rpms/openssl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
363 Commits 35 Branches 198 Tags 8.3 MiB
837dd04882
Commit Graph

363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomas Mraz
837dd04882 minor upstream release 1.0.2c fixing multiple security issues 2015-06-15 18:23:46 +02:00
Peter Robinson
18455c91c0 Add aarch64 sslarch details 2015-05-07 16:04:05 +01:00
Tomas Mraz
e4bf425a79 fix some 64 bit build targets 2015-05-07 12:01:04 +02:00
Tomas Mraz
d743a79756 add alternative certificate chain discovery support from upstream 2015-04-28 17:10:52 +02:00
Tomas Mraz
a1fb602a95 rebase to 1.0.2 branch 2015-04-23 13:57:26 +02:00
Tomas Mraz
805c06e347 drop the AES-GCM restriction of 2^32 operations 
The IV is always 96 bits (32 bit fixed field + 64 bit invocation field).
 2015-04-09 13:10:25 +02:00
Tomas Mraz
729d2d0e11 Multiple security issues fixed. 
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
 2015-03-19 18:08:12 +01:00
Tomas Mraz
446f9bea43 fix bug in the CRYPTO_128_unwrap() 2015-03-16 18:02:06 +01:00
Tomas Mraz
303fb7be60 fix bug in the RFC 5649 support (#1185878) 2015-02-27 16:03:52 +01:00
Till Maas
1804d4c857 Rebuilt for Fedora 23 Change 
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
 2015-02-21 22:15:20 +01:00
Tomas Mraz
6a450be963 test in the non-FIPS RSA keygen for minimal distance of p and q 
similarly to the FIPS RSA keygen
 2015-01-16 16:16:14 +01:00
Tomas Mraz
7e7e3f299f new upstream release fixing multiple security issues 2015-01-09 10:54:51 +01:00
Tomas Mraz
8c1cdfe3ab Fix date in changelog. 2014-11-20 11:14:35 +01:00
Tomas Mraz
80b5477597 disable SSLv3 by default again 
Mail servers and possibly LDAP servers should probably allow
it explicitly by SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3) call
for buggy legacy clients on the smtps, imaps, and ldaps ports.
 2014-11-20 10:25:56 +01:00
Tomas Mraz
3f43f7e93a update the FIPS RSA keygen to be FIPS 186-4 compliant 2014-10-21 16:02:25 +02:00
Tomas Mraz
0a961bb5e3 new upstream release fixing multiple security issues 2014-10-16 14:02:00 +02:00
Tomas Mraz
613f664141 new upstream release fixing multiple security issues 2014-10-16 13:50:08 +02:00
Tomas Mraz
1f162bf2ee copy negotiated digests when switching certs by SNI (#1150032) 2014-10-10 14:16:48 +02:00
Tomas Mraz
11aeae71ed add support for RFC 5649 2014-09-08 15:22:44 +02:00
Peter Robinson
58eec73ac0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:44 +00:00
Tomas Mraz
0e8cc69f30 Make the fips_standalone_sha build on PPC. 2014-08-14 14:48:26 +02:00
Tomas Mraz
a577400ed8 drop RSA X9.31 from RSA FIPS selftests 
- add Power 8 optimalizations
 2014-08-13 20:03:17 +02:00
Tomas Mraz
638098da51 Merge branch 'master' into f21 
Conflicts:
	openssl.spec
 2014-08-07 16:16:19 +02:00
Tomas Mraz
a78828f786 new upstream release fixing multiple moderate security issues 
- for now disable only SSLv2 by default
 2014-08-07 16:00:47 +02:00
Tom Callaway
a751492d12 fix license handling 2014-07-18 19:31:40 -04:00
Tom Callaway
6c0bfa087d fix license handling 2014-07-18 19:31:16 -04:00
Tomas Mraz
c66230af31 Sign the test string in the pairwise check instead of empty data. 
Author: Marcus Meissner <meissner@suse.de>
 2014-07-04 17:08:44 +02:00
Tomas Mraz
6466466115 disable SSLv2 and SSLv3 protocols by default 
(can be enabled via appropriate SSL_CTX_clear_options() call)
 2014-06-30 14:21:11 +02:00
Tomas Mraz
873dc4a466 And never call fclose with NULL parameter. 2014-06-11 16:21:37 +02:00
Tomas Mraz
9c4f375672 Cannot use malloc with OPENSSL_free. 2014-06-11 15:30:49 +02:00
Tomas Mraz
f550490681 use system profile for default cipher list 2014-06-11 15:07:06 +02:00
Tomas Mraz
a98d99a503 fix CVE-2014-0224 fix that broke EAP-FAST session resumption support 
- make FIPS mode keygen bit length restriction enforced only when
  OPENSSL_ENFORCE_MODULUS_BITS is set
 2014-06-10 16:38:56 +02:00
Dennis Gilmore
0a491cd9f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:02:05 -05:00
Tomas Mraz
360a4bb67c new upstream release 1.0.1h 2014-06-05 15:05:17 +02:00
Peter Robinson
b5f54ff916 Drop obsolete and irrelevant docs, Move devel docs to appropriate package, they're all rather large and of little use for all but historical reference 2014-05-31 22:49:33 +01:00
Tomas Mraz
0376d8368c new upstream release 1.0.1g 
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
 2014-05-07 11:42:32 +02:00
Dennis Gilmore
e55cd2c0e4 pull in upstream patch for CVE-2014-0160 
- removed CHANGES file portion from patch for expediency
 2014-04-07 19:20:31 -05:00
Tomas Mraz
239d122765 add support for ppc64le architecture (#1072633) 2014-04-03 16:24:35 +02:00
Tomas Mraz
477d4a1758 properly detect encryption failure in BIO 
- use 2048 bit RSA key in FIPS selftests
 2014-03-17 17:22:08 +01:00
Tomas Mraz
423ab177c8 use the key length from configuration file if req -newkey rsa is invoked 2014-02-14 16:24:31 +01:00
Tomas Mraz
3f8863c3cd Avoid unnecessary reseeding in BN_rand in FIPS mode. 2014-02-13 16:54:43 +01:00
Tomas Mraz
165cee17b3 Remove obsolete sentence. 2014-02-13 16:17:58 +01:00
Tomas Mraz
a9591c7f1f Add macro for performance build on certain arches. 2014-02-12 16:58:49 +01:00
Tomas Mraz
24632bb1db print ephemeral key size negotiated in TLS handshake (#1057715) 
- add DH_compute_key_padded needed for FIPS CAVS testing
 2014-02-12 16:20:03 +01:00
Tomas Mraz
abe62302b2 make expiration and key length changeable by DAYS and KEYLEN 
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
 2014-02-06 18:07:59 +01:00
Tomas Mraz
40825564d8 make 3des strength to be 128 bits instead of 168 (#1056616) 2014-01-22 17:57:22 +01:00
Tomas Mraz
519fe2cc24 Two security fixes 
- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
 2014-01-07 15:09:40 +01:00
Tomas Mraz
c5b74d70a3 dh->q might be NULL. 2014-01-07 11:57:56 +01:00
Tomas Mraz
8978637f3b fix CVE-2013-6449 - crash when version in SSL structure is incorrect 
- more FIPS validation requirement changes
 2013-12-20 14:14:15 +01:00
Tomas Mraz
5713696953 Additional FIPS requirements changes. 2013-12-19 17:42:43 +01:00