Commit Graph

7 Commits

Author SHA1 Message Date
Adam Langley
c01786403f Update link to CMVP certificate.
NIST redid their website and broke all the old links.

Change-Id: I5b7cba878404bb63e49f221f6203c8e1e6545af4
Reviewed-on: https://boringssl-review.googlesource.com/26204
Reviewed-by: Adam Langley <agl@google.com>
2018-02-26 22:14:35 +00:00
Adam Langley
59392c360d Update FIPS documentation with pointer to the cert and security policy.
At this point, the security policy document will be maintained in the
BoringSSL repo for change control.

Change-Id: I9ece51a0e9a506267e2f3b5215fb0d516d0d834b
Reviewed-on: https://boringssl-review.googlesource.com/18184
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-20 03:32:08 +00:00
Adam Langley
d68618b21e <sup> doesn't work in Markdown, use Unicode instead.
Change-Id: I7302b9d9926bb09e53898142b5513d66ef792aa3
Reviewed-on: https://boringssl-review.googlesource.com/17624
Reviewed-by: Adam Langley <agl@google.com>
2017-07-06 15:19:26 +00:00
Adam Langley
fed35d3224 Update the FIPS documentation.
This adds sections on running CAVP tests, breaking FIPS tests and the
RNG design.

Change-Id: I859290e8e2e6ab087aa2b6570a30176b42b01073
Reviewed-on: https://boringssl-review.googlesource.com/17585
Reviewed-by: Adam Langley <agl@google.com>
2017-07-06 15:16:13 +00:00
Adam Langley
82bad05d5d Inject FIPS hash without running module.
Previously, inject-hash would run the FIPS module in order to trigger a
failure and then extract the calculated hash value from the output. This
makes cross-compiling difficult because the build process needs to run a
binary for the target platform.

This change drops this step. Instead, inject-hash.go parses the object
file itself and calculates the hash without needing to run the module.

Change-Id: I2593daa03094b0a17b498c2e8be6915370669596
Reviewed-on: https://boringssl-review.googlesource.com/14964
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-12 23:09:38 +00:00
David Benjamin
d0a4059102 Be less clever about .rel.ro avoidance.
This restores the original version of delocate.go, with the subsequent
bugfixes patched in. With this, the FIPS module builds with GCC and
Clang, with and without optimizations. I did patch over a variant of the
macro though, since it was otherwise really wordy.

Playing games with sections was a little overly clever and relied on the
compiler not performing a number of optimizations. Clang blew threw all
of those assumptions.

Change-Id: Ib4da468a5925998457994f9e392cf0c04573fe91
Reviewed-on: https://boringssl-review.googlesource.com/14805
Reviewed-by: Adam Langley <agl@google.com>
2017-04-07 15:20:26 +00:00
Adam Langley
fd49993c3b First part of the FIPS module.
Change-Id: Ic3a91ccd2c8cdc364740f256fdb8a7ff66177947
Reviewed-on: https://boringssl-review.googlesource.com/14506
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2017-04-07 00:05:34 +00:00