rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
534 Commits 35 Branches 198 Tags 8.3 MiB
Commit Graph

534 Commits

Author SHA1 Message Date
Clemens Lang 18420b31a5 Upgrade to 1.1.1q 
(cherry picked from commit f1f57e7a77668d1eacb237e3da577d81e89d49fd in
rpms/openssl1.1)

Resolves: CVE-2022-2097
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-07-07 13:57:01 +02:00
Clemens Lang de1929a7a0 Upgrade to 1.1.1p 
(cherry picked from commit 98a8b9a1e29f5235fb9940b48bb3c4009b342e68 in
rpms/openssl1.1)

Drop backported patches to replace expired certificates in tests with
newer ones that are now included upstream.

Resolves: CVE-2022-2068
Related: rhbz#2099975
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-06-30 17:44:59 +02:00
Clemens Lang 2cc8d179f1 Upgrade to 1.1.1o 
(cherry picked from commit 63128313439397d561bfa4b4f098d846a1167fa7 in
rpms/openssl1.1)

Backport patches to replace expired certificates in tests with newer
ones.

Resolves: CVE-2022-1292
Related: rhbz#2095817
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-06-13 13:50:00 +02:00
Dmitry Belyavskiy 46eb8fcc17 Upgrade to OpenSSL 1.1.1n 
Related: rhbz#2064911
(cherry picked from commit 41079c8a15e65033775ffe3e998ed32d411df388)
 2022-03-18 17:45:40 +01:00
Miro Hrončok 2fc4e025c7 Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36 2021-09-15 14:13:27 +02:00
Sahana Prasad 2002767b71 Upgrade to version 1.1.1.l 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2021-08-25 18:10:10 +02:00
Fedora Release Engineering 5de10d4810 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-07-22 17:20:55 +00:00
Sahana Prasad 0f5f931f9a update to version 1.1.1k 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2021-03-26 07:37:03 +01:00
Sahana Prasad b023ffe39f Upgrade to version 1.1.1.j 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2021-03-03 15:08:11 +01:00
Sahana Prasad fb8e66a58f Fix regression in X509_verify_cert() #bz1916594 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2021-02-10 14:56:08 +01:00
Fedora Release Engineering d34c6392bf - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-26 22:36:18 +00:00
Tom Stellard c89aeae26c Add BuildRequires: make 
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 2021-01-07 06:39:07 +00:00
Tomas Mraz a07706cf0e Update to the 1.1.1i release fixing CVE-2020-1971 2020-12-09 10:49:38 +01:00
Sahana Prasad 3413ff9700 Upgrade to version 1.1.1h 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
 2020-11-09 10:41:15 +01:00
Jakub Jelen 261f10a200 Do not ship in main package manuals (or aliases) to tools from perl subpackage 2020-10-23 10:06:51 +02:00
Fedora Release Engineering 7ae2c9cd85 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-07-28 12:48:57 +00:00
Tom Stellard a75e581407 Use make macros 
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 2020-07-21 20:31:48 +00:00
Tomas Mraz 067d5800f2 Additional FIPS mode check for EC key generation 2020-07-20 14:51:05 +02:00
Tomas Mraz 04d5ef4d72 Further changes for SP 800-56A rev3 requirements 2020-07-17 12:41:39 +02:00
Tomas Mraz 7f27ca925c Drop long ago obsolete part of the FIPS patch 2020-06-23 15:55:16 +02:00
Tomas Mraz f023424321 Rewire FIPS_drbg API to use the RAND_DRBG 2020-06-22 13:43:12 +02:00
Tomas Mraz ef93cf994d SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration 
Also some small TLS protocol fixes/changes:

Disallow dropping Extended Master Secret extension on renegotiation
Return alert from s_server if ALPN protocol does not match
 2020-06-05 17:39:16 +02:00
Tomas Mraz b9c80ecf85 Add FIPS selftest for PBKDF2 and KBKDF 
Also more adjustments to the FIPS DH handling
 2020-06-03 16:30:12 +02:00
Tomas Mraz 9833eff277 Use the well known DH groups in TLS 2020-05-26 09:28:42 +02:00
Tomas Mraz 8746bcba4c Allow only well known DH groups in the FIPS mode 2020-05-25 18:52:45 +02:00
Adam Williamson 7396eb055e Re-apply change from -2 now we have fixed nosync to work with it 2020-05-21 13:04:18 -07:00
Adam Williamson 6e23655506 Re-apply "FIPS module installed state definition is modified" 
This reverts commit 1bc9545b38 and
re-applies the previous change
"FIPS module installed state definition is modified", commit
89a24d69fc . We have updated the
builders to the newer nosync version that should work OK with
this change now, so we can try it again.
 2020-05-21 13:01:54 -07:00
Adam Williamson 87eaf879ac Revert the change from -2 as it seems to cause segfaults 2020-05-19 18:35:16 -07:00
Adam Williamson 1bc9545b38 Revert "FIPS module installed state definition is modified" 
This reverts commit 89a24d69fc.
 2020-05-19 18:33:30 -07:00
Tomas Mraz 1e6a98d9e9 pull some fixes and improvements from RHEL-8 2020-05-18 13:26:53 +02:00
Tomas Mraz d902645d90 Unused patch dropped 2020-05-18 13:13:56 +02:00
Tomas Mraz 89a24d69fc FIPS module installed state definition is modified 2020-05-15 17:45:44 +02:00
Miro Hrončok 0f4ce87941 Fedora CI: Test with the "main" Python version 
See https://src.fedoraproject.org/tests/python/pull-request/21
 2020-04-28 19:01:56 +00:00
Tomas Mraz 5888d1863e update to the 1.1.1g release 2020-04-23 13:47:52 +02:00
Tomas Mraz 5004ccfb25 update to the 1.1.1f release 2020-04-07 16:50:53 +02:00
Tomas Mraz ea310218f3 revert the unexpected EOF error reporting change 
it is too disruptive for the stable release branch
 2020-03-26 15:14:08 +01:00
Tomas Mraz c9936c55c2 Additional perl module buildrequires 2020-03-20 13:30:41 +01:00
Tomas Mraz 30d45eb047 Add BuildRequires perl(FindBin) 2020-03-20 12:44:34 +01:00
Tomas Mraz c11b71fd2f update to the 1.1.1e release 
add selftest of the RAND_DRBG implementation
fix incorrect error return value from FIPS_selftest_dsa
 2020-03-19 17:44:25 +01:00
Tomas Mraz c77593a912 Intel CET patch - also add CFI fixes to sync with upstream 2020-02-17 12:05:57 +01:00
Tomas Mraz b9b156fb97 apply Intel CET support patches by hjl (#1788699) 2020-02-17 11:54:47 +01:00
Tomas Mraz d742997a1e Fix incorrect error return value from FIPS_selftest_dsa() 2020-02-12 17:03:11 +01:00
Fedora Release Engineering 898af7893c - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-29 20:25:04 +00:00
Tomas Mraz b8a97dc1d8 allow zero length parameters in KDF_CTX_ctrl() 2019-11-21 14:49:21 +01:00
Tomas Mraz 0536b721ef backport of SSKDF from master 2019-11-14 16:13:49 +01:00
Tomas Mraz 266efa3055 backport of KBKDF and KRB5KDF from master 2019-11-13 13:43:05 +01:00
Tomas Mraz dc9d5caf5e KBKDF for Kerberos 5 2019-11-12 16:38:11 +01:00
Tomas Mraz f1c4ba61a3 Multiple fixes 
re-enable the stitched AES-CBC-SHA implementations
make AES-GCM work in FIPS mode again
enable TLS-1.2 AES-CCM ciphers in FIPS mode
fix openssl speed errors in FIPS mode
 2019-10-03 17:43:23 +02:00
Tomas Mraz 10c30b2322 Re-add one hunk of the fips patch accidentally dropped in the rebase. 2019-09-27 08:36:50 +02:00
Tomas Mraz f6a62c4c2c update to the 1.1.1d release 2019-09-13 17:25:44 +02:00