openssl

rpms/openssl

Fork 1

Commit Graph

Select branches

Hide Pull Requests

a10s

a9

c10-beta

c10s

c8

c8-beta

c8s

c9

c9-beta

c9s

#1

changed/a10s/openssl-3.2.2-10.el10.alma.1

changed/a10s/openssl-3.2.2-12.el10.alma.1

changed/a10s/openssl-3.2.2-13.el10.alma.1

changed/a10s/openssl-3.2.2-3.el10.alma.1

changed/a10s/openssl-3.2.2-7.el10.alma.1

changed/a9/openssl-3.0.7-27.el9.alma.1

imports/c10-beta/openssl-3.2.2-12.el10

imports/c10s/openssl-3.2.2-10.el10

imports/c10s/openssl-3.2.2-12.el10

imports/c10s/openssl-3.2.2-13.el10

imports/c10s/openssl-3.2.2-14.el10

imports/c10s/openssl-3.2.2-3.el10

imports/c10s/openssl-3.2.2-7.el10

imports/c8-beta/openssl-1.1.1c-1.el8

imports/c8-beta/openssl-1.1.1c-12.el8

imports/c8-beta/openssl-1.1.1g-12.el8_3

imports/c8-beta/openssl-1.1.1g-9.el8

imports/c8-beta/openssl-1.1.1k-4.el8

imports/c8-beta/openssl-1.1.1k-5.el8_5

imports/c8-beta/openssl-1.1.1k-7.el8_6

imports/c8-beta/openssl-1.1.1k-9.el8

imports/c8/openssl-1.1.1c-15.el8

imports/c8/openssl-1.1.1c-2.el8_1.1

imports/c8/openssl-1.1.1g-11.el8

imports/c8/openssl-1.1.1g-12.el8_3

imports/c8/openssl-1.1.1g-15.el8_3

imports/c8/openssl-1.1.1k-12.el8_9

imports/c8/openssl-1.1.1k-14.el8_6

imports/c8/openssl-1.1.1k-4.el8

imports/c8/openssl-1.1.1k-5.el8_5

imports/c8/openssl-1.1.1k-6.el8_5

imports/c8/openssl-1.1.1k-7.el8_6

imports/c8/openssl-1.1.1k-9.el8_7

imports/c8s/openssl-1.1.1g-11.el8

imports/c8s/openssl-1.1.1g-12.el8_3

imports/c8s/openssl-1.1.1g-9.el8

imports/c8s/openssl-1.1.1k-1.el8

imports/c8s/openssl-1.1.1k-4.el8

imports/c8s/openssl-1.1.1k-5.el8_5

imports/c8s/openssl-1.1.1k-7.el8_6

imports/c8s/openssl-1.1.1k-9.el8

imports/c9-beta/openssl-3.0.0-0.beta2.7.el9

imports/c9-beta/openssl-3.0.0-4.el9

imports/c9-beta/openssl-3.0.0-5.el9

imports/c9-beta/openssl-3.0.0-6.el9

imports/c9-beta/openssl-3.0.1-20.el9_0

imports/c9-beta/openssl-3.0.1-41.el9_0

imports/c9-beta/openssl-3.0.1-5.el9

imports/c9-beta/openssl-3.0.7-24.el9

imports/c9-beta/openssl-3.0.7-27.el9

imports/c9-beta/openssl-3.0.7-5.el9

imports/c9-beta/openssl-3.2.2-6.el9

imports/c9-beta/openssl-3.2.2-6.el9_5

imports/c9/openssl-3.0.1-20.el9_0

imports/c9/openssl-3.0.1-23.el9_0

imports/c9/openssl-3.0.1-41.el9_0

imports/c9/openssl-3.0.1-43.el9_0

imports/c9/openssl-3.0.1-47.el9_1

imports/c9/openssl-3.0.7-16.el9_2

imports/c9/openssl-3.0.7-17.el9_2

imports/c9/openssl-3.0.7-24.el9

imports/c9/openssl-3.0.7-25.el9_3

imports/c9/openssl-3.0.7-27.el9

imports/c9/openssl-3.0.7-28.el9_4

imports/c9/openssl-3.0.7-6.el9_2

imports/c9/openssl-3.2.2-6.el9_5

bc18edacfc import openssl-1.1.1k-7.el8_6 imports/c8/openssl-1.1.1k-7.el8_6 CentOS Sources 2022-08-02 03:04:19 -0400
08d6c35051 FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign Clemens Lang 2022-07-22 18:01:52 +0200
d1b1996624 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Fedora Release Engineering 2022-07-22 02:15:17 +0000
3e6d5a385b Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le Clemens Lang 2022-07-14 16:54:25 +0200
c64694b961 Fix segfault in EVP_PKEY_Q_keygen() Clemens Lang 2022-07-14 14:49:46 +0200
6864f5f043 Auto sync2gitlab import of openssl-1.1.1k-7.el8_6.src.rpm CentOS Sources 2022-07-11 12:11:47 +0000
3928dd5532 import openssl-1.1.1k-7.el8_6 imports/c8s/openssl-1.1.1k-7.el8_6 CentOS Sources 2022-07-11 12:11:34 +0000
32908974c2 Rebase to upstream version 3.0.5 Clemens Lang 2022-07-05 14:01:19 +0200
5901637dea CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Clemens Lang 2022-07-05 14:04:03 +0200
f3b52e907b CVE-2022-2068: the c_rehash script allows command injection Dmitry Belyavskiy 2022-06-22 13:49:46 +0200
fea833cb56 Strict certificates validation shouldn't allow explicit EC parameters Dmitry Belyavskiy 2022-06-22 12:52:57 +0200
ea75c725ee Fix PPC64 Montgomery multiplication bug Dmitry Belyavskiy 2022-06-22 12:35:27 +0200
f4e1bded66 Improve diagnostics when passing unsupported groups in TLS Dmitry Belyavskiy 2022-06-17 10:30:01 +0200
cbe5a9ff12 FIPS provider should block RSA encryption for key transport. Dmitry Belyavskiy 2022-06-16 15:11:40 +0200
8638196167 Ciphersuites with RSAPSK KX should be filterd in FIPS mode Dmitry Belyavskiy 2022-06-16 15:06:45 +0200
8b08b372c8 FIPS: Expose explicit indicator from fips.so Clemens Lang 2022-06-08 14:05:50 +0200
e859029ea0 Replace expired certificates Dmitry Belyavskiy 2022-06-03 15:31:56 +0200
8a03afa13c Rebasing to OpenSSL 3.0.3 Dmitry Belyavskiy 2022-06-01 13:08:26 +0200
a8a3a389ee Use KAT for ECDSA signature tests, s390 arch Dmitry Belyavskiy 2022-05-30 18:00:10 +0200
96926ffe00 Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" Clemens Lang 2022-05-25 18:17:35 +0200
e3e588db6b Initial c8s branch. James Antill 2022-05-26 12:30:31 -0400
794d81540e CVE-2022-1292 openssl: c_rehash script allows command injection Dmitry Belyavskiy 2022-05-26 12:14:19 +0200
a63915eb2b CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS Dmitry Belyavskiy 2022-05-26 12:07:22 +0200
ac312e8ff7 CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory Dmitry Belyavskiy 2022-05-26 11:57:12 +0200
b5de6bd830 In FIPS mode limit key sizes for signature verification Dmitry Belyavskiy 2022-05-23 15:25:42 +0200
7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode Dmitry Belyavskiy 2022-05-19 14:29:23 +0200
b393177f7d openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode Dmitry Belyavskiy 2022-05-19 12:20:50 +0200
389313b118 FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify} Clemens Lang 2022-05-23 14:53:37 +0200
892b3c8109 import openssl-3.0.1-23.el9_0 imports/c9/openssl-3.0.1-23.el9_0 CentOS Sources 2022-05-17 18:34:48 -0400
701577a00f import openssl-3.0.1-20.el9_0 imports/c9/openssl-3.0.1-20.el9_0 CentOS Sources 2022-05-17 06:23:28 -0400
87f109e9fb Use KAT for ECDSA signature tests Dmitry Belyavskiy 2022-04-04 16:32:38 +0200
69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC Dmitry Belyavskiy 2022-05-12 13:45:42 +0200
b4d281e4de -config argument of openssl app should work properly Dmitry Belyavskiy 2022-05-12 13:24:59 +0200
1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode Dmitry Belyavskiy 2022-04-01 12:53:17 +0200
4dc19fe033 Reworked patch forbidding explicit EC parameters Dmitry Belyavskiy 2022-03-24 17:45:16 +0100
1447e64bc3 Include hash in FIPS module version Clemens Lang 2022-05-05 17:05:35 +0200
ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms Dmitry Belyavskiy 2022-05-05 17:34:49 +0200
6ba0e5efa3 When FIPS provider is in use, we forbid only some padding modes - spec Dmitry Belyavskiy 2022-05-02 18:33:35 +0200
067b6b249b When FIPS provider is in use, we forbid only some padding modes Dmitry Belyavskiy 2022-05-02 17:42:54 +0200
02c75e5a65 We dont'want totally forbid RSA encryption. Dmitry Belyavskiy 2022-05-02 15:54:28 +0200
9afaa3d1f4 Fix regression in evp_pkey_name2type caused by tr_TR locale fix Clemens Lang 2022-04-28 13:38:34 +0200
efdb8c60a3 Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0 Clemens Lang 2022-04-27 12:24:38 +0200
8f08128432 Instrument with USDT probes related to SHA-1 deprecation Alexander Sosedkin 2022-04-21 19:51:47 +0200
a711ac2e4f Fix openssl curl error with LANG=tr_TR.utf8 Dmitry Belyavskiy 2022-04-21 15:16:18 +0200
c0744a0cbf Temporary manual test Dmitry Belyavskiy 2022-04-21 13:20:27 +0200
0eaa0014c9 Fix a FIXME in the openssl.cnf(5) manpage Clemens Lang 2022-04-20 15:47:37 +0200
0967bb5953 ELN: Disable SHA-1 by default using CentOS patches Clemens Lang 2022-04-20 15:12:30 +0200
e20814a6ed import openssl-3.0.1-20.el9_0 imports/c9-beta/openssl-3.0.1-20.el9_0 CentOS Sources 2022-04-05 07:12:41 -0400
82a6212c47 Silence rpmlint false positives Clemens Lang 2022-04-06 17:45:04 +0200
432cfa2baa Allow disabling of SHA1 signatures Clemens Lang 2022-04-01 16:17:28 +0200
2a9b729c27 import openssl-1.1.1k-5.el8_5 imports/c8-beta/openssl-1.1.1k-5.el8_5 CentOS Sources 2022-03-29 14:38:44 -0400
7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport Dmitry Belyavskiy 2022-03-28 17:38:25 +0200
145dc9b8af import openssl-1.1.1k-6.el8_5 imports/c8/openssl-1.1.1k-6.el8_5 CentOS Sources 2022-03-28 03:47:20 -0400
93ff3f8fe5 Fix occasional internal error in TLS when DHE is used Clemens Lang 2022-03-22 13:04:16 +0100
153f593fa6 Fix SHA1 certs in LEGACY without openssl lib ctxt Clemens Lang 2022-03-18 13:35:57 +0100
e251b765e5 Restore Python CI tests removed when OpenSSL was updated to 3.0 Miro Hrončok 2022-03-18 10:58:59 +0100
a0bd929a42 Update to openssl 3.0.2 Dmitry Belyavskiy 2022-03-18 10:41:13 +0100
4eb630f7d5 Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes Clemens Lang 2022-03-17 13:36:33 +0100
03697fff80 CVE-2022-0778 fix Dmitry Belyavskiy 2022-03-16 15:03:25 +0100
bc7dfd9722 Fix RSA PSS padding with SHA-1 disabled Clemens Lang 2022-03-10 12:47:01 +0100
3c66c99bd5 Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Clemens Lang 2022-03-01 15:58:48 +0100
47cc85c5fc import openssl-3.0.1-5.el9 imports/c9-beta/openssl-3.0.1-5.el9 CentOS Sources 2022-03-01 07:55:59 -0500
ede38fcb54 Prevent use of SHA1 with ECDSA Clemens Lang 2022-02-25 14:36:41 +0100
ea9f0a5726 OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters Dmitry Belyavskiy 2022-02-25 12:37:01 +0100
849a9965ee Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261 Peter Robinson 2022-02-24 10:07:39 +0000
53f53fedec Allow SHA1 usage in MGF1 for RSASSA-PSS signatures Clemens Lang 2022-02-23 16:56:08 +0100
b33dfd3fc3 Spec bump Dmitry Belyavskiy 2022-02-23 11:47:25 +0100
5a9ab1160e Allow SHA1 usage in HMAC in TLS Clemens Lang 2022-02-22 19:34:36 +0100
53b85f538c OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters Dmitry Belyavskiy 2022-02-22 15:20:01 +0100
d79f404164 Allows non-fips KDF for PKCS#12 Dmitry Belyavskiy 2022-02-21 14:33:38 +0100
78fb78d307 Disable SHA1 signature creation and verification by default Clemens Lang 2022-02-22 12:21:06 +0100
0a5c81da78 s_server: correctly handle 2^14 byte long records Resolves: rhbz#2042011 Sahana Prasad 2022-02-03 15:36:38 +0100
9535c0d629 import openssl-3.0.0-6.el9 imports/c9-beta/openssl-3.0.0-6.el9 CentOS Sources 2022-02-01 13:14:52 -0500
922b5301ea Adjust FIPS provider version Dmitry Belyavskiy 2022-02-01 15:53:47 +0100
8c3b745547 On the s390x, zeroize all the copies of TLS premaster secret Dmitry Belyavskiy 2022-01-26 16:50:19 +0100
92e721fa5d Rebuild Dmitry Belyavskiy 2022-01-21 14:40:57 +0100
691c22b61c Remove volatile attribute from HMAC to make annocheck happy Dmitry Belyavskiy 2022-01-21 13:10:45 +0100
d237e7f301 Restoring fips=yes to SHA-1 Dmitry Belyavskiy 2022-01-21 10:51:59 +0100
9df33eabbe KATS self-tests should run before HMAC verifcation Dmitry Belyavskiy 2022-01-19 13:40:57 +0100
b9f33d724e - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Fedora Release Engineering 2022-01-20 22:29:33 +0000
f5421022ee Adds enable-buildtest-c++ to the configure options. Related: rhbz#1990814 Sahana Prasad 2022-01-20 15:49:15 +0100
78a467efcc Rebase to upstream version 3.0.1 Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl Resolves: rhbz#2038910, rhbz#2035148 Sahana Prasad 2022-01-18 18:30:10 +0100
e63c4b68b2 Update spec file, remove fipsmodule.cnf Dmitry Belyavskiy 2022-01-13 13:35:22 +0100
6cdaa527d8 Explicitly permit SHA1 HMAC Dmitry Belyavskiy 2022-01-13 13:34:38 +0100
cc37486d86 Minimize the list of services allowed for FIPS Dmitry Belyavskiy 2022-01-13 13:33:40 +0100
b310a85186 import openssl-3.0.0-5.el9 imports/c9-beta/openssl-3.0.0-5.el9 CentOS Sources 2022-01-11 13:32:50 -0500
225b6d37b9 openssl speed should run in FIPS mode Dmitry Belyavskiy 2021-12-21 16:16:07 +0100
8755b29af1 import openssl-1.1.1k-5.el8_5 imports/c8/openssl-1.1.1k-5.el8_5 CentOS Sources 2021-12-21 04:09:18 -0500
13dc3794cb Make rpminspect happy Dmitry Belyavskiy 2021-12-10 14:19:15 +0100
c60058c17a import openssl-3.0.0-4.el9 imports/c9-beta/openssl-3.0.0-4.el9 CentOS Sources 2021-12-07 13:44:58 -0500
fbde049751 import openssl-3.0.0-0.beta2.7.el9 imports/c9-beta/openssl-3.0.0-0.beta2.7.el9 CentOS Sources 2021-11-03 21:17:53 -0400
4c1c00d6af Updated spec, some cleanup done Dmitry Belyavskiy 2021-11-24 13:44:25 +0100
9422ae52de Always activate default provider via config Dmitry Belyavskiy 2021-11-23 14:45:25 +0100
210c37e906 Disable fipsinstall application Dmitry Belyavskiy 2021-11-22 14:08:48 +0100
3ff0db7558 Embed correct HMAC into fips provider Dmitry Belyavskiy 2021-11-22 11:20:40 +0100
5c4e10ac26 FIPS provider auto activation Dmitry Belyavskiy 2021-11-15 11:38:37 +0100
aa39a6dc18 import openssl-1.1.1k-5.el8_5 imports/c8s/openssl-1.1.1k-5.el8_5 CentOS Sources 2021-11-16 04:21:54 +0000
f7ae1c32d1 import openssl-1.1.1k-4.el8 imports/c8/openssl-1.1.1k-4.el8 CentOS Sources 2021-11-09 04:54:43 -0500
656994e381 import openssl-1.1.1k-4.el8 imports/c8-beta/openssl-1.1.1k-4.el8 CentOS Sources 2021-10-06 07:03:01 -0400
8a0a42455c import openssl-1.1.1g-12.el8_3 imports/c8-beta/openssl-1.1.1g-12.el8_3 CentOS Sources 2021-03-30 10:41:11 -0400