.fmf
Add interop rpm-tmt-tests
1 year ago
plans
Add interop rpm-tmt-tests
1 year ago
.gitignore
- Upload new upstream sources without manually hobbling them.
2 years ago
0001-Aarch64-and-ppc64le-use-lib64.patch
Rebase to OpenSSL version 3.0.0
4 years ago
0002-Use-more-general-default-values-in-openssl.cnf.patch
Rebase to OpenSSL version 3.0.0
4 years ago
0003-Do-not-install-html-docs.patch
Rebase to OpenSSL version 3.0.0
4 years ago
0004-Override-default-paths-for-the-CA-directory-tree.patch
Fixes override of openssl_conf in openssl.cnf
3 years ago
0005-apps-ca-fix-md-option-help-text.patch
Rebase to OpenSSL version 3.0.0
4 years ago
0006-Disable-signature-verification-with-totally-unsafe-h.patch
Update to Beta1 version
3 years ago
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0008-Add-FIPS_mode-compatibility-macro.patch
Adjusting include for the FIPS_mode macro
2 years ago
0009-Add-Kernel-FIPS-mode-flag-support.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0010-Add-changes-to-ectest-and-eccurve.patch
- Upload new upstream sources without manually hobbling them.
2 years ago
0011-Remove-EC-curves.patch
- Upload new upstream sources without manually hobbling them.
2 years ago
0012-Disable-explicit-ec.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0013-skipped-tests-EC-curves.patch
- Upload new upstream sources without manually hobbling them.
2 years ago
0024-load-legacy-prov.patch
Always activate default provider via config
3 years ago
0025-for-tests.patch
Always activate default provider via config
3 years ago
0031-tmp-Fix-test-names.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0032-Force-fips.patch
-config argument of openssl app should work properly
3 years ago
0033-FIPS-embed-hmac.patch
Refactor OpenSSL fips module MAC verification
2 years ago
0034.fipsinstall_disable.patch
Rebase to upstream version 3.0.1
3 years ago
0035-speed-skip-unavailable-dgst.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0044-FIPS-140-3-keychecks.patch
Fix Wpointer-sign compiler warning
2 years ago
0045-FIPS-services-minimize.patch
- Upload new upstream sources without manually hobbling them.
2 years ago
0047-FIPS-early-KATS.patch
KATS self-tests should run before HMAC verifcation
3 years ago
0049-Selectively-disallow-SHA1-signatures.patch
Pairwise consistency tests should use Digest+Sign/Verify
2 years ago
0050-FIPS-enable-pkcs12-mac.patch
OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
3 years ago
0051-Support-different-R_BITS-lengths-for-KBKDF.patch
OpenSSL FIPS module should not build in non-approved algorithms
3 years ago
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
Strict certificates validation shouldn't allow explicit EC parameters
2 years ago
0056-strcasecmp.patch
We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
2 years ago
0058-FIPS-limit-rsa-encrypt.patch
Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
0060-FIPS-KAT-signature-tests.patch
Use KAT for ECDSA signature tests, s390 arch
2 years ago
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0062-fips-Expose-a-FIPS-indicator.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0067-ppc64le-Montgomery-multiply.patch
Backport of ppc64le Montgomery multiply enhancement
2 years ago
0071-AES-GCM-performance-optimization.patch
Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le
2 years ago
0072-ChaCha20-performance-optimizations-for-ppc64le.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Rebasing to OpenSSL 3.0.7
2 years ago
0075-FIPS-Use-FFDHE2048-in-self-test.patch
FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
2 years ago
0076-FIPS-140-3-DRBG.patch
Increase RNG seeding buffer size to 32
2 years ago
0077-FIPS-140-3-zeroization.patch
Extra zeroization related to FIPS-140-3 requirements
2 years ago
0078-KDF-Add-FIPS-indicators.patch
Fix X942KDF indicator for short output key lengths
2 years ago
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
2 years ago
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Remove support for X9.31 signature padding in FIPS mode
2 years ago
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Add indicator for HMAC with short key lengths
2 years ago
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
pbkdf2: Set minimum password length of 8 bytes
2 years ago
0085-FIPS-RSA-disable-shake.patch
Disallow SHAKE in OAEP decryption in FIPS mode
2 years ago
0088-signature-Add-indicator-for-PSS-salt-length.patch
Limit RSA_NO_PADDING for encryption and signature in FIPS mode
2 years ago
0089-PSS-salt-length-from-provider.patch
Fix explicit indicator for PSS salt length
2 years ago
0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
Fix explicit indicator for PSS salt length
2 years ago
0091-FIPS-RSA-encapsulate.patch
Fix explicit indicator for PSS salt length
2 years ago
0092-provider-improvements.patch
Fix explicit indicator for PSS salt length
2 years ago
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
FIPS: Re-enable DHX, disable FIPS 186-4 groups
1 year ago
0101-CVE-2022-4203-nc-match.patch
Fixed X.509 Name Constraints Read Buffer Overflow
2 years ago
0102-CVE-2022-4304-RSA-time-oracle.patch
Fixed Timing Oracle in RSA Decryption
2 years ago
0103-CVE-2022-4450-pem-read-bio.patch
Fixed Double free after calling PEM_read_bio_ex
2 years ago
0104-CVE-2023-0215-UAF-bio.patch
Fixed Use-after-free following BIO_new_NDEF
2 years ago
0105-CVE-2023-0216-pkcs7-deref.patch
Fixed Invalid pointer dereference in d2i_PKCS7 functions
2 years ago
0106-CVE-2023-0217-dsa.patch
Fixed NULL dereference validating DSA public key
2 years ago
0107-CVE-2023-0286-X400.patch
Fixed X.400 address type confusion in X.509 GeneralName
2 years ago
0108-CVE-2023-0401-pkcs7-md.patch
Fixed NULL dereference during PKCS7 data verification
2 years ago
0109-fips-Zeroize-out-in-fips-selftest.patch
Zeroize FIPS module integrity check MAC after check
2 years ago
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
GCM: Implement explicit FIPS indicator for IV gen
2 years ago
0111-fips-Use-salt-16-bytes-in-PBKDF2-selftest.patch
Add explicit FIPS indicator for PBKDF2
2 years ago
0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
Add explicit FIPS indicator for PBKDF2
2 years ago
0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Change explicit FIPS indicator for RSA decryption to unapproved
2 years ago
0114-FIPS-enforce-EMS-support.patch
Enforce using EMS in FIPS mode - better alerts
2 years ago
0115-CVE-2023-0464.patch
Fix excessive resource usage in verifying X509 policy constraints
2 years ago
0116-CVE-2023-0465.patch
Fix invalid certificate policies in leaf certificates check
2 years ago
0117-CVE-2023-0466.patch
Certificate policy check not enabled
2 years ago
0118-CVE-2023-1255.patch
Input buffer over-read in AES-XTS implementation on 64 bit ARM
2 years ago
0120-RSA-PKCS15-implicit-rejection.patch
Backport implicit rejection for RSA PKCS#1 v1.5 encryption
2 years ago
0121-FIPS-cms-defaults.patch
Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
1 year ago
Makefile.certificate
RHEL 9.0.0 Alpha bootstrap
4 years ago
ci.fmf
ci.fmf: Enable golang tests as reverse dependency
1 year ago
configuration-prefix.h
Rebase to OpenSSL version 3.0.0
4 years ago
configuration-switch.h
Rebase to OpenSSL version 3.0.0
4 years ago
gating.yaml
Temporary manual test
3 years ago
genpatches
Rebase to OpenSSL version 3.0.0
4 years ago
make-dummy-cert
RHEL 9.0.0 Alpha bootstrap
4 years ago
openssl.spec
FIPS: Re-enable DHX, disable FIPS 186-4 groups
1 year ago
renew-dummy-cert
RHEL 9.0.0 Alpha bootstrap
4 years ago
rpminspect.yaml
Make rpminspect happy
3 years ago
sources
- Upload new upstream sources without manually hobbling them.
2 years ago
Daiki Ueno