rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity
625 Commits 12 Branches 89 Tags 5.4 MiB
e014d8a609
Commit Graph

625 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simo Sorce
e014d8a609 Temporarily disable SLH-DSA FIPS self tests 
This was enabled during the rebase but it needs to be disabled until
performance issues are resolved.

Related: RHEL-80854

Signed-off-by: Simo Sorce <simo@redhat.com>
 2025-07-24 06:32:50 -04:00
Dmitry Belyavskiy
98cf25a4c0 Rebasing to OpenSSL 3.5.1 
Resolves: RHEL-90350
Resolves: RHEL-95613
Resolves: RHEL-97796
Resolves: RHEL-99353
Resolves: RHEL-100168
 2025-07-01 16:33:14 +02:00
Dmitry Belyavskiy
5a68570dd4 rebuilt 
Related: RHEL-80811
 2025-06-05 15:50:22 +02:00
Dmitry Belyavskiy
d13b9c5c36 rebuilt 
Related: RHEL-80811
 2025-06-05 11:59:49 +02:00
Dmitry Belyavskiy
1d401560ac rebuilt 
Related: RHEL-80811
 2025-06-04 17:43:35 +02:00
Dmitry Belyavskiy
1e7815b2cf Make hybrid MLKEM work with our FIPS provider (3.0.7) 
Resolves: RHEL-94614
 2025-06-04 14:16:20 +02:00
Dmitry Belyavskiy
0367bee51d Compact patches for better maintainability 
Related: RHEL-80811
 2025-06-03 17:26:56 +02:00
Dmitry Belyavskiy
63b528e647 Fix UEFI builds on double function definitions 
Resolves: RHEL-93168
 2025-05-22 13:30:46 +02:00
Dmitry Belyavskiy
062693b2b8 Fix regressions caused by rebase to OpenSSL 3.5 
Related: RHEL-80811
 2025-05-22 12:59:35 +02:00
Dmitry Belyavskiy
dc0e1f27f5 Fix UEFI builds 
Resolves: RHEL-89137
 2025-05-14 12:54:07 +02:00
Dmitry Belyavskiy
f911c21296 Enable sslkeylog support 
Resolves: RHEL-90853
 2025-05-14 11:48:09 +02:00
Dmitry Belyavskiy
4b761c8ea2 Restore RHEL9-style indicators defines 
Resolves: RHEL-88906
 2025-05-14 11:41:03 +02:00
Dmitry Belyavskiy
154d1831cd Expose settable params for EVP_SKEY 
Resolves: RHEL-88913
 2025-05-14 11:38:56 +02:00
Dmitry Belyavskiy
1934b43ef1 pkeyutl ecdsa signature with sha1 shouldn't work by default 
Resolves: RHEL-88911
 2025-05-14 11:36:32 +02:00
Dmitry Belyavskiy
b5cbb03855 Fix openssl speed running in FIPS mode 
Resolves: RHEL-88908
 2025-05-14 11:33:54 +02:00
Dmitry Belyavskiy
cad2bb93ac Update depencency on crypto-policies 
Related: RHEL-80811
 2025-04-17 10:59:34 +02:00
George Pantelakis
06ffd03349 plans: update the CI plan with the correct plan names 2025-04-16 16:58:23 +02:00
Dmitry Belyavskiy
296ae60f11 Rebasing OpenSSL to 3.5 
Resolves: RHEL-80811
Resolves: RHEL-57022
Resolves: RHEL-24098
Resolves: RHEL-24097
Resolves: RHEL-86865
 2025-04-16 10:23:19 +02:00
Dmitry Belyavskiy
fb8a97e51d Fix segfault on printing the temp key from s_client when connection is not established 
Resolves: RHEL-79045
 2025-02-12 14:59:33 +01:00
Dmitry Belyavskiy
f784b47db4 RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797) 
Resolves: RHEL-76754
 2025-02-12 14:58:19 +01:00
Dmitry Belyavskiy
7840be76de Load system default cipher string from crypto-policies configuration file 
...should ignore errors.

Related: RHEL-71132
 2025-01-29 21:36:05 +01:00
Dmitry Belyavskiy
d6a9e4cbb6 Fix timing side-channel in ECDSA signature computation (CVE-2024-13176) 
Resolves: RHEL-70879
 2025-01-29 18:34:26 +01:00
Dmitry Belyavskiy
34e41ff200 Get rid of checking /etc/crypto-policies/back-ends/openssl.config 
Resolves: RHEL-71132
 2025-01-24 17:39:21 +01:00
Dmitry Belyavskiy
a4086ec177 Locally configured providers should not interfere with openssl build-time tests 
Resolves: RHEL-76182
 2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
e5573d1b8d Ensure correct fips.so checksum calculation 
Resolves: RHEL-73170
 2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
9a7c320d2c Print key exchange group for hybrid PQC 
Resolves: RHEL-66163
 2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
bdb28e8ff0 Fix pkcs12 command line segfault 
Resolves: RHEL-70878
 2025-01-24 17:36:14 +01:00
Dmitry Belyavskiy
5fae31daba - Fix providers no_cache behavior 
Resolves: RHEL-71903
 2025-01-24 17:34:42 +01:00
Troy Dawson
8b5d84e945 Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:53:09 -07:00
Dmitry Belyavskiy
936c0664b3 Ship dummy(empty) openssl/engine.h 
Resolves: RHEL-58178
 2024-10-17 17:11:29 +02:00
Dmitry Belyavskiy
edf5bf79a4 Fix CVE-2024-6119: Possible denial of service in X.509 name checks 
Resolves: RHEL-55303
 2024-09-04 11:47:44 +02:00
Clemens Lang
f3cb03b52a Fix CVE-2024-5535 
The first patch caused a QUIC test to fail, so backport the entire
series, which looks reasonable and adds good additional safeguards and
checks.

Resolves: RHEL-45692
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2024-08-21 17:09:28 +02:00
Dmitry Belyavskiy
57fda30988 Resolve SAST package scan results 
Resolves: RHEL-37561
 2024-08-14 19:25:12 +02:00
Dmitry Belyavskiy
fdd1e62fc4 Speedup SSL_add_{file,dir}_cert_subjects_to_stack 
Resolves: RHEL-54232
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
83382cc2a0 Enable KTLS, temporary disable KTLS tests 
Related: RHEL-47335
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
e6422e7346 Fix typo in the patch numeration 
Related: RHEL-41261
 2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
656cb62647 Support key encapsulation/decapsulation in openssl pkeyutl command 
Resolves: RHEL-54156
 2024-08-14 11:43:38 +02:00
Dmitry Belyavskiy
8fc2d48423 Use PBMAC1 by default when creating PKCS#12 files in FIPS mode 
Related: RHEL-36659
 2024-08-14 11:36:06 +02:00
Dmitry Belyavskiy
299b43d420 An interface to create PKCS #12 files in FIPS compliant way 
Related: RHEL-36659
 2024-08-09 13:27:18 +00:00
George Pantelakis
a44bf0f715 Fix the gating test names 2024-08-07 15:40:45 +02:00
Dmitry Belyavskiy
ce2e7dc60e An interface to create PKCS #12 files in FIPS compliant way 
Resolves: RHEL-36659
 2024-08-07 10:57:04 +02:00
Dmitry Belyavskiy
7d3d9af0c8 SHA-1 signature shouldn't work in normal mode 
Resolves: RHEL-36677
 2024-07-10 11:43:37 +02:00
Dmitry Belyavskiy
09b4e34fcf Disallow SHA1 at SECLEVEL2 in OpenSSL 
Resolves: RHEL-39962
 2024-07-10 10:50:30 +02:00
Dmitry Belyavskiy
6084652840 Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE 
Resolves: RHEL-45704
 2024-07-02 14:51:09 +02:00
George Pantelakis
68e0354892 configure basic gating on RHEL-10 2024-07-01 14:15:53 +00:00
Daiki Ueno
dfb3583fef Replace HKDF backward compatibility patch with the official one 
Related: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-01 09:36:26 +09:00
Troy Dawson
e82e52bbae Bump release for June 2024 mass rebuild 2024-06-24 09:06:12 -07:00
Daiki Ueno
9eb261ba85 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers 
Resolves: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-06-15 10:04:02 +09:00
Dmitry Belyavskiy
1d9e9ba818 Build openssl with no-atexit 
Resolves: RHEL-40408
 2024-06-12 13:12:26 +02:00
Dmitry Belyavskiy
3ae0078fd9 Rebase to OpenSSL 3.2.2. 
Related: RHEL-31762
 2024-06-05 18:56:27 +02:00