rpms
/
openssl3
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit Graph

  • 814ca724ca import openssl3-3.2.2-2.1.el8 changed/i8ce/openssl3-3.2.2-2.1.el8 i8ce MSVSphere Packaging Team 2024-06-19 01:36:22 +0300
  • 828ce3ea06
         Merge remote-tracking branch 'gitlab/c9s' into epel8 imports/epel8/openssl3-3.2.2-2.1.el8 epel8 Michel Lind 2024-06-17 16:13:21 +0200
  • d53f31aa80 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers Daiki Ueno 2024-06-12 20:19:44 +0900
  • ed09ce6530 Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and Minerva attack. Dmitry Belyavskiy 2024-06-05 15:05:20 +0200
  • bd9060b13c Update RNG changing for FIPS purpose Dmitry Belyavskiy 2024-05-23 16:02:16 +0200
  • 2e26a3def6 import openssl3-3.2.1-1.2.el8 changed/i8ce/openssl3-3.2.1-1.2.el8 MSVSphere Packaging Team 2024-05-03 01:37:09 +0300
  • 488971d8fd
         Drop openssl-fips-provider requirement, accidentally included due to incorrect gating imports/epel8/openssl3-3.2.1-1.2.el8 Michel Lind 2024-05-02 10:34:21 -0500
  • 729897f211 import openssl3-3.2.1-1.1.el8 changed/i8ce/openssl3-3.2.1-1.1.el8 MSVSphere Packaging Team 2024-04-24 01:37:15 +0300
  • 5768e3c033
         Merge c9s openssl changes to pick up CVE fixes imports/epel8/openssl3-3.2.1-1.1.el8 Michel Lind 2024-04-22 18:05:41 -0500
  • 39094b83a8
         Merge remote-tracking branch 'gitlab/c9s' into epel8 Michel Lind 2024-04-22 16:34:44 -0500
  • 2c5c3fcced Rebasing to OpenSSL 3.2.1 Dmitry Belyavskiy 2024-04-04 10:44:19 +0200
  • 08aed3fd41 import openssl3-3.0.7-5.el8.1 changed/i8ce/openssl3-3.0.7-5.el8.1 MSVSphere Packaging Team 2024-03-20 02:12:43 +0300
  • f0463059e0
         import openssl3-3.0.7-5.el8.1 i8e changed/i8e/openssl3-3.0.7-5.el8.1 Arkady L. Shane 2024-02-24 19:05:59 +0300
  • 8e5beb7708 Use certified FIPS module instead of freshly built one in Red Hat distribution Dmitry Belyavskiy 2024-02-21 11:36:30 +0100
  • b9f699b8a8 Use certified FIPS module instead of freshly built one in Red Hat distribution Dmitry Belyavskiy 2024-01-29 17:28:37 +0100
  • 50997010d1 Add a directory for OpenSSL providers configuration Dmitry Belyavskiy 2024-01-31 16:39:33 +0100
  • e6e479521b Denial of service via null dereference in PKCS#12 Dmitry Belyavskiy 2024-01-29 13:30:00 +0100
  • 08c722bcd1 SSL ECDHE Kex fails when pkcs11 engine is set in config file Dmitry Belyavskiy 2024-01-19 15:18:50 +0100
  • 0707122b95 Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Dmitry Belyavskiy 2024-01-19 15:07:58 +0100
  • 3c49cf388a POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Dmitry Belyavskiy 2024-01-19 14:59:04 +0100
  • 6c9dd70b94 Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Dmitry Belyavskiy 2024-01-19 14:49:51 +0100
  • e7c35f0ede Add a directory for OpenSSL providers configuration Dmitry Belyavskiy 2023-11-24 16:16:54 +0100
  • db02879351 FIPS: abort on rsa_keygen_pairwise_test failure Clemens Lang 2023-11-21 12:16:05 +0100
  • 67bb06894f Avoid implicit function declaration when building openssl Dmitry Belyavskiy 2023-11-21 12:11:01 +0100
  • f1d5ccdb6e Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Dmitry Belyavskiy 2023-11-08 12:08:38 +0100
  • 72772f737e Add missing ECDH Public Key Check in FIPS mode Dmitry Belyavskiy 2023-11-08 11:55:53 +0100
  • 9a075c13c3 Mark RSA-OAEP as approved in FIPS mode Clemens Lang 2023-10-19 12:47:52 +0200
  • 66dddb942c Fix incorrect cipher key and IV length processing (CVE-2023-5363) Dmitry Belyavskiy 2023-10-25 12:06:55 +0200
  • 6e0d3b16e6 Excessive time spent checking DH q parameter value Dmitry Belyavskiy 2023-10-18 11:20:31 +0200
  • d6248f76c4 Excessive time spent checking DH keys and parameters Dmitry Belyavskiy 2023-10-18 11:17:41 +0200
  • 6775e82636 AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries Dmitry Belyavskiy 2023-10-18 11:15:19 +0200
  • fa5df9d74b Forbid explicit curves when created via EVP_PKEY_fromdata Dmitry Belyavskiy 2023-10-17 13:26:14 +0200
  • 92436854f9 Avoid implicit function declaration when building openssl Dmitry Belyavskiy 2023-10-17 13:09:34 +0200
  • ec6d7cf272 Provide empty evp_properties section in main OpenSSL configuration file Dmitry Belyavskiy 2023-10-17 12:56:38 +0200
  • 223304543a Don't limit using SHA1 in KDFs in non-FIPS mode. Dmitry Belyavskiy 2023-10-16 11:06:19 +0200
  • 131e7d1602 Provide relevant diagnostics when FIPS checksum is corrupted Dmitry Belyavskiy 2023-10-12 14:07:54 +0200
  • d30c497ed1 Make FIPS module configuration more crypto-policies friendly Dmitry Belyavskiy 2023-07-12 17:59:35 +0200
  • 217cd631e8 Add a workaround for lack of EMS in FIPS mode Dmitry Belyavskiy 2023-07-11 16:37:16 +0200
  • 8fb737bf79 Remove unsupported ec curves from nist_curves Resolves: rhbz#2069336 Sahana Prasad 2023-07-06 10:38:36 +0200
  • 05b87f449d Remove the listing of brainpool curves in FIPS mode Related: rhbz#2188180 Signed-off-by: Sahana Prasad <sahana@redhat.com> Sahana Prasad 2023-06-26 10:15:57 +0200
  • d1a87553bb Release the DRBG in global default libctx early Dmitry Belyavskiy 2023-05-31 16:21:07 +0200
  • df4dd7dd7f Fix possible DoS translating ASN.1 object identifiers Dmitry Belyavskiy 2023-05-30 16:29:57 +0200
  • 103d3109dc ci.fmf: Enable golang tests as reverse dependency Daiki Ueno 2023-05-29 09:52:49 +0200
  • 34e7dd5be4 Add interop rpm-tmt-tests Peter Leitmann 2023-05-24 15:41:56 +0000
  • b1d3f019d4 FIPS: Re-enable DHX, disable FIPS 186-4 groups Clemens Lang 2023-05-23 14:01:14 +0200
  • 57f6d8f4a4 Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode Dmitry Belyavskiy 2023-05-19 17:47:59 +0200
  • 032dc0839c Enforce using EMS in FIPS mode - better alerts Dmitry Belyavskiy 2023-05-09 12:44:49 +0200
  • 05bbcc9920 - Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180 Sahana Prasad 2023-04-03 13:23:50 +0200
  • 45cb3a6b4e Backport implicit rejection for RSA PKCS#1 v1.5 encryption Dmitry Belyavskiy 2023-04-28 19:09:47 +0200
  • 7680abf05d Input buffer over-read in AES-XTS implementation on 64 bit ARM Dmitry Belyavskiy 2023-04-21 12:33:25 +0200
  • 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode Dmitry Belyavskiy 2023-04-17 16:08:19 +0200
  • ba8edd5ea8 Certificate policy check not enabled Dmitry Belyavskiy 2023-04-17 15:46:46 +0200
  • 70a27e0ae3 Fix invalid certificate policies in leaf certificates check Dmitry Belyavskiy 2023-04-17 15:41:21 +0200
  • 90306b7fd8 Fix excessive resource usage in verifying X509 policy constraints Dmitry Belyavskiy 2023-04-17 15:29:43 +0200
  • 35f22d134e Enforce using EMS in FIPS mode Dmitry Belyavskiy 2023-04-17 13:34:16 +0200
  • 0dea6db970 Change explicit FIPS indicator for RSA decryption to unapproved Clemens Lang 2023-03-24 16:00:21 +0100
  • 1bd2a0cee3 Add missing patchfile, fix gettable params Clemens Lang 2023-03-20 20:09:04 +0100
  • 1bd49c394a Add explicit FIPS indicator to RSA encryption and RSASVE Clemens Lang 2023-03-17 15:56:07 +0100
  • 21d2b9fb47 Fix X942KDF indicator for short output key lengths Clemens Lang 2023-03-16 16:39:03 +0100
  • e5f783d552 Fix Wpointer-sign compiler warning Clemens Lang 2023-03-16 14:08:53 +0100
  • 6eb72dd621 Increase RNG seeding buffer size to 32 Dmitry Belyavskiy 2023-03-13 12:35:42 +0100
  • fb4b72ff2f DH PCT should abort on failure Dmitry Belyavskiy 2023-03-10 12:36:43 +0100
  • bfdbb139b4 Disable DHX keys completely in FIPS mode Dmitry Belyavskiy 2023-03-09 14:26:19 +0100
  • 960e6deebf Abort on PCT failure Dmitry Belyavskiy 2023-02-23 14:39:15 +0100
  • dd6f0d33c8 Remove previous low-level PCT Dmitry Belyavskiy 2023-02-22 16:22:19 +0100
  • fa195e46a2 Pairwise consistency tests should use Digest+Sign/Verify Dmitry Belyavskiy 2023-02-20 15:30:43 +0100
  • d2996a9b03 Limit RSA_NO_PADDING for encryption and signature in FIPS mode Dmitry Belyavskiy 2023-02-15 17:16:58 +0100
  • d60644ea6a Add explicit FIPS indicator for PBKDF2 Clemens Lang 2023-03-06 13:06:21 +0100
  • 50cb33e688 GCM: Implement explicit FIPS indicator for IV gen Clemens Lang 2023-02-17 18:39:37 +0100
  • 58955140b6 Zeroize FIPS module integrity check MAC after check Clemens Lang 2023-02-17 13:44:47 +0100
  • 6a9e17a8c1 KDF: Add FIPS indicators Clemens Lang 2023-02-16 17:55:03 +0100
  • 9ebabfa10a Stop everlasting RNG reseeding Dmitry Belyavskiy 2023-03-01 19:56:51 +0100
  • 0c023023d6 Revert "We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream" imports/epel8/openssl3-3.0.7-5.el8.1 Michel Alexandre Salim 2023-02-10 12:10:53 -0600
  • a3e063a370
         Merge branch 'c9s' into epel8 Michel Alexandre Salim 2023-02-09 12:33:20 -0600
  • 03bb2c6094
         Merge commit '39f800af50db23de7aa01ebd56c8132589ad36a8' into epel8 Michel Alexandre Salim 2023-02-09 12:31:58 -0600
  • 9d8f618208 Fixed NULL dereference during PKCS7 data verification Dmitry Belyavskiy 2023-02-08 12:07:16 +0100
  • 8673fb7c22 Fixed X.400 address type confusion in X.509 GeneralName Dmitry Belyavskiy 2023-02-08 12:00:43 +0100
  • 0f4062ead5 Fixed NULL dereference validating DSA public key Dmitry Belyavskiy 2023-02-08 11:58:07 +0100
  • 5e4feef220 Fixed Invalid pointer dereference in d2i_PKCS7 functions Dmitry Belyavskiy 2023-02-08 11:55:32 +0100
  • b889341096 Fixed Use-after-free following BIO_new_NDEF Dmitry Belyavskiy 2023-02-08 11:52:44 +0100
  • 529db6cf12 Fixed Double free after calling PEM_read_bio_ex Dmitry Belyavskiy 2023-02-08 11:43:11 +0100
  • c5b0dc92d3 Fixed Timing Oracle in RSA Decryption Dmitry Belyavskiy 2023-02-08 11:40:25 +0100
  • 593a315f09 Fixed X.509 Name Constraints Read Buffer Overflow Dmitry Belyavskiy 2023-02-08 11:37:11 +0100
  • 770dcce08b Disallow SHAKE in OAEP decryption in FIPS mode Clemens Lang 2023-01-11 14:10:26 +0100
  • b19d91aec3 Refactor OpenSSL fips module MAC verification Dmitry Belyavskiy 2023-01-05 11:42:50 +0100
  • c0667361a5 Fix explicit indicator for PSS salt length Clemens Lang 2022-11-25 15:32:03 +0100
  • 657265459d Backport of ppc64le Montgomery multiply enhancement Dmitry Belyavskiy 2022-11-29 12:00:38 +0100
  • c29e183891 Adjusting include for the FIPS_mode macro Dmitry Belyavskiy 2022-11-28 16:49:42 +0100
  • d60bf2b343 Removed recommended package for openssl-libs Dmitry Belyavskiy 2022-11-28 13:00:03 +0100
  • f2a49ef424 We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Dmitry Belyavskiy 2022-11-25 18:09:17 +0100
  • 0f139ead1a Various provider-related imrovements necessary for PKCS#11 provider correct operations Dmitry Belyavskiy 2022-11-25 11:42:25 +0100
  • 07892fe646 Rebasing to OpenSSL 3.0.7 - removing redundant patches Dmitry Belyavskiy 2022-11-23 17:20:05 +0100
  • 477d91adec Rebasing to OpenSSL 3.0.7 Dmitry Belyavskiy 2022-11-23 13:01:22 +0100
  • 5d738bdd7f Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Dmitry Belyavskiy 2022-11-22 12:57:21 +0100
  • 80de7ffd9c Add explicit indicator & clamp default PSS salt len Clemens Lang 2022-11-17 19:50:30 +0100
  • fe09690308 pbkdf2: Set minimum password length of 8 bytes Clemens Lang 2022-11-17 18:43:56 +0100
  • 438a2c64b7 Add indicator for HMAC with short key lengths Clemens Lang 2022-11-17 18:23:13 +0100
  • 105cc32a20 Add indicator for SP 800-108 KDFs w/short keys Clemens Lang 2022-11-17 17:34:28 +0100
  • 066be87ccd Remove support for X9.31 signature padding in FIPS mode Clemens Lang 2022-11-17 14:04:50 +0100
  • 2bd2c7ac27 FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Dmitry Belyavskiy 2022-11-16 15:55:08 +0100