This website requires JavaScript.
d1a87553bb
Release the DRBG in global default libctx early
2023-05-31 16:21:07 +0200
df4dd7dd7f
Fix possible DoS translating ASN.1 object identifiers
2023-05-30 16:29:57 +0200
103d3109dc
ci.fmf: Enable golang tests as reverse dependency
2023-05-29 09:52:49 +0200
34e7dd5be4
Add interop rpm-tmt-tests
2023-05-24 15:41:56 +0000
979cb8a57b
Add TMT interoperability tests & rewrite python STI test to TMT
2023-04-14 23:04:07 +0200
b1d3f019d4
FIPS: Re-enable DHX, disable FIPS 186-4 groups
2023-05-23 14:01:14 +0200
57f6d8f4a4
Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
2023-05-19 17:47:59 +0200
032dc0839c
Enforce using EMS in FIPS mode - better alerts
2023-05-09 12:44:49 +0200
659cee1fef
import openssl-3.0.7-6.el9_2
2023-05-09 05:38:20 +0000
05bbcc9920
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180
2023-04-03 13:23:50 +0200
45cb3a6b4e
Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2023-04-28 19:09:47 +0200
7680abf05d
Input buffer over-read in AES-XTS implementation on 64 bit ARM
2023-04-21 12:33:25 +0200
4999352324
OpenSSL rsa_verify_recover key length checks in FIPS mode
2023-04-17 16:08:19 +0200
ba8edd5ea8
Certificate policy check not enabled
2023-04-17 15:46:46 +0200
70a27e0ae3
Fix invalid certificate policies in leaf certificates check
2023-04-17 15:41:21 +0200
90306b7fd8
Fix excessive resource usage in verifying X509 policy constraints
2023-04-17 15:29:43 +0200
35f22d134e
Enforce using EMS in FIPS mode
2023-04-17 13:34:16 +0200
d889221645
import openssl-3.0.7-5.el9
2023-03-28 09:20:51 +0000
d93c54c338
import openssl-1.1.1k-9.el8
2023-03-28 08:57:46 +0000
0dea6db970
Change explicit FIPS indicator for RSA decryption to unapproved
2023-03-24 16:00:21 +0100
e20a9a9b11
import openssl-1.1.1k-9.el8_7
2023-03-22 10:19:23 +0000
477bb5e652
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672
2023-03-14 17:07:58 +0100
1bd2a0cee3
Add missing patchfile, fix gettable params
2023-03-20 20:09:04 +0100
1bd49c394a
Add explicit FIPS indicator to RSA encryption and RSASVE
2023-03-17 15:56:07 +0100
21d2b9fb47
Fix X942KDF indicator for short output key lengths
2023-03-16 16:39:03 +0100
e5f783d552
Fix Wpointer-sign compiler warning
2023-03-16 14:08:53 +0100
6eb72dd621
Increase RNG seeding buffer size to 32
2023-03-13 12:35:42 +0100
fb4b72ff2f
DH PCT should abort on failure
2023-03-10 12:36:43 +0100
bfdbb139b4
Disable DHX keys completely in FIPS mode
2023-03-09 14:26:19 +0100
960e6deebf
Abort on PCT failure
2023-02-23 14:39:15 +0100
dd6f0d33c8
Remove previous low-level PCT
2023-02-22 16:22:19 +0100
fa195e46a2
Pairwise consistency tests should use Digest+Sign/Verify
2023-02-20 15:30:43 +0100
d2996a9b03
Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2023-02-15 17:16:58 +0100
d60644ea6a
Add explicit FIPS indicator for PBKDF2
2023-03-06 13:06:21 +0100
50cb33e688
GCM: Implement explicit FIPS indicator for IV gen
2023-02-17 18:39:37 +0100
58955140b6
Zeroize FIPS module integrity check MAC after check
2023-02-17 13:44:47 +0100
6a9e17a8c1
KDF: Add FIPS indicators
2023-02-16 17:55:03 +0100
6b3a991793
Bring gating.yaml over from Brew dist-git
2023-03-10 11:10:27 -0800
9ebabfa10a
Stop everlasting RNG reseeding
2023-03-01 19:56:51 +0100
d2a68cf344
import openssl-3.0.1-47.el9_1
2023-02-28 07:53:36 +0000
731c9e3178
Import rpm: c8s
2023-02-27 14:39:58 -0500
6dc7264ac5
Auto sync2gitlab import of openssl-1.1.1k-9.el8.src.rpm
2023-02-18 00:25:20 +0000
d8f331f3c6
import openssl-1.1.1k-9.el8
2023-02-18 00:25:07 +0000
e198b69ab5
Rebase ELN/RHEL patch for OpenSSL 3.0.8
2023-02-13 13:36:19 -0500
167e0dd694
ELN: fix SHA1 signature patch again
2023-02-13 10:53:54 -0500
194ef7464a
Rebase to upstream version 3.0.8
2023-02-09 16:01:17 +0100
9d8f618208
Fixed NULL dereference during PKCS7 data verification
2023-02-08 12:07:16 +0100
8673fb7c22
Fixed X.400 address type confusion in X.509 GeneralName
2023-02-08 12:00:43 +0100
0f4062ead5
Fixed NULL dereference validating DSA public key
2023-02-08 11:58:07 +0100
5e4feef220
Fixed Invalid pointer dereference in d2i_PKCS7 functions
2023-02-08 11:55:32 +0100
b889341096
Fixed Use-after-free following BIO_new_NDEF
2023-02-08 11:52:44 +0100
529db6cf12
Fixed Double free after calling PEM_read_bio_ex
2023-02-08 11:43:11 +0100
c5b0dc92d3
Fixed Timing Oracle in RSA Decryption
2023-02-08 11:40:25 +0100
593a315f09
Fixed X.509 Name Constraints Read Buffer Overflow
2023-02-08 11:37:11 +0100
02d85d00af
Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
2023-01-19 22:58:20 +0000
770dcce08b
Disallow SHAKE in OAEP decryption in FIPS mode
2023-01-11 14:10:26 +0100
9ce9458604
Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2023-01-05 18:17:28 +0100
b19d91aec3
Refactor OpenSSL fips module MAC verification
2023-01-05 11:42:50 +0100
500ad3d300
Refactor embedded mac verification in FIPS module
2023-01-05 11:30:00 +0100
106fe8964c
- Rebase to upstream version 3.0.7
2022-12-23 11:53:21 +0100
c0667361a5
Fix explicit indicator for PSS salt length
2022-11-25 15:32:03 +0100
657265459d
Backport of ppc64le Montgomery multiply enhancement
2022-11-29 12:00:38 +0100
c29e183891
Adjusting include for the FIPS_mode macro
2022-11-28 16:49:42 +0100
d60bf2b343
Removed recommended package for openssl-libs
2022-11-28 13:00:03 +0100
f2a49ef424
We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
2022-11-25 18:09:17 +0100
0f139ead1a
Various provider-related imrovements necessary for PKCS#11 provider correct operations
2022-11-25 11:42:25 +0100
07892fe646
Rebasing to OpenSSL 3.0.7 - removing redundant patches
2022-11-23 17:20:05 +0100
477d91adec
Rebasing to OpenSSL 3.0.7
2022-11-23 13:01:22 +0100
5d738bdd7f
Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
2022-11-22 12:57:21 +0100
80de7ffd9c
Add explicit indicator & clamp default PSS salt len
2022-11-17 19:50:30 +0100
fe09690308
pbkdf2: Set minimum password length of 8 bytes
2022-11-17 18:43:56 +0100
438a2c64b7
Add indicator for HMAC with short key lengths
2022-11-17 18:23:13 +0100
105cc32a20
Add indicator for SP 800-108 KDFs w/short keys
2022-11-17 17:34:28 +0100
066be87ccd
Remove support for X9.31 signature padding in FIPS mode
2022-11-17 14:04:50 +0100
2bd2c7ac27
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
2022-11-16 15:55:08 +0100
fb8fee4b43
FIPS RSA CRT tests must use correct parameters
2022-11-16 13:16:23 +0100
474a112b98
Avoid memory leaks in TLS
2022-11-16 12:23:27 +0100
6c57fc8dcc
SHAKE-128/256 are not allowed with RSA in FIPS mode
2022-11-15 15:51:36 +0100
e9a0511933
Backport patches to fix external providers compatibility issues
2022-11-16 13:57:40 -0500
8fce2b46cf
import openssl-3.0.1-43.el9_0
2022-11-01 14:25:54 -0400
39f800af50
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
2022-11-01 18:23:58 +0100
f7a2c68257
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
2022-11-01 15:32:31 +0100
6dfb655bae
import openssl-3.0.1-41.el9_0
2022-09-27 10:29:34 -0400
6c7584747a
import openssl-1.1.1k-7.el8_6
2022-09-27 16:32:58 -0400
ff78525169
.gitignore: Stop ignoring 000*.patch
2022-09-12 15:52:16 +0200
b5f6fd8216
Update patches to make ELN build happy
2022-09-12 11:39:39 +0200
d54aeb5a0f
Fix AES-GCM on Power 8 CPUs
2022-09-09 10:19:19 +0200
4855397272
openssl.spec is synced with RHEL
2022-09-02 14:57:07 +0200
89541c6ea4
We don't support explicit curves, commenting out the test
2022-09-02 15:28:40 +0200
080143cbc1
Sync with RHEL - applying patches
2022-09-01 12:42:16 +0200
30c7b955bd
import openssl-3.0.1-41.el9_0
2022-08-30 11:47:28 -0400
43e576feab
ELN: fix SHA1 signature patch
2022-08-17 13:17:58 -0400
566546250b
ELN: fix SHA1 signature patch
2022-08-17 13:00:02 -0400
7c8235f8cd
Zeroize public keys, add HKDF FIPS indicator
2022-08-11 15:12:42 +0200
730ccadf04
Extra zeroization related to FIPS-140-3 requirements
2022-08-05 14:26:10 +0200
fc45520150
Reseed all the parent DRBGs in chain on reseeding a DRBG
2022-08-02 18:32:36 +0200
a0907c129c
Use signature for RSA pairwise test according FIPS-140-3 requirements
2022-07-25 17:57:38 +0200
f1dba9d301
Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
2022-07-25 14:41:43 +0200
3f7cd79d02
Deal with DH keys in FIPS mode according FIPS-140-3 requirements
2022-07-20 15:20:48 +0200
61f739868e
FIPS: Fix memory leak in digest_sign self-test
2022-08-03 18:04:36 +0200
Dmitry Belyavskiy
Daiki Ueno
Peter Leitmann
Clemens Lang
CentOS Sources
Sahana Prasad
Troy Dawson
James Antill
Stephen Gallagher
Fedora Release Engineering
Simo Sorce