Secure Sockets and Transport Layer Security
https://www.openssl.org/
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.
- Developed at security:tls
- Sources inherited from project openSUSE:Factory
-
7
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.0:Staging:FactoryCandidates/openssl-3 && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| baselibs.conf | 0000000453 453 Bytes | |
| openssl-3.1.1.tar.gz | 0015544757 14.8 MB | |
| openssl-3.1.1.tar.gz.asc | 0000000833 833 Bytes | |
| openssl-3.changes | 0000067792 66.2 KB | |
| openssl-3.spec | 0000010253 10 KB | |
|
openssl-Add-support-for-PROFILE-SYSTEM-system-defa |
0000011407 11.1 KB | |
|
openssl-Add_support_for_Windows_CA_certificate_sto |
0000025970 25.4 KB | |
| openssl-DEFAULT_SUSE_cipher.patch | 0000003016 2.95 KB | |
|
openssl-Override-default-paths-for-the-CA-director |
0000001140 1.11 KB | |
| openssl-no-date.patch | 0000000492 492 Bytes | |
| openssl-no-html-docs.patch | 0000000643 643 Bytes | |
| openssl-pkgconfig.patch | 0000000987 987 Bytes | |
| openssl-ppc64-config.patch | 0000001432 1.4 KB | |
| openssl-truststore.patch | 0000000942 942 Bytes | |
| openssl-z16-s390x.patch | 0000005592 5.46 KB | |
| openssl.keyring | 0000007297 7.13 KB | |
| showciphers.c | 0000000625 625 Bytes |
Revision 11 (latest revision is 34)
Dominique Leuenberger (dimstar_suse)
accepted
request 1089933
from
Otto Hollmann (ohollmann)
(revision 11)
- Update to 3.1.1:
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
(CVE-2023-2650, bsc#1211430)
* Multiple algorithm implementation fixes for ARM BE platforms.
* Added a -pedantic option to fipsinstall that adjusts the various settings
to ensure strict FIPS compliance rather than backwards compatibility.
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped. Thanks to Anton
Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
* Add FIPS provider configuration option to disallow the use of truncated
digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
option '-no_drbg_truncated_digests' can optionally be supplied
to 'openssl fipsinstall'.
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
it does not enable policy checking. Thanks to David Benjamin for
discovering this issue. (CVE-2023-0466, bsc#1209873)
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are
skipped for that certificate. A malicious CA could use this to
deliberately assert invalid certificate policies in order to circumvent
policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
* Limited the number of nodes created in a policy tree to mitigate against
CVE-2023-0464. The default limit is set to 1000 nodes, which should be
sufficient for most installations. If required, the limit can be adjusted
by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
desired maximum number of nodes or zero to allow unlimited growth.
(CVE-2023-0464, bsc#1209624)
* Update openssl.keyring with key
Comments 0