278731bcc5
Merge remote-tracking branch 'up/f33' into f33-riscv64
...
Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
2021-05-06 09:44:13 +03:00
Sahana Prasad
0f5f931f9a
update to version 1.1.1k
...
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-03-26 07:37:03 +01:00
Sahana Prasad
b023ffe39f
Upgrade to version 1.1.1.j
...
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-03-03 15:08:11 +01:00
Sahana Prasad
fb8e66a58f
Fix regression in X509_verify_cert() #bz1916594
...
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-02-10 14:56:08 +01:00
Fedora Release Engineering
d34c6392bf
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 22:36:18 +00:00
Tom Stellard
c89aeae26c
Add BuildRequires: make
...
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-07 06:39:07 +00:00
Tomas Mraz
a07706cf0e
Update to the 1.1.1i release fixing CVE-2020-1971
2020-12-09 10:49:38 +01:00
d4908a5fbf
Add --libdir=%{_lib} for riscv64
...
We need this because there is no riscv64 specific configuration which
would set multilib to 64. It should be easy to write one and send to
the upstream.
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
2020-12-01 15:27:49 +02:00
Sahana Prasad
3413ff9700
Upgrade to version 1.1.1h
...
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2020-11-09 10:41:15 +01:00
Jakub Jelen
261f10a200
Do not ship in main package manuals (or aliases) to tools from perl subpackage
2020-10-23 10:06:51 +02:00
Fedora Release Engineering
7ae2c9cd85
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 12:48:57 +00:00
Tom Stellard
a75e581407
Use make macros
...
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-21 20:31:48 +00:00
Tomas Mraz
067d5800f2
Additional FIPS mode check for EC key generation
2020-07-20 14:51:05 +02:00
Tomas Mraz
04d5ef4d72
Further changes for SP 800-56A rev3 requirements
2020-07-17 12:41:39 +02:00
Tomas Mraz
7f27ca925c
Drop long ago obsolete part of the FIPS patch
2020-06-23 15:55:16 +02:00
Tomas Mraz
f023424321
Rewire FIPS_drbg API to use the RAND_DRBG
2020-06-22 13:43:12 +02:00
Tomas Mraz
ef93cf994d
SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration
...
Also some small TLS protocol fixes/changes:
Disallow dropping Extended Master Secret extension on renegotiation
Return alert from s_server if ALPN protocol does not match
2020-06-05 17:39:16 +02:00
Tomas Mraz
b9c80ecf85
Add FIPS selftest for PBKDF2 and KBKDF
...
Also more adjustments to the FIPS DH handling
2020-06-03 16:30:12 +02:00
Tomas Mraz
9833eff277
Use the well known DH groups in TLS
2020-05-26 09:28:42 +02:00
Tomas Mraz
8746bcba4c
Allow only well known DH groups in the FIPS mode
2020-05-25 18:52:45 +02:00
Adam Williamson
7396eb055e
Re-apply change from -2 now we have fixed nosync to work with it
2020-05-21 13:04:18 -07:00
Adam Williamson
6e23655506
Re-apply "FIPS module installed state definition is modified"
...
This reverts commit 1bc9545b38
and
re-applies the previous change
"FIPS module installed state definition is modified", commit
89a24d69fc
. We have updated the
builders to the newer nosync version that should work OK with
this change now, so we can try it again.
2020-05-21 13:01:54 -07:00
Adam Williamson
87eaf879ac
Revert the change from -2 as it seems to cause segfaults
2020-05-19 18:35:16 -07:00
Adam Williamson
1bc9545b38
Revert "FIPS module installed state definition is modified"
...
This reverts commit 89a24d69fc
.
2020-05-19 18:33:30 -07:00
Tomas Mraz
1e6a98d9e9
pull some fixes and improvements from RHEL-8
2020-05-18 13:26:53 +02:00
Tomas Mraz
d902645d90
Unused patch dropped
2020-05-18 13:13:56 +02:00
Tomas Mraz
89a24d69fc
FIPS module installed state definition is modified
2020-05-15 17:45:44 +02:00
Miro Hrončok
0f4ce87941
Fedora CI: Test with the "main" Python version
...
See https://src.fedoraproject.org/tests/python/pull-request/21
2020-04-28 19:01:56 +00:00
Tomas Mraz
5888d1863e
update to the 1.1.1g release
2020-04-23 13:47:52 +02:00
Tomas Mraz
5004ccfb25
update to the 1.1.1f release
2020-04-07 16:50:53 +02:00
Tomas Mraz
ea310218f3
revert the unexpected EOF error reporting change
...
it is too disruptive for the stable release branch
2020-03-26 15:14:08 +01:00
Tomas Mraz
c9936c55c2
Additional perl module buildrequires
2020-03-20 13:30:41 +01:00
Tomas Mraz
30d45eb047
Add BuildRequires perl(FindBin)
2020-03-20 12:44:34 +01:00
Tomas Mraz
c11b71fd2f
update to the 1.1.1e release
...
add selftest of the RAND_DRBG implementation
fix incorrect error return value from FIPS_selftest_dsa
2020-03-19 17:44:25 +01:00
Tomas Mraz
c77593a912
Intel CET patch - also add CFI fixes to sync with upstream
2020-02-17 12:05:57 +01:00
Tomas Mraz
b9b156fb97
apply Intel CET support patches by hjl ( #1788699 )
2020-02-17 11:54:47 +01:00
Tomas Mraz
d742997a1e
Fix incorrect error return value from FIPS_selftest_dsa()
2020-02-12 17:03:11 +01:00
Fedora Release Engineering
898af7893c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:25:04 +00:00
Tomas Mraz
b8a97dc1d8
allow zero length parameters in KDF_CTX_ctrl()
2019-11-21 14:49:21 +01:00
Tomas Mraz
0536b721ef
backport of SSKDF from master
2019-11-14 16:13:49 +01:00
Tomas Mraz
266efa3055
backport of KBKDF and KRB5KDF from master
2019-11-13 13:43:05 +01:00
Tomas Mraz
dc9d5caf5e
KBKDF for Kerberos 5
2019-11-12 16:38:11 +01:00
Tomas Mraz
f1c4ba61a3
Multiple fixes
...
re-enable the stitched AES-CBC-SHA implementations
make AES-GCM work in FIPS mode again
enable TLS-1.2 AES-CCM ciphers in FIPS mode
fix openssl speed errors in FIPS mode
2019-10-03 17:43:23 +02:00
Tomas Mraz
10c30b2322
Re-add one hunk of the fips patch accidentally dropped in the rebase.
2019-09-27 08:36:50 +02:00
Tomas Mraz
f6a62c4c2c
update to the 1.1.1d release
2019-09-13 17:25:44 +02:00
Tomas Mraz
c44b3f96fe
Bump release correctly
2019-09-06 17:18:46 +02:00
Tomas Mraz
45ebb7fdc2
upstream fix for status request extension non-compliance ( #1737471 )
2019-09-06 17:02:18 +02:00
Fedora Release Engineering
dba4c3b578
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:35:44 +00:00
Miro Hrončok
b395c9afd4
Fedora CI: Python: readd test_asyncio
2019-06-25 22:23:49 +02:00
Tomas Mraz
8419f769c7
Do not try to use EC groups disallowed in FIPS mode in TLS
...
Also fix Valgrind regression with constant-time code
2019-06-24 15:13:12 +02:00