Simo Sorce
e014d8a609
Temporarily disable SLH-DSA FIPS self tests
...
This was enabled during the rebase but it needs to be disabled until
performance issues are resolved.
Related: RHEL-80854
Signed-off-by: Simo Sorce <simo@redhat.com>
2025-07-24 06:32:50 -04:00
Dmitry Belyavskiy
98cf25a4c0
Rebasing to OpenSSL 3.5.1
...
Resolves: RHEL-90350
Resolves: RHEL-95613
Resolves: RHEL-97796
Resolves: RHEL-99353
Resolves: RHEL-100168
2025-07-01 16:33:14 +02:00
Dmitry Belyavskiy
5a68570dd4
rebuilt
...
Related: RHEL-80811
2025-06-05 15:50:22 +02:00
Dmitry Belyavskiy
d13b9c5c36
rebuilt
...
Related: RHEL-80811
2025-06-05 11:59:49 +02:00
Dmitry Belyavskiy
1d401560ac
rebuilt
...
Related: RHEL-80811
2025-06-04 17:43:35 +02:00
Dmitry Belyavskiy
1e7815b2cf
Make hybrid MLKEM work with our FIPS provider (3.0.7)
...
Resolves: RHEL-94614
2025-06-04 14:16:20 +02:00
Dmitry Belyavskiy
0367bee51d
Compact patches for better maintainability
...
Related: RHEL-80811
2025-06-03 17:26:56 +02:00
Dmitry Belyavskiy
63b528e647
Fix UEFI builds on double function definitions
...
Resolves: RHEL-93168
2025-05-22 13:30:46 +02:00
Dmitry Belyavskiy
062693b2b8
Fix regressions caused by rebase to OpenSSL 3.5
...
Related: RHEL-80811
2025-05-22 12:59:35 +02:00
Dmitry Belyavskiy
dc0e1f27f5
Fix UEFI builds
...
Resolves: RHEL-89137
2025-05-14 12:54:07 +02:00
Dmitry Belyavskiy
f911c21296
Enable sslkeylog support
...
Resolves: RHEL-90853
2025-05-14 11:48:09 +02:00
Dmitry Belyavskiy
4b761c8ea2
Restore RHEL9-style indicators defines
...
Resolves: RHEL-88906
2025-05-14 11:41:03 +02:00
Dmitry Belyavskiy
154d1831cd
Expose settable params for EVP_SKEY
...
Resolves: RHEL-88913
2025-05-14 11:38:56 +02:00
Dmitry Belyavskiy
1934b43ef1
pkeyutl ecdsa signature with sha1 shouldn't work by default
...
Resolves: RHEL-88911
2025-05-14 11:36:32 +02:00
Dmitry Belyavskiy
b5cbb03855
Fix openssl speed
running in FIPS mode
...
Resolves: RHEL-88908
2025-05-14 11:33:54 +02:00
Dmitry Belyavskiy
cad2bb93ac
Update depencency on crypto-policies
...
Related: RHEL-80811
2025-04-17 10:59:34 +02:00
George Pantelakis
06ffd03349
plans: update the CI plan with the correct plan names
2025-04-16 16:58:23 +02:00
Dmitry Belyavskiy
296ae60f11
Rebasing OpenSSL to 3.5
...
Resolves: RHEL-80811
Resolves: RHEL-57022
Resolves: RHEL-24098
Resolves: RHEL-24097
Resolves: RHEL-86865
2025-04-16 10:23:19 +02:00
Dmitry Belyavskiy
fb8a97e51d
Fix segfault on printing the temp key from s_client when connection is not established
...
Resolves: RHEL-79045
2025-02-12 14:59:33 +01:00
Dmitry Belyavskiy
f784b47db4
RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
...
Resolves: RHEL-76754
2025-02-12 14:58:19 +01:00
Dmitry Belyavskiy
7840be76de
Load system default cipher string from crypto-policies configuration file
...
...should ignore errors.
Related: RHEL-71132
2025-01-29 21:36:05 +01:00
Dmitry Belyavskiy
d6a9e4cbb6
Fix timing side-channel in ECDSA signature computation (CVE-2024-13176)
...
Resolves: RHEL-70879
2025-01-29 18:34:26 +01:00
Dmitry Belyavskiy
34e41ff200
Get rid of checking /etc/crypto-policies/back-ends/openssl.config
...
Resolves: RHEL-71132
2025-01-24 17:39:21 +01:00
Dmitry Belyavskiy
a4086ec177
Locally configured providers should not interfere with openssl build-time tests
...
Resolves: RHEL-76182
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
e5573d1b8d
Ensure correct fips.so checksum calculation
...
Resolves: RHEL-73170
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
9a7c320d2c
Print key exchange group for hybrid PQC
...
Resolves: RHEL-66163
2025-01-24 17:36:21 +01:00
Dmitry Belyavskiy
bdb28e8ff0
Fix pkcs12 command line segfault
...
Resolves: RHEL-70878
2025-01-24 17:36:14 +01:00
Dmitry Belyavskiy
5fae31daba
- Fix providers no_cache behavior
...
Resolves: RHEL-71903
2025-01-24 17:34:42 +01:00
Troy Dawson
8b5d84e945
Bump release for October 2024 mass rebuild:
...
Resolves: RHEL-64018
2024-10-29 08:53:09 -07:00
Dmitry Belyavskiy
936c0664b3
Ship dummy(empty) openssl/engine.h
...
Resolves: RHEL-58178
2024-10-17 17:11:29 +02:00
Dmitry Belyavskiy
edf5bf79a4
Fix CVE-2024-6119: Possible denial of service in X.509 name checks
...
Resolves: RHEL-55303
2024-09-04 11:47:44 +02:00
Clemens Lang
f3cb03b52a
Fix CVE-2024-5535
...
The first patch caused a QUIC test to fail, so backport the entire
series, which looks reasonable and adds good additional safeguards and
checks.
Resolves: RHEL-45692
Signed-off-by: Clemens Lang <cllang@redhat.com>
2024-08-21 17:09:28 +02:00
Dmitry Belyavskiy
57fda30988
Resolve SAST package scan results
...
Resolves: RHEL-37561
2024-08-14 19:25:12 +02:00
Dmitry Belyavskiy
fdd1e62fc4
Speedup SSL_add_{file,dir}_cert_subjects_to_stack
...
Resolves: RHEL-54232
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
83382cc2a0
Enable KTLS, temporary disable KTLS tests
...
Related: RHEL-47335
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
e6422e7346
Fix typo in the patch numeration
...
Related: RHEL-41261
2024-08-14 13:03:42 +02:00
Dmitry Belyavskiy
656cb62647
Support key encapsulation/decapsulation in openssl pkeyutl command
...
Resolves: RHEL-54156
2024-08-14 11:43:38 +02:00
Dmitry Belyavskiy
8fc2d48423
Use PBMAC1 by default when creating PKCS#12 files in FIPS mode
...
Related: RHEL-36659
2024-08-14 11:36:06 +02:00
Dmitry Belyavskiy
299b43d420
An interface to create PKCS #12 files in FIPS compliant way
...
Related: RHEL-36659
2024-08-09 13:27:18 +00:00
George Pantelakis
a44bf0f715
Fix the gating test names
2024-08-07 15:40:45 +02:00
Dmitry Belyavskiy
ce2e7dc60e
An interface to create PKCS #12 files in FIPS compliant way
...
Resolves: RHEL-36659
2024-08-07 10:57:04 +02:00
Dmitry Belyavskiy
7d3d9af0c8
SHA-1 signature shouldn't work in normal mode
...
Resolves: RHEL-36677
2024-07-10 11:43:37 +02:00
Dmitry Belyavskiy
09b4e34fcf
Disallow SHA1 at SECLEVEL2 in OpenSSL
...
Resolves: RHEL-39962
2024-07-10 10:50:30 +02:00
Dmitry Belyavskiy
6084652840
Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
...
Resolves: RHEL-45704
2024-07-02 14:51:09 +02:00
George Pantelakis
68e0354892
configure basic gating on RHEL-10
2024-07-01 14:15:53 +00:00
Daiki Ueno
dfb3583fef
Replace HKDF backward compatibility patch with the official one
...
Related: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-01 09:36:26 +09:00
Troy Dawson
e82e52bbae
Bump release for June 2024 mass rebuild
2024-06-24 09:06:12 -07:00
Daiki Ueno
9eb261ba85
Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
...
Resolves: RHEL-41261
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-15 10:04:02 +09:00
Dmitry Belyavskiy
1d9e9ba818
Build openssl with no-atexit
...
Resolves: RHEL-40408
2024-06-12 13:12:26 +02:00
Dmitry Belyavskiy
3ae0078fd9
Rebase to OpenSSL 3.2.2.
...
Related: RHEL-31762
2024-06-05 18:56:27 +02:00