2954111db7 
							
						 
					 
					
						
						
							
							Merge branch 'c10s' into a10s  
						
						
						
					 
					
						2024-07-26 15:45:51 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							b9e5116278 
							
						 
					 
					
						
						
							
							- Redefine sslarch for x86_64_v2 arch  
						
						
						
					 
					
						2024-07-26 15:43:42 +03:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							7d3d9af0c8 
							
						 
					 
					
						
						
							
							SHA-1 signature shouldn't work in normal mode  
						
						... 
						
						
						
						Resolves: RHEL-36677 
						
					 
					
						2024-07-10 11:43:37 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							09b4e34fcf 
							
						 
					 
					
						
						
							
							Disallow SHA1 at SECLEVEL2 in OpenSSL  
						
						... 
						
						
						
						Resolves: RHEL-39962 
						
					 
					
						2024-07-10 10:50:30 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							6084652840 
							
						 
					 
					
						
						
							
							Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE  
						
						... 
						
						
						
						Resolves: RHEL-45704 
						
					 
					
						2024-07-02 14:51:09 +02:00 
						 
				 
			
				
					
						
							
							
								George Pantelakis 
							
						 
					 
					
						
						
						
						
							
						
						
							68e0354892 
							
						 
					 
					
						
						
							
							configure basic gating on RHEL-10  
						
						
						
					 
					
						2024-07-01 14:15:53 +00:00 
						 
				 
			
				
					
						
							
							
								Daiki Ueno 
							
						 
					 
					
						
						
						
						
							
						
						
							dfb3583fef 
							
						 
					 
					
						
						
							
							Replace HKDF backward compatibility patch with the official one  
						
						... 
						
						
						
						Related: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com> 
						
					 
					
						2024-07-01 09:36:26 +09:00 
						 
				 
			
				
					
						
							
							
								Troy Dawson 
							
						 
					 
					
						
						
						
						
							
						
						
							e82e52bbae 
							
						 
					 
					
						
						
							
							Bump release for June 2024 mass rebuild  
						
						
						
					 
					
						2024-06-24 09:06:12 -07:00 
						 
				 
			
				
					
						
							
							
								Daiki Ueno 
							
						 
					 
					
						
						
						
						
							
						
						
							9eb261ba85 
							
						 
					 
					
						
						
							
							Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers  
						
						... 
						
						
						
						Resolves: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com> 
						
					 
					
						2024-06-15 10:04:02 +09:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							1d9e9ba818 
							
						 
					 
					
						
						
							
							Build openssl with no-atexit  
						
						... 
						
						
						
						Resolves: RHEL-40408 
						
					 
					
						2024-06-12 13:12:26 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							3ae0078fd9 
							
						 
					 
					
						
						
							
							Rebase to OpenSSL 3.2.2.  
						
						... 
						
						
						
						Related: RHEL-31762 
						
					 
					
						2024-06-05 18:56:27 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							c948b4d252 
							
						 
					 
					
						
						
							
							Bump the version  
						
						... 
						
						
						
						Related: RHEL-31762
Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2024-06-05 11:03:24 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							d508cbed93 
							
						 
					 
					
						
						
							
							Synchronize patches from c9s and Fedora  
						
						... 
						
						
						
						Resolves: RHEL-31762
Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2024-06-05 09:32:43 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							96988f0060 
							
						 
					 
					
						
						
							
							temporarily disable ktls to unblock c10s builds  
						
						... 
						
						
						
						Resolves: RHEL-25259
Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2024-02-13 13:13:42 +01:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							4334bc837f 
							
						 
					 
					
						
						
							
							Fix version aliasing issue  
						
						... 
						
						
						
						https://github.com/openssl/openssl/issues/23534 
Signed-off-by: Sahana Prasad <sahana@redhat.com> 
					
						2024-02-09 21:17:11 +01:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							f4c397c598 
							
						 
					 
					
						
						
							
							Rebase to new upstream release 3.2.1  
						
						... 
						
						
						
						Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2024-02-08 13:42:51 +01:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							2a7a4d9e50 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild  
						
						
						
					 
					
						2024-01-25 11:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							3cb13195fa 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild  
						
						
						
					 
					
						2024-01-21 11:22:20 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							84795a9247 
							
						 
					 
					
						
						
							
							We don't want to ship openssl-pkcs11 in RHEL10/Centos 10  
						
						
						
					 
					
						2024-01-10 18:15:14 +01:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							e331fc1326 
							
						 
					 
					
						
						
							
							Rebase to upstream version 3.1.4  
						
						... 
						
						
						
						Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2023-10-26 12:29:21 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							5c67b5adc3 
							
						 
					 
					
						
						
							
							Slightly rearranged the patches we have  
						
						
						
					 
					
						2023-08-31 17:23:53 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							e52367af47 
							
						 
					 
					
						
						
							
							Synchronize patches from CentOS stream  
						
						
						
					 
					
						2023-08-22 16:39:12 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							c73a6ab930 
							
						 
					 
					
						
						
							
							migrated to SPDX license  
						
						
						
					 
					
						2023-08-04 13:55:50 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							1eb7adc383 
							
						 
					 
					
						
						
							
							Adding changes to patch files from source-git sync  
						
						... 
						
						
						
						Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2023-07-31 10:04:55 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							9409bc7044 
							
						 
					 
					
						
						
							
							Rebase to upstream release 3.1.1  
						
						... 
						
						
						
						Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2023-07-28 15:26:00 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							2b0eda88de 
							
						 
					 
					
						
						
							
							Forbid custom EC more completely  
						
						... 
						
						
						
						Resolves: rhbz#2223953 
						
					 
					
						2023-07-27 12:48:59 +02:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							7e9699e170 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2023-07-20 18:12:28 +00:00 
						 
				 
			
				
					
						
							
							
								Peter Leitmann 
							
						 
					 
					
						
						
						
						
							
						
						
							979cb8a57b 
							
						 
					 
					
						
						
							
							Add TMT interoperability tests & rewrite python STI test to TMT  
						
						
						
					 
					
						2023-05-23 17:51:57 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							477bb5e652 
							
						 
					 
					
						
						
							
							- Upload new upstream sources without manually hobbling them.  
						
						... 
						
						
						
						- Remove the hobbling script as it is redundant. It is now allowed to ship
    the sources of patented EC curves, however it is still made unavailable to use
    by compiling with the 'no-ec2m' Configure option. The additional forbidden
    curves such as P-160, P-192, wap-tls curves are manually removed by updating
    0011-Remove-EC-curves.patch.
  - Apply the changes to ec_curve.c and  ectest.c as a new patch
    0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
  - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
  - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
┊   Resolves: rhbz#2130618, rhbz#2141672
Signed-off-by: Sahana Prasad <sahana@redhat.com> 
						
					 
					
						2023-03-21 14:21:41 +01:00 
						 
				 
			
				
					
						
							
							
								Stephen Gallagher 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e198b69ab5 
							
						 
					 
					
						
						
							
							Rebase ELN/RHEL patch for OpenSSL 3.0.8  
						
						... 
						
						
						
						Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
						
					 
					
						2023-02-13 13:36:24 -05:00 
						 
				 
			
				
					
						
							
							
								Stephen Gallagher 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							167e0dd694 
							
						 
					 
					
						
						
							
							ELN: fix SHA1 signature patch again  
						
						... 
						
						
						
						The util/libcrypto.num patch did not apply cleanly.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
						
					 
					
						2023-02-13 10:53:54 -05:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							194ef7464a 
							
						 
					 
					
						
						
							
							Rebase to upstream version 3.0.8  
						
						... 
						
						
						
						Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401 
						
					 
					
						2023-02-09 17:57:19 +01:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							02d85d00af 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2023-01-19 22:58:20 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							9ce9458604 
							
						 
					 
					
						
						
							
							Backport implicit rejection for RSA PKCS#1 v1.5 encryption  
						
						... 
						
						
						
						Resolves: rhbz#2153470 
						
					 
					
						2023-01-05 18:17:28 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							500ad3d300 
							
						 
					 
					
						
						
							
							Refactor embedded mac verification in FIPS module  
						
						... 
						
						
						
						Resolves: rhbz#2156045 
						
					 
					
						2023-01-05 11:30:00 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							106fe8964c 
							
						 
					 
					
						
						
							
							- Rebase to upstream version 3.0.7  
						
						... 
						
						
						
						Rebased to openssl-3.0.7 with corresponding minor bugfixes
- C99 compatibility in downstream-only 0032-Force-fips.patch
  Resolves: rhbz#2152504
- Adjusting include for the FIPS_mode macro
  Resolves: rhbz#2083876 
						
					 
					
						2022-12-23 11:53:21 +01:00 
						 
				 
			
				
					
						
							
							
								Simo Sorce 
							
						 
					 
					
						
						
						
						
							
						
						
							e9a0511933 
							
						 
					 
					
						
						
							
							Backport patches to fix external providers compatibility issues  
						
						
						
					 
					
						2022-11-16 14:27:12 -05:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							f7a2c68257 
							
						 
					 
					
						
						
							
							CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow  
						
						... 
						
						
						
						Resolves: CVE-2022-3602
Resolves: CVE-2022-3786 
						
					 
					
						2022-11-01 15:54:54 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							b5f6fd8216 
							
						 
					 
					
						
						
							
							Update patches to make ELN build happy  
						
						... 
						
						
						
						Resolves: rhbz#2123755 
						
					 
					
						2022-09-12 11:39:39 +02:00 
						 
				 
			
				
					
						
							
							
								Clemens Lang 
							
						 
					 
					
						
						
						
						
							
						
						
							d54aeb5a0f 
							
						 
					 
					
						
						
							
							Fix AES-GCM on Power 8 CPUs  
						
						... 
						
						
						
						Our backported patch unconditionally uses assembly instructions for
Power9 and later, which triggers SIGILL on Power8 machines:
| [ 3705.137658] sshd[1703]: illegal instruction (4) at 7fff85526aac nip 7fff85526aac lr 7fff854828e0 code 1 in libcrypto.so.3.0.5[7fff85240000+300000]
Backport upstream's fix for this.
Resolves: rhbz#2124845
Signed-off-by: Clemens Lang <cllang@redhat.com> 
						
					 
					
						2022-09-09 17:15:32 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							4855397272 
							
						 
					 
					
						
						
							
							openssl.spec is synced with RHEL  
						
						... 
						
						
						
						Related: rhbz#2123755 
						
					 
					
						2022-09-02 16:22:10 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							89541c6ea4 
							
						 
					 
					
						
						
							
							We don't support explicit curves, commenting out the test  
						
						... 
						
						
						
						Related: rhbz#2123755 
						
					 
					
						2022-09-02 16:21:43 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							080143cbc1 
							
						 
					 
					
						
						
							
							Sync with RHEL - applying patches  
						
						... 
						
						
						
						Related: rhbz#2123755 
						
					 
					
						2022-09-02 16:20:26 +02:00 
						 
				 
			
				
					
						
							
							
								Stephen Gallagher 
							
						 
					 
					
						
						
						
						
							
						
						
							43e576feab 
							
						 
					 
					
						
						
							
							ELN: fix SHA1 signature patch  
						
						... 
						
						
						
						The util/libcrypto.num patch did not apply cleanly.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
						
					 
					
						2022-08-17 13:17:58 -04:00 
						 
				 
			
				
					
						
							
							
								Stephen Gallagher 
							
						 
					 
					
						
						
						
						
							
						
						
							566546250b 
							
						 
					 
					
						
						
							
							ELN: fix SHA1 signature patch  
						
						... 
						
						
						
						The util/libcrypto.num patch did not apply cleanly.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
						
					 
					
						2022-08-17 13:00:07 -04:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							d1b1996624 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2022-07-22 02:15:17 +00:00 
						 
				 
			
				
					
						
							
							
								Clemens Lang 
							
						 
					 
					
						
						
						
						
							
						
						
							32908974c2 
							
						 
					 
					
						
						
							
							Rebase to upstream version 3.0.5  
						
						... 
						
						
						
						Also fixes CVE-2022-2097, which only affects i686.
Related: rhbz#2099972
Signed-off-by: Clemens Lang <cllang@redhat.com> 
						
					 
					
						2022-07-07 12:36:41 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							8a03afa13c 
							
						 
					 
					
						
						
							
							Rebasing to OpenSSL 3.0.3  
						
						... 
						
						
						
						Resolves: rhbz#2091987 
						
					 
					
						2022-06-01 17:29:35 +02:00 
						 
				 
			
				
					
						
							
							
								Clemens Lang 
							
						 
					 
					
						
						
						
						
							
						
						
							efdb8c60a3 
							
						 
					 
					
						
						
							
							Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0  
						
						... 
						
						
						
						Fedora supports TLS down to 1.0 in LEGACY crypto-policy, but TLS 1.0
defaults to rsa_pkcs1_md5_sha1 with RSA certificates by default.
However, MD5-SHA1 would require SECLEVEL=0, because its 67 bits of
security do not meet SECLEVEL=1's requirement of 80 bits.
Instead of setting SECLEVEL to 0 in the LEGACY crypto-policy (which
would include all algorithms, regardless of their security level), allow
MD5-SHA1 if rh-allow-sha1-signatures is yes and SECLEVEL is 1.
Related: rhbz#2069239 
						
					 
					
						2022-04-27 12:24:38 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander Sosedkin 
							
						 
					 
					
						
						
						
						
							
						
						
							8f08128432 
							
						 
					 
					
						
						
							
							Instrument with USDT probes related to SHA-1 deprecation  
						
						
						
					 
					
						2022-04-26 19:08:09 +02:00