Commit Graph

55 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
d237e7f301 Restoring fips=yes to SHA-1
Related: rhbz#2026445
2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy
9df33eabbe KATS self-tests should run before HMAC verifcation
Related: rhbz#2041994
2022-01-21 13:48:28 +01:00
Sahana Prasad
f5421022ee Adds enable-buildtest-c++ to the configure options.
Related: rhbz#1990814

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-20 16:37:50 +01:00
Sahana Prasad
78a467efcc Rebase to upstream version 3.0.1
Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Resolves: rhbz#2038910, rhbz#2035148

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-18 18:30:10 +01:00
Dmitry Belyavskiy
e63c4b68b2 Update spec file, remove fipsmodule.cnf
Related: rhbz#2026445
2022-01-17 14:18:22 +01:00
Dmitry Belyavskiy
6cdaa527d8 Explicitly permit SHA1 HMAC
Related: rhbz#2026445
2022-01-17 13:19:40 +01:00
Dmitry Belyavskiy
cc37486d86 Minimize the list of services allowed for FIPS
Related: rhbz#2026445
2022-01-17 13:19:29 +01:00
Dmitry Belyavskiy
225b6d37b9 openssl speed should run in FIPS mode
Related: rhbz#1977318
2021-12-21 16:16:07 +01:00
Dmitry Belyavskiy
13dc3794cb Make rpminspect happy 2021-12-10 14:19:15 +01:00
Dmitry Belyavskiy
4c1c00d6af Updated spec, some cleanup done
Related: rhbz#1985362
2021-11-24 13:44:25 +01:00
Dmitry Belyavskiy
9422ae52de Always activate default provider via config
Related: rhbz#1985362
2021-11-23 16:52:23 +01:00
Dmitry Belyavskiy
210c37e906 Disable fipsinstall application
Related: rhbz#1985362
2021-11-23 15:02:48 +01:00
Dmitry Belyavskiy
3ff0db7558 Embed correct HMAC into fips provider
We have stripped production version and unstripped version for tests.
Related: rhbz#1985362
2021-11-23 15:02:14 +01:00
Dmitry Belyavskiy
5c4e10ac26 FIPS provider auto activation
When FIPS flag is on, we load fips provider and set properties to fips.
FIPS checksum is embedded in FIPS provider itself
Related: rhbz#1985362
2021-11-23 15:01:33 +01:00
Dmitry Belyavskiy
694c426faf Fix memory leak in s_client
Related: rhbz#1996092
2021-10-07 19:08:23 +02:00
Dmitry Belyavskiy
b76c2316a3 KTLS and FIPS may interfere, so tests need to be tuned
Resolves: rhbz#1961643
2021-09-22 17:15:22 +02:00
Dmitry Belyavskiy
3edf474b5d Avoid double-free on error seeding the RNG.
Resolves: rhbz#1952844
2021-09-20 17:13:26 +02:00
Sahana Prasad
34d46544a5 Rebase to upstream version 3.0.0
Related: rhbz#1990814

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-09-09 13:07:02 +02:00
Sahana Prasad
07de966235 - Removes the dual-abi build as it not required anymore. The mass rebuild
was completed and all packages are rebuilt against Beta version.
Resolves: rhbz#1984097

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-25 17:02:52 +02:00
Dmitry Belyavskiy
ddd1eb3708 Correctly processing CMS reading from /dev/stdin
Resolves: rhbz#1986315
2021-08-23 10:45:49 +02:00
Sahana Prasad
49de59749c Add instruction for loading legacy provider in openssl.cnf
Resolves: rhbz#1975836

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-16 14:16:12 +02:00
Sahana Prasad
03899fca38 Adds support for IDEA encryption.
Resolves: rhbz#1990602

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-16 11:44:00 +02:00
Sahana Prasad
0c6f4a599c - Fixes core dump in openssl req -modulus
- Fixes 'openssl req' to not ask for password when non-encrypted private key
  is used
- cms: Do not try to check binary format on stdin and -rctform fix
- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-10 16:54:16 +02:00
Mohan Boddu
2862adca42 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:44:21 +00:00
Dmitry Belyavskiy
ecb6630fd3 When signature_algorithm extension is omitted, use more relevant alerts
Resolves: rhbz#1965017
2021-08-04 15:55:01 +02:00
Sahana Prasad
c5d8025ca8 Remove tier 0 functional test from gating.yaml.
These tests are removed from dist-git and are executed
as tier1 or higher tests already.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-04 10:37:11 +02:00
Sahana Prasad
fe7445d93d Rebase to upstream version beta2
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-03 15:11:22 +02:00
Sahana Prasad
0b6afca185 - Prevents creation of duplicate cert entries in PKCS #12 files
Resolves: rhbz#1978670

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-22 15:38:17 +02:00
Aleksandra Fedorova
b7c6b85c95 Add RHEL gating configuration 2021-07-22 07:14:14 +00:00
Sahana Prasad
e3d0ba4f1e NVR Bump to Update to OpenSSL 3.0 Beta1 version
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-21 14:37:35 +02:00
Sahana Prasad
529b968a17 Update patch dual-abi.patch to add the #define macros in implementation
files instead of public header files

Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-19 14:00:13 +02:00
Sahana Prasad
a3158ae4f7 Removes unused patch dual-abi.patch
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-14 14:20:07 +02:00
Sahana Prasad
d4e97b3110 Update to Beta1 version
Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16

Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-14 13:31:08 +02:00
Sahana Prasad
90bf702df6 - Fixes override of openssl_conf in openssl.cnf
- Use AI_ADDRCONFIG only when explicit host name is given
- Temporarily remove fipsmodule.cnf for arch i686
- Fixes segmentation fault in BN_lebin2bn

Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-06 22:35:53 +02:00
Sahana Prasad
4f728a9f3f Fixes override of openssl_conf in openssl.cnf
Resolves: rhbz#1975847

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-06 13:56:08 +02:00
Sahana Prasad
826e7990ea Adds FIPS mode compatibility patch
Related: rhbz#1977318
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-02 21:05:44 +02:00
Sahana Prasad
240131b9eb - Fixes system hang issue when booted in FIPS mode
- Temporarily disable downstream FIPS patches
Related: rhbz#1977318

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-02 20:15:32 +02:00
Mohan Boddu
220d8a96f5 Spec bump and changelog for Speeding up building openssl
Related: rhbz#1903209

Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-14 08:56:05 -04:00
Dmitry Belyavskiy
b0a763c723 Speeding up building openssl
Resolves: rhbz#1903209
Signed-off-by: Dmitry Belyavskiy <dbelyavs@redhat.com>
2021-06-11 13:10:06 +02:00
Sahana Prasad
e863fff325 Fix reading SPKAC data from stdin
Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
Return 0 after cleanup in OPENSSL_init_crypto()
Cleanup the peer point formats on regotiation
Fix default digest to SHA256

Resolves: rhbz#1958045, rhbz#1952850, rhbz#1961687
Related: rhbz#1958033
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-06-04 11:07:23 +02:00
Sahana Prasad
5fa0564b3a Enable FIPS via config options
Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-05-27 15:53:25 +02:00
Sahana Prasad
ef962954ab Update to alpha 16 version
Avoids sending alert after orderly connection close
Resolves: rhbz#1952901, rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-05-17 11:37:19 +02:00
Sahana Prasad
eeabdb936d Merge gitlab.com:redhat/centos-stream/rpms/openssl into c9s 2021-04-26 21:39:03 +02:00
Sahana Prasad
007b0e01a9 Update to alpha 15 version
Resolves: openssl speed crashes rhbz#1952598
  Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-26 19:31:15 +02:00
Mohan Boddu
620c697740 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:42:42 +00:00
Sahana Prasad
ec7ef62793 Rebase to OpenSSL version 3.0.0
Note: This is a W.I.P as this is a huge rebase.
Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-12 00:34:30 +02:00
DistroBaker
098f88f008 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#0f5f931f9a64a3fe3221c75ed799914cfd90b0db
2021-03-31 15:25:23 +00:00
DistroBaker
5865f97b4f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
2021-03-18 14:01:32 +00:00
DistroBaker
efa5f39ef0 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
2021-03-11 19:58:41 +00:00
DistroBaker
f731f488ac Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#fb8e66a58fb43344f23aefb4eaefe1b6ca04a80d
2021-02-11 17:09:01 +00:00