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -0/+2 |
| | | | | | | | | | | | This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h | ||||
* | reindented code | Nikos Mavrogiannopoulos | 2013-11-08 | 1 | -24/+17 |
| | |||||
* | Use LGPLv2.1 in the files their author's agreed to. | Nikos Mavrogiannopoulos | 2013-02-01 | 1 | -1/+1 |
| | |||||
* | Added gnutls_rnd_refresh(). | Nikos Mavrogiannopoulos | 2013-01-27 | 1 | -0/+17 |
| | |||||
* | Cleanup copyright headers. | Simon Josefsson | 2012-01-25 | 1 | -1/+1 |
| | |||||
* | Run 'make update-copyright'. | Simon Josefsson | 2012-01-16 | 1 | -1/+1 |
| | |||||
* | Optimizations in DH parameter generation. | Nikos Mavrogiannopoulos | 2011-12-12 | 1 | -8/+4 |
| | | | | | | The larger prime is find first and the big loop needs to find a smaller prime, increasing performance. The _gnutls_rnd() function is now inline and GNUTLS_RND_NONCE doesn't update random generator state. | ||||
* | Clarify license and copyright. | Simon Josefsson | 2011-08-03 | 1 | -1/+1 |
| | |||||
* | More GTK-DOC improvements. | Simon Josefsson | 2011-08-03 | 1 | -4/+4 |
| | |||||
* | documentation fixes | Nikos Mavrogiannopoulos | 2011-07-23 | 1 | -1/+1 |
| | |||||
* | Upgraded to LGPLv3. | Nikos Mavrogiannopoulos | 2011-06-23 | 1 | -5/+3 |
| | |||||
* | Indented code. Use same indentation but with -nut to avoid usage of tabs. In ↵ | Nikos Mavrogiannopoulos | 2010-12-16 | 1 | -4/+4 |
| | | | | several editors tabs can be configured not to be 8 spaces and this produces artifacts with the current indentation that is a mixture of tabs and spaces. | ||||
* | Indent (using GNU indent 2.2.11). | Simon Josefsson | 2010-10-14 | 1 | -1/+2 |
| | |||||
* | exported gnutls_rnd(). | Nikos Mavrogiannopoulos | 2010-06-03 | 1 | -2/+14 |
| | |||||
* | Change GNUTLS into GnuTLS. | Simon Josefsson | 2010-05-22 | 1 | -2/+2 |
| | |||||
* | Update copyright years. | Simon Josefsson | 2010-01-27 | 1 | -1/+1 |
| | |||||
* | Fix FSF copyright notices. | Simon Josefsson | 2010-01-27 | 1 | -1/+1 |
| | |||||
* | Minor randomness API cleanups. | Simon Josefsson | 2008-07-09 | 1 | -3/+3 |
| | |||||
* | Indent code. | Simon Josefsson | 2008-07-02 | 1 | -16/+20 |
| | |||||
* | Initial merge attempt with gnutls_with_ext_mpi | Nikos Mavrogiannopoulos | 2008-06-28 | 1 | -30/+7 |
| | |||||
* | faster seek into the list. | Nikos Mavrogiannopoulos | 2008-04-26 | 1 | -1/+2 |
| | |||||
* | Added interface to register random generators. | Nikos | 2008-03-29 | 1 | -0/+86 |