rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
521 Commits 35 Branches 198 Tags 8.3 MiB
Commit Graph

521 Commits

Author SHA1 Message Date
Tomas Mraz a9591c7f1f Add macro for performance build on certain arches. 2014-02-12 16:58:49 +01:00
Tomas Mraz 24632bb1db print ephemeral key size negotiated in TLS handshake (#1057715) 
- add DH_compute_key_padded needed for FIPS CAVS testing
 2014-02-12 16:20:03 +01:00
Tomas Mraz abe62302b2 make expiration and key length changeable by DAYS and KEYLEN 
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
 2014-02-06 18:07:59 +01:00
Tomas Mraz 40825564d8 make 3des strength to be 128 bits instead of 168 (#1056616) 2014-01-22 17:57:22 +01:00
Tomas Mraz 519fe2cc24 Two security fixes 
- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
 2014-01-07 15:09:40 +01:00
Tomas Mraz c5b74d70a3 dh->q might be NULL. 2014-01-07 11:57:56 +01:00
Tomas Mraz 8978637f3b fix CVE-2013-6449 - crash when version in SSL structure is incorrect 
- more FIPS validation requirement changes
 2013-12-20 14:14:15 +01:00
Tomas Mraz 5713696953 Additional FIPS requirements changes. 2013-12-19 17:42:43 +01:00
Tomas Mraz dc728e2d8b drop weak ciphers from the default TLS ciphersuite list 
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes
 2013-12-18 15:55:26 +01:00
Tomas Mraz ad237d19e6 fix locking and reseeding problems with FIPS drbg 2013-11-19 14:52:30 +01:00
Tomas Mraz c9a46cb3ac Fix typos. 2013-11-15 16:57:33 +01:00
Tomas Mraz e64d4ea7bb additional changes required for FIPS validation 2013-11-15 16:13:44 +01:00
Tomas Mraz 9caf868063 disable verification of certificate, CRL, and OCSP signatures using MD5 
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
 2013-11-13 20:06:28 +01:00
Tomas Mraz dcd0fb1ec9 disable verification of certificate, CRL, and OCSP signatures using MD5 
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
 2013-11-13 19:42:54 +01:00
Tomas Mraz 1e5b73a151 add back support for secp521r1 EC curve 
- add aarch64 to Configure (#969692)
 2013-11-08 18:23:00 +01:00
Tomas Mraz 83d99a68af add back support for secp521r1 EC curve 
- add aarch64 to Configure (#969692)
 2013-11-08 18:16:49 +01:00
Tomas Mraz 5714047e75 fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346) 2013-10-29 16:24:08 +01:00
Tomas Mraz eca676db7a do not advertise ECC curves we do not support (#1022493) 2013-10-24 10:40:18 +02:00
Tomas Mraz a8799e01c4 Merge remote-tracking branch 'origin/f19' into f19 2013-10-16 16:52:19 +02:00
Tomas Mraz e241743946 Merge remote-tracking branch 'origin/f20' into f20 2013-10-16 16:00:01 +02:00
Tomas Mraz b3551463ca only ECC NIST Suite B curves support 
- drop -fips subpackage
 2013-10-16 14:37:51 +02:00
Tom Callaway 4d56d16496 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:14:11 +01:00
Tom Callaway 9a59868619 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:13:38 +01:00
Tom Callaway 1f19ac14f9 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:08:35 +01:00
Tomas Mraz 7ae1dc1df9 Bump release 2013-09-27 15:46:03 +02:00
Tomas Mraz 4e423c3c50 make DTLS1 work in FIPS mode 
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
 2013-09-27 15:43:51 +02:00
Tomas Mraz df94661da5 avoid dlopening libssl.so from libcrypto (#1010357) 2013-09-23 18:30:01 +02:00
Tomas Mraz 372f3ac997 fix small memory leak in FIPS aes selftest 2013-09-20 16:04:50 +02:00
Tomas Mraz 8c28623e94 fix segfault in openssl speed hmac in the FIPS mode 2013-09-19 15:16:50 +02:00
Tomas Mraz d907abae39 Merge branch 'f20' of ssh://pkgs.fedoraproject.org/openssl into f20 
Conflicts:
	openssl.spec
 2013-09-13 15:33:34 +02:00
Tomas Mraz fa93b626ad Add documentation of -attime to verify manpage 2013-09-12 11:26:07 +02:00
Tomas Mraz 30ebb4d732 document the nextprotoneg option in manual pages 
original patch by Hubert Kario
 2013-09-12 10:39:33 +02:00
Tomas Mraz ae08b15c89 document the nextprotoneg option in manual pages 
original patch by Hubert Kario
 2013-09-12 10:23:34 +02:00
Kyle McMartin cb069618e7 arm: use auxv to figure out armcap.c instead of using signals (#1006474) 2013-09-11 10:36:42 -04:00
Kyle McMartin f6aa3c2ddd arm: use auxv to figure out armcap.c instead of using signals (#1006474) 2013-09-11 09:52:25 -04:00
Tomas Mraz eb63cc63df try to avoid some races when updating the -fips subpackage 2013-09-04 13:53:38 +02:00
Tomas Mraz 850ca72b9a use version-release in .hmac suffix to avoid overwrite during upgrade 2013-09-02 15:02:18 +02:00
Tomas Mraz b5d2711ab6 allow deinitialization of the FIPS mode 2013-08-29 16:41:24 +02:00
Tomas Mraz 1465572e17 always perform the FIPS selftests in library constructor 
if FIPS module is installed
 2013-08-29 11:45:04 +02:00
Tomas Mraz bb2f3882f2 add -fips subpackage that contains the FIPS module files 2013-08-27 16:03:43 +02:00
Tomas Mraz 9c324da28e fix use of rdrand if available 
- more commits cherry picked from upstream
- documentation fixes
 2013-08-16 16:06:51 +02:00
Petr Písař a254940dd1 Perl 5.18 rebuild 2013-08-03 12:05:42 +02:00
Tomas Mraz acdf8a62f6 use symbol versioning also for the textual version 
- additional manual page fix
 2013-07-26 13:16:10 +02:00
Tomas Mraz 9b36f08da8 additional manual page fixes 2013-07-25 15:14:25 +02:00
Tomas Mraz 653e1efa34 use _prefix macro 2013-07-19 11:46:56 +02:00
Petr Písař 49a1fc761b Perl 5.18 rebuild 2013-07-17 16:32:50 +02:00
Tomas Mraz 7ccde74773 add openssl.cnf.5 manpage symlink to config.5 2013-07-11 10:44:55 +02:00
Tomas Mraz 9555809e80 add relro linking flag 2013-07-10 17:54:24 +02:00
Tomas Mraz 6a0a35eb5f Add missing fix of renamed manpages. 2013-07-10 16:43:07 +02:00
Tomas Mraz 30aa9303c7 add support for the -trusted_first option for certificate chain verification 2013-07-10 11:02:41 +02:00