Commit Graph

171 Commits (66dddb942c099ca52b8140f5e3dd9aded64f6a3c)

Author SHA1 Message Date
Dmitry Belyavskiy 66dddb942c Fix incorrect cipher key and IV length processing (CVE-2023-5363)
1 year ago
Dmitry Belyavskiy 6e0d3b16e6 Excessive time spent checking DH q parameter value
1 year ago
Dmitry Belyavskiy d6248f76c4 Excessive time spent checking DH keys and parameters
1 year ago
Dmitry Belyavskiy 6775e82636 AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
1 year ago
Dmitry Belyavskiy fa5df9d74b Forbid explicit curves when created via EVP_PKEY_fromdata
1 year ago
Dmitry Belyavskiy 92436854f9 Avoid implicit function declaration when building openssl
1 year ago
Dmitry Belyavskiy ec6d7cf272 Provide empty evp_properties section in main OpenSSL configuration file
1 year ago
Dmitry Belyavskiy 223304543a Don't limit using SHA1 in KDFs in non-FIPS mode.
1 year ago
Dmitry Belyavskiy 131e7d1602 Provide relevant diagnostics when FIPS checksum is corrupted
1 year ago
Dmitry Belyavskiy d30c497ed1 Make FIPS module configuration more crypto-policies friendly
1 year ago
Dmitry Belyavskiy 217cd631e8 Add a workaround for lack of EMS in FIPS mode
1 year ago
Sahana Prasad 8fb737bf79 Remove unsupported ec curves from nist_curves
1 year ago
Sahana Prasad 05b87f449d Remove the listing of brainpool curves in FIPS mode
1 year ago
Dmitry Belyavskiy d1a87553bb Release the DRBG in global default libctx early
1 year ago
Dmitry Belyavskiy df4dd7dd7f Fix possible DoS translating ASN.1 object identifiers
1 year ago
Clemens Lang b1d3f019d4 FIPS: Re-enable DHX, disable FIPS 186-4 groups
2 years ago
Dmitry Belyavskiy 57f6d8f4a4 Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
2 years ago
Dmitry Belyavskiy 032dc0839c Enforce using EMS in FIPS mode - better alerts
2 years ago
Sahana Prasad 05bbcc9920 - Upload new upstream sources without manually hobbling them.
2 years ago
Dmitry Belyavskiy 45cb3a6b4e Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2 years ago
Dmitry Belyavskiy 7680abf05d Input buffer over-read in AES-XTS implementation on 64 bit ARM
2 years ago
Dmitry Belyavskiy 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode
2 years ago
Dmitry Belyavskiy ba8edd5ea8 Certificate policy check not enabled
2 years ago
Dmitry Belyavskiy 70a27e0ae3 Fix invalid certificate policies in leaf certificates check
2 years ago
Dmitry Belyavskiy 90306b7fd8 Fix excessive resource usage in verifying X509 policy constraints
2 years ago
Dmitry Belyavskiy 35f22d134e Enforce using EMS in FIPS mode
2 years ago
Clemens Lang 0dea6db970 Change explicit FIPS indicator for RSA decryption to unapproved
2 years ago
Clemens Lang 1bd2a0cee3 Add missing patchfile, fix gettable params
2 years ago
Clemens Lang 1bd49c394a Add explicit FIPS indicator to RSA encryption and RSASVE
2 years ago
Clemens Lang 21d2b9fb47 Fix X942KDF indicator for short output key lengths
2 years ago
Clemens Lang e5f783d552 Fix Wpointer-sign compiler warning
2 years ago
Dmitry Belyavskiy 6eb72dd621 Increase RNG seeding buffer size to 32
2 years ago
Dmitry Belyavskiy fb4b72ff2f DH PCT should abort on failure
2 years ago
Dmitry Belyavskiy bfdbb139b4 Disable DHX keys completely in FIPS mode
2 years ago
Dmitry Belyavskiy fa195e46a2 Pairwise consistency tests should use Digest+Sign/Verify
2 years ago
Dmitry Belyavskiy d2996a9b03 Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
Clemens Lang d60644ea6a Add explicit FIPS indicator for PBKDF2
2 years ago
Clemens Lang 50cb33e688 GCM: Implement explicit FIPS indicator for IV gen
2 years ago
Clemens Lang 58955140b6 Zeroize FIPS module integrity check MAC after check
2 years ago
Clemens Lang 6a9e17a8c1 KDF: Add FIPS indicators
2 years ago
Dmitry Belyavskiy 9ebabfa10a Stop everlasting RNG reseeding
2 years ago
Dmitry Belyavskiy 9d8f618208 Fixed NULL dereference during PKCS7 data verification
2 years ago
Dmitry Belyavskiy 8673fb7c22 Fixed X.400 address type confusion in X.509 GeneralName
2 years ago
Dmitry Belyavskiy 0f4062ead5 Fixed NULL dereference validating DSA public key
2 years ago
Dmitry Belyavskiy 5e4feef220 Fixed Invalid pointer dereference in d2i_PKCS7 functions
2 years ago
Dmitry Belyavskiy b889341096 Fixed Use-after-free following BIO_new_NDEF
2 years ago
Dmitry Belyavskiy 529db6cf12 Fixed Double free after calling PEM_read_bio_ex
2 years ago
Dmitry Belyavskiy c5b0dc92d3 Fixed Timing Oracle in RSA Decryption
2 years ago
Dmitry Belyavskiy 593a315f09 Fixed X.509 Name Constraints Read Buffer Overflow
2 years ago
Clemens Lang 770dcce08b Disallow SHAKE in OAEP decryption in FIPS mode
2 years ago