Commit Graph

179 Commits (3c49cf388ad389a3b800fa7447d840f9c2f5100c)

Author SHA1 Message Date
Dmitry Belyavskiy 3c49cf388a POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
10 months ago
Dmitry Belyavskiy 6c9dd70b94 Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
10 months ago
Dmitry Belyavskiy e7c35f0ede Add a directory for OpenSSL providers configuration
12 months ago
Clemens Lang db02879351 FIPS: abort on rsa_keygen_pairwise_test failure
12 months ago
Dmitry Belyavskiy 67bb06894f Avoid implicit function declaration when building openssl
12 months ago
Dmitry Belyavskiy f1d5ccdb6e Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
1 year ago
Dmitry Belyavskiy 72772f737e Add missing ECDH Public Key Check in FIPS mode
1 year ago
Clemens Lang 9a075c13c3 Mark RSA-OAEP as approved in FIPS mode
1 year ago
Dmitry Belyavskiy 66dddb942c Fix incorrect cipher key and IV length processing (CVE-2023-5363)
1 year ago
Dmitry Belyavskiy 6e0d3b16e6 Excessive time spent checking DH q parameter value
1 year ago
Dmitry Belyavskiy d6248f76c4 Excessive time spent checking DH keys and parameters
1 year ago
Dmitry Belyavskiy 6775e82636 AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
1 year ago
Dmitry Belyavskiy fa5df9d74b Forbid explicit curves when created via EVP_PKEY_fromdata
1 year ago
Dmitry Belyavskiy 92436854f9 Avoid implicit function declaration when building openssl
1 year ago
Dmitry Belyavskiy ec6d7cf272 Provide empty evp_properties section in main OpenSSL configuration file
1 year ago
Dmitry Belyavskiy 223304543a Don't limit using SHA1 in KDFs in non-FIPS mode.
1 year ago
Dmitry Belyavskiy 131e7d1602 Provide relevant diagnostics when FIPS checksum is corrupted
1 year ago
Dmitry Belyavskiy d30c497ed1 Make FIPS module configuration more crypto-policies friendly
1 year ago
Dmitry Belyavskiy 217cd631e8 Add a workaround for lack of EMS in FIPS mode
1 year ago
Sahana Prasad 8fb737bf79 Remove unsupported ec curves from nist_curves
1 year ago
Sahana Prasad 05b87f449d Remove the listing of brainpool curves in FIPS mode
1 year ago
Dmitry Belyavskiy d1a87553bb Release the DRBG in global default libctx early
1 year ago
Dmitry Belyavskiy df4dd7dd7f Fix possible DoS translating ASN.1 object identifiers
1 year ago
Clemens Lang b1d3f019d4 FIPS: Re-enable DHX, disable FIPS 186-4 groups
1 year ago
Dmitry Belyavskiy 57f6d8f4a4 Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
1 year ago
Dmitry Belyavskiy 032dc0839c Enforce using EMS in FIPS mode - better alerts
2 years ago
Sahana Prasad 05bbcc9920 - Upload new upstream sources without manually hobbling them.
2 years ago
Dmitry Belyavskiy 45cb3a6b4e Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2 years ago
Dmitry Belyavskiy 7680abf05d Input buffer over-read in AES-XTS implementation on 64 bit ARM
2 years ago
Dmitry Belyavskiy 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode
2 years ago
Dmitry Belyavskiy ba8edd5ea8 Certificate policy check not enabled
2 years ago
Dmitry Belyavskiy 70a27e0ae3 Fix invalid certificate policies in leaf certificates check
2 years ago
Dmitry Belyavskiy 90306b7fd8 Fix excessive resource usage in verifying X509 policy constraints
2 years ago
Dmitry Belyavskiy 35f22d134e Enforce using EMS in FIPS mode
2 years ago
Clemens Lang 0dea6db970 Change explicit FIPS indicator for RSA decryption to unapproved
2 years ago
Clemens Lang 1bd2a0cee3 Add missing patchfile, fix gettable params
2 years ago
Clemens Lang 1bd49c394a Add explicit FIPS indicator to RSA encryption and RSASVE
2 years ago
Clemens Lang 21d2b9fb47 Fix X942KDF indicator for short output key lengths
2 years ago
Clemens Lang e5f783d552 Fix Wpointer-sign compiler warning
2 years ago
Dmitry Belyavskiy 6eb72dd621 Increase RNG seeding buffer size to 32
2 years ago
Dmitry Belyavskiy fb4b72ff2f DH PCT should abort on failure
2 years ago
Dmitry Belyavskiy bfdbb139b4 Disable DHX keys completely in FIPS mode
2 years ago
Dmitry Belyavskiy fa195e46a2 Pairwise consistency tests should use Digest+Sign/Verify
2 years ago
Dmitry Belyavskiy d2996a9b03 Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
Clemens Lang d60644ea6a Add explicit FIPS indicator for PBKDF2
2 years ago
Clemens Lang 50cb33e688 GCM: Implement explicit FIPS indicator for IV gen
2 years ago
Clemens Lang 58955140b6 Zeroize FIPS module integrity check MAC after check
2 years ago
Clemens Lang 6a9e17a8c1 KDF: Add FIPS indicators
2 years ago
Dmitry Belyavskiy 9ebabfa10a Stop everlasting RNG reseeding
2 years ago
Dmitry Belyavskiy 9d8f618208 Fixed NULL dereference during PKCS7 data verification
2 years ago