This website works better with JavaScript.
fb8fee4b43
FIPS RSA CRT tests must use correct parameters
2022-11-16 13:16:23 +0100
474a112b98
Avoid memory leaks in TLS
2022-11-16 12:23:27 +0100
6c57fc8dcc
SHAKE-128/256 are not allowed with RSA in FIPS mode
2022-11-15 15:51:36 +0100
bb0cbcd0ab
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
2022-11-01 18:23:58 +0100
39f800af50
CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow
2022-11-01 18:23:58 +0100
27a0195d18
Merge remote-tracking branch 'gitlab/c9s' into epel8
2022-09-27 15:54:39 -0500
ff78525169
.gitignore: Stop ignoring 000*.patch
2022-09-12 15:52:16 +0200
7c8235f8cd
Zeroize public keys, add HKDF FIPS indicator
2022-08-11 15:12:42 +0200
730ccadf04
Extra zeroization related to FIPS-140-3 requirements
2022-08-05 14:26:10 +0200
fc45520150
Reseed all the parent DRBGs in chain on reseeding a DRBG
2022-08-02 18:32:36 +0200
a0907c129c
Use signature for RSA pairwise test according FIPS-140-3 requirements
2022-07-25 17:57:38 +0200
f1dba9d301
Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
2022-07-25 14:41:43 +0200
3f7cd79d02
Deal with DH keys in FIPS mode according FIPS-140-3 requirements
2022-07-20 15:20:48 +0200
61f739868e
FIPS: Fix memory leak in digest_sign self-test
2022-08-03 18:04:36 +0200
08d6c35051
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
2022-07-22 18:01:52 +0200
3e6d5a385b
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
2022-07-14 16:54:25 +0200
c64694b961
Fix segfault in EVP_PKEY_Q_keygen()
2022-07-14 14:49:46 +0200
5901637dea
CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
2022-07-05 14:04:03 +0200
f3b52e907b
CVE-2022-2068: the c_rehash script allows command injection
2022-06-22 13:49:46 +0200
fea833cb56
Strict certificates validation shouldn't allow explicit EC parameters
2022-06-22 12:52:57 +0200
ea75c725ee
Fix PPC64 Montgomery multiplication bug
2022-06-22 12:35:27 +0200
f4e1bded66
Improve diagnostics when passing unsupported groups in TLS
2022-06-17 10:30:01 +0200
cbe5a9ff12
FIPS provider should block RSA encryption for key transport.
2022-06-16 15:11:40 +0200
8638196167
Ciphersuites with RSAPSK KX should be filterd in FIPS mode
2022-06-16 15:06:45 +0200
8b08b372c8
FIPS: Expose explicit indicator from fips.so
2022-06-08 14:05:50 +0200
e859029ea0
Replace expired certificates
2022-06-03 15:31:56 +0200
a8a3a389ee
Use KAT for ECDSA signature tests, s390 arch
2022-05-30 18:00:10 +0200
96926ffe00
Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
2022-05-25 18:17:35 +0200
794d81540e
CVE-2022-1292 openssl: c_rehash script allows command injection
2022-05-26 12:14:19 +0200
a63915eb2b
CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS
2022-05-26 12:07:22 +0200
ac312e8ff7
CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
2022-05-26 11:57:12 +0200
b5de6bd830
In FIPS mode limit key sizes for signature verification
2022-05-23 15:25:42 +0200
7bc4f9f094
Ciphersuites with RSA KX should be filterd in FIPS mode
2022-05-19 14:29:23 +0200
b393177f7d
`openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
2022-05-19 12:20:50 +0200
389313b118
FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}
2022-05-23 14:53:37 +0200
87f109e9fb
Use KAT for ECDSA signature tests
2022-04-04 16:32:38 +0200
69c1abb4df
openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
2022-05-12 13:45:42 +0200
b4d281e4de
-config argument of openssl app should work properly
2022-05-12 13:24:59 +0200
1b2d08b2c2
Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
2022-04-01 12:53:17 +0200
4dc19fe033
Reworked patch forbidding explicit EC parameters
2022-03-24 17:45:16 +0100
1447e64bc3
Include hash in FIPS module version
2022-05-05 17:05:35 +0200
ad863e9fc8
OpenSSL FIPS module should not build in non-approved algorithms
2022-05-05 17:34:49 +0200
6ba0e5efa3
When FIPS provider is in use, we forbid only some padding modes - spec
2022-05-02 18:33:35 +0200
067b6b249b
When FIPS provider is in use, we forbid only some padding modes
2022-05-02 17:42:54 +0200
02c75e5a65
We dont'want totally forbid RSA encryption.
2022-05-02 15:54:28 +0200
9afaa3d1f4
Fix regression in evp_pkey_name2type caused by tr_TR locale fix
2022-04-28 13:38:34 +0200
a711ac2e4f
Fix openssl curl error with LANG=tr_TR.utf8
2022-04-21 15:16:18 +0200
c0744a0cbf
Temporary manual test
2022-04-21 13:20:27 +0200
7a1c7b28bc
FIPS provider doesn't block RSA encryption for key transport
2022-03-28 17:38:25 +0200
93ff3f8fe5
Fix occasional internal error in TLS when DHE is used
2022-03-22 13:04:16 +0100
153f593fa6
Fix SHA1 certs in LEGACY without openssl lib ctxt
2022-03-18 13:35:57 +0100
4eb630f7d5
Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
2022-03-17 13:36:33 +0100
6bdddbaba4
Merge remote-tracking branch 'gitlab/c9s' into epel8
2022-03-16 14:14:41 -0700
03697fff80
CVE-2022-0778 fix
2022-03-16 15:03:25 +0100
bc7dfd9722
Fix RSA PSS padding with SHA-1 disabled
2022-03-10 12:47:01 +0100
3c66c99bd5
Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
2022-03-01 15:58:48 +0100
ede38fcb54
Prevent use of SHA1 with ECDSA
2022-02-25 14:36:41 +0100
ea9f0a5726
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
2022-02-25 12:37:01 +0100
849a9965ee
Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261
2022-02-24 10:07:39 +0000
53f53fedec
Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
2022-02-23 16:56:08 +0100
b33dfd3fc3
Spec bump
2022-02-23 11:47:25 +0100
5a9ab1160e
Allow SHA1 usage in HMAC in TLS
2022-02-22 19:34:36 +0100
53b85f538c
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
2022-02-22 15:20:01 +0100
d79f404164
Allows non-fips KDF for PKCS#12
2022-02-21 14:33:38 +0100
78fb78d307
Disable SHA1 signature creation and verification by default
2022-02-22 12:21:06 +0100
0a5c81da78
s_server: correctly handle 2^14 byte long records Resolves: rhbz#2042011
2022-02-03 15:36:38 +0100
922b5301ea
Adjust FIPS provider version
2022-02-01 15:53:47 +0100
8c3b745547
On the s390x, zeroize all the copies of TLS premaster secret
2022-01-26 16:50:19 +0100
92e721fa5d
Rebuild
2022-01-21 14:40:57 +0100
691c22b61c
Remove volatile attribute from HMAC to make annocheck happy
2022-01-21 13:10:45 +0100
d237e7f301
Restoring fips=yes to SHA-1
2022-01-21 10:51:59 +0100
9df33eabbe
KATS self-tests should run before HMAC verifcation
2022-01-19 13:40:57 +0100
f5421022ee
Adds enable-buildtest-c++ to the configure options. Related: rhbz#1990814
2022-01-20 15:49:15 +0100
78a467efcc
Rebase to upstream version 3.0.1 Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl Resolves: rhbz#2038910, rhbz#2035148
2022-01-18 18:30:10 +0100
e63c4b68b2
Update spec file, remove fipsmodule.cnf
2022-01-13 13:35:22 +0100
6cdaa527d8
Explicitly permit SHA1 HMAC
2022-01-13 13:34:38 +0100
cc37486d86
Minimize the list of services allowed for FIPS
2022-01-13 13:33:40 +0100
225b6d37b9
openssl speed should run in FIPS mode
2021-12-21 16:16:07 +0100
13dc3794cb
Make rpminspect happy
2021-12-10 14:19:15 +0100
4c1c00d6af
Updated spec, some cleanup done
2021-11-24 13:44:25 +0100
9422ae52de
Always activate default provider via config
2021-11-23 14:45:25 +0100
210c37e906
Disable fipsinstall application
2021-11-22 14:08:48 +0100
3ff0db7558
Embed correct HMAC into fips provider
2021-11-22 11:20:40 +0100
5c4e10ac26
FIPS provider auto activation
2021-11-15 11:38:37 +0100
45d662c6cb
Add instructions for keeping in sync with upstream repo
2021-11-18 11:34:35 -0800
fb1a323c80
Merge remote-tracking branch 'fork/epel8-squashed' into epel8
2021-11-18 11:00:16 -0800
910ecb6eaf
Fork c9s' openssl to openssl3 for epel8 (and possibly Fedora <= 35)
2021-11-10 14:57:16 -0800
0317f8b363
Added the README
2021-11-18 16:48:03 +0000
694c426faf
Fix memory leak in s_client
2021-10-07 18:13:47 +0200
b76c2316a3
KTLS and FIPS may interfere, so tests need to be tuned
2021-09-22 12:09:15 +0200
3edf474b5d
Avoid double-free on error seeding the RNG.
2021-09-20 17:13:26 +0200
34d46544a5
Rebase to upstream version 3.0.0 Related: rhbz#1990814
2021-09-09 13:07:02 +0200
07de966235
- Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. Resolves: rhbz#1984097
2021-08-25 17:02:52 +0200
ddd1eb3708
Correctly processing CMS reading from /dev/stdin
2021-08-23 10:45:49 +0200
49de59749c
Add instruction for loading legacy provider in openssl.cnf Resolves: rhbz#1975836
2021-08-16 12:49:09 +0200
03899fca38
Adds support for IDEA encryption. Resolves: rhbz#1990602
2021-08-16 11:44:00 +0200
0c6f4a599c
- Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
2021-08-10 16:52:53 +0200
2862adca42
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
2021-08-09 22:44:21 +0000
ecb6630fd3
When signature_algorithm extension is omitted, use more relevant alerts
2021-08-04 15:55:01 +0200
c5d8025ca8
Remove tier 0 functional test from gating.yaml. These tests are removed from dist-git and are executed as tier1 or higher tests already. Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-04 10:37:11 +0200
Dmitry Belyavskiy 2022-11-16 13:16:23 +0100
Michel Alexandre Salim 2022-09-27 15:54:39 -0500
Clemens Lang 2022-09-12 15:52:16 +0200
Peter Robinson 2022-02-24 10:07:39 +0000
Sahana Prasad 2022-02-03 15:36:38 +0100
Michel Alexandre Salim 2021-11-18 11:34:35 -0800
Gwyn Ciesla 2021-11-18 16:48:03 +0000
Mohan Boddu 2021-08-09 22:44:21 +0000