Commit Graph

630 Commits

Author SHA1 Message Date
Eduard Abdullin
74b93665b4 Redefine sslarch for x86_64_v2 arch 2025-05-23 02:38:19 +00:00
Dmitry Belyavskiy
63b528e647 Fix UEFI builds on double function definitions
Resolves: RHEL-93168
2025-05-22 13:30:46 +02:00
Dmitry Belyavskiy
062693b2b8 Fix regressions caused by rebase to OpenSSL 3.5
Related: RHEL-80811
2025-05-22 12:59:35 +02:00
Eduard Abdullin
13de65a2dd Redefine sslarch for x86_64_v2 arch 2025-05-15 02:53:32 +00:00
Dmitry Belyavskiy
dc0e1f27f5 Fix UEFI builds
Resolves: RHEL-89137
2025-05-14 12:54:07 +02:00
Dmitry Belyavskiy
f911c21296 Enable sslkeylog support
Resolves: RHEL-90853
2025-05-14 11:48:09 +02:00
Dmitry Belyavskiy
4b761c8ea2 Restore RHEL9-style indicators defines
Resolves: RHEL-88906
2025-05-14 11:41:03 +02:00
Dmitry Belyavskiy
154d1831cd Expose settable params for EVP_SKEY
Resolves: RHEL-88913
2025-05-14 11:38:56 +02:00
Dmitry Belyavskiy
1934b43ef1 pkeyutl ecdsa signature with sha1 shouldn't work by default
Resolves: RHEL-88911
2025-05-14 11:36:32 +02:00
Dmitry Belyavskiy
b5cbb03855 Fix openssl speed running in FIPS mode
Resolves: RHEL-88908
2025-05-14 11:33:54 +02:00
Eduard Abdullin
c38d293785 Redefine sslarch for x86_64_v2 arch 2025-04-18 02:42:59 +00:00
Dmitry Belyavskiy
cad2bb93ac Update depencency on crypto-policies
Related: RHEL-80811
2025-04-17 10:59:34 +02:00
Eduard Abdullin
1d120570ad Redefine sslarch for x86_64_v2 arch 2025-04-17 02:42:05 +00:00
George Pantelakis
06ffd03349 plans: update the CI plan with the correct plan names 2025-04-16 16:58:23 +02:00
Dmitry Belyavskiy
296ae60f11 Rebasing OpenSSL to 3.5
Resolves: RHEL-80811
Resolves: RHEL-57022
Resolves: RHEL-24098
Resolves: RHEL-24097
Resolves: RHEL-86865
2025-04-16 10:23:19 +02:00
Eduard Abdullin
e530f5c8f7 Redefine sslarch for x86_64_v2 arch 2025-02-18 17:46:53 +03:00
Dmitry Belyavskiy
fb8a97e51d Fix segfault on printing the temp key from s_client when connection is not established
Resolves: RHEL-79045
2025-02-12 14:59:33 +01:00
Dmitry Belyavskiy
f784b47db4 RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
Resolves: RHEL-76754
2025-02-12 14:58:19 +01:00
eabdullin
ef76bdc634 Merge branch 'c10s' into a10s 2025-02-04 13:52:58 +03:00
Dmitry Belyavskiy
7840be76de Load system default cipher string from crypto-policies configuration file
...should ignore errors.

Related: RHEL-71132
2025-01-29 21:36:05 +01:00
Dmitry Belyavskiy
d6a9e4cbb6 Fix timing side-channel in ECDSA signature computation (CVE-2024-13176)
Resolves: RHEL-70879
2025-01-29 18:34:26 +01:00
Dmitry Belyavskiy
34e41ff200 Get rid of checking /etc/crypto-policies/back-ends/openssl.config
Resolves: RHEL-71132
2025-01-24 17:39:21 +01:00
Dmitry Belyavskiy
a4086ec177 Locally configured providers should not interfere with openssl build-time tests
Resolves: RHEL-76182
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
e5573d1b8d Ensure correct fips.so checksum calculation
Resolves: RHEL-73170
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
9a7c320d2c Print key exchange group for hybrid PQC
Resolves: RHEL-66163
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
bdb28e8ff0 Fix pkcs12 command line segfault
Resolves: RHEL-70878
2025-01-24 17:36:14 +01:00
Dmitry Belyavskiy
5fae31daba - Fix providers no_cache behavior
Resolves: RHEL-71903
2025-01-24 17:34:42 +01:00
fee9e80345 Merge branch 'c10s' into a10s 2024-12-06 16:37:58 +03:00
Troy Dawson
8b5d84e945 Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
2024-10-29 08:53:09 -07:00
994352a698 Merge branch 'c10s' into a10s 2024-10-21 11:59:34 +03:00
Dmitry Belyavskiy
936c0664b3 Ship dummy(empty) openssl/engine.h
Resolves: RHEL-58178
2024-10-17 17:11:29 +02:00
00066ba275 Merge branch 'c10s' into a10s 2024-09-09 11:55:14 +03:00
Dmitry Belyavskiy
edf5bf79a4 Fix CVE-2024-6119: Possible denial of service in X.509 name checks
Resolves: RHEL-55303
2024-09-04 11:47:44 +02:00
16d731ff99 Merge branch 'c10s' into a10s 2024-09-02 23:25:52 +03:00
Clemens Lang
f3cb03b52a Fix CVE-2024-5535
The first patch caused a QUIC test to fail, so backport the entire
series, which looks reasonable and adds good additional safeguards and
checks.

Resolves: RHEL-45692
Signed-off-by: Clemens Lang <cllang@redhat.com>
2024-08-21 17:09:28 +02:00
Dmitry Belyavskiy
57fda30988 Resolve SAST package scan results
Resolves: RHEL-37561
2024-08-14 19:25:12 +02:00
Dmitry Belyavskiy
fdd1e62fc4 Speedup SSL_add_{file,dir}_cert_subjects_to_stack
Resolves: RHEL-54232
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
83382cc2a0 Enable KTLS, temporary disable KTLS tests
Related: RHEL-47335
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
e6422e7346 Fix typo in the patch numeration
Related: RHEL-41261
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
656cb62647 Support key encapsulation/decapsulation in openssl pkeyutl command
Resolves: RHEL-54156
2024-08-14 11:43:38 +02:00
Dmitry Belyavskiy
8fc2d48423 Use PBMAC1 by default when creating PKCS#12 files in FIPS mode
Related: RHEL-36659
2024-08-14 11:36:06 +02:00
Dmitry Belyavskiy
299b43d420 An interface to create PKCS #12 files in FIPS compliant way
Related: RHEL-36659
2024-08-09 13:27:18 +00:00
George Pantelakis
a44bf0f715 Fix the gating test names 2024-08-07 15:40:45 +02:00
Dmitry Belyavskiy
ce2e7dc60e An interface to create PKCS #12 files in FIPS compliant way
Resolves: RHEL-36659
2024-08-07 10:57:04 +02:00
2954111db7 Merge branch 'c10s' into a10s 2024-07-26 15:45:51 +03:00
b9e5116278 - Redefine sslarch for x86_64_v2 arch 2024-07-26 15:43:42 +03:00
Dmitry Belyavskiy
7d3d9af0c8 SHA-1 signature shouldn't work in normal mode
Resolves: RHEL-36677
2024-07-10 11:43:37 +02:00
Dmitry Belyavskiy
09b4e34fcf Disallow SHA1 at SECLEVEL2 in OpenSSL
Resolves: RHEL-39962
2024-07-10 10:50:30 +02:00
Dmitry Belyavskiy
6084652840 Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
Resolves: RHEL-45704
2024-07-02 14:51:09 +02:00
George Pantelakis
68e0354892 configure basic gating on RHEL-10 2024-07-01 14:15:53 +00:00