Commit Graph

182 Commits (e6e479521be51254c68225e8e9256dfb5037c8b0)

Author SHA1 Message Date
Dmitry Belyavskiy e6e479521b Denial of service via null dereference in PKCS#12
10 months ago
Dmitry Belyavskiy 08c722bcd1 SSL ECDHE Kex fails when pkcs11 engine is set in config file
10 months ago
Dmitry Belyavskiy 0707122b95 Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
10 months ago
Dmitry Belyavskiy 3c49cf388a POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
10 months ago
Dmitry Belyavskiy 6c9dd70b94 Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
10 months ago
Dmitry Belyavskiy e7c35f0ede Add a directory for OpenSSL providers configuration
12 months ago
Clemens Lang db02879351 FIPS: abort on rsa_keygen_pairwise_test failure
12 months ago
Dmitry Belyavskiy 67bb06894f Avoid implicit function declaration when building openssl
12 months ago
Dmitry Belyavskiy f1d5ccdb6e Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
1 year ago
Dmitry Belyavskiy 72772f737e Add missing ECDH Public Key Check in FIPS mode
1 year ago
Clemens Lang 9a075c13c3 Mark RSA-OAEP as approved in FIPS mode
1 year ago
Dmitry Belyavskiy 66dddb942c Fix incorrect cipher key and IV length processing (CVE-2023-5363)
1 year ago
Dmitry Belyavskiy 6e0d3b16e6 Excessive time spent checking DH q parameter value
1 year ago
Dmitry Belyavskiy d6248f76c4 Excessive time spent checking DH keys and parameters
1 year ago
Dmitry Belyavskiy 6775e82636 AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
1 year ago
Dmitry Belyavskiy fa5df9d74b Forbid explicit curves when created via EVP_PKEY_fromdata
1 year ago
Dmitry Belyavskiy 92436854f9 Avoid implicit function declaration when building openssl
1 year ago
Dmitry Belyavskiy ec6d7cf272 Provide empty evp_properties section in main OpenSSL configuration file
1 year ago
Dmitry Belyavskiy 223304543a Don't limit using SHA1 in KDFs in non-FIPS mode.
1 year ago
Dmitry Belyavskiy 131e7d1602 Provide relevant diagnostics when FIPS checksum is corrupted
1 year ago
Dmitry Belyavskiy d30c497ed1 Make FIPS module configuration more crypto-policies friendly
1 year ago
Dmitry Belyavskiy 217cd631e8 Add a workaround for lack of EMS in FIPS mode
1 year ago
Sahana Prasad 8fb737bf79 Remove unsupported ec curves from nist_curves
1 year ago
Sahana Prasad 05b87f449d Remove the listing of brainpool curves in FIPS mode
1 year ago
Dmitry Belyavskiy d1a87553bb Release the DRBG in global default libctx early
1 year ago
Dmitry Belyavskiy df4dd7dd7f Fix possible DoS translating ASN.1 object identifiers
1 year ago
Clemens Lang b1d3f019d4 FIPS: Re-enable DHX, disable FIPS 186-4 groups
2 years ago
Dmitry Belyavskiy 57f6d8f4a4 Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
2 years ago
Dmitry Belyavskiy 032dc0839c Enforce using EMS in FIPS mode - better alerts
2 years ago
Sahana Prasad 05bbcc9920 - Upload new upstream sources without manually hobbling them.
2 years ago
Dmitry Belyavskiy 45cb3a6b4e Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2 years ago
Dmitry Belyavskiy 7680abf05d Input buffer over-read in AES-XTS implementation on 64 bit ARM
2 years ago
Dmitry Belyavskiy 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode
2 years ago
Dmitry Belyavskiy ba8edd5ea8 Certificate policy check not enabled
2 years ago
Dmitry Belyavskiy 70a27e0ae3 Fix invalid certificate policies in leaf certificates check
2 years ago
Dmitry Belyavskiy 90306b7fd8 Fix excessive resource usage in verifying X509 policy constraints
2 years ago
Dmitry Belyavskiy 35f22d134e Enforce using EMS in FIPS mode
2 years ago
Clemens Lang 0dea6db970 Change explicit FIPS indicator for RSA decryption to unapproved
2 years ago
Clemens Lang 1bd2a0cee3 Add missing patchfile, fix gettable params
2 years ago
Clemens Lang 1bd49c394a Add explicit FIPS indicator to RSA encryption and RSASVE
2 years ago
Clemens Lang 21d2b9fb47 Fix X942KDF indicator for short output key lengths
2 years ago
Clemens Lang e5f783d552 Fix Wpointer-sign compiler warning
2 years ago
Dmitry Belyavskiy 6eb72dd621 Increase RNG seeding buffer size to 32
2 years ago
Dmitry Belyavskiy fb4b72ff2f DH PCT should abort on failure
2 years ago
Dmitry Belyavskiy bfdbb139b4 Disable DHX keys completely in FIPS mode
2 years ago
Dmitry Belyavskiy fa195e46a2 Pairwise consistency tests should use Digest+Sign/Verify
2 years ago
Dmitry Belyavskiy d2996a9b03 Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
Clemens Lang d60644ea6a Add explicit FIPS indicator for PBKDF2
2 years ago
Clemens Lang 50cb33e688 GCM: Implement explicit FIPS indicator for IV gen
2 years ago
Clemens Lang 58955140b6 Zeroize FIPS module integrity check MAC after check
2 years ago