.gitignore
|
.gitignore: Stop ignoring 000*.patch
|
2022-09-12 15:55:19 +02:00 |
0001-Aarch64-and-ppc64le-use-lib64.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0002-Use-more-general-default-values-in-openssl.cnf.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0003-Do-not-install-html-docs.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0004-Override-default-paths-for-the-CA-directory-tree.patch
|
Fixes override of openssl_conf in openssl.cnf
|
2021-07-06 13:56:08 +02:00 |
0005-apps-ca-fix-md-option-help-text.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0006-Disable-signature-verification-with-totally-unsafe-h.patch
|
Update to Beta1 version
|
2021-07-14 13:31:08 +02:00 |
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
Rebase to upstream version 3.0.1
|
2022-01-18 18:30:10 +01:00 |
0008-Add-FIPS_mode-compatibility-macro.patch
|
Update to Beta1 version
|
2021-07-14 13:31:08 +02:00 |
0009-Add-Kernel-FIPS-mode-flag-support.patch
|
Rebase to upstream version 3.0.1
|
2022-01-18 18:30:10 +01:00 |
0011-Remove-EC-curves.patch
|
Update to Beta1 version
|
2021-07-14 13:31:08 +02:00 |
0012-Disable-explicit-ec.patch
|
Reworked patch forbidding explicit EC parameters
|
2022-05-06 16:51:28 +02:00 |
0013-FIPS-provider-explicit-ec.patch
|
Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
|
2022-05-06 17:41:32 +02:00 |
0014-FIPS-disable-explicit-ec.patch
|
Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
|
2022-05-06 17:41:32 +02:00 |
0015-FIPS-decoded-from-explicit.patch
|
Strict certificates validation shouldn't allow explicit EC parameters
|
2022-06-24 17:17:35 +02:00 |
0024-load-legacy-prov.patch
|
Always activate default provider via config
|
2021-11-23 16:52:23 +01:00 |
0025-for-tests.patch
|
Always activate default provider via config
|
2021-11-23 16:52:23 +01:00 |
0031-tmp-Fix-test-names.patch
|
KTLS and FIPS may interfere, so tests need to be tuned
|
2021-09-22 17:15:22 +02:00 |
0032-Force-fips.patch
|
-config argument of openssl app should work properly
|
2022-05-12 13:29:27 +02:00 |
0033-FIPS-embed-hmac.patch
|
Remove volatile attribute from HMAC to make annocheck happy
|
2022-01-21 13:48:28 +01:00 |
0034.fipsinstall_disable.patch
|
Rebase to upstream version 3.0.1
|
2022-01-18 18:30:10 +01:00 |
0035-speed-skip-unavailable-dgst.patch
|
openssl speed should run in FIPS mode
|
2021-12-21 16:16:07 +01:00 |
0044-FIPS-140-3-keychecks.patch
|
Use signature for RSA pairwise test according FIPS-140-3 requirements
|
2022-08-05 14:31:48 +02:00 |
0045-FIPS-services-minimize.patch
|
Improve diagnostics when passing unsupported groups in TLS
|
2022-06-24 17:17:35 +02:00 |
0046-FIPS-s390x-hardening.patch
|
On the s390x, zeroize all the copies of TLS premaster secret
|
2022-01-26 16:50:19 +01:00 |
0047-FIPS-early-KATS.patch
|
KATS self-tests should run before HMAC verifcation
|
2022-01-21 13:48:28 +01:00 |
0048-correctly-handle-records.patch
|
s_server: correctly handle 2^14 byte long records
|
2022-02-03 15:37:48 +01:00 |
0049-Selectively-disallow-SHA1-signatures.patch
|
Fix RSA PSS padding with SHA-1 disabled
|
2022-03-10 13:29:29 +01:00 |
0050-FIPS-enable-pkcs12-mac.patch
|
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
|
2022-02-22 16:32:34 +01:00 |
0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
OpenSSL FIPS module should not build in non-approved algorithms
|
2022-05-05 17:34:49 +02:00 |
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Strict certificates validation shouldn't allow explicit EC parameters
|
2022-06-24 17:17:35 +02:00 |
0053-CVE-2022-0778.patch
|
CVE-2022-0778 fix
|
2022-03-16 15:03:25 +01:00 |
0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
|
Fix occasional internal error in TLS when DHE is used
|
2022-03-22 13:04:16 +01:00 |
0055-nonlegacy-fetch-null-deref.patch
|
Fix openssl curl error with LANG=tr_TR.utf8
|
2022-04-21 15:16:46 +02:00 |
0056-strcasecmp.patch
|
OpenSSL FIPS module should not build in non-approved algorithms
|
2022-05-05 17:34:49 +02:00 |
0057-strcasecmp-fix.patch
|
Fix regression in evp_pkey_name2type caused by tr_TR locale fix
|
2022-04-28 13:39:35 +02:00 |
0058-FIPS-limit-rsa-encrypt.patch
|
FIPS provider should block RSA encryption for key transport.
|
2022-06-24 17:17:35 +02:00 |
0060-FIPS-KAT-signature-tests.patch
|
Use KAT for ECDSA signature tests, s390 arch
|
2022-05-30 18:22:47 +02:00 |
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}
|
2022-05-23 17:02:25 +02:00 |
0062-fips-Expose-a-FIPS-indicator.patch
|
FIPS: Expose explicit indicator from fips.so
|
2022-06-09 17:13:33 +02:00 |
0063-CVE-2022-1473.patch
|
CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
2022-05-26 11:57:12 +02:00 |
0064-CVE-2022-1343.diff
|
CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS
|
2022-05-26 12:07:22 +02:00 |
0065-CVE-2022-1292.patch
|
CVE-2022-1292 openssl: c_rehash script allows command injection
|
2022-05-26 12:14:19 +02:00 |
0066-replace-expired-certs.patch
|
Replace expired certificates
|
2022-06-03 15:31:56 +02:00 |
0067-fix-ppc64-montgomery.patch
|
Fix PPC64 Montgomery multiplication bug
|
2022-06-24 17:17:35 +02:00 |
0068-CVE-2022-2068.patch
|
CVE-2022-2068: the c_rehash script allows command injection
|
2022-06-24 17:17:35 +02:00 |
0069-CVE-2022-2097.patch
|
CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
2022-07-05 14:04:20 +02:00 |
0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
|
Fix segfault in EVP_PKEY_Q_keygen()
|
2022-07-14 14:49:48 +02:00 |
0071-AES-GCM-performance-optimization.patch
|
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
|
2022-07-14 18:19:36 +02:00 |
0072-ChaCha20-performance-optimizations-for-ppc64le.patch
|
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
|
2022-07-14 18:19:36 +02:00 |
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
|
2022-08-01 17:18:12 +02:00 |
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
FIPS: Fix memory leak in digest_sign self-test
|
2022-08-03 18:04:36 +02:00 |
0075-FIPS-Use-FFDHE2048-in-self-test.patch
|
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
|
2022-08-01 17:18:12 +02:00 |
0076-FIPS-140-3-DRBG.patch
|
Reseed all the parent DRBGs in chain on reseeding a DRBG
|
2022-08-05 14:31:48 +02:00 |
0077-FIPS-140-3-zeroization.patch
|
Extra zeroization related to FIPS-140-3 requirements
|
2022-08-05 14:31:48 +02:00 |
0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
Zeroize public keys, add HKDF FIPS indicator
|
2022-08-11 15:36:09 +02:00 |
0079-CVE-2022-3602.patch
|
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
|
2022-11-01 18:23:58 +01:00 |
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
|
2022-11-21 10:39:28 +01:00 |
0085-FIPS-RSA-disable-shake.patch
|
SHAKE-128/256 are not allowed with RSA in FIPS mode
|
2022-11-21 10:23:09 +01:00 |
0086-avoid-bio-memleak.patch
|
Avoid memory leaks in TLS
|
2022-11-21 10:35:15 +01:00 |
0087-FIPS-RSA-selftest-params.patch
|
FIPS RSA CRT tests must use correct parameters
|
2022-11-21 10:38:27 +01:00 |
configuration-prefix.h
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
configuration-switch.h
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
ec_curve.c
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
ectest.c
|
Reworked patch forbidding explicit EC parameters
|
2022-05-06 16:51:28 +02:00 |
gating.yaml
|
Temporary manual test
|
2022-04-21 13:20:27 +02:00 |
genpatches
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
hobble-openssl
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
make-dummy-cert
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
Makefile.certificate
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
openssl.spec
|
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
|
2022-11-21 10:39:28 +01:00 |
renew-dummy-cert
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
rpminspect.yaml
|
Make rpminspect happy
|
2021-12-10 14:19:15 +01:00 |
sources
|
Rebase to upstream version 3.0.1
|
2022-01-18 18:30:10 +01:00 |