rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
459 Commits 35 Branches 198 Tags 8.3 MiB
Commit Graph

459 Commits

Author SHA1 Message Date
Tomas Mraz 12aab15a03 more fixes from upstream CVS 
- fix DSA key pairwise check (#878597)
 2012-11-20 22:33:42 +01:00
Tomas Mraz d8e7bfc73b Add the marker for required patch. 2012-11-19 17:43:07 +01:00
Tomas Mraz b7eb6f4a5f use 1024 bit DH parameters in s_server as 512 bit is not allowed 
in FIPS mode and it is quite weak anyway
 2012-11-15 21:11:36 +01:00
Tomas Mraz 79971bf194 Use secure_getenv() with new glibc. 2012-09-10 20:25:19 +02:00
Tomas Mraz c015bd1b1e add missing initialization of str in aes_ccm_init_key (#853963) 
- add important patches from upstream CVS
 2012-09-07 10:48:56 +02:00
Dennis Gilmore eaa5561c35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 02:06:56 -05:00
Tomas Mraz af044b4037 use __getenv_secure() instead of __libc_enable_secure 2012-07-13 22:21:05 +02:00
Tomas Mraz 72a1bddddc do not move libcrypto to /lib 
- do not use environment variables if __libc_enable_secure is on
- fix strict aliasing problems in modes
 2012-07-13 14:30:31 +02:00
Tomas Mraz c2e3151786 do not move libcrypto to /lib 
- do not use environment variables if __libc_enable_secure is on
- fix strict aliasing problems in modes
 2012-07-13 14:23:34 +02:00
Tomas Mraz 55a3598cc7 fix DSA key generation in FIPS mode (#833866) 
- allow duplicate FIPS_mode_set(1)
- enable build on ppc64 subarch (#834652)
 2012-07-12 21:59:56 +02:00
Tomas Mraz 5183d32904 Make it build with new Perl 2012-07-12 00:35:57 +02:00
Tomas Mraz 254f85a5c0 fix s_server with new glibc when no global IPv6 address (#839031) 2012-07-12 00:05:11 +02:00
Tomas Mraz 18ccae20f6 fix s_server with new glibc when no global IPv6 address (#839031) 2012-07-12 00:04:06 +02:00
Tomas Mraz 5e74bace82 new upstream version 2012-05-15 19:40:22 +02:00
Tomas Mraz 651215c12b new upstream version 2012-05-15 19:37:55 +02:00
Tomas Mraz 5eb4589d83 new upstream version 2012-04-26 18:10:52 +02:00
Tomas Mraz 6a4bd67710 new upstream version fixing CVE-2012-2110 2012-04-20 12:30:37 +02:00
Tomas Mraz e8c18345a4 new upstream version fixing CVE-2012-2110 2012-04-20 12:24:39 +02:00
Tomas Mraz d46b44c249 add Kerberos 5 libraries to pkgconfig for static linking (#807050) 2012-04-11 16:33:03 +02:00
Tomas Mraz d7587a26b6 backports from upstream CVS 
fix segfault when /dev/urandom is not available (#809586)
 2012-04-05 19:56:49 +02:00
Tomas Mraz 0f0ab24176 new upstream release 2012-03-14 21:38:58 +01:00
Tomas Mraz 0aa7d61151 add obsoletes to assist multilib updates (#799636) 2012-03-05 10:51:13 +01:00
Tomas Mraz 00c4986d53 new upstream release from the 1.0.1 branch 
- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)
 2012-02-29 21:54:08 +01:00
Tomas Mraz ad05b50537 New upstream release from the 1.0.1 branch, ABI compatible 
- also add documentation for the -no_ign_eof option
 2012-02-07 13:46:42 +01:00
Tomas Mraz d91aea8890 new upstream release fixing CVE-2012-0050 - DoS regression in 
DTLS support introduced by the previous release (#782795)
 2012-01-19 16:48:48 +01:00
Peter Robinson 48bba71e16 mktemp was long obsoleted by coreutils 2012-01-11 10:41:37 +00:00
Tomas Mraz ea51fee99f Add the new sources. 2012-01-05 16:57:03 +01:00
Tomas Mraz 628d7e4989 new upstream release fixing multiple CVEs 2012-01-05 15:14:10 +01:00
Tomas Mraz ea1d432ecf new upstream release fixing multiple CVEs 2012-01-05 15:13:25 +01:00
Tomas Mraz c28bd1cc5f Make the non-upstream tarball comment more clear. 2011-11-25 16:32:43 +01:00
Tomas Mraz 497f2d674c move the libraries needed for static linking to Libs.private 2011-11-22 11:53:40 +01:00
Tomas Mraz 6f65ffce68 do not use AVX instructions when osxsave bit not set 
add direct known answer tests for SHA2 algorithms
 2011-11-03 10:18:52 +01:00
Tomas Mraz e4008f0b0e fix missing initialization of variable in CHIL engine 2011-09-21 17:34:13 +02:00
Tomas Mraz edb70644c7 Remove unused patch. 2011-09-07 20:35:33 +02:00
Tomas Mraz 3447c41c99 new upstream release fixing CVE-2011-3207 (#736088) 2011-09-07 18:27:06 +02:00
Tomas Mraz 4c970c62c5 drop the separate engine for Intel acceleration improvements 
and merge in the AES-NI, SHA1, and RC4 optimizations
add support for OPENSSL_DISABLE_AES_NI environment variable
that disables the AES-NI support
 2011-08-24 13:12:33 +02:00
Tomas Mraz 0ed17c0652 correct openssl cms help output (#636266) 
more tolerant starttls detection in XMPP protocol (#608239)
 2011-07-26 13:02:17 +02:00
Tomas Mraz 5c4fc08e4d add support for newest Intel acceleration improvements backported 
from upstream by Intel in form of a separate engine
 2011-07-20 14:56:21 +02:00
Tomas Mraz f4fb8490a9 allow the AES-NI engine in the FIPS mode 2011-06-09 16:22:08 +02:00
Tomas Mraz 19062db533 add API necessary for CAVS testing of the new DSA parameter generation 2011-05-24 14:57:29 +02:00
Tomas Mraz 0b4cee3bc2 Allow easier rebuilds on some multilib arches. 2011-05-19 10:34:38 +02:00
Tomas Mraz 138493a921 add support for VIA Padlock on 64bit arch from upstream (#617539) 
do not return bogus values from load_certs (#652286)
 2011-04-28 21:58:56 +02:00
Tomas Mraz 8d20fec281 clarify apps help texts for available digest algorithms (#693858) 2011-04-05 21:24:01 +02:00
Tomas Mraz 76952b7e2b Updated FIPS documentation. 2011-02-10 16:32:07 +01:00
Tomas Mraz 1caf3ae072 - new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability) 2011-02-10 15:41:44 +01:00
Dennis Gilmore ccc6e6f1c6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 21:34:08 -06:00
Tomas Mraz 65ebbaecc7 - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
  to allow using MD5 when the system is in the maintenance state
  even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode
 2011-02-04 15:27:28 +01:00
Tomas Mraz 15fad7109b - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
  to allow using MD5 when the system is in the maintenance state
  even if the /proc fips flag is on
 2011-02-04 15:14:18 +01:00
Tomas Mraz 09127ac54a - listen on ipv6 wildcard in s_server so we accept connections 
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
  with FIPS allowed ciphers
 2011-01-24 17:41:43 +01:00
Tomas Mraz 540056f0e0 Correct patent expiry dates, in case of ECC more conservative estimate 2011-01-04 08:19:15 +01:00