Commit Graph

429 Commits

Author SHA1 Message Date
Peter Robinson
b5f54ff916 Drop obsolete and irrelevant docs, Move devel docs to appropriate package, they're all rather large and of little use for all but historical reference 2014-05-31 22:49:33 +01:00
Tomas Mraz
0376d8368c new upstream release 1.0.1g
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
2014-05-07 11:42:32 +02:00
Dennis Gilmore
e55cd2c0e4 pull in upstream patch for CVE-2014-0160
- removed CHANGES file portion from patch for expediency
2014-04-07 19:20:31 -05:00
Tomas Mraz
239d122765 add support for ppc64le architecture (#1072633) 2014-04-03 16:24:35 +02:00
Tomas Mraz
477d4a1758 properly detect encryption failure in BIO
- use 2048 bit RSA key in FIPS selftests
2014-03-17 17:22:08 +01:00
Tomas Mraz
423ab177c8 use the key length from configuration file if req -newkey rsa is invoked 2014-02-14 16:24:31 +01:00
Tomas Mraz
3f8863c3cd Avoid unnecessary reseeding in BN_rand in FIPS mode. 2014-02-13 16:54:43 +01:00
Tomas Mraz
165cee17b3 Remove obsolete sentence. 2014-02-13 16:17:58 +01:00
Tomas Mraz
a9591c7f1f Add macro for performance build on certain arches. 2014-02-12 16:58:49 +01:00
Tomas Mraz
24632bb1db print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing
2014-02-12 16:20:03 +01:00
Tomas Mraz
abe62302b2 make expiration and key length changeable by DAYS and KEYLEN
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
2014-02-06 18:07:59 +01:00
Tomas Mraz
40825564d8 make 3des strength to be 128 bits instead of 168 (#1056616) 2014-01-22 17:57:22 +01:00
Tomas Mraz
519fe2cc24 Two security fixes
- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
2014-01-07 15:09:40 +01:00
Tomas Mraz
c5b74d70a3 dh->q might be NULL. 2014-01-07 11:57:56 +01:00
Tomas Mraz
8978637f3b fix CVE-2013-6449 - crash when version in SSL structure is incorrect
- more FIPS validation requirement changes
2013-12-20 14:14:15 +01:00
Tomas Mraz
5713696953 Additional FIPS requirements changes. 2013-12-19 17:42:43 +01:00
Tomas Mraz
dc728e2d8b drop weak ciphers from the default TLS ciphersuite list
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes
2013-12-18 15:55:26 +01:00
Tomas Mraz
ad237d19e6 fix locking and reseeding problems with FIPS drbg 2013-11-19 14:52:30 +01:00
Tomas Mraz
c9a46cb3ac Fix typos. 2013-11-15 16:57:33 +01:00
Tomas Mraz
e64d4ea7bb additional changes required for FIPS validation 2013-11-15 16:13:44 +01:00
Tomas Mraz
9caf868063 disable verification of certificate, CRL, and OCSP signatures using MD5
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
2013-11-13 20:06:28 +01:00
Tomas Mraz
dcd0fb1ec9 disable verification of certificate, CRL, and OCSP signatures using MD5
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
2013-11-13 19:42:54 +01:00
Tomas Mraz
1e5b73a151 add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)
2013-11-08 18:23:00 +01:00
Tomas Mraz
83d99a68af add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)
2013-11-08 18:16:49 +01:00
Tomas Mraz
5714047e75 fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346) 2013-10-29 16:24:08 +01:00
Tomas Mraz
eca676db7a do not advertise ECC curves we do not support (#1022493) 2013-10-24 10:40:18 +02:00
Tomas Mraz
a8799e01c4 Merge remote-tracking branch 'origin/f19' into f19 2013-10-16 16:52:19 +02:00
Tomas Mraz
e241743946 Merge remote-tracking branch 'origin/f20' into f20 2013-10-16 16:00:01 +02:00
Tomas Mraz
b3551463ca only ECC NIST Suite B curves support
- drop -fips subpackage
2013-10-16 14:37:51 +02:00
Tom Callaway
4d56d16496 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:14:11 +01:00
Tom Callaway
9a59868619 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:13:38 +01:00
Tom Callaway
1f19ac14f9 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:08:35 +01:00
Tomas Mraz
7ae1dc1df9 Bump release 2013-09-27 15:46:03 +02:00
Tomas Mraz
4e423c3c50 make DTLS1 work in FIPS mode
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
2013-09-27 15:43:51 +02:00
Tomas Mraz
df94661da5 avoid dlopening libssl.so from libcrypto (#1010357) 2013-09-23 18:30:01 +02:00
Tomas Mraz
372f3ac997 fix small memory leak in FIPS aes selftest 2013-09-20 16:04:50 +02:00
Tomas Mraz
8c28623e94 fix segfault in openssl speed hmac in the FIPS mode 2013-09-19 15:16:50 +02:00
Tomas Mraz
d907abae39 Merge branch 'f20' of ssh://pkgs.fedoraproject.org/openssl into f20
Conflicts:
	openssl.spec
2013-09-13 15:33:34 +02:00
Tomas Mraz
fa93b626ad Add documentation of -attime to verify manpage 2013-09-12 11:26:07 +02:00
Tomas Mraz
30ebb4d732 document the nextprotoneg option in manual pages
original patch by Hubert Kario
2013-09-12 10:39:33 +02:00
Tomas Mraz
ae08b15c89 document the nextprotoneg option in manual pages
original patch by Hubert Kario
2013-09-12 10:23:34 +02:00
Kyle McMartin
cb069618e7 arm: use auxv to figure out armcap.c instead of using signals (#1006474) 2013-09-11 10:36:42 -04:00
Kyle McMartin
f6aa3c2ddd arm: use auxv to figure out armcap.c instead of using signals (#1006474) 2013-09-11 09:52:25 -04:00
Tomas Mraz
eb63cc63df try to avoid some races when updating the -fips subpackage 2013-09-04 13:53:38 +02:00
Tomas Mraz
850ca72b9a use version-release in .hmac suffix to avoid overwrite during upgrade 2013-09-02 15:02:18 +02:00
Tomas Mraz
b5d2711ab6 allow deinitialization of the FIPS mode 2013-08-29 16:41:24 +02:00
Tomas Mraz
1465572e17 always perform the FIPS selftests in library constructor
if FIPS module is installed
2013-08-29 11:45:04 +02:00
Tomas Mraz
bb2f3882f2 add -fips subpackage that contains the FIPS module files 2013-08-27 16:03:43 +02:00
Tomas Mraz
9c324da28e fix use of rdrand if available
- more commits cherry picked from upstream
- documentation fixes
2013-08-16 16:06:51 +02:00
Petr Písař
a254940dd1 Perl 5.18 rebuild 2013-08-03 12:05:42 +02:00