Secure Sockets and Transport Layer Security
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
- Developed at security:tls
- Sources inherited from project openSUSE:Factory
-
8
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:ARM:Factory:Contrib:ILP32/openssl && cd $_
- Create Badge
Source Files
Revision 116 (latest revision is 171)
- 0005-libssl-Hide-library-private-symbols.patch Update to hide more symbols that are not part of the public API - openssl-gcc-attributes.patch BUF_memdup also needs attribute alloc_size as it returns memory of size of the second parameter. - openssl-ocloexec.patch Update, accept() also needs O_CLOEXEC. - 0009-Fix-double-frees.patch, 0017-Double-free-in-i2o_ECPublicKey.patch fix various double frees (from upstream) - 012-Fix-eckey_priv_encode.patch eckey_priv_encode should return an error inmediately on failure of i2d_ECPrivateKey (from upstream) - 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch From libressl, modified to work on linux systems that do not have funopen() but fopencookie() instead. Once upon a time, OS didn't have snprintf, which caused openssl to bundle a *printf implementation. We know better nowadays, the glibc implementation has buffer overflow checking, has sane failure modes deal properly with threads, signals..etc.. - build with -fno-common as well. (forwarded request 232752 from elvigia)
Comments 10
Can anyone explain, openssl-1.0.2i-new-fips-reqs.patch is for what and which code based ? I'm unable to map to any code base either openssl-1.0.2i nor openssl-fips which found in https://www.openssl.org/
It is from a seperate FIPS patchset which we used for FIPS certification of openssl in SLES 12 and SLES 12 SP2.
Can i get the source copy of it ?
check out these sources: SUSE:SLE-12-SP2:Update openssl
I'm sorry, couldn't able to locate the exact link. If you don't mind can you help me to point the link ?
https://build.opensuse.org/package/show/SUSE:SLE-12:Update/openssl
Thanks a lot. anyway i can't find openssl-1.0.2i-new-fips-reqs.patch in this path of any updation. I think it's been deleted, prior to this can find openssl-1.0.1i-new-fips-reqs.patch.
make that https://build.opensuse.org/package/show/SUSE:SLE-12-SP2:Update/openssl
Thank you, got it. Basically the New requirements of FIPS 140-2 RSA/DSA were adopted from Red Hat Inc right ?
The patchset is largely from Redhat, we did some small adaptions to even stricter FIPS requirements but I do not recall the details.