-
fb8fee4b43
FIPS RSA CRT tests must use correct parameters
Dmitry Belyavskiy
2022-11-16 13:16:23 +0100
-
474a112b98
Avoid memory leaks in TLS
Dmitry Belyavskiy
2022-11-16 12:23:27 +0100
-
6c57fc8dcc
SHAKE-128/256 are not allowed with RSA in FIPS mode
Dmitry Belyavskiy
2022-11-15 15:51:36 +0100
-
8fce2b46cf
import openssl-3.0.1-43.el9_0
imports/c9/openssl-3.0.1-43.el9_0
CentOS Sources
2022-11-01 14:25:54 -0400
-
39f800af50
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
Dmitry Belyavskiy
2022-11-01 18:23:58 +0100
-
6dfb655bae
import openssl-3.0.1-41.el9_0
imports/c9-beta/openssl-3.0.1-41.el9_0
CentOS Sources
2022-09-27 10:29:34 -0400
-
6c7584747a
import openssl-1.1.1k-7.el8_6
imports/c8-beta/openssl-1.1.1k-7.el8_6
CentOS Sources
2022-09-27 16:32:58 -0400
-
ff78525169
.gitignore: Stop ignoring 000*.patch
Clemens Lang
2022-09-12 15:52:16 +0200
-
30c7b955bd
import openssl-3.0.1-41.el9_0
imports/c9/openssl-3.0.1-41.el9_0
CentOS Sources
2022-08-30 11:47:28 -0400
-
7c8235f8cd
Zeroize public keys, add HKDF FIPS indicator
Clemens Lang
2022-08-11 15:12:42 +0200
-
730ccadf04
Extra zeroization related to FIPS-140-3 requirements
Dmitry Belyavskiy
2022-08-05 14:26:10 +0200
-
fc45520150
Reseed all the parent DRBGs in chain on reseeding a DRBG
Dmitry Belyavskiy
2022-08-02 18:32:36 +0200
-
a0907c129c
Use signature for RSA pairwise test according FIPS-140-3 requirements
Dmitry Belyavskiy
2022-07-25 17:57:38 +0200
-
f1dba9d301
Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
Dmitry Belyavskiy
2022-07-25 14:41:43 +0200
-
3f7cd79d02
Deal with DH keys in FIPS mode according FIPS-140-3 requirements
Dmitry Belyavskiy
2022-07-20 15:20:48 +0200
-
61f739868e
FIPS: Fix memory leak in digest_sign self-test
Clemens Lang
2022-08-03 18:04:36 +0200
-
bc18edacfc
import openssl-1.1.1k-7.el8_6
imports/c8/openssl-1.1.1k-7.el8_6
CentOS Sources
2022-08-02 03:04:19 -0400
-
08d6c35051
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
Clemens Lang
2022-07-22 18:01:52 +0200
-
3e6d5a385b
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
Clemens Lang
2022-07-14 16:54:25 +0200
-
c64694b961
Fix segfault in EVP_PKEY_Q_keygen()
Clemens Lang
2022-07-14 14:49:46 +0200
-
3928dd5532
import openssl-1.1.1k-7.el8_6
imports/c8s/openssl-1.1.1k-7.el8_6
CentOS Sources
2022-07-11 12:11:34 +0000
-
5901637dea
CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Clemens Lang
2022-07-05 14:04:03 +0200
-
f3b52e907b
CVE-2022-2068: the c_rehash script allows command injection
Dmitry Belyavskiy
2022-06-22 13:49:46 +0200
-
fea833cb56
Strict certificates validation shouldn't allow explicit EC parameters
Dmitry Belyavskiy
2022-06-22 12:52:57 +0200
-
ea75c725ee
Fix PPC64 Montgomery multiplication bug
Dmitry Belyavskiy
2022-06-22 12:35:27 +0200
-
f4e1bded66
Improve diagnostics when passing unsupported groups in TLS
Dmitry Belyavskiy
2022-06-17 10:30:01 +0200
-
cbe5a9ff12
FIPS provider should block RSA encryption for key transport.
Dmitry Belyavskiy
2022-06-16 15:11:40 +0200
-
8638196167
Ciphersuites with RSAPSK KX should be filterd in FIPS mode
Dmitry Belyavskiy
2022-06-16 15:06:45 +0200
-
8b08b372c8
FIPS: Expose explicit indicator from fips.so
Clemens Lang
2022-06-08 14:05:50 +0200
-
e859029ea0
Replace expired certificates
Dmitry Belyavskiy
2022-06-03 15:31:56 +0200
-
a8a3a389ee
Use KAT for ECDSA signature tests, s390 arch
Dmitry Belyavskiy
2022-05-30 18:00:10 +0200
-
96926ffe00
Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
Clemens Lang
2022-05-25 18:17:35 +0200
-
794d81540e
CVE-2022-1292 openssl: c_rehash script allows command injection
Dmitry Belyavskiy
2022-05-26 12:14:19 +0200
-
a63915eb2b
CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS
Dmitry Belyavskiy
2022-05-26 12:07:22 +0200
-
ac312e8ff7
CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
Dmitry Belyavskiy
2022-05-26 11:57:12 +0200
-
b5de6bd830
In FIPS mode limit key sizes for signature verification
Dmitry Belyavskiy
2022-05-23 15:25:42 +0200
-
7bc4f9f094
Ciphersuites with RSA KX should be filterd in FIPS mode
Dmitry Belyavskiy
2022-05-19 14:29:23 +0200
-
b393177f7d
`openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
Dmitry Belyavskiy
2022-05-19 12:20:50 +0200
-
389313b118
FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}
Clemens Lang
2022-05-23 14:53:37 +0200
-
892b3c8109
import openssl-3.0.1-23.el9_0
imports/c9/openssl-3.0.1-23.el9_0
CentOS Sources
2022-05-17 18:34:48 -0400
-
701577a00f
import openssl-3.0.1-20.el9_0
imports/c9/openssl-3.0.1-20.el9_0
CentOS Sources
2022-05-17 06:23:28 -0400
-
-
87f109e9fb
Use KAT for ECDSA signature tests
Dmitry Belyavskiy
2022-04-04 16:32:38 +0200
-
69c1abb4df
openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
Dmitry Belyavskiy
2022-05-12 13:45:42 +0200
-
b4d281e4de
-config argument of openssl app should work properly
Dmitry Belyavskiy
2022-05-12 13:24:59 +0200
-
1b2d08b2c2
Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
Dmitry Belyavskiy
2022-04-01 12:53:17 +0200
-
4dc19fe033
Reworked patch forbidding explicit EC parameters
Dmitry Belyavskiy
2022-03-24 17:45:16 +0100
-
1447e64bc3
Include hash in FIPS module version
Clemens Lang
2022-05-05 17:05:35 +0200
-
ad863e9fc8
OpenSSL FIPS module should not build in non-approved algorithms
Dmitry Belyavskiy
2022-05-05 17:34:49 +0200
-
6ba0e5efa3
When FIPS provider is in use, we forbid only some padding modes - spec
Dmitry Belyavskiy
2022-05-02 18:33:35 +0200
-
067b6b249b
When FIPS provider is in use, we forbid only some padding modes
Dmitry Belyavskiy
2022-05-02 17:42:54 +0200
-
02c75e5a65
We dont'want totally forbid RSA encryption.
Dmitry Belyavskiy
2022-05-02 15:54:28 +0200
-
9afaa3d1f4
Fix regression in evp_pkey_name2type caused by tr_TR locale fix
Clemens Lang
2022-04-28 13:38:34 +0200
-
a711ac2e4f
Fix openssl curl error with LANG=tr_TR.utf8
Dmitry Belyavskiy
2022-04-21 15:16:18 +0200
-
c0744a0cbf
Temporary manual test
Dmitry Belyavskiy
2022-04-21 13:20:27 +0200
-
e20814a6ed
import openssl-3.0.1-20.el9_0
imports/c9-beta/openssl-3.0.1-20.el9_0
CentOS Sources
2022-04-05 07:12:41 -0400
-
2a9b729c27
import openssl-1.1.1k-5.el8_5
imports/c8-beta/openssl-1.1.1k-5.el8_5
CentOS Sources
2022-03-29 14:38:44 -0400
-
7a1c7b28bc
FIPS provider doesn't block RSA encryption for key transport
Dmitry Belyavskiy
2022-03-28 17:38:25 +0200
-
145dc9b8af
import openssl-1.1.1k-6.el8_5
imports/c8/openssl-1.1.1k-6.el8_5
CentOS Sources
2022-03-28 03:47:20 -0400
-
93ff3f8fe5
Fix occasional internal error in TLS when DHE is used
Clemens Lang
2022-03-22 13:04:16 +0100
-
153f593fa6
Fix SHA1 certs in LEGACY without openssl lib ctxt
Clemens Lang
2022-03-18 13:35:57 +0100
-
4eb630f7d5
Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
Clemens Lang
2022-03-17 13:36:33 +0100
-
03697fff80
CVE-2022-0778 fix
Dmitry Belyavskiy
2022-03-16 15:03:25 +0100
-
bc7dfd9722
Fix RSA PSS padding with SHA-1 disabled
Clemens Lang
2022-03-10 12:47:01 +0100
-
3c66c99bd5
Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
Clemens Lang
2022-03-01 15:58:48 +0100
-
47cc85c5fc
import openssl-3.0.1-5.el9
imports/c9-beta/openssl-3.0.1-5.el9
CentOS Sources
2022-03-01 07:55:59 -0500
-
ede38fcb54
Prevent use of SHA1 with ECDSA
Clemens Lang
2022-02-25 14:36:41 +0100
-
ea9f0a5726
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Dmitry Belyavskiy
2022-02-25 12:37:01 +0100
-
849a9965ee
Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261
Peter Robinson
2022-02-24 10:07:39 +0000
-
53f53fedec
Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
Clemens Lang
2022-02-23 16:56:08 +0100
-
b33dfd3fc3
Spec bump
Dmitry Belyavskiy
2022-02-23 11:47:25 +0100
-
5a9ab1160e
Allow SHA1 usage in HMAC in TLS
Clemens Lang
2022-02-22 19:34:36 +0100
-
53b85f538c
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Dmitry Belyavskiy
2022-02-22 15:20:01 +0100
-
d79f404164
Allows non-fips KDF for PKCS#12
Dmitry Belyavskiy
2022-02-21 14:33:38 +0100
-
78fb78d307
Disable SHA1 signature creation and verification by default
Clemens Lang
2022-02-22 12:21:06 +0100
-
0a5c81da78
s_server: correctly handle 2^14 byte long records Resolves: rhbz#2042011
Sahana Prasad
2022-02-03 15:36:38 +0100
-
9535c0d629
import openssl-3.0.0-6.el9
imports/c9-beta/openssl-3.0.0-6.el9
CentOS Sources
2022-02-01 13:14:52 -0500
-
922b5301ea
Adjust FIPS provider version
Dmitry Belyavskiy
2022-02-01 15:53:47 +0100
-
8c3b745547
On the s390x, zeroize all the copies of TLS premaster secret
Dmitry Belyavskiy
2022-01-26 16:50:19 +0100
-
92e721fa5d
Rebuild
Dmitry Belyavskiy
2022-01-21 14:40:57 +0100
-
691c22b61c
Remove volatile attribute from HMAC to make annocheck happy
Dmitry Belyavskiy
2022-01-21 13:10:45 +0100
-
d237e7f301
Restoring fips=yes to SHA-1
Dmitry Belyavskiy
2022-01-21 10:51:59 +0100
-
9df33eabbe
KATS self-tests should run before HMAC verifcation
Dmitry Belyavskiy
2022-01-19 13:40:57 +0100
-
f5421022ee
Adds enable-buildtest-c++ to the configure options. Related: rhbz#1990814
Sahana Prasad
2022-01-20 15:49:15 +0100
-
78a467efcc
Rebase to upstream version 3.0.1 Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl Resolves: rhbz#2038910, rhbz#2035148
Sahana Prasad
2022-01-18 18:30:10 +0100
-
e63c4b68b2
Update spec file, remove fipsmodule.cnf
Dmitry Belyavskiy
2022-01-13 13:35:22 +0100
-
6cdaa527d8
Explicitly permit SHA1 HMAC
Dmitry Belyavskiy
2022-01-13 13:34:38 +0100
-
cc37486d86
Minimize the list of services allowed for FIPS
Dmitry Belyavskiy
2022-01-13 13:33:40 +0100
-
b310a85186
import openssl-3.0.0-5.el9
imports/c9-beta/openssl-3.0.0-5.el9
CentOS Sources
2022-01-11 13:32:50 -0500
-
225b6d37b9
openssl speed should run in FIPS mode
Dmitry Belyavskiy
2021-12-21 16:16:07 +0100
-
8755b29af1
import openssl-1.1.1k-5.el8_5
imports/c8/openssl-1.1.1k-5.el8_5
CentOS Sources
2021-12-21 04:09:18 -0500
-
13dc3794cb
Make rpminspect happy
Dmitry Belyavskiy
2021-12-10 14:19:15 +0100
-
c60058c17a
import openssl-3.0.0-4.el9
imports/c9-beta/openssl-3.0.0-4.el9
CentOS Sources
2021-12-07 13:44:58 -0500
-
fbde049751
import openssl-3.0.0-0.beta2.7.el9
imports/c9-beta/openssl-3.0.0-0.beta2.7.el9
CentOS Sources
2021-11-03 21:17:53 -0400
-
-
4c1c00d6af
Updated spec, some cleanup done
Dmitry Belyavskiy
2021-11-24 13:44:25 +0100
-
9422ae52de
Always activate default provider via config
Dmitry Belyavskiy
2021-11-23 14:45:25 +0100
-
210c37e906
Disable fipsinstall application
Dmitry Belyavskiy
2021-11-22 14:08:48 +0100
-
3ff0db7558
Embed correct HMAC into fips provider
Dmitry Belyavskiy
2021-11-22 11:20:40 +0100
-
5c4e10ac26
FIPS provider auto activation
Dmitry Belyavskiy
2021-11-15 11:38:37 +0100
-
aa39a6dc18
import openssl-1.1.1k-5.el8_5
imports/c8s/openssl-1.1.1k-5.el8_5
CentOS Sources
2021-11-16 04:21:54 +0000
-
f7ae1c32d1
import openssl-1.1.1k-4.el8
imports/c8/openssl-1.1.1k-4.el8
CentOS Sources
2021-11-09 04:54:43 -0500