kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0ffc795efb
boringssl/crypto/fipsmodule
History
Adam Langley 0ffc795efb Clear PRNG states in FIPS mode. 
FIPS requires that the CTR-DRBG state be zeroed on process exit, however
destructors for thread-local data aren't called when the process exits.

This change maintains a linked-list of thread-local state which is
walked on exit to zero each thread's PRNG state. Any concurrently
running threads block until the process finishes exiting.

Change-Id: Ie5dc18e1bb2941a569d8b309411cf20c9bdf52ef
Reviewed-on: https://boringssl-review.googlesource.com/16764
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-31 23:39:53 +00:00
..
aes Change ppc64le AES code for FIPS. 2017-05-25 22:02:22 +00:00
bn Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
cipher Enforce incrementing counter for TLS 1.2 AES-GCM. 2017-05-26 20:06:36 +00:00
des Move des/ to crypto/fipsmodule/ 2017-05-02 19:21:02 +00:00
digest Be less clever about .rel.ro avoidance. 2017-04-07 15:20:26 +00:00
ec Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
ecdsa Tidy up FIPS module dependencies. 2017-05-05 23:10:24 +00:00
hmac First part of the FIPS module. 2017-04-07 00:05:34 +00:00
md4 First part of the FIPS module. 2017-04-07 00:05:34 +00:00
md5 Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
modes Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
rand Clear PRNG states in FIPS mode. 2017-05-31 23:39:53 +00:00
rsa Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
sha Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
bcm.c Have a single function for FIPS test failures. 2017-05-18 20:33:55 +00:00
CMakeLists.txt Fix standalone ppc64le build. 2017-05-30 18:21:37 +00:00
delocate.h Switch to new delocate tool. 2017-05-30 18:00:16 +00:00
FIPS.md Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck1.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
is_fips.c Move OPENSSL_ASAN to base.h. 2017-05-16 20:16:52 +00:00