jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity
596 Commits 9 Branches 54 Tags 6.5 MiB
a10s
Commit Graph

596 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
eabdullin
16d731ff99 Merge branch 'c10s' into a10s 2024-09-02 23:25:52 +03:00
Dmitry Belyavskiy
57fda30988 Resolve SAST package scan results 
Resolves: RHEL-37561
 2024-08-14 19:25:12 +02:00
Dmitry Belyavskiy
fdd1e62fc4 Speedup SSL_add_{file,dir}_cert_subjects_to_stack 
Resolves: RHEL-54232
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
83382cc2a0 Enable KTLS, temporary disable KTLS tests 
Related: RHEL-47335
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
e6422e7346 Fix typo in the patch numeration 
Related: RHEL-41261
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
656cb62647 Support key encapsulation/decapsulation in openssl pkeyutl command 
Resolves: RHEL-54156
 2024-08-14 11:43:38 +02:00
Dmitry Belyavskiy
8fc2d48423 Use PBMAC1 by default when creating PKCS#12 files in FIPS mode 
Related: RHEL-36659
 2024-08-14 11:36:06 +02:00
Dmitry Belyavskiy
299b43d420 An interface to create PKCS #12 files in FIPS compliant way 
Related: RHEL-36659
 2024-08-09 13:27:18 +00:00
George Pantelakis
a44bf0f715 Fix the gating test names 2024-08-07 15:40:45 +02:00
Dmitry Belyavskiy
ce2e7dc60e An interface to create PKCS #12 files in FIPS compliant way 
Resolves: RHEL-36659
 2024-08-07 10:57:04 +02:00
eabdullin
2954111db7 Merge branch 'c10s' into a10s 2024-07-26 15:45:51 +03:00
eabdullin
b9e5116278 - Redefine sslarch for x86_64_v2 arch 2024-07-26 15:43:42 +03:00
Dmitry Belyavskiy
7d3d9af0c8 SHA-1 signature shouldn't work in normal mode 
Resolves: RHEL-36677
 2024-07-10 11:43:37 +02:00
Dmitry Belyavskiy
09b4e34fcf Disallow SHA1 at SECLEVEL2 in OpenSSL 
Resolves: RHEL-39962
 2024-07-10 10:50:30 +02:00
Dmitry Belyavskiy
6084652840 Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE 
Resolves: RHEL-45704
 2024-07-02 14:51:09 +02:00
George Pantelakis
68e0354892 configure basic gating on RHEL-10 2024-07-01 14:15:53 +00:00
Daiki Ueno
dfb3583fef Replace HKDF backward compatibility patch with the official one 
Related: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-01 09:36:26 +09:00
Troy Dawson
e82e52bbae Bump release for June 2024 mass rebuild 2024-06-24 09:06:12 -07:00
Daiki Ueno
9eb261ba85 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers 
Resolves: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-06-15 10:04:02 +09:00
Dmitry Belyavskiy
1d9e9ba818 Build openssl with no-atexit 
Resolves: RHEL-40408
 2024-06-12 13:12:26 +02:00
Dmitry Belyavskiy
3ae0078fd9 Rebase to OpenSSL 3.2.2. 
Related: RHEL-31762
 2024-06-05 18:56:27 +02:00
Sahana Prasad
c948b4d252 Bump the version 
Related: RHEL-31762

Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2024-06-05 11:03:24 +02:00
Sahana Prasad
d508cbed93 Synchronize patches from c9s and Fedora 
Resolves: RHEL-31762

Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2024-06-05 09:32:43 +02:00
Sahana Prasad
96988f0060 temporarily disable ktls to unblock c10s builds 
Resolves: RHEL-25259
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2024-02-13 13:13:42 +01:00
Sahana Prasad
4334bc837f Fix version aliasing issue 
https://github.com/openssl/openssl/issues/23534

Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2024-02-09 21:17:11 +01:00
Sahana Prasad
f4c397c598 Rebase to new upstream release 3.2.1 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2024-02-08 13:42:51 +01:00
Fedora Release Engineering
2a7a4d9e50 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 11:30:17 +00:00
Fedora Release Engineering
3cb13195fa Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 11:22:20 +00:00
Dmitry Belyavskiy
84795a9247 We don't want to ship openssl-pkcs11 in RHEL10/Centos 10 2024-01-10 18:15:14 +01:00
Sahana Prasad
e331fc1326 Rebase to upstream version 3.1.4 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-10-26 12:29:21 +02:00
Dmitry Belyavskiy
5c67b5adc3 Slightly rearranged the patches we have 2023-08-31 17:23:53 +02:00
Dmitry Belyavskiy
e52367af47 Synchronize patches from CentOS stream 2023-08-22 16:39:12 +02:00
Dmitry Belyavskiy
c73a6ab930 migrated to SPDX license 2023-08-04 13:55:50 +02:00
Sahana Prasad
1eb7adc383 Adding changes to patch files from source-git sync 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-07-31 10:04:55 +02:00
Sahana Prasad
9409bc7044 Rebase to upstream release 3.1.1 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-07-28 15:26:00 +02:00
Dmitry Belyavskiy
2b0eda88de Forbid custom EC more completely 
Resolves: rhbz#2223953
 2023-07-27 12:48:59 +02:00
Fedora Release Engineering
7e9699e170 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-20 18:12:28 +00:00
Peter Leitmann
979cb8a57b Add TMT interoperability tests & rewrite python STI test to TMT 2023-05-23 17:51:57 +02:00
Sahana Prasad
477bb5e652 - Upload new upstream sources without manually hobbling them. 
- Remove the hobbling script as it is redundant. It is now allowed to ship
    the sources of patented EC curves, however it is still made unavailable to use
    by compiling with the 'no-ec2m' Configure option. The additional forbidden
    curves such as P-160, P-192, wap-tls curves are manually removed by updating
    0011-Remove-EC-curves.patch.
  - Apply the changes to ec_curve.c and  ectest.c as a new patch
    0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
  - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
  - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
┊   Resolves: rhbz#2130618, rhbz#2141672

Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-03-21 14:21:41 +01:00
Stephen Gallagher
e198b69ab5
Rebase ELN/RHEL patch for OpenSSL 3.0.8 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2023-02-13 13:36:24 -05:00
Stephen Gallagher
167e0dd694
ELN: fix SHA1 signature patch again 
The util/libcrypto.num patch did not apply cleanly.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2023-02-13 10:53:54 -05:00
Dmitry Belyavskiy
194ef7464a Rebase to upstream version 3.0.8 
Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401
 2023-02-09 17:57:19 +01:00
Fedora Release Engineering
02d85d00af Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 22:58:20 +00:00
Dmitry Belyavskiy
9ce9458604 Backport implicit rejection for RSA PKCS#1 v1.5 encryption 
Resolves: rhbz#2153470
 2023-01-05 18:17:28 +01:00
Dmitry Belyavskiy
500ad3d300 Refactor embedded mac verification in FIPS module 
Resolves: rhbz#2156045
 2023-01-05 11:30:00 +01:00
Dmitry Belyavskiy
106fe8964c - Rebase to upstream version 3.0.7 
Rebased to openssl-3.0.7 with corresponding minor bugfixes
- C99 compatibility in downstream-only 0032-Force-fips.patch
  Resolves: rhbz#2152504
- Adjusting include for the FIPS_mode macro
  Resolves: rhbz#2083876
 2022-12-23 11:53:21 +01:00
Simo Sorce
e9a0511933 Backport patches to fix external providers compatibility issues 2022-11-16 14:27:12 -05:00
Dmitry Belyavskiy
f7a2c68257 CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow 
Resolves: CVE-2022-3602
Resolves: CVE-2022-3786
 2022-11-01 15:54:54 +01:00
Dmitry Belyavskiy
b5f6fd8216 Update patches to make ELN build happy 
Resolves: rhbz#2123755
 2022-09-12 11:39:39 +02:00
Clemens Lang
d54aeb5a0f Fix AES-GCM on Power 8 CPUs 
Our backported patch unconditionally uses assembly instructions for
Power9 and later, which triggers SIGILL on Power8 machines:

| [ 3705.137658] sshd[1703]: illegal instruction (4) at 7fff85526aac nip 7fff85526aac lr 7fff854828e0 code 1 in libcrypto.so.3.0.5[7fff85240000+300000]

Backport upstream's fix for this.

Resolves: rhbz#2124845
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-09-09 17:15:32 +02:00