rpms
/
openssl
8
1
Fork 0
Code Issues Pull Requests Releases Activity
Utilities from the general purpose cryptography library with TLS implementation
137 Commits 6 Branches 47 Tags 3.7 MiB
C 97.3%
Shell 2.7%
Go to file
Clemens Lang c0667361a5 Fix explicit indicator for PSS salt length 
The previous state of the patch did not work correctly when used with
negative salt lengths, which OpenSSL uses a magic values. Setting the
saltlength to max would yield an approved state in the indicator, while
it is not approved.

Additionally, update the patch to change the default PSS salt length
with the current state of discussion upstream (see
https://github.com/openssl/openssl/pull/19724).

Resolves: rhbz#2142087
Signed-off-by: Clemens Lang <cllang@redhat.com>
 		2022-11-29 13:23:25 +01:00
.gitignore Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0001-Aarch64-and-ppc64le-use-lib64.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0002-Use-more-general-default-values-in-openssl.cnf.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0003-Do-not-install-html-docs.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0004-Override-default-paths-for-the-CA-directory-tree.patch Fixes override of openssl_conf in openssl.cnf 2021-07-06 13:56:08 +02:00
0005-apps-ca-fix-md-option-help-text.patch Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
0006-Disable-signature-verification-with-totally-unsafe-h.patch Update to Beta1 version 2021-07-14 13:31:08 +02:00
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0008-Add-FIPS_mode-compatibility-macro.patch Adjusting include for the FIPS_mode macro 2022-11-28 17:37:27 +01:00
0009-Add-Kernel-FIPS-mode-flag-support.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0011-Remove-EC-curves.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0012-Disable-explicit-ec.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0024-load-legacy-prov.patch Always activate default provider via config 2021-11-23 16:52:23 +01:00
0025-for-tests.patch Always activate default provider via config 2021-11-23 16:52:23 +01:00
0031-tmp-Fix-test-names.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0032-Force-fips.patch -config argument of openssl app should work properly 2022-05-12 13:29:27 +02:00
0033-FIPS-embed-hmac.patch Remove volatile attribute from HMAC to make annocheck happy 2022-01-21 13:48:28 +01:00
0034.fipsinstall_disable.patch Rebase to upstream version 3.0.1 2022-01-18 18:30:10 +01:00
0035-speed-skip-unavailable-dgst.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0044-FIPS-140-3-keychecks.patch Use signature for RSA pairwise test according FIPS-140-3 requirements 2022-08-05 14:31:48 +02:00
0045-FIPS-services-minimize.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0047-FIPS-early-KATS.patch KATS self-tests should run before HMAC verifcation 2022-01-21 13:48:28 +01:00
0049-Selectively-disallow-SHA1-signatures.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0050-FIPS-enable-pkcs12-mac.patch OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters 2022-02-22 16:32:34 +01:00
0051-Support-different-R_BITS-lengths-for-KBKDF.patch OpenSSL FIPS module should not build in non-approved algorithms 2022-05-05 17:34:49 +02:00
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Strict certificates validation shouldn't allow explicit EC parameters 2022-06-24 17:17:35 +02:00
0056-strcasecmp.patch We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream 2022-11-25 19:23:22 +01:00
0058-FIPS-limit-rsa-encrypt.patch FIPS provider should block RSA encryption for key transport. 2022-06-24 17:17:35 +02:00
0060-FIPS-KAT-signature-tests.patch Use KAT for ECDSA signature tests, s390 arch 2022-05-30 18:22:47 +02:00
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0062-fips-Expose-a-FIPS-indicator.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0067-ppc64le-Montgomery-multiply.patch Backport of ppc64le Montgomery multiply enhancement 2022-11-29 12:00:38 +01:00
0071-AES-GCM-performance-optimization.patch Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le 2022-07-14 18:19:36 +02:00
0072-ChaCha20-performance-optimizations-for-ppc64le.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00
0075-FIPS-Use-FFDHE2048-in-self-test.patch FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign 2022-08-01 17:18:12 +02:00
0076-FIPS-140-3-DRBG.patch Reseed all the parent DRBGs in chain on reseeding a DRBG 2022-08-05 14:31:48 +02:00
0077-FIPS-140-3-zeroization.patch Extra zeroization related to FIPS-140-3 requirements 2022-08-05 14:31:48 +02:00
0078-Add-FIPS-indicator-parameter-to-HKDF.patch Add indicator for SP 800-108 KDFs w/short keys 2022-11-21 10:42:43 +01:00
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC 2022-11-21 10:39:28 +01:00
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch Remove support for X9.31 signature padding in FIPS mode 2022-11-21 10:42:34 +01:00
0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch Add indicator for SP 800-108 KDFs w/short keys 2022-11-21 10:42:43 +01:00
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Add indicator for HMAC with short key lengths 2022-11-21 10:42:43 +01:00
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch pbkdf2: Set minimum password length of 8 bytes 2022-11-21 10:42:43 +01:00
0085-FIPS-RSA-disable-shake.patch SHAKE-128/256 are not allowed with RSA in FIPS mode 2022-11-21 10:23:09 +01:00
0088-signature-Add-indicator-for-PSS-salt-length.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0089-PSS-salt-length-from-provider.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0090-signature-Clamp-PSS-salt-len-to-MD-len.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0091-FIPS-RSA-encapsulate.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
0092-provider-improvements.patch Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
Makefile.certificate RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
configuration-prefix.h Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
configuration-switch.h Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
ec_curve.c Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
ectest.c Reworked patch forbidding explicit EC parameters 2022-05-06 16:51:28 +02:00
gating.yaml Temporary manual test 2022-04-21 13:20:27 +02:00
genpatches Rebase to OpenSSL version 3.0.0 2021-04-12 00:34:30 +02:00
hobble-openssl RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
make-dummy-cert RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
openssl.spec Fix explicit indicator for PSS salt length 2022-11-29 13:23:25 +01:00
renew-dummy-cert RHEL 9.0.0 Alpha bootstrap 2020-10-15 22:27:53 +02:00
rpminspect.yaml Make rpminspect happy 2021-12-10 14:19:15 +01:00
sources Rebasing to OpenSSL 3.0.7 2022-11-24 10:31:36 +01:00