rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
335 Commits 35 Branches 198 Tags 8.3 MiB
Commit Graph

276 Commits

Author SHA1 Message Date
Tomas Mraz f550490681 use system profile for default cipher list 2014-06-11 15:07:06 +02:00
Tomas Mraz a98d99a503 fix CVE-2014-0224 fix that broke EAP-FAST session resumption support 
- make FIPS mode keygen bit length restriction enforced only when
  OPENSSL_ENFORCE_MODULUS_BITS is set
 2014-06-10 16:38:56 +02:00
Dennis Gilmore 0a491cd9f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:02:05 -05:00
Tomas Mraz 360a4bb67c new upstream release 1.0.1h 2014-06-05 15:05:17 +02:00
Peter Robinson b5f54ff916 Drop obsolete and irrelevant docs, Move devel docs to appropriate package, they're all rather large and of little use for all but historical reference 2014-05-31 22:49:33 +01:00
Tomas Mraz 0376d8368c new upstream release 1.0.1g 
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
 2014-05-07 11:42:32 +02:00
Dennis Gilmore e55cd2c0e4 pull in upstream patch for CVE-2014-0160 
- removed CHANGES file portion from patch for expediency
 2014-04-07 19:20:31 -05:00
Tomas Mraz 239d122765 add support for ppc64le architecture (#1072633) 2014-04-03 16:24:35 +02:00
Tomas Mraz 477d4a1758 properly detect encryption failure in BIO 
- use 2048 bit RSA key in FIPS selftests
 2014-03-17 17:22:08 +01:00
Tomas Mraz 423ab177c8 use the key length from configuration file if req -newkey rsa is invoked 2014-02-14 16:24:31 +01:00
Tomas Mraz a9591c7f1f Add macro for performance build on certain arches. 2014-02-12 16:58:49 +01:00
Tomas Mraz 24632bb1db print ephemeral key size negotiated in TLS handshake (#1057715) 
- add DH_compute_key_padded needed for FIPS CAVS testing
 2014-02-12 16:20:03 +01:00
Tomas Mraz abe62302b2 make expiration and key length changeable by DAYS and KEYLEN 
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
 2014-02-06 18:07:59 +01:00
Tomas Mraz 40825564d8 make 3des strength to be 128 bits instead of 168 (#1056616) 2014-01-22 17:57:22 +01:00
Tomas Mraz 519fe2cc24 Two security fixes 
- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
 2014-01-07 15:09:40 +01:00
Tomas Mraz 8978637f3b fix CVE-2013-6449 - crash when version in SSL structure is incorrect 
- more FIPS validation requirement changes
 2013-12-20 14:14:15 +01:00
Tomas Mraz dc728e2d8b drop weak ciphers from the default TLS ciphersuite list 
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes
 2013-12-18 15:55:26 +01:00
Tomas Mraz ad237d19e6 fix locking and reseeding problems with FIPS drbg 2013-11-19 14:52:30 +01:00
Tomas Mraz e64d4ea7bb additional changes required for FIPS validation 2013-11-15 16:13:44 +01:00
Tomas Mraz dcd0fb1ec9 disable verification of certificate, CRL, and OCSP signatures using MD5 
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
 2013-11-13 19:42:54 +01:00
Tomas Mraz 83d99a68af add back support for secp521r1 EC curve 
- add aarch64 to Configure (#969692)
 2013-11-08 18:16:49 +01:00
Tomas Mraz 5714047e75 fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346) 2013-10-29 16:24:08 +01:00
Tomas Mraz eca676db7a do not advertise ECC curves we do not support (#1022493) 2013-10-24 10:40:18 +02:00
Tomas Mraz b3551463ca only ECC NIST Suite B curves support 
- drop -fips subpackage
 2013-10-16 14:37:51 +02:00
Tom Callaway 1f19ac14f9 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:08:35 +01:00
Tomas Mraz 7ae1dc1df9 Bump release 2013-09-27 15:46:03 +02:00
Tomas Mraz 4e423c3c50 make DTLS1 work in FIPS mode 
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
 2013-09-27 15:43:51 +02:00
Tomas Mraz df94661da5 avoid dlopening libssl.so from libcrypto (#1010357) 2013-09-23 18:30:01 +02:00
Tomas Mraz 372f3ac997 fix small memory leak in FIPS aes selftest 2013-09-20 16:04:50 +02:00
Tomas Mraz 8c28623e94 fix segfault in openssl speed hmac in the FIPS mode 2013-09-19 15:16:50 +02:00
Tomas Mraz 30ebb4d732 document the nextprotoneg option in manual pages 
original patch by Hubert Kario
 2013-09-12 10:39:33 +02:00
Tomas Mraz ae08b15c89 document the nextprotoneg option in manual pages 
original patch by Hubert Kario
 2013-09-12 10:23:34 +02:00
Kyle McMartin cb069618e7 arm: use auxv to figure out armcap.c instead of using signals (#1006474) 2013-09-11 10:36:42 -04:00
Tomas Mraz eb63cc63df try to avoid some races when updating the -fips subpackage 2013-09-04 13:53:38 +02:00
Tomas Mraz 850ca72b9a use version-release in .hmac suffix to avoid overwrite during upgrade 2013-09-02 15:02:18 +02:00
Tomas Mraz b5d2711ab6 allow deinitialization of the FIPS mode 2013-08-29 16:41:24 +02:00
Tomas Mraz 1465572e17 always perform the FIPS selftests in library constructor 
if FIPS module is installed
 2013-08-29 11:45:04 +02:00
Tomas Mraz bb2f3882f2 add -fips subpackage that contains the FIPS module files 2013-08-27 16:03:43 +02:00
Tomas Mraz 9c324da28e fix use of rdrand if available 
- more commits cherry picked from upstream
- documentation fixes
 2013-08-16 16:06:51 +02:00
Petr Písař a254940dd1 Perl 5.18 rebuild 2013-08-03 12:05:42 +02:00
Tomas Mraz acdf8a62f6 use symbol versioning also for the textual version 
- additional manual page fix
 2013-07-26 13:16:10 +02:00
Tomas Mraz 9b36f08da8 additional manual page fixes 2013-07-25 15:14:25 +02:00
Tomas Mraz 653e1efa34 use _prefix macro 2013-07-19 11:46:56 +02:00
Petr Písař 49a1fc761b Perl 5.18 rebuild 2013-07-17 16:32:50 +02:00
Tomas Mraz 7ccde74773 add openssl.cnf.5 manpage symlink to config.5 2013-07-11 10:44:55 +02:00
Tomas Mraz 9555809e80 add relro linking flag 2013-07-10 17:54:24 +02:00
Tomas Mraz 30aa9303c7 add support for the -trusted_first option for certificate chain verification 2013-07-10 11:02:41 +02:00
Tomas Mraz dad6e3ee78 fix build of manual pages with current pod2man (#959439) 2013-05-03 18:38:28 +02:00
Peter Robinson 6705192b85 Enable ARM optimised build 2013-04-21 14:33:34 +01:00
Tomas Mraz 64e30c5369 fix random bad record mac errors (#918981) 2013-03-18 21:34:18 +01:00