rpms
/
openssl
8
1
Fork 0
Code Issues Pull Requests Releases Activity

Commit Graph

  • fb8fee4b43 FIPS RSA CRT tests must use correct parameters Dmitry Belyavskiy 2022-11-16 13:16:23 +0100
  • 474a112b98 Avoid memory leaks in TLS Dmitry Belyavskiy 2022-11-16 12:23:27 +0100
  • 6c57fc8dcc SHAKE-128/256 are not allowed with RSA in FIPS mode Dmitry Belyavskiy 2022-11-15 15:51:36 +0100
  • 8fce2b46cf import openssl-3.0.1-43.el9_0 imports/c9/openssl-3.0.1-43.el9_0 CentOS Sources 2022-11-01 14:25:54 -0400
  • 39f800af50 CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow Dmitry Belyavskiy 2022-11-01 18:23:58 +0100
  • 6dfb655bae import openssl-3.0.1-41.el9_0 imports/c9-beta/openssl-3.0.1-41.el9_0 CentOS Sources 2022-09-27 10:29:34 -0400
  • 6c7584747a import openssl-1.1.1k-7.el8_6 imports/c8-beta/openssl-1.1.1k-7.el8_6 CentOS Sources 2022-09-27 16:32:58 -0400
  • ff78525169 .gitignore: Stop ignoring 000*.patch Clemens Lang 2022-09-12 15:52:16 +0200
  • 30c7b955bd import openssl-3.0.1-41.el9_0 imports/c9/openssl-3.0.1-41.el9_0 CentOS Sources 2022-08-30 11:47:28 -0400
  • 7c8235f8cd Zeroize public keys, add HKDF FIPS indicator Clemens Lang 2022-08-11 15:12:42 +0200
  • 730ccadf04 Extra zeroization related to FIPS-140-3 requirements Dmitry Belyavskiy 2022-08-05 14:26:10 +0200
  • fc45520150 Reseed all the parent DRBGs in chain on reseeding a DRBG Dmitry Belyavskiy 2022-08-02 18:32:36 +0200
  • a0907c129c Use signature for RSA pairwise test according FIPS-140-3 requirements Dmitry Belyavskiy 2022-07-25 17:57:38 +0200
  • f1dba9d301 Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Dmitry Belyavskiy 2022-07-25 14:41:43 +0200
  • 3f7cd79d02 Deal with DH keys in FIPS mode according FIPS-140-3 requirements Dmitry Belyavskiy 2022-07-20 15:20:48 +0200
  • 61f739868e FIPS: Fix memory leak in digest_sign self-test Clemens Lang 2022-08-03 18:04:36 +0200
  • bc18edacfc import openssl-1.1.1k-7.el8_6 imports/c8/openssl-1.1.1k-7.el8_6 CentOS Sources 2022-08-02 03:04:19 -0400
  • 08d6c35051 FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign Clemens Lang 2022-07-22 18:01:52 +0200
  • 3e6d5a385b Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le Clemens Lang 2022-07-14 16:54:25 +0200
  • c64694b961 Fix segfault in EVP_PKEY_Q_keygen() Clemens Lang 2022-07-14 14:49:46 +0200
  • 3928dd5532 import openssl-1.1.1k-7.el8_6 imports/c8s/openssl-1.1.1k-7.el8_6 CentOS Sources 2022-07-11 12:11:34 +0000
  • 5901637dea CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Clemens Lang 2022-07-05 14:04:03 +0200
  • f3b52e907b CVE-2022-2068: the c_rehash script allows command injection Dmitry Belyavskiy 2022-06-22 13:49:46 +0200
  • fea833cb56 Strict certificates validation shouldn't allow explicit EC parameters Dmitry Belyavskiy 2022-06-22 12:52:57 +0200
  • ea75c725ee Fix PPC64 Montgomery multiplication bug Dmitry Belyavskiy 2022-06-22 12:35:27 +0200
  • f4e1bded66 Improve diagnostics when passing unsupported groups in TLS Dmitry Belyavskiy 2022-06-17 10:30:01 +0200
  • cbe5a9ff12 FIPS provider should block RSA encryption for key transport. Dmitry Belyavskiy 2022-06-16 15:11:40 +0200
  • 8638196167 Ciphersuites with RSAPSK KX should be filterd in FIPS mode Dmitry Belyavskiy 2022-06-16 15:06:45 +0200
  • 8b08b372c8 FIPS: Expose explicit indicator from fips.so Clemens Lang 2022-06-08 14:05:50 +0200
  • e859029ea0 Replace expired certificates Dmitry Belyavskiy 2022-06-03 15:31:56 +0200
  • a8a3a389ee Use KAT for ECDSA signature tests, s390 arch Dmitry Belyavskiy 2022-05-30 18:00:10 +0200
  • 96926ffe00 Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" Clemens Lang 2022-05-25 18:17:35 +0200
  • 794d81540e CVE-2022-1292 openssl: c_rehash script allows command injection Dmitry Belyavskiy 2022-05-26 12:14:19 +0200
  • a63915eb2b CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS Dmitry Belyavskiy 2022-05-26 12:07:22 +0200
  • ac312e8ff7 CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory Dmitry Belyavskiy 2022-05-26 11:57:12 +0200
  • b5de6bd830 In FIPS mode limit key sizes for signature verification Dmitry Belyavskiy 2022-05-23 15:25:42 +0200
  • 7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode Dmitry Belyavskiy 2022-05-19 14:29:23 +0200
  • b393177f7d `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode Dmitry Belyavskiy 2022-05-19 12:20:50 +0200
  • 389313b118 FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify} Clemens Lang 2022-05-23 14:53:37 +0200
  • 892b3c8109 import openssl-3.0.1-23.el9_0 imports/c9/openssl-3.0.1-23.el9_0 CentOS Sources 2022-05-17 18:34:48 -0400
  • 701577a00f import openssl-3.0.1-20.el9_0 imports/c9/openssl-3.0.1-20.el9_0 CentOS Sources 2022-05-17 06:23:28 -0400
  • 87f109e9fb Use KAT for ECDSA signature tests Dmitry Belyavskiy 2022-04-04 16:32:38 +0200
  • 69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC Dmitry Belyavskiy 2022-05-12 13:45:42 +0200
  • b4d281e4de -config argument of openssl app should work properly Dmitry Belyavskiy 2022-05-12 13:24:59 +0200
  • 1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode Dmitry Belyavskiy 2022-04-01 12:53:17 +0200
  • 4dc19fe033 Reworked patch forbidding explicit EC parameters Dmitry Belyavskiy 2022-03-24 17:45:16 +0100
  • 1447e64bc3 Include hash in FIPS module version Clemens Lang 2022-05-05 17:05:35 +0200
  • ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms Dmitry Belyavskiy 2022-05-05 17:34:49 +0200
  • 6ba0e5efa3 When FIPS provider is in use, we forbid only some padding modes - spec Dmitry Belyavskiy 2022-05-02 18:33:35 +0200
  • 067b6b249b When FIPS provider is in use, we forbid only some padding modes Dmitry Belyavskiy 2022-05-02 17:42:54 +0200
  • 02c75e5a65 We dont'want totally forbid RSA encryption. Dmitry Belyavskiy 2022-05-02 15:54:28 +0200
  • 9afaa3d1f4 Fix regression in evp_pkey_name2type caused by tr_TR locale fix Clemens Lang 2022-04-28 13:38:34 +0200
  • a711ac2e4f Fix openssl curl error with LANG=tr_TR.utf8 Dmitry Belyavskiy 2022-04-21 15:16:18 +0200
  • c0744a0cbf Temporary manual test Dmitry Belyavskiy 2022-04-21 13:20:27 +0200
  • e20814a6ed import openssl-3.0.1-20.el9_0 imports/c9-beta/openssl-3.0.1-20.el9_0 CentOS Sources 2022-04-05 07:12:41 -0400
  • 2a9b729c27 import openssl-1.1.1k-5.el8_5 imports/c8-beta/openssl-1.1.1k-5.el8_5 CentOS Sources 2022-03-29 14:38:44 -0400
  • 7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport Dmitry Belyavskiy 2022-03-28 17:38:25 +0200
  • 145dc9b8af import openssl-1.1.1k-6.el8_5 imports/c8/openssl-1.1.1k-6.el8_5 CentOS Sources 2022-03-28 03:47:20 -0400
  • 93ff3f8fe5 Fix occasional internal error in TLS when DHE is used Clemens Lang 2022-03-22 13:04:16 +0100
  • 153f593fa6 Fix SHA1 certs in LEGACY without openssl lib ctxt Clemens Lang 2022-03-18 13:35:57 +0100
  • 4eb630f7d5 Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes Clemens Lang 2022-03-17 13:36:33 +0100
  • 03697fff80 CVE-2022-0778 fix Dmitry Belyavskiy 2022-03-16 15:03:25 +0100
  • bc7dfd9722 Fix RSA PSS padding with SHA-1 disabled Clemens Lang 2022-03-10 12:47:01 +0100
  • 3c66c99bd5 Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Clemens Lang 2022-03-01 15:58:48 +0100
  • 47cc85c5fc import openssl-3.0.1-5.el9 imports/c9-beta/openssl-3.0.1-5.el9 CentOS Sources 2022-03-01 07:55:59 -0500
  • ede38fcb54 Prevent use of SHA1 with ECDSA Clemens Lang 2022-02-25 14:36:41 +0100
  • ea9f0a5726 OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters Dmitry Belyavskiy 2022-02-25 12:37:01 +0100
  • 849a9965ee Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261 Peter Robinson 2022-02-24 10:07:39 +0000
  • 53f53fedec Allow SHA1 usage in MGF1 for RSASSA-PSS signatures Clemens Lang 2022-02-23 16:56:08 +0100
  • b33dfd3fc3 Spec bump Dmitry Belyavskiy 2022-02-23 11:47:25 +0100
  • 5a9ab1160e Allow SHA1 usage in HMAC in TLS Clemens Lang 2022-02-22 19:34:36 +0100
  • 53b85f538c OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters Dmitry Belyavskiy 2022-02-22 15:20:01 +0100
  • d79f404164 Allows non-fips KDF for PKCS#12 Dmitry Belyavskiy 2022-02-21 14:33:38 +0100
  • 78fb78d307 Disable SHA1 signature creation and verification by default Clemens Lang 2022-02-22 12:21:06 +0100
  • 0a5c81da78 s_server: correctly handle 2^14 byte long records Resolves: rhbz#2042011 Sahana Prasad 2022-02-03 15:36:38 +0100
  • 9535c0d629 import openssl-3.0.0-6.el9 imports/c9-beta/openssl-3.0.0-6.el9 CentOS Sources 2022-02-01 13:14:52 -0500
  • 922b5301ea Adjust FIPS provider version Dmitry Belyavskiy 2022-02-01 15:53:47 +0100
  • 8c3b745547 On the s390x, zeroize all the copies of TLS premaster secret Dmitry Belyavskiy 2022-01-26 16:50:19 +0100
  • 92e721fa5d Rebuild Dmitry Belyavskiy 2022-01-21 14:40:57 +0100
  • 691c22b61c Remove volatile attribute from HMAC to make annocheck happy Dmitry Belyavskiy 2022-01-21 13:10:45 +0100
  • d237e7f301 Restoring fips=yes to SHA-1 Dmitry Belyavskiy 2022-01-21 10:51:59 +0100
  • 9df33eabbe KATS self-tests should run before HMAC verifcation Dmitry Belyavskiy 2022-01-19 13:40:57 +0100
  • f5421022ee Adds enable-buildtest-c++ to the configure options. Related: rhbz#1990814 Sahana Prasad 2022-01-20 15:49:15 +0100
  • 78a467efcc Rebase to upstream version 3.0.1 Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl Resolves: rhbz#2038910, rhbz#2035148 Sahana Prasad 2022-01-18 18:30:10 +0100
  • e63c4b68b2 Update spec file, remove fipsmodule.cnf Dmitry Belyavskiy 2022-01-13 13:35:22 +0100
  • 6cdaa527d8 Explicitly permit SHA1 HMAC Dmitry Belyavskiy 2022-01-13 13:34:38 +0100
  • cc37486d86 Minimize the list of services allowed for FIPS Dmitry Belyavskiy 2022-01-13 13:33:40 +0100
  • b310a85186 import openssl-3.0.0-5.el9 imports/c9-beta/openssl-3.0.0-5.el9 CentOS Sources 2022-01-11 13:32:50 -0500
  • 225b6d37b9 openssl speed should run in FIPS mode Dmitry Belyavskiy 2021-12-21 16:16:07 +0100
  • 8755b29af1 import openssl-1.1.1k-5.el8_5 imports/c8/openssl-1.1.1k-5.el8_5 CentOS Sources 2021-12-21 04:09:18 -0500
  • 13dc3794cb Make rpminspect happy Dmitry Belyavskiy 2021-12-10 14:19:15 +0100
  • c60058c17a import openssl-3.0.0-4.el9 imports/c9-beta/openssl-3.0.0-4.el9 CentOS Sources 2021-12-07 13:44:58 -0500
  • fbde049751 import openssl-3.0.0-0.beta2.7.el9 imports/c9-beta/openssl-3.0.0-0.beta2.7.el9 CentOS Sources 2021-11-03 21:17:53 -0400
  • 4c1c00d6af Updated spec, some cleanup done Dmitry Belyavskiy 2021-11-24 13:44:25 +0100
  • 9422ae52de Always activate default provider via config Dmitry Belyavskiy 2021-11-23 14:45:25 +0100
  • 210c37e906 Disable fipsinstall application Dmitry Belyavskiy 2021-11-22 14:08:48 +0100
  • 3ff0db7558 Embed correct HMAC into fips provider Dmitry Belyavskiy 2021-11-22 11:20:40 +0100
  • 5c4e10ac26 FIPS provider auto activation Dmitry Belyavskiy 2021-11-15 11:38:37 +0100
  • aa39a6dc18 import openssl-1.1.1k-5.el8_5 imports/c8s/openssl-1.1.1k-5.el8_5 CentOS Sources 2021-11-16 04:21:54 +0000
  • f7ae1c32d1 import openssl-1.1.1k-4.el8 imports/c8/openssl-1.1.1k-4.el8 CentOS Sources 2021-11-09 04:54:43 -0500