rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity
Utilities from the general purpose cryptography library with TLS implementation
172 Commits 10 Branches 65 Tags 7.2 MiB
C 97.3%
Shell 2.7%
05bbcc9920
Go to file
Sahana Prasad 05bbcc9920 - Upload new upstream sources without manually hobbling them. 
- Remove the hobbling script as it is redundant. It is now allowed to ship
  the sources of patented EC curves, however it is still made unavailable to use
  by compiling with the 'no-ec2m' Configure option. The additional forbidden
  curves such as P-160, P-192, wap-tls curves are manually removed by updating
  0011-Remove-EC-curves.patch.
- Enable Brainpool curves.
- Apply the changes to ec_curve.c and  ectest.c as a new patch
  0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
- Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
  Resolves: rhbz#2130618, rhbz#2188180

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-05-02 11:44:53 +02:00
.gitignore - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
0001-Aarch64-and-ppc64le-use-lib64.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0002-Use-more-general-default-values-in-openssl.cnf.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0003-Do-not-install-html-docs.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0004-Override-default-paths-for-the-CA-directory-tree.patch Fixes override of openssl_conf in openssl.cnf 2021-07-06 13:56:08 +02:00
0005-apps-ca-fix-md-option-help-text.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0006-Disable-signature-verification-with-totally-unsafe-h.patch Update to Beta1 version 2021-07-14 13:31:08 +02:00
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0008-Add-FIPS_mode-compatibility-macro.patch Adjusting include for the FIPS_mode macro 2022-11-28 17:37:27 +01:00
0009-Add-Kernel-FIPS-mode-flag-support.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0010-Add-changes-to-ectest-and-eccurve.patch - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
0011-Remove-EC-curves.patch - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
0012-Disable-explicit-ec.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0013-skipped-tests-EC-curves.patch - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
0024-load-legacy-prov.patch Always activate default provider via config 2021-11-23 16:52:23 +01:00
0025-for-tests.patch Always activate default provider via config 2021-11-23 16:52:23 +01:00
0031-tmp-Fix-test-names.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0032-Force-fips.patch -config argument of openssl app should work properly 2022-05-12 13:29:27 +02:00
0033-FIPS-embed-hmac.patch Refactor OpenSSL fips module MAC verification 2023-01-05 11:42:50 +01:00
0034.fipsinstall_disable.patch Rebase to upstream version 3.0.1 2022-01-18 18:30:10 +01:00
0035-speed-skip-unavailable-dgst.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0044-FIPS-140-3-keychecks.patch Fix Wpointer-sign compiler warning 2023-03-16 14:08:55 +01:00
0045-FIPS-services-minimize.patch - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
0047-FIPS-early-KATS.patch KATS self-tests should run before HMAC verifcation 2022-01-21 13:48:28 +01:00
0049-Selectively-disallow-SHA1-signatures.patch Pairwise consistency tests should use Digest+Sign/Verify 2023-03-14 17:27:15 +01:00
0050-FIPS-enable-pkcs12-mac.patch OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters 2022-02-22 16:32:34 +01:00
0051-Support-different-R_BITS-lengths-for-KBKDF.patch OpenSSL FIPS module should not build in non-approved algorithms 2022-05-05 17:34:49 +02:00
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Strict certificates validation shouldn't allow explicit EC parameters 2022-06-24 17:17:35 +02:00
0056-strcasecmp.patch We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream 2022-11-25 19:23:22 +01:00
0058-FIPS-limit-rsa-encrypt.patch Limit RSA_NO_PADDING for encryption and signature in FIPS mode 2023-03-14 17:25:30 +01:00
0060-FIPS-KAT-signature-tests.patch Use KAT for ECDSA signature tests, s390 arch 2022-05-30 18:22:47 +02:00
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0062-fips-Expose-a-FIPS-indicator.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0067-ppc64le-Montgomery-multiply.patch Backport of ppc64le Montgomery multiply enhancement 2022-11-29 12:00:38 +01:00
0071-AES-GCM-performance-optimization.patch Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le 2022-07-14 18:19:36 +02:00
0072-ChaCha20-performance-optimizations-for-ppc64le.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0075-FIPS-Use-FFDHE2048-in-self-test.patch FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign 2022-08-01 17:18:12 +02:00
0076-FIPS-140-3-DRBG.patch Increase RNG seeding buffer size to 32 2023-03-14 17:30:33 +01:00
0077-FIPS-140-3-zeroization.patch Extra zeroization related to FIPS-140-3 requirements 2022-08-05 14:31:48 +02:00
0078-KDF-Add-FIPS-indicators.patch Fix X942KDF indicator for short output key lengths 2023-03-16 16:40:54 +01:00
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC 2022-11-21 10:39:28 +01:00
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch Remove support for X9.31 signature padding in FIPS mode 2022-11-21 10:42:34 +01:00
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Add indicator for HMAC with short key lengths 2022-11-21 10:42:43 +01:00
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch pbkdf2: Set minimum password length of 8 bytes 2022-11-21 10:42:43 +01:00
0085-FIPS-RSA-disable-shake.patch Disallow SHAKE in OAEP decryption in FIPS mode 2023-01-11 14:12:12 +01:00
0088-signature-Add-indicator-for-PSS-salt-length.patch Limit RSA_NO_PADDING for encryption and signature in FIPS mode 2023-03-14 17:25:30 +01:00
0089-PSS-salt-length-from-provider.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0090-signature-Clamp-PSS-salt-len-to-MD-len.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0091-FIPS-RSA-encapsulate.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0092-provider-improvements.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0093-FIPS-nodhx.patch Disable DHX keys completely in FIPS mode 2023-03-14 17:28:24 +01:00
0101-CVE-2022-4203-nc-match.patch Fixed X.509 Name Constraints Read Buffer Overflow 2023-02-08 17:54:11 +01:00
0102-CVE-2022-4304-RSA-time-oracle.patch Fixed Timing Oracle in RSA Decryption 2023-02-08 17:54:13 +01:00
0103-CVE-2022-4450-pem-read-bio.patch Fixed Double free after calling PEM_read_bio_ex 2023-02-08 17:54:13 +01:00
0104-CVE-2023-0215-UAF-bio.patch Fixed Use-after-free following BIO_new_NDEF 2023-02-08 17:54:13 +01:00
0105-CVE-2023-0216-pkcs7-deref.patch Fixed Invalid pointer dereference in d2i_PKCS7 functions 2023-02-08 17:54:13 +01:00
0106-CVE-2023-0217-dsa.patch Fixed NULL dereference validating DSA public key 2023-02-08 17:54:13 +01:00
0107-CVE-2023-0286-X400.patch Fixed X.400 address type confusion in X.509 GeneralName 2023-02-08 17:54:13 +01:00
0108-CVE-2023-0401-pkcs7-md.patch Fixed NULL dereference during PKCS7 data verification 2023-02-08 17:54:13 +01:00
0109-fips-Zeroize-out-in-fips-selftest.patch Zeroize FIPS module integrity check MAC after check 2023-03-14 17:23:22 +01:00
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch GCM: Implement explicit FIPS indicator for IV gen 2023-03-14 17:23:22 +01:00
0111-fips-Use-salt-16-bytes-in-PBKDF2-selftest.patch Add explicit FIPS indicator for PBKDF2 2023-03-14 17:23:22 +01:00
0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch Add explicit FIPS indicator for PBKDF2 2023-03-14 17:23:22 +01:00
0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Change explicit FIPS indicator for RSA decryption to unapproved 2023-03-24 16:00:24 +01:00
0114-FIPS-enforce-EMS-support.patch Enforce using EMS in FIPS mode 2023-04-18 09:40:37 +02:00
0115-CVE-2023-0464.patch Fix excessive resource usage in verifying X509 policy constraints 2023-04-18 09:43:21 +02:00
0116-CVE-2023-0465.patch Fix invalid certificate policies in leaf certificates check 2023-04-18 09:45:07 +02:00
0117-CVE-2023-0466.patch Certificate policy check not enabled 2023-04-18 09:46:41 +02:00
0118-CVE-2023-1255.patch Input buffer over-read in AES-XTS implementation on 64 bit ARM 2023-04-21 12:33:25 +02:00
0120-RSA-PKCS15-implicit-rejection.patch Backport implicit rejection for RSA PKCS#1 v1.5 encryption 2023-04-28 19:10:51 +02:00
configuration-prefix.h Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
configuration-switch.h Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
gating.yaml Temporary manual test 2022-04-21 13:20:27 +02:00
genpatches Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
make-dummy-cert RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
Makefile.certificate RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
openssl.spec - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00
renew-dummy-cert RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
rpminspect.yaml Make rpminspect happy 2021-12-10 14:19:15 +01:00
sources - Upload new upstream sources without manually hobbling them. 2023-05-02 11:44:53 +02:00