openssl3

Commit Graph

Author	SHA1	Message	Date
Dmitry Belyavskiy	2c5c3fcced	Rebasing to OpenSSL 3.2.1 Resolves: RHEL-26271	10 months ago
Sahana Prasad	05b87f449d	Remove the listing of brainpool curves in FIPS mode Related: rhbz#2188180 Signed-off-by: Sahana Prasad <sahana@redhat.com>	2 years ago
Sahana Prasad	05bbcc9920	- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180 Signed-off-by: Sahana Prasad <sahana@redhat.com>	2 years ago
Dmitry Belyavskiy	4999352324	OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819	2 years ago
Dmitry Belyavskiy	477d91adec	Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063	2 years ago
Dmitry Belyavskiy	f4e1bded66	Improve diagnostics when passing unsupported groups in TLS Related: rhbz#2070197	3 years ago
Dmitry Belyavskiy	8638196167	Ciphersuites with RSAPSK KX should be filterd in FIPS mode Related: rhbz#2085088	3 years ago
Dmitry Belyavskiy	b5de6bd830	In FIPS mode limit key sizes for signature verification Resolves: rhbz#2077884	3 years ago
Dmitry Belyavskiy	7bc4f9f094	Ciphersuites with RSA KX should be filterd in FIPS mode Related: rhbz#2085088	3 years ago
Dmitry Belyavskiy	b393177f7d	`openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode Resolves: rhbz#2083240	3 years ago
Dmitry Belyavskiy	69c1abb4df	openssl req defaults on PKCS#8 encryption changed to AES-256-CBC Resolves: rhbz#2063947	3 years ago
Dmitry Belyavskiy	1b2d08b2c2	Adaptation of upstream patches disabling explicit EC parameters in FIPS mode Resolves: rhbz#2058663	3 years ago
Dmitry Belyavskiy	ad863e9fc8	OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2081378	3 years ago
Dmitry Belyavskiy	02c75e5a65	We dont'want totally forbid RSA encryption. Related: rhbz#2053289	3 years ago
Dmitry Belyavskiy	7a1c7b28bc	FIPS provider doesn't block RSA encryption for key transport Resolves: rhbz#2053289	3 years ago
Dmitry Belyavskiy	922b5301ea	Adjust FIPS provider version FIPS provider version is now autofilled from release and date Related: rhbz#2026445	3 years ago
Dmitry Belyavskiy	d237e7f301	Restoring fips=yes to SHA-1 Related: rhbz#2026445	3 years ago
Dmitry Belyavskiy	cc37486d86	Minimize the list of services allowed for FIPS Related: rhbz#2026445	3 years ago

18 Commits (d53f31aa805e037f96e1517ba19c439848151edf)