Tomas Mraz
1a7b91b472
for consistent support of security policies we build
...
RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
2018-09-14 10:56:06 +02:00
Tomas Mraz
a4bf4e1b65
update to the final 1.1.1 version
2018-09-13 09:43:22 +02:00
Tomas Mraz
90121b0c9d
Multiple fixes
...
do not try to initialize RNG in cleanup if it was not initialized
before (#1624554 )
use only /dev/urandom if getrandom() is not available
disable SM4
2018-09-06 13:48:54 +02:00
Tomas Mraz
cfeae6fcb3
Two minor fixes
...
fix dangling symlinks to manual pages
make SSLv3_method work
2018-08-29 18:25:29 +02:00
Tomas Mraz
62ec0f1fa9
update to the latest 1.1.1 beta version
2018-08-22 12:41:26 +02:00
Tomas Mraz
1186311ade
bidirectional shutdown fixes from upstream
2018-08-13 16:03:04 +02:00
Tomas Mraz
f7a30f9a15
do not put error on stack when using fixed protocol version
...
(#1615098 )
2018-08-13 11:34:33 +02:00
Tomas Mraz
60357072e0
load crypto policy config file from the default config
2018-07-31 16:24:45 +02:00
Tomas Mraz
9189f03055
update to the latest 1.1.1 beta version
2018-07-25 18:15:19 +02:00
Fedora Release Engineering
7f74f219f1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:12:04 +00:00
Tomas Mraz
98bbad839c
fix FIPS RSA key generation failure
2018-06-19 16:05:15 +02:00
Tomas Mraz
357b7a7e37
ppc64le is not multilib arch ( #1584994 )
2018-06-04 12:24:19 +02:00
Tomas Mraz
08db5cbcb9
fix regression of c_rehash ( #1562953 )
2018-04-03 13:03:32 +02:00
Tomas Mraz
5a93773172
fix FIPS symbol versions
2018-03-29 18:13:54 +02:00
Tomas Mraz
c6d0704d87
Add missing build dependencies.
2018-03-29 16:40:14 +02:00
Tomas Mraz
6eb8f62027
update to upstream version 1.1.0h
...
Add Recommends for openssl-pkcs11
2018-03-29 15:44:09 +02:00
Tomas Mraz
6d92af0099
one more try to apply RPM_LD_FLAGS properly ( #1541033 )
...
dropped unneeded starttls xmpp patch (#1417017 )
2018-02-23 17:01:58 +01:00
Igor Gnatenko
e688115b6d
Remove %clean section
...
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 09:56:41 +01:00
Fedora Release Engineering
3a05f1f46a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 17:49:45 +00:00
Tomas Mraz
c11b1341c5
apply RPM_LD_FLAGS properly ( #1541033 )
2018-02-01 18:07:30 +01:00
Tomas Mraz
899f2baacb
silence the .rnd write failure as that is auxiliary functionality ( #1524833 )
2018-01-11 18:08:54 +01:00
Tomas Mraz
f20f5f466f
put the Makefile.certificate in pkgdocdir and drop the requirement on make
2017-12-14 16:26:05 +01:00
Tomas Mraz
e85d72778f
update to upstream version 1.1.0g
2017-11-03 16:57:03 +01:00
Fedora Release Engineering
50c1418e79
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 04:36:41 +00:00
Fedora Release Engineering
c68da76796
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 01:53:35 +00:00
Tomas Mraz
790567dc64
make s_client and s_server work with -ssl3 option ( #1471783 )
2017-07-17 15:05:28 +02:00
Petr Písař
f852080c72
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-13 11:16:32 +02:00
Tomas Mraz
7b595774f0
disable verification of all insecure hashes
2017-06-26 16:28:56 +02:00
Tomas Mraz
226b42827c
make DTLS work ( #1462541 )
2017-06-23 17:04:24 +02:00
Tomas Mraz
81258b6d2a
enable 3DES SSL ciphersuites, RC4 is kept disabled ( #1453066 )
2017-06-15 15:17:26 +02:00
Tomas Mraz
6b68d87d06
only release thread-local key if we created it (from upstream) ( #1458775 )
2017-06-05 17:20:12 +02:00
Tomas Mraz
1ff978b22e
update to upstream version 1.1.0f
...
SRP and GOST is now allowed, note that GOST support requires
adding GOST engine which is not part of openssl anymore
2017-06-02 15:32:15 +02:00
Tomas Mraz
c676ac32d5
update to upstream version 1.1.0e
...
add documentation of the PROFILE=SYSTEM special cipher string (#1420232 )
2017-02-16 16:59:27 +01:00
Fedora Release Engineering
f6b0040c3e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 00:58:36 +00:00
Tomas Mraz
d00e0a5904
applied upstream fixes (fix regression in X509_CRL_digest)
2017-02-01 15:56:59 +01:00
Tomas Mraz
c144665042
update to upstream version 1.1.0d
2017-01-26 16:24:24 +01:00
Tomas Mraz
fe449cd23c
preserve new line in fd BIO BIO_gets() as other BIOs do
2016-12-22 14:40:28 +01:00
Tomas Mraz
836560b322
FIPS mode fixes for TLS
2016-12-02 17:32:17 +01:00
Tomas Mraz
3a8593870a
apply properly revert SSL_read() behavior change - patch from upstream ( #1394677 )
...
- fix behavior on client certificate request in renegotiation (#1393579 )
2016-11-30 14:29:59 +01:00
Tomas Mraz
e443a79334
Add back EC NIST P-224 and revert SSL_read() change
...
- revert SSL_read() behavior change - patch from upstream (#1394677 )
- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
to less than optimal security
2016-11-22 10:39:55 +01:00
Tomas Mraz
be56ae067b
update to upstream version 1.1.0c
2016-11-11 14:47:36 +01:00
Tomas Mraz
f655917cf7
use a random seed if the supplied one did not generate valid
...
parameters in dsa_builtin_paramgen2()
2016-11-04 12:10:01 +01:00
Tomas Mraz
c7fc8d6daa
do not break contract on return value when using dsa_builtin_paramgen2()
2016-10-17 13:06:36 +02:00
Tomas Mraz
d2220322f3
fix afalg failure on big endian
2016-10-12 14:47:08 +02:00
Tomas Mraz
4e52f8d3db
Use eventfd2 syscall instead of deprecated eventfd.
2016-10-11 10:58:08 +02:00
Tomas Mraz
510bcc2e3a
update to upstream version 1.1.0b
2016-10-11 10:31:54 +02:00
Richard W.M. Jones
d0c38b1fe6
Add flags for riscv64.
2016-10-07 20:44:34 +01:00
Tomas Mraz
e8261d1b72
minor upstream release 1.0.2j fixing regression from previous release
2016-09-26 12:56:04 +02:00
David Woodhouse
edc03c1b9b
Fix enginesdir in libcrypto.pc ( #1375361 )
2016-09-24 20:36:58 +01:00
Tomas Mraz
6e67274c62
minor upstream release 1.0.2i fixing security issues
...
- move man pages for perl based scripts to perl subpackage (#1377617 )
2016-09-22 14:16:05 +02:00
Tomas Mraz
9fc25c1d28
fix regression in Cisco AnyConnect VPN support ( #1354588 )
2016-08-10 13:50:49 +02:00
Tomas Mraz
a1b5b83ccd
require libcrypto in libssl.pc ( #1301301 )
2016-06-27 12:09:15 +02:00
Petr Písař
b7ec4eee2b
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 10:44:40 +02:00
Tomas Mraz
eeb6ac1a65
minor upstream release 1.0.2h fixing security issues
2016-05-03 18:23:18 +02:00
Tomas Mraz
0a6d0e5ddc
disable SSLv2 support altogether (without ABI break)
2016-03-29 15:47:40 +02:00
Tom Callaway
589d3ee15b
enable RC5 with permission from Legal
2016-03-07 21:56:55 -06:00
Tomas Mraz
8f6be98bf7
reenable SSL2 in the build to avoid ABI break
...
(it does not make the openssl vulnerable to DROWN attack)
2016-03-02 09:33:35 +01:00
Tomas Mraz
e7a0ff581f
minor upstream release 1.0.2g fixing security issues
2016-03-01 17:22:06 +01:00
Fedora Release Engineering
843fdf0512
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:34:33 +00:00
Tomas Mraz
1004dabcc6
minor upstream release 1.0.2f fixing security issues
...
- add support for MIPS secondary architecture
2016-01-28 17:12:09 +01:00
Tomas Mraz
341f751fb7
Add missing buildrequires for SCTP
2016-01-15 14:43:57 +01:00
Tomas Mraz
0d8bb6ef41
document some options of openssl speed command
2016-01-15 14:19:55 +01:00
Tomas Mraz
41a5ee166a
enable sctp support in DTLS
2015-12-18 13:52:00 +01:00
Tomas Mraz
c79bed9e76
remove unimplemented EC method from header ( #1289599 )
2015-12-08 15:56:50 +01:00
Tomas Mraz
88482b2b4a
the fast nistp implementation works only on little endian architectures
2015-12-07 15:02:57 +01:00
Tomas Mraz
6536aa4c73
Makefile.certificate should not set serial to 0 by default
2015-12-04 14:36:15 +01:00
Tomas Mraz
4240ecaa1b
minor upstream release 1.0.2e fixing moderate severity security issues
...
- enable fast assembler implementation for NIST P-256 and P-521
elliptic curves (#1164210 )
- filter out unwanted link options from the .pc files (#1257836 )
2015-12-04 14:13:59 +01:00
Tomas Mraz
a83e4d7c4a
fix sigill on some AMD CPUs ( #1278194 )
2015-11-16 17:47:54 +01:00
Tom Callaway
314b2359b8
BR: /usr/bin/pod2man
2015-08-12 17:16:04 -04:00
Tom Callaway
1417ec988d
enable secp256k1 (bz1021898)
2015-08-12 17:07:46 -04:00
Tomas Mraz
5675d07a14
minor upstream release 1.0.2d fixing a high severity security issue
2015-07-09 17:25:58 +02:00
Tomas Mraz
7f0b164051
fix the aarch64 build
2015-07-07 09:47:17 +02:00
Dennis Gilmore
49a07018fb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:06:33 +00:00
Tomas Mraz
837dd04882
minor upstream release 1.0.2c fixing multiple security issues
2015-06-15 18:23:46 +02:00
Peter Robinson
18455c91c0
Add aarch64 sslarch details
2015-05-07 16:04:05 +01:00
Tomas Mraz
e4bf425a79
fix some 64 bit build targets
2015-05-07 12:01:04 +02:00
Tomas Mraz
d743a79756
add alternative certificate chain discovery support from upstream
2015-04-28 17:10:52 +02:00
Tomas Mraz
a1fb602a95
rebase to 1.0.2 branch
2015-04-23 13:57:26 +02:00
Tomas Mraz
805c06e347
drop the AES-GCM restriction of 2^32 operations
...
The IV is always 96 bits (32 bit fixed field + 64 bit invocation field).
2015-04-09 13:10:25 +02:00
Tomas Mraz
729d2d0e11
Multiple security issues fixed.
...
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
2015-03-19 18:08:12 +01:00
Tomas Mraz
446f9bea43
fix bug in the CRYPTO_128_unwrap()
2015-03-16 18:02:06 +01:00
Tomas Mraz
303fb7be60
fix bug in the RFC 5649 support ( #1185878 )
2015-02-27 16:03:52 +01:00
Till Maas
1804d4c857
Rebuilt for Fedora 23 Change
...
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 22:15:20 +01:00
Tomas Mraz
6a450be963
test in the non-FIPS RSA keygen for minimal distance of p and q
...
similarly to the FIPS RSA keygen
2015-01-16 16:16:14 +01:00
Tomas Mraz
7e7e3f299f
new upstream release fixing multiple security issues
2015-01-09 10:54:51 +01:00
Tomas Mraz
8c1cdfe3ab
Fix date in changelog.
2014-11-20 11:14:35 +01:00
Tomas Mraz
80b5477597
disable SSLv3 by default again
...
Mail servers and possibly LDAP servers should probably allow
it explicitly by SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3) call
for buggy legacy clients on the smtps, imaps, and ldaps ports.
2014-11-20 10:25:56 +01:00
Tomas Mraz
3f43f7e93a
update the FIPS RSA keygen to be FIPS 186-4 compliant
2014-10-21 16:02:25 +02:00
Tomas Mraz
613f664141
new upstream release fixing multiple security issues
2014-10-16 13:50:08 +02:00
Tomas Mraz
1f162bf2ee
copy negotiated digests when switching certs by SNI ( #1150032 )
2014-10-10 14:16:48 +02:00
Tomas Mraz
11aeae71ed
add support for RFC 5649
2014-09-08 15:22:44 +02:00
Peter Robinson
58eec73ac0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:08:44 +00:00
Tomas Mraz
a577400ed8
drop RSA X9.31 from RSA FIPS selftests
...
- add Power 8 optimalizations
2014-08-13 20:03:17 +02:00
Tomas Mraz
a78828f786
new upstream release fixing multiple moderate security issues
...
- for now disable only SSLv2 by default
2014-08-07 16:00:47 +02:00
Tom Callaway
6c0bfa087d
fix license handling
2014-07-18 19:31:16 -04:00
Tomas Mraz
6466466115
disable SSLv2 and SSLv3 protocols by default
...
(can be enabled via appropriate SSL_CTX_clear_options() call)
2014-06-30 14:21:11 +02:00
Tomas Mraz
f550490681
use system profile for default cipher list
2014-06-11 15:07:06 +02:00
Tomas Mraz
a98d99a503
fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
...
- make FIPS mode keygen bit length restriction enforced only when
OPENSSL_ENFORCE_MODULUS_BITS is set
2014-06-10 16:38:56 +02:00
Dennis Gilmore
0a491cd9f2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:02:05 -05:00
Tomas Mraz
360a4bb67c
new upstream release 1.0.1h
2014-06-05 15:05:17 +02:00