jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Commit Graph

  • 95ff7a66ab Fix Possible DOS in X.509 name checks (CVE-2024-6119) a9 Jonathan Wright 2024-09-03 09:36:43 -0500
  • 16d731ff99 Merge branch 'c10s' into a10s changed/a10s/openssl-3.2.2-10.el10.alma.1 a10s eabdullin 2024-09-02 23:25:52 +0300
  • 57fda30988 Resolve SAST package scan results imports/c10s/openssl-3.2.2-10.el10 c10s Dmitry Belyavskiy 2024-08-14 19:25:12 +0200
  • fdd1e62fc4 Speedup SSL_add_{file,dir}_cert_subjects_to_stack Dmitry Belyavskiy 2024-08-14 13:03:07 +0200
  • 83382cc2a0 Enable KTLS, temporary disable KTLS tests Dmitry Belyavskiy 2024-08-14 13:02:00 +0200
  • e6422e7346 Fix typo in the patch numeration Dmitry Belyavskiy 2024-08-14 12:58:10 +0200
  • 656cb62647 Support key encapsulation/decapsulation in openssl pkeyutl command Dmitry Belyavskiy 2024-08-14 11:43:38 +0200
  • 8fc2d48423 Use PBMAC1 by default when creating PKCS#12 files in FIPS mode Dmitry Belyavskiy 2024-08-14 11:36:06 +0200
  • 299b43d420 An interface to create PKCS #12 files in FIPS compliant way Dmitry Belyavskiy 2024-08-09 14:19:59 +0200
  • a44bf0f715 Fix the gating test names George Pantelakis 2024-08-07 15:40:45 +0200
  • ce2e7dc60e An interface to create PKCS #12 files in FIPS compliant way Dmitry Belyavskiy 2024-08-07 10:57:04 +0200
  • 2954111db7 Merge branch 'c10s' into a10s changed/a10s/openssl-3.2.2-7.el10.alma.1 eabdullin 2024-07-26 15:45:51 +0300
  • b9e5116278 - Redefine sslarch for x86_64_v2 arch changed/a10s/openssl-3.2.2-3.el10.alma.1 eabdullin 2024-07-26 15:43:42 +0300
  • 7d3d9af0c8 SHA-1 signature shouldn't work in normal mode imports/c10s/openssl-3.2.2-7.el10 Dmitry Belyavskiy 2024-07-10 11:43:37 +0200
  • 09b4e34fcf Disallow SHA1 at SECLEVEL2 in OpenSSL Dmitry Belyavskiy 2024-07-10 10:50:30 +0200
  • 6084652840 Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE Dmitry Belyavskiy 2024-07-01 16:51:41 +0200
  • 68e0354892 configure basic gating on RHEL-10 George Pantelakis 2024-06-28 14:04:09 +0200
  • dfb3583fef Replace HKDF backward compatibility patch with the official one Daiki Ueno 2024-06-22 10:15:11 +0900
  • e82e52bbae Bump release for June 2024 mass rebuild Troy Dawson 2024-06-24 09:06:12 -0700
  • 35940569f1 Replace HKDF backward compatibility patch with the official one c9s Daiki Ueno 2024-06-22 10:24:51 +0900
  • 9eb261ba85 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers imports/c10s/openssl-3.2.2-3.el10 Daiki Ueno 2024-06-12 20:19:44 +0900
  • d53f31aa80 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers Daiki Ueno 2024-06-12 20:19:44 +0900
  • 1d9e9ba818 Build openssl with no-atexit Dmitry Belyavskiy 2024-06-12 13:12:26 +0200
  • 3ae0078fd9 Rebase to OpenSSL 3.2.2. Dmitry Belyavskiy 2024-05-23 16:02:16 +0200
  • ed09ce6530 Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and Minerva attack. Dmitry Belyavskiy 2024-06-05 15:05:20 +0200
  • bd9060b13c Update RNG changing for FIPS purpose Dmitry Belyavskiy 2024-05-23 16:02:16 +0200
  • c948b4d252 Bump the version Related: RHEL-31762 Sahana Prasad 2024-06-05 11:02:36 +0200
  • d508cbed93 Synchronize patches from c9s and Fedora Resolves: RHEL-31762 Sahana Prasad 2024-06-03 13:12:49 +0200
  • 4c2a6afb55 import UBI openssl-3.0.7-27.el9 imports/c9/openssl-3.0.7-27.el9 c9 eabdullin 2024-04-30 15:54:10 +0000
  • 2c5c3fcced Rebasing to OpenSSL 3.2.1 Dmitry Belyavskiy 2024-04-04 10:44:19 +0200
  • c484e9ca10 import CS openssl-3.0.7-27.el9 imports/c9-beta/openssl-3.0.7-27.el9 c9-beta eabdullin 2024-03-28 11:18:36 +0000
  • 8e5beb7708 Use certified FIPS module instead of freshly built one in Red Hat distribution Dmitry Belyavskiy 2024-02-21 11:36:30 +0100
  • 96988f0060 temporarily disable ktls to unblock c10s builds Resolves: RHEL-25259 Signed-off-by: Sahana Prasad <sahana@redhat.com> Sahana Prasad 2024-02-13 09:29:14 +0100
  • 4334bc837f Fix version aliasing issue https://github.com/openssl/openssl/issues/23534 Sahana Prasad 2024-02-09 20:50:40 +0100
  • f4c397c598 Rebase to new upstream release 3.2.1 Sahana Prasad 2023-12-08 13:39:16 +0100
  • b9f699b8a8 Use certified FIPS module instead of freshly built one in Red Hat distribution Dmitry Belyavskiy 2024-01-29 17:28:37 +0100
  • 50997010d1 Add a directory for OpenSSL providers configuration Dmitry Belyavskiy 2024-01-31 16:39:33 +0100
  • e6e479521b Denial of service via null dereference in PKCS#12 Dmitry Belyavskiy 2024-01-29 13:30:00 +0100
  • 2a7a4d9e50 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Fedora Release Engineering 2024-01-25 11:30:17 +0000
  • f1a8fed1ed import UBI openssl-3.0.7-25.el9_3 imports/c9/openssl-3.0.7-25.el9_3 eabdullin 2024-01-22 04:17:23 +0000
  • 3cb13195fa Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Fedora Release Engineering 2024-01-21 11:22:20 +0000
  • 08c722bcd1 SSL ECDHE Kex fails when pkcs11 engine is set in config file Dmitry Belyavskiy 2024-01-19 15:18:50 +0100
  • 0707122b95 Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Dmitry Belyavskiy 2024-01-19 15:07:58 +0100
  • 3c49cf388a POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Dmitry Belyavskiy 2024-01-19 14:59:04 +0100
  • 6c9dd70b94 Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Dmitry Belyavskiy 2024-01-19 14:49:51 +0100
  • 84795a9247 We don't want to ship openssl-pkcs11 in RHEL10/Centos 10 Dmitry Belyavskiy 2024-01-10 18:15:14 +0100
  • 0c1547eaa0 import CS openssl-1.1.1k-12.el8 c8 imports/c8/openssl-1.1.1k-12.el8_9 eabdullin 2023-12-18 08:37:28 +0000
  • 09a086d240 Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series c8s Dmitry Belyavskiy 2023-11-30 12:09:40 +0100
  • e7c35f0ede Add a directory for OpenSSL providers configuration Dmitry Belyavskiy 2023-11-24 16:16:54 +0100
  • db02879351 FIPS: abort on rsa_keygen_pairwise_test failure Clemens Lang 2023-11-21 12:16:05 +0100
  • 67bb06894f Avoid implicit function declaration when building openssl Dmitry Belyavskiy 2023-11-21 12:11:01 +0100
  • c7561b3a10 Fix CVE-2023-5678 Clemens Lang 2023-11-15 17:37:26 +0100
  • f1d5ccdb6e Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Dmitry Belyavskiy 2023-11-08 12:08:38 +0100
  • 72772f737e Add missing ECDH Public Key Check in FIPS mode Dmitry Belyavskiy 2023-11-08 11:55:53 +0100
  • 0323d10a44 import UBI openssl-3.0.7-24.el9 imports/c9/openssl-3.0.7-24.el9 eabdullin 2023-11-07 11:27:53 +0000
  • 9a075c13c3 Mark RSA-OAEP as approved in FIPS mode Clemens Lang 2023-10-19 12:47:52 +0200
  • e331fc1326 Rebase to upstream version 3.1.4 Sahana Prasad 2023-10-26 12:29:21 +0200
  • 66dddb942c Fix incorrect cipher key and IV length processing (CVE-2023-5363) Dmitry Belyavskiy 2023-10-25 12:06:55 +0200
  • dba9cab3de Fix CVE-2023-3446, CVE-2023-3817 Clemens Lang 2023-10-19 15:13:13 +0200
  • 6e0d3b16e6 Excessive time spent checking DH q parameter value Dmitry Belyavskiy 2023-10-18 11:20:31 +0200
  • d6248f76c4 Excessive time spent checking DH keys and parameters Dmitry Belyavskiy 2023-10-18 11:17:41 +0200
  • 6775e82636 AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries Dmitry Belyavskiy 2023-10-18 11:15:19 +0200
  • fa5df9d74b Forbid explicit curves when created via EVP_PKEY_fromdata Dmitry Belyavskiy 2023-10-17 13:26:14 +0200
  • 92436854f9 Avoid implicit function declaration when building openssl Dmitry Belyavskiy 2023-10-17 13:09:34 +0200
  • ec6d7cf272 Provide empty evp_properties section in main OpenSSL configuration file Dmitry Belyavskiy 2023-10-17 12:56:38 +0200
  • 223304543a Don't limit using SHA1 in KDFs in non-FIPS mode. Dmitry Belyavskiy 2023-10-16 11:06:19 +0200
  • 131e7d1602 Provide relevant diagnostics when FIPS checksum is corrupted Dmitry Belyavskiy 2023-10-12 14:07:54 +0200
  • 695792d9dd import CS openssl-3.0.7-24.el9 imports/c9-beta/openssl-3.0.7-24.el9 eabdullin 2023-09-21 19:45:13 +0000
  • 5c67b5adc3 Slightly rearranged the patches we have Dmitry Belyavskiy 2023-08-31 17:23:53 +0200
  • e52367af47 Synchronize patches from CentOS stream Dmitry Belyavskiy 2023-08-22 16:39:12 +0200
  • c73a6ab930 migrated to SPDX license Dmitry Belyavskiy 2023-08-04 13:55:50 +0200
  • 608c0bc004 import openssl-3.0.7-17.el9_2 imports/c9/openssl-3.0.7-17.el9_2 eabdullin 2023-08-02 10:16:31 +0000
  • 1eb7adc383 Adding changes to patch files from source-git sync Sahana Prasad 2023-07-31 10:04:55 +0200
  • 9409bc7044 Rebase to upstream release 3.1.1 Sahana Prasad 2023-07-27 18:50:18 +0200
  • 2b0eda88de Forbid custom EC more completely Dmitry Belyavskiy 2023-07-27 11:56:52 +0200
  • 7e9699e170 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Fedora Release Engineering 2023-07-20 18:12:28 +0000
  • d30c497ed1 Make FIPS module configuration more crypto-policies friendly Dmitry Belyavskiy 2023-07-12 17:59:35 +0200
  • 217cd631e8 Add a workaround for lack of EMS in FIPS mode Dmitry Belyavskiy 2023-07-11 16:37:16 +0200
  • 084b3dc8db set the expected mode back for some files Adam Samalik 2023-07-12 10:57:08 +0200
  • 8fb737bf79 Remove unsupported ec curves from nist_curves Resolves: rhbz#2069336 Sahana Prasad 2023-07-06 10:38:36 +0200
  • 4c5f82af27 re-import sources as agreed with the maintainer Adam Samalik 2023-06-29 18:17:45 +0200
  • 05b87f449d Remove the listing of brainpool curves in FIPS mode Related: rhbz#2188180 Signed-off-by: Sahana Prasad <sahana@redhat.com> Sahana Prasad 2023-06-26 10:15:57 +0200
  • e2e5b66997 Revert OL modifications imports/c9/openssl-3.0.7-16.el9_2 Andrew Lukoshko 2023-06-22 15:26:47 +0000
  • a8f16d4332 import OL openssl-3.0.7-16.0.1.el9_2 Andrew Lukoshko 2023-06-22 15:26:45 +0000
  • d1a87553bb Release the DRBG in global default libctx early Dmitry Belyavskiy 2023-05-31 16:21:07 +0200
  • df4dd7dd7f Fix possible DoS translating ASN.1 object identifiers Dmitry Belyavskiy 2023-05-30 16:29:57 +0200
  • 103d3109dc ci.fmf: Enable golang tests as reverse dependency Daiki Ueno 2023-05-29 09:52:49 +0200
  • 34e7dd5be4 Add interop rpm-tmt-tests Peter Leitmann 2023-05-24 15:41:56 +0000
  • 979cb8a57b Add TMT interoperability tests & rewrite python STI test to TMT Peter Leitmann 2023-04-14 23:04:07 +0200
  • b1d3f019d4 FIPS: Re-enable DHX, disable FIPS 186-4 groups Clemens Lang 2023-05-23 14:01:14 +0200
  • 57f6d8f4a4 Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode Dmitry Belyavskiy 2023-05-19 17:47:59 +0200
  • 032dc0839c Enforce using EMS in FIPS mode - better alerts Dmitry Belyavskiy 2023-05-09 12:44:49 +0200
  • 659cee1fef import openssl-3.0.7-6.el9_2 imports/c9/openssl-3.0.7-6.el9_2 CentOS Sources 2023-05-09 05:38:20 +0000
  • 05bbcc9920 - Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180 Sahana Prasad 2023-04-03 13:23:50 +0200
  • 45cb3a6b4e Backport implicit rejection for RSA PKCS#1 v1.5 encryption Dmitry Belyavskiy 2023-04-28 19:09:47 +0200
  • 7680abf05d Input buffer over-read in AES-XTS implementation on 64 bit ARM Dmitry Belyavskiy 2023-04-21 12:33:25 +0200
  • 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode Dmitry Belyavskiy 2023-04-17 16:08:19 +0200
  • ba8edd5ea8 Certificate policy check not enabled Dmitry Belyavskiy 2023-04-17 15:46:46 +0200
  • 70a27e0ae3 Fix invalid certificate policies in leaf certificates check Dmitry Belyavskiy 2023-04-17 15:41:21 +0200
  • 90306b7fd8 Fix excessive resource usage in verifying X509 policy constraints Dmitry Belyavskiy 2023-04-17 15:29:43 +0200