Compare commits

..

No commits in common. "c9" and "c8" have entirely different histories.
c9 ... c8

2 changed files with 48 additions and 127 deletions

View File

@ -1,32 +0,0 @@
From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
From: Simon Chopin <simon.chopin@canonical.com>
Date: Mon, 13 Dec 2021 15:20:55 +0100
Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
This function has been removed from OpenSSL 3.0, replaced by
EVP_default_properties_is_fips_enabled().
Closes #50
---
src/dhparams.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/dhparams.c b/src/dhparams.c
index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
--- a/src/dhparams.c
+++ b/src/dhparams.c
@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
}
/* Check non-FIPS groups */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (!FIPS_mode ())
+#else
+ if (!EVP_default_properties_is_fips_enabled(NULL))
+#endif
{
i = 0;
while (dh_nonfips_groups[i])
--
2.31.1

View File

@ -26,11 +26,11 @@ BuildRequires: ninja-build
BuildRequires: help2man
Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
Patch: 0002-Correct-certificate-lifetime-calculation.patch
Patch: 0003-Truncate-IP-address-in-SAN.patch
Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
Patch0003: 0003-Truncate-IP-address-in-SAN.patch
Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
%description
A utility to aid in the creation of more secure "self-signed"
@ -61,115 +61,69 @@ false signatures from the service certificate.
%{_mandir}/man8/%{name}.8*
%changelog
* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
- Related: rhbz#2083879
* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
- Correctly apply the patch for default dhparams
- Resolves: rhbz#2143206
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
- Don't fail if default dhparams file can't be created
- Resolves: rhbz#2149064
- Resolves: rhbz#2143206
* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
- Handle IP addresses in subjectAlternativeName correctly
- Resolves: rhbz#2061923
* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
- Rebase to sscg 3.0.0
- Resolves: rhbz#2107369
- Resolves: rhbz#2091525
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
- Correct certificate lifetime calculation
- Resolves: rhbz#2017667
* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
- Fix certificate lifetime calculation
- Resolves: rhbz#2091525
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
- Properly handling reading long passphrase files.
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
- Drop usage of removed macro ERR_GET_FUNC()
- Related: rhbz#1964837
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
- Fix missing error check for --*-key-passfile
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
- Release 3.0.0
- Support for OpenSSL 3.0
- Support for outputting named Diffie-Hellman parameter groups
- Support for CentOS Stream 9
- Resolves: rhbz#1984468
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
- Improve validation of command-line arguments
- Resolves: rhbz#1784441
- Resolves: rhbz#1784443
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
- Further improve --client-key-file help message
- Resolves: rhbz#1720667
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
- OpenSSL 3.0 compatibility: fix RSA key-generation test
- Resolves: rhbz#1964837
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
- Fix incorrect help message
- Resolves: rhbz#1720667
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
- Fix null-dereference and memory leak issues with client certs
- Resolves: rhbz#1720667
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
- Fixing incorrect license declaration
* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
- Add support for generating client authentication certificates
- Resolves: rhbz#1720667
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
- Updating to rebuild against the latest glibc
* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
- Add support for password-protecting the private key files
- Resolves: rhbz#1717880
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
- Fixes for issues detected by automated testing.
- Resolves: rhbz#1653323
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
- Update to 2.6.2
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
- Drop upstreamed patch
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
- Rebuild with corrected ELN macro definitions
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
- Don't bother running clang-format in the RPM build
- Lengthen the test timeout so ARM tests pass
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
- Bugfixes from upstream
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
- Fix incorrect help description for --client-key-file
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
- Update to 2.6.0
- Can now generate an empty CRL file.
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
- Support for setting a password on private keys.
- Support for generating a client authentication certificate and key.
- Better support for OpenSSL 1.0
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
- Update to 2.5.1
- Fixes discovered by automated testing.
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
- Update to 2.5.0
- Auto-detect the hash algorithm to use by default.
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
- Update to 2.4.0
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
- Autodetect the minimum key strength from the system security level.
- Autodetect the hash algorithm to use from the system security level.
- Disallow setting a key strength below the system minimum.
- Drop upstreamed patches
- Resolves: rhbz#1653323
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
- Add a manpage.
- Add a manpage for sscg.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
- Strip out bundled popt since RHEL 8 has a new-enough version.
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@ -312,4 +266,3 @@ false signatures from the service certificate.
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
- First packaging