Commit Graph

156 Commits (960e6deebf9ad0e96ff10ba8dbf19f8eb29e8385)
 

Author SHA1 Message Date
Dmitry Belyavskiy 960e6deebf Abort on PCT failure
2 years ago
Dmitry Belyavskiy dd6f0d33c8 Remove previous low-level PCT
2 years ago
Dmitry Belyavskiy fa195e46a2 Pairwise consistency tests should use Digest+Sign/Verify
2 years ago
Dmitry Belyavskiy d2996a9b03 Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
Clemens Lang d60644ea6a Add explicit FIPS indicator for PBKDF2
2 years ago
Clemens Lang 50cb33e688 GCM: Implement explicit FIPS indicator for IV gen
2 years ago
Clemens Lang 58955140b6 Zeroize FIPS module integrity check MAC after check
2 years ago
Clemens Lang 6a9e17a8c1 KDF: Add FIPS indicators
2 years ago
Dmitry Belyavskiy 9ebabfa10a Stop everlasting RNG reseeding
2 years ago
Dmitry Belyavskiy 9d8f618208 Fixed NULL dereference during PKCS7 data verification
2 years ago
Dmitry Belyavskiy 8673fb7c22 Fixed X.400 address type confusion in X.509 GeneralName
2 years ago
Dmitry Belyavskiy 0f4062ead5 Fixed NULL dereference validating DSA public key
2 years ago
Dmitry Belyavskiy 5e4feef220 Fixed Invalid pointer dereference in d2i_PKCS7 functions
2 years ago
Dmitry Belyavskiy b889341096 Fixed Use-after-free following BIO_new_NDEF
2 years ago
Dmitry Belyavskiy 529db6cf12 Fixed Double free after calling PEM_read_bio_ex
2 years ago
Dmitry Belyavskiy c5b0dc92d3 Fixed Timing Oracle in RSA Decryption
2 years ago
Dmitry Belyavskiy 593a315f09 Fixed X.509 Name Constraints Read Buffer Overflow
2 years ago
Clemens Lang 770dcce08b Disallow SHAKE in OAEP decryption in FIPS mode
2 years ago
Dmitry Belyavskiy b19d91aec3 Refactor OpenSSL fips module MAC verification
2 years ago
Clemens Lang c0667361a5 Fix explicit indicator for PSS salt length
2 years ago
Dmitry Belyavskiy 657265459d Backport of ppc64le Montgomery multiply enhancement
2 years ago
Dmitry Belyavskiy c29e183891 Adjusting include for the FIPS_mode macro
2 years ago
Dmitry Belyavskiy d60bf2b343 Removed recommended package for openssl-libs
2 years ago
Dmitry Belyavskiy f2a49ef424 We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
2 years ago
Dmitry Belyavskiy 0f139ead1a Various provider-related imrovements necessary for PKCS#11 provider correct operations
2 years ago
Dmitry Belyavskiy 07892fe646 Rebasing to OpenSSL 3.0.7 - removing redundant patches
2 years ago
Dmitry Belyavskiy 477d91adec Rebasing to OpenSSL 3.0.7
2 years ago
Dmitry Belyavskiy 5d738bdd7f Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
2 years ago
Clemens Lang 80de7ffd9c Add explicit indicator & clamp default PSS salt len
2 years ago
Clemens Lang fe09690308 pbkdf2: Set minimum password length of 8 bytes
2 years ago
Clemens Lang 438a2c64b7 Add indicator for HMAC with short key lengths
2 years ago
Clemens Lang 105cc32a20 Add indicator for SP 800-108 KDFs w/short keys
2 years ago
Clemens Lang 066be87ccd Remove support for X9.31 signature padding in FIPS mode
2 years ago
Dmitry Belyavskiy 2bd2c7ac27 FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
2 years ago
Dmitry Belyavskiy fb8fee4b43 FIPS RSA CRT tests must use correct parameters
2 years ago
Dmitry Belyavskiy 474a112b98 Avoid memory leaks in TLS
2 years ago
Dmitry Belyavskiy 6c57fc8dcc SHAKE-128/256 are not allowed with RSA in FIPS mode
2 years ago
Dmitry Belyavskiy 39f800af50 CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
2 years ago
Clemens Lang ff78525169 .gitignore: Stop ignoring 000*.patch
2 years ago
Clemens Lang 7c8235f8cd Zeroize public keys, add HKDF FIPS indicator
2 years ago
Dmitry Belyavskiy 730ccadf04 Extra zeroization related to FIPS-140-3 requirements
2 years ago
Dmitry Belyavskiy fc45520150 Reseed all the parent DRBGs in chain on reseeding a DRBG
2 years ago
Dmitry Belyavskiy a0907c129c Use signature for RSA pairwise test according FIPS-140-3 requirements
2 years ago
Dmitry Belyavskiy f1dba9d301 Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
2 years ago
Dmitry Belyavskiy 3f7cd79d02 Deal with DH keys in FIPS mode according FIPS-140-3 requirements
2 years ago
Clemens Lang 61f739868e FIPS: Fix memory leak in digest_sign self-test
2 years ago
Clemens Lang 08d6c35051 FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
2 years ago
Clemens Lang 3e6d5a385b Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
2 years ago
Clemens Lang c64694b961 Fix segfault in EVP_PKEY_Q_keygen()
2 years ago
Clemens Lang 5901637dea CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
2 years ago