You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Go to file
Dmitry Belyavskiy 5d738bdd7f
Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
2 years ago
.gitignore .gitignore: Stop ignoring 000*.patch 2 years ago
0001-Aarch64-and-ppc64le-use-lib64.patch Rebase to OpenSSL version 3.0.0 4 years ago
0002-Use-more-general-default-values-in-openssl.cnf.patch Rebase to OpenSSL version 3.0.0 4 years ago
0003-Do-not-install-html-docs.patch Rebase to OpenSSL version 3.0.0 4 years ago
0004-Override-default-paths-for-the-CA-directory-tree.patch Fixes override of openssl_conf in openssl.cnf 3 years ago
0005-apps-ca-fix-md-option-help-text.patch Rebase to OpenSSL version 3.0.0 4 years ago
0006-Disable-signature-verification-with-totally-unsafe-h.patch Update to Beta1 version 3 years ago
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Rebase to upstream version 3.0.1 3 years ago
0008-Add-FIPS_mode-compatibility-macro.patch Update to Beta1 version 3 years ago
0009-Add-Kernel-FIPS-mode-flag-support.patch Rebase to upstream version 3.0.1 3 years ago
0011-Remove-EC-curves.patch Update to Beta1 version 3 years ago
0012-Disable-explicit-ec.patch Reworked patch forbidding explicit EC parameters 3 years ago
0013-FIPS-provider-explicit-ec.patch Adaptation of upstream patches disabling explicit EC parameters in FIPS mode 3 years ago
0014-FIPS-disable-explicit-ec.patch Adaptation of upstream patches disabling explicit EC parameters in FIPS mode 3 years ago
0015-FIPS-decoded-from-explicit.patch Strict certificates validation shouldn't allow explicit EC parameters 2 years ago
0024-load-legacy-prov.patch Always activate default provider via config 3 years ago
0025-for-tests.patch Always activate default provider via config 3 years ago
0031-tmp-Fix-test-names.patch KTLS and FIPS may interfere, so tests need to be tuned 3 years ago
0032-Force-fips.patch -config argument of openssl app should work properly 3 years ago
0033-FIPS-embed-hmac.patch Remove volatile attribute from HMAC to make annocheck happy 3 years ago
0034.fipsinstall_disable.patch Rebase to upstream version 3.0.1 3 years ago
0035-speed-skip-unavailable-dgst.patch openssl speed should run in FIPS mode 3 years ago
0044-FIPS-140-3-keychecks.patch Use signature for RSA pairwise test according FIPS-140-3 requirements 2 years ago
0045-FIPS-services-minimize.patch Improve diagnostics when passing unsupported groups in TLS 2 years ago
0046-FIPS-s390x-hardening.patch On the s390x, zeroize all the copies of TLS premaster secret 3 years ago
0047-FIPS-early-KATS.patch KATS self-tests should run before HMAC verifcation 3 years ago
0048-correctly-handle-records.patch s_server: correctly handle 2^14 byte long records 3 years ago
0049-Selectively-disallow-SHA1-signatures.patch Fix RSA PSS padding with SHA-1 disabled 3 years ago
0050-FIPS-enable-pkcs12-mac.patch OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters 3 years ago
0051-Support-different-R_BITS-lengths-for-KBKDF.patch OpenSSL FIPS module should not build in non-approved algorithms 3 years ago
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Strict certificates validation shouldn't allow explicit EC parameters 2 years ago
0053-CVE-2022-0778.patch CVE-2022-0778 fix 3 years ago
0054-Replace-size-check-with-more-meaningful-pubkey-check.patch Fix occasional internal error in TLS when DHE is used 3 years ago
0055-nonlegacy-fetch-null-deref.patch Fix openssl curl error with LANG=tr_TR.utf8 3 years ago
0056-strcasecmp.patch OpenSSL FIPS module should not build in non-approved algorithms 3 years ago
0057-strcasecmp-fix.patch Fix regression in evp_pkey_name2type caused by tr_TR locale fix 3 years ago
0058-FIPS-limit-rsa-encrypt.patch FIPS provider should block RSA encryption for key transport. 2 years ago
0060-FIPS-KAT-signature-tests.patch Use KAT for ECDSA signature tests, s390 arch 2 years ago
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify} 3 years ago
0062-fips-Expose-a-FIPS-indicator.patch FIPS: Expose explicit indicator from fips.so 2 years ago
0063-CVE-2022-1473.patch CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory 2 years ago
0064-CVE-2022-1343.diff CVE-2022-1343 openssl: inacurate verification when using OCSP_NOCHECKS 2 years ago
0065-CVE-2022-1292.patch CVE-2022-1292 openssl: c_rehash script allows command injection 2 years ago
0066-replace-expired-certs.patch Replace expired certificates 2 years ago
0067-fix-ppc64-montgomery.patch Fix PPC64 Montgomery multiplication bug 2 years ago
0068-CVE-2022-2068.patch CVE-2022-2068: the c_rehash script allows command injection 2 years ago
0069-CVE-2022-2097.patch CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 2 years ago
0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch Fix segfault in EVP_PKEY_Q_keygen() 2 years ago
0071-AES-GCM-performance-optimization.patch Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le 2 years ago
0072-ChaCha20-performance-optimizations-for-ppc64le.patch Improve AES-GCM & ChaCha20 perf on Power9+ ppc64le 2 years ago
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign 2 years ago
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch FIPS: Fix memory leak in digest_sign self-test 2 years ago
0075-FIPS-Use-FFDHE2048-in-self-test.patch FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign 2 years ago
0076-FIPS-140-3-DRBG.patch Reseed all the parent DRBGs in chain on reseeding a DRBG 2 years ago
0077-FIPS-140-3-zeroization.patch Extra zeroization related to FIPS-140-3 requirements 2 years ago
0078-Add-FIPS-indicator-parameter-to-HKDF.patch Add indicator for SP 800-108 KDFs w/short keys 2 years ago
0079-CVE-2022-3602.patch CVE-2022-3602, CVE-2022-3786: X.509 Email Address Buffer Overflow 2 years ago
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC 2 years ago
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch Remove support for X9.31 signature padding in FIPS mode 2 years ago
0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch Add indicator for SP 800-108 KDFs w/short keys 2 years ago
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Add indicator for HMAC with short key lengths 2 years ago
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch pbkdf2: Set minimum password length of 8 bytes 2 years ago
0085-FIPS-RSA-disable-shake.patch SHAKE-128/256 are not allowed with RSA in FIPS mode 2 years ago
0086-avoid-bio-memleak.patch Avoid memory leaks in TLS 2 years ago
0087-FIPS-RSA-selftest-params.patch FIPS RSA CRT tests must use correct parameters 2 years ago
0088-signature-Add-indicator-for-PSS-salt-length.patch Add explicit indicator & clamp default PSS salt len 2 years ago
0089-signature-Clamp-PSS-salt-len-to-MD-len.patch Add explicit indicator & clamp default PSS salt len 2 years ago
0090-FIPS-RSA-encapsulate.patch Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode 2 years ago
Makefile.certificate RHEL 9.0.0 Alpha bootstrap 4 years ago
configuration-prefix.h Rebase to OpenSSL version 3.0.0 4 years ago
configuration-switch.h Rebase to OpenSSL version 3.0.0 4 years ago
ec_curve.c Rebase to OpenSSL version 3.0.0 4 years ago
ectest.c Reworked patch forbidding explicit EC parameters 3 years ago
gating.yaml Temporary manual test 3 years ago
genpatches Rebase to OpenSSL version 3.0.0 4 years ago
hobble-openssl RHEL 9.0.0 Alpha bootstrap 4 years ago
make-dummy-cert RHEL 9.0.0 Alpha bootstrap 4 years ago
openssl.spec Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode 2 years ago
renew-dummy-cert RHEL 9.0.0 Alpha bootstrap 4 years ago
rpminspect.yaml Make rpminspect happy 3 years ago
sources Rebase to upstream version 3.0.1 3 years ago