Sahana Prasad
78a467efcc
Rebase to upstream version 3.0.1
...
Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Resolves: rhbz#2038910, rhbz#2035148
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Dmitry Belyavskiy
e63c4b68b2
Update spec file, remove fipsmodule.cnf
...
Related: rhbz#2026445
3 years ago
Dmitry Belyavskiy
6cdaa527d8
Explicitly permit SHA1 HMAC
...
Related: rhbz#2026445
3 years ago
Dmitry Belyavskiy
cc37486d86
Minimize the list of services allowed for FIPS
...
Related: rhbz#2026445
3 years ago
Dmitry Belyavskiy
225b6d37b9
openssl speed should run in FIPS mode
...
Related: rhbz#1977318
3 years ago
Dmitry Belyavskiy
13dc3794cb
Make rpminspect happy
3 years ago
Dmitry Belyavskiy
4c1c00d6af
Updated spec, some cleanup done
...
Related: rhbz#1985362
3 years ago
Dmitry Belyavskiy
9422ae52de
Always activate default provider via config
...
Related: rhbz#1985362
3 years ago
Dmitry Belyavskiy
210c37e906
Disable fipsinstall application
...
Related: rhbz#1985362
3 years ago
Dmitry Belyavskiy
3ff0db7558
Embed correct HMAC into fips provider
...
We have stripped production version and unstripped version for tests.
Related: rhbz#1985362
3 years ago
Dmitry Belyavskiy
5c4e10ac26
FIPS provider auto activation
...
When FIPS flag is on, we load fips provider and set properties to fips.
FIPS checksum is embedded in FIPS provider itself
Related: rhbz#1985362
3 years ago
Dmitry Belyavskiy
694c426faf
Fix memory leak in s_client
...
Related: rhbz#1996092
3 years ago
Dmitry Belyavskiy
b76c2316a3
KTLS and FIPS may interfere, so tests need to be tuned
...
Resolves: rhbz#1961643
3 years ago
Dmitry Belyavskiy
3edf474b5d
Avoid double-free on error seeding the RNG.
...
Resolves: rhbz#1952844
3 years ago
Sahana Prasad
34d46544a5
Rebase to upstream version 3.0.0
...
Related: rhbz#1990814
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
07de966235
- Removes the dual-abi build as it not required anymore. The mass rebuild
...
was completed and all packages are rebuilt against Beta version.
Resolves: rhbz#1984097
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Dmitry Belyavskiy
ddd1eb3708
Correctly processing CMS reading from /dev/stdin
...
Resolves: rhbz#1986315
3 years ago
Sahana Prasad
49de59749c
Add instruction for loading legacy provider in openssl.cnf
...
Resolves: rhbz#1975836
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
03899fca38
Adds support for IDEA encryption.
...
Resolves: rhbz#1990602
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
0c6f4a599c
- Fixes core dump in openssl req -modulus
...
- Fixes 'openssl req' to not ask for password when non-encrypted private key
is used
- cms: Do not try to check binary format on stdin and -rctform fix
- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Mohan Boddu
2862adca42
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
3 years ago
Dmitry Belyavskiy
ecb6630fd3
When signature_algorithm extension is omitted, use more relevant alerts
...
Resolves: rhbz#1965017
3 years ago
Sahana Prasad
c5d8025ca8
Remove tier 0 functional test from gating.yaml.
...
These tests are removed from dist-git and are executed
as tier1 or higher tests already.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
fe7445d93d
Rebase to upstream version beta2
...
Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
0b6afca185
- Prevents creation of duplicate cert entries in PKCS #12 files
...
Resolves: rhbz#1978670
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Aleksandra Fedorova
b7c6b85c95
Add RHEL gating configuration
3 years ago
Sahana Prasad
e3d0ba4f1e
NVR Bump to Update to OpenSSL 3.0 Beta1 version
...
Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
529b968a17
Update patch dual-abi.patch to add the #define macros in implementation
...
files instead of public header files
Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
a3158ae4f7
Removes unused patch dual-abi.patch
...
Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
d4e97b3110
Update to Beta1 version
...
Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
90bf702df6
- Fixes override of openssl_conf in openssl.cnf
...
- Use AI_ADDRCONFIG only when explicit host name is given
- Temporarily remove fipsmodule.cnf for arch i686
- Fixes segmentation fault in BN_lebin2bn
Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
4f728a9f3f
Fixes override of openssl_conf in openssl.cnf
...
Resolves: rhbz#1975847
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
826e7990ea
Adds FIPS mode compatibility patch
...
Related: rhbz#1977318
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
240131b9eb
- Fixes system hang issue when booted in FIPS mode
...
- Temporarily disable downstream FIPS patches
Related: rhbz#1977318
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Mohan Boddu
220d8a96f5
Spec bump and changelog for Speeding up building openssl
...
Related: rhbz#1903209
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
3 years ago
Dmitry Belyavskiy
b0a763c723
Speeding up building openssl
...
Resolves: rhbz#1903209
Signed-off-by: Dmitry Belyavskiy <dbelyavs@redhat.com>
3 years ago
Sahana Prasad
e863fff325
Fix reading SPKAC data from stdin
...
Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
Return 0 after cleanup in OPENSSL_init_crypto()
Cleanup the peer point formats on regotiation
Fix default digest to SHA256
Resolves: rhbz#1958045, rhbz#1952850, rhbz#1961687
Related: rhbz#1958033
Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago
Sahana Prasad
5fa0564b3a
Enable FIPS via config options
...
Resolves: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
4 years ago
Sahana Prasad
ef962954ab
Update to alpha 16 version
...
Avoids sending alert after orderly connection close
Resolves: rhbz#1952901, rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
4 years ago
Sahana Prasad
eeabdb936d
Merge gitlab.com:redhat/centos-stream/rpms/openssl into c9s
4 years ago
Sahana Prasad
007b0e01a9
Update to alpha 15 version
...
Resolves: openssl speed crashes rhbz#1952598
Resolves: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
4 years ago
Mohan Boddu
620c697740
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
...
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
4 years ago
Sahana Prasad
ec7ef62793
Rebase to OpenSSL version 3.0.0
...
Note: This is a W.I.P as this is a huge rebase.
Resolves: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
4 years ago
DistroBaker
098f88f008
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#0f5f931f9a64a3fe3221c75ed799914cfd90b0db
4 years ago
DistroBaker
5865f97b4f
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
4 years ago
DistroBaker
efa5f39ef0
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
4 years ago
DistroBaker
f731f488ac
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#fb8e66a58fb43344f23aefb4eaefe1b6ca04a80d
4 years ago
DistroBaker
6cc21a3e02
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#d34c6392bf98cf355fca2f80538dcfdfd5c281f1
4 years ago
DistroBaker
e33651f416
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#a07706cf0e50b02a61d3cb10ecad554d4ac4240c
4 years ago
DistroBaker
a99ab8f40a
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/openssl.git#3413ff9700373616a74dcf14fe75868d046e22e2
4 years ago