jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity
211 Commits 9 Branches 54 Tags 6.5 MiB
35940569f1
Commit Graph

18 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
2c5c3fcced Rebasing to OpenSSL 3.2.1 
Resolves: RHEL-26271
 2024-04-15 10:41:31 +02:00
Sahana Prasad
05b87f449d Remove the listing of brainpool curves in FIPS mode 
Related: rhbz#2188180
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-06-26 10:23:11 +02:00
Sahana Prasad
05bbcc9920 - Upload new upstream sources without manually hobbling them. 
- Remove the hobbling script as it is redundant. It is now allowed to ship
  the sources of patented EC curves, however it is still made unavailable to use
  by compiling with the 'no-ec2m' Configure option. The additional forbidden
  curves such as P-160, P-192, wap-tls curves are manually removed by updating
  0011-Remove-EC-curves.patch.
- Enable Brainpool curves.
- Apply the changes to ec_curve.c and  ectest.c as a new patch
  0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
- Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
  Resolves: rhbz#2130618, rhbz#2188180

Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2023-05-02 11:44:53 +02:00
Dmitry Belyavskiy
4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode 
Resolves: rhbz#2186819
 2023-04-18 09:47:08 +02:00
Dmitry Belyavskiy
477d91adec Rebasing to OpenSSL 3.0.7 
Resolves: rhbz#2129063
 2022-11-24 10:31:36 +01:00
Dmitry Belyavskiy
f4e1bded66 Improve diagnostics when passing unsupported groups in TLS 
Related: rhbz#2070197
 2022-06-24 17:17:35 +02:00
Dmitry Belyavskiy
8638196167 Ciphersuites with RSAPSK KX should be filterd in FIPS mode 
Related: rhbz#2085088
 2022-06-16 15:06:45 +02:00
Dmitry Belyavskiy
b5de6bd830 In FIPS mode limit key sizes for signature verification 
Resolves: rhbz#2077884
 2022-05-23 19:16:11 +02:00
Dmitry Belyavskiy
7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode 
Related: rhbz#2085088
 2022-05-23 19:16:11 +02:00
Dmitry Belyavskiy
b393177f7d openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode 
Resolves: rhbz#2083240
 2022-05-23 19:16:09 +02:00
Dmitry Belyavskiy
69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC 
Resolves: rhbz#2063947
 2022-05-12 13:45:42 +02:00
Dmitry Belyavskiy
1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode 
Resolves: rhbz#2058663
 2022-05-06 17:41:32 +02:00
Dmitry Belyavskiy
ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms 
Resolves: rhbz#2081378
 2022-05-05 17:34:49 +02:00
Dmitry Belyavskiy
02c75e5a65 We dont'want totally forbid RSA encryption. 
Related: rhbz#2053289
 2022-05-02 15:54:28 +02:00
Dmitry Belyavskiy
7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport 
Resolves: rhbz#2053289
 2022-03-29 13:32:47 +02:00
Dmitry Belyavskiy
922b5301ea Adjust FIPS provider version 
FIPS provider version is now autofilled from release and date
Related: rhbz#2026445
 2022-02-01 16:02:01 +01:00
Dmitry Belyavskiy
d237e7f301 Restoring fips=yes to SHA-1 
Related: rhbz#2026445
 2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy
cc37486d86 Minimize the list of services allowed for FIPS 
Related: rhbz#2026445
 2022-01-17 13:19:29 +01:00