Revisions of openssl-3

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1144625 from Otto Hollmann's avatar Otto Hollmann (ohollmann) (revision 20)
- Add migration script to move old files (bsc#1219562)
  /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave
  /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave
  They will be later restored by openssl-1_1 package
  to engines1.1.d and engdef1.1.d

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1142584 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 19)
- Encapsulate the fips provider into a new package called
  libopenssl-3-fips-provider.

- Added openssl-3-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines3.d/ and
  /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
  and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
  the above patch and two symbolic links to above directories.
  [bsc#1194187, bsc#1207472, bsc#1218933]

- Security fix: [bsc#1218810, CVE-2023-6237]
  * Limit the execution time of RSA public key check
  * Add openssl-CVE-2023-6237.patch

- Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
  to openssl-crypto-policies-support.patch

- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch

- Load the FIPS provider and set FIPS properties implicitly.
  * Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
  * Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
  * openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
  * openssl-Disable-default-provider-for-test-suite.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1126784 from Otto Hollmann's avatar Otto Hollmann (ohollmann) (revision 18)
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1120189 from Otto Hollmann's avatar Otto Hollmann (ohollmann) (revision 17)
- Update to 3.1.4:
  * Fix incorrect key and IV resizing issues when calling
    EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
    with OSSL_PARAM parameters that alter the key or IV length
    [bsc#1216163, CVE-2023-5363].

- Performance enhancements for cryptography from OpenSSL 3.2
  [jsc#PED-5086, jsc#PED-3514]
  * Add patches:
    - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
    - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
    - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
    - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
    - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
    - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch

- FIPS: Add the FIPS_mode() compatibility macro and flag support.
  * Add patches:
    - openssl-Add-FIPS_mode-compatibility-macro.patch
    - openssl-Add-Kernel-FIPS-mode-flag-support.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1118892 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 16)
Automatic submission by obs-autosubmit
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1113690 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 15)
Automatic submission by obs-autosubmit
Displaying revisions 1 - 20 of 32
openSUSE Build Service is sponsored by