.fmf
|
Add interop rpm-tmt-tests
|
2023-05-24 15:41:56 +00:00 |
plans
|
Add interop rpm-tmt-tests
|
2023-05-24 15:41:56 +00:00 |
.gitignore
|
- Upload new upstream sources without manually hobbling them.
|
2023-05-02 11:44:53 +02:00 |
0001-Aarch64-and-ppc64le-use-lib64.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0002-Use-more-general-default-values-in-openssl.cnf.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0003-Do-not-install-html-docs.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0004-Override-default-paths-for-the-CA-directory-tree.patch
|
Provide empty evp_properties section in main OpenSSL configuration file
|
2023-10-17 12:56:38 +02:00 |
0005-apps-ca-fix-md-option-help-text.patch
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
0006-Disable-signature-verification-with-totally-unsafe-h.patch
|
Update to Beta1 version
|
2021-07-14 13:31:08 +02:00 |
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0008-Add-FIPS_mode-compatibility-macro.patch
|
Adjusting include for the FIPS_mode macro
|
2022-11-28 17:37:27 +01:00 |
0009-Add-Kernel-FIPS-mode-flag-support.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0010-Add-changes-to-ectest-and-eccurve.patch
|
- Upload new upstream sources without manually hobbling them.
|
2023-05-02 11:44:53 +02:00 |
0011-Remove-EC-curves.patch
|
Remove unsupported ec curves from nist_curves
|
2023-07-06 10:38:36 +02:00 |
0012-Disable-explicit-ec.patch
|
Forbid explicit curves when created via EVP_PKEY_fromdata
|
2023-10-17 13:26:14 +02:00 |
0013-skipped-tests-EC-curves.patch
|
- Upload new upstream sources without manually hobbling them.
|
2023-05-02 11:44:53 +02:00 |
0024-load-legacy-prov.patch
|
Add a directory for OpenSSL providers configuration
|
2024-01-31 16:39:33 +01:00 |
0025-for-tests.patch
|
Always activate default provider via config
|
2021-11-23 16:52:23 +01:00 |
0031-tmp-Fix-test-names.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0032-Force-fips.patch
|
Avoid implicit function declaration when building openssl
|
2023-10-17 13:09:34 +02:00 |
0033-FIPS-embed-hmac.patch
|
Refactor OpenSSL fips module MAC verification
|
2023-01-05 11:42:50 +01:00 |
0034.fipsinstall_disable.patch
|
Rebase to upstream version 3.0.1
|
2022-01-18 18:30:10 +01:00 |
0035-speed-skip-unavailable-dgst.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0044-FIPS-140-3-keychecks.patch
|
FIPS: abort on rsa_keygen_pairwise_test failure
|
2023-11-21 12:32:41 +01:00 |
0045-FIPS-services-minimize.patch
|
Remove the listing of brainpool curves in FIPS mode
|
2023-06-26 10:23:11 +02:00 |
0047-FIPS-early-KATS.patch
|
KATS self-tests should run before HMAC verifcation
|
2022-01-21 13:48:28 +01:00 |
0049-Selectively-disallow-SHA1-signatures.patch
|
Don't limit using SHA1 in KDFs in non-FIPS mode.
|
2023-10-16 11:06:43 +02:00 |
0050-FIPS-enable-pkcs12-mac.patch
|
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
|
2022-02-22 16:32:34 +01:00 |
0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
OpenSSL FIPS module should not build in non-approved algorithms
|
2022-05-05 17:34:49 +02:00 |
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Strict certificates validation shouldn't allow explicit EC parameters
|
2022-06-24 17:17:35 +02:00 |
0056-strcasecmp.patch
|
Avoid implicit function declaration when building openssl
|
2023-11-21 12:11:01 +01:00 |
0058-FIPS-limit-rsa-encrypt.patch
|
Limit RSA_NO_PADDING for encryption and signature in FIPS mode
|
2023-03-14 17:25:30 +01:00 |
0060-FIPS-KAT-signature-tests.patch
|
Use KAT for ECDSA signature tests, s390 arch
|
2022-05-30 18:22:47 +02:00 |
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0062-fips-Expose-a-FIPS-indicator.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0067-ppc64le-Montgomery-multiply.patch
|
Backport of ppc64le Montgomery multiply enhancement
|
2022-11-29 12:00:38 +01:00 |
0071-AES-GCM-performance-optimization.patch
|
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
|
2022-07-14 18:19:36 +02:00 |
0072-ChaCha20-performance-optimizations-for-ppc64le.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
Rebasing to OpenSSL 3.0.7
|
2022-11-24 10:31:36 +01:00 |
0075-FIPS-Use-FFDHE2048-in-self-test.patch
|
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
|
2022-08-01 17:18:12 +02:00 |
0076-FIPS-140-3-DRBG.patch
|
Increase RNG seeding buffer size to 32
|
2023-03-14 17:30:33 +01:00 |
0077-FIPS-140-3-zeroization.patch
|
Extra zeroization related to FIPS-140-3 requirements
|
2022-08-05 14:31:48 +02:00 |
0078-KDF-Add-FIPS-indicators.patch
|
Add a workaround for lack of EMS in FIPS mode
|
2023-07-12 15:56:26 +02:00 |
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
|
2022-11-21 10:39:28 +01:00 |
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
Remove support for X9.31 signature padding in FIPS mode
|
2022-11-21 10:42:34 +01:00 |
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
Add indicator for HMAC with short key lengths
|
2022-11-21 10:42:43 +01:00 |
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
pbkdf2: Set minimum password length of 8 bytes
|
2022-11-21 10:42:43 +01:00 |
0085-FIPS-RSA-disable-shake.patch
|
Disallow SHAKE in OAEP decryption in FIPS mode
|
2023-01-11 14:12:12 +01:00 |
0088-signature-Add-indicator-for-PSS-salt-length.patch
|
Limit RSA_NO_PADDING for encryption and signature in FIPS mode
|
2023-03-14 17:25:30 +01:00 |
0089-PSS-salt-length-from-provider.patch
|
Fix explicit indicator for PSS salt length
|
2022-11-29 13:23:25 +01:00 |
0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
|
Fix explicit indicator for PSS salt length
|
2022-11-29 13:23:25 +01:00 |
0091-FIPS-RSA-encapsulate.patch
|
Fix explicit indicator for PSS salt length
|
2022-11-29 13:23:25 +01:00 |
0092-provider-improvements.patch
|
Fix explicit indicator for PSS salt length
|
2022-11-29 13:23:25 +01:00 |
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
FIPS: Re-enable DHX, disable FIPS 186-4 groups
|
2023-05-23 14:01:14 +02:00 |
0101-CVE-2022-4203-nc-match.patch
|
Fixed X.509 Name Constraints Read Buffer Overflow
|
2023-02-08 17:54:11 +01:00 |
0102-CVE-2022-4304-RSA-time-oracle.patch
|
Fixed Timing Oracle in RSA Decryption
|
2023-02-08 17:54:13 +01:00 |
0103-CVE-2022-4450-pem-read-bio.patch
|
Fixed Double free after calling PEM_read_bio_ex
|
2023-02-08 17:54:13 +01:00 |
0104-CVE-2023-0215-UAF-bio.patch
|
Fixed Use-after-free following BIO_new_NDEF
|
2023-02-08 17:54:13 +01:00 |
0105-CVE-2023-0216-pkcs7-deref.patch
|
Fixed Invalid pointer dereference in d2i_PKCS7 functions
|
2023-02-08 17:54:13 +01:00 |
0106-CVE-2023-0217-dsa.patch
|
Fixed NULL dereference validating DSA public key
|
2023-02-08 17:54:13 +01:00 |
0107-CVE-2023-0286-X400.patch
|
Fixed X.400 address type confusion in X.509 GeneralName
|
2023-02-08 17:54:13 +01:00 |
0108-CVE-2023-0401-pkcs7-md.patch
|
Fixed NULL dereference during PKCS7 data verification
|
2023-02-08 17:54:13 +01:00 |
0109-fips-Zeroize-out-in-fips-selftest.patch
|
Zeroize FIPS module integrity check MAC after check
|
2023-03-14 17:23:22 +01:00 |
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
GCM: Implement explicit FIPS indicator for IV gen
|
2023-03-14 17:23:22 +01:00 |
0111-fips-Use-salt-16-bytes-in-PBKDF2-selftest.patch
|
Add explicit FIPS indicator for PBKDF2
|
2023-03-14 17:23:22 +01:00 |
0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
Add explicit FIPS indicator for PBKDF2
|
2023-03-14 17:23:22 +01:00 |
0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
Mark RSA-OAEP as approved in FIPS mode
|
2023-10-26 12:42:29 +02:00 |
0114-FIPS-enforce-EMS-support.patch
|
Add a workaround for lack of EMS in FIPS mode
|
2023-07-12 15:56:26 +02:00 |
0115-CVE-2023-0464.patch
|
Fix excessive resource usage in verifying X509 policy constraints
|
2023-04-18 09:43:21 +02:00 |
0116-CVE-2023-0465.patch
|
Fix invalid certificate policies in leaf certificates check
|
2023-04-18 09:45:07 +02:00 |
0117-CVE-2023-0466.patch
|
Certificate policy check not enabled
|
2023-04-18 09:46:41 +02:00 |
0118-CVE-2023-1255.patch
|
Input buffer over-read in AES-XTS implementation on 64 bit ARM
|
2023-04-21 12:33:25 +02:00 |
0120-RSA-PKCS15-implicit-rejection.patch
|
Backport implicit rejection for RSA PKCS#1 v1.5 encryption
|
2023-04-28 19:10:51 +02:00 |
0121-FIPS-cms-defaults.patch
|
Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
|
2023-05-22 10:58:28 +02:00 |
0122-CVE-2023-2650.patch
|
Fix possible DoS translating ASN.1 object identifiers
|
2023-05-31 16:18:19 +02:00 |
0123-ibmca-atexit-crash.patch
|
Release the DRBG in global default libctx early
|
2023-05-31 16:21:07 +02:00 |
0125-CVE-2023-2975.patch
|
AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
|
2023-10-18 11:15:19 +02:00 |
0126-CVE-2023-3446.patch
|
Excessive time spent checking DH keys and parameters
|
2023-10-18 11:18:44 +02:00 |
0127-CVE-2023-3817.patch
|
Excessive time spent checking DH q parameter value
|
2023-10-18 11:20:31 +02:00 |
0128-CVE-2023-5363.patch
|
Fix incorrect cipher key and IV length processing (CVE-2023-5363)
|
2023-10-25 12:08:21 +02:00 |
0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
Mark RSA-OAEP as approved in FIPS mode
|
2023-10-26 12:42:29 +02:00 |
0130-CVE-2023-5678.patch
|
Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
|
2023-11-08 12:39:41 +01:00 |
0131-sslgroups-memleak.patch
|
Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
|
2024-01-19 14:49:51 +01:00 |
0132-CVE-2023-6129.patch
|
POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
|
2024-01-19 14:59:04 +01:00 |
0133-CVE-2023-6237.patch
|
Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
|
2024-01-19 15:07:58 +01:00 |
0134-engine-based-ECDHE-kex.patch
|
SSL ECDHE Kex fails when pkcs11 engine is set in config file
|
2024-01-19 15:18:50 +01:00 |
0135-CVE-2024-0727.patch
|
Denial of service via null dereference in PKCS#12
|
2024-01-29 13:30:00 +01:00 |
ci.fmf
|
ci.fmf: Enable golang tests as reverse dependency
|
2023-05-29 10:01:36 +02:00 |
configuration-prefix.h
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
configuration-switch.h
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
gating.yaml
|
Temporary manual test
|
2022-04-21 13:20:27 +02:00 |
genpatches
|
Rebase to OpenSSL version 3.0.0
|
2021-04-12 00:34:30 +02:00 |
make-dummy-cert
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
Makefile.certificate
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
openssl.spec
|
Use certified FIPS module instead of freshly built one in Red Hat distribution
|
2024-02-21 10:46:29 +00:00 |
renew-dummy-cert
|
RHEL 9.0.0 Alpha bootstrap
|
2020-10-15 22:27:53 +02:00 |
rpminspect.yaml
|
Make rpminspect happy
|
2021-12-10 14:19:15 +01:00 |
sources
|
- Upload new upstream sources without manually hobbling them.
|
2023-05-02 11:44:53 +02:00 |