Revisions of openssl-3
buildservice-autocommit
accepted
request 1126089
from
Otto Hollmann (ohollmann)
(revision 19)
Otto Hollmann (ohollmann)
(revision 19)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 18)
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
Otto Hollmann (ohollmann)
committed
(revision 17)
- Update to 3.1.4:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
[bsc#1216163, CVE-2023-5363].
- Performance enhancements for cryptography from OpenSSL 3.2
[jsc#PED-5086, jsc#PED-3514]
* Add patches:
- openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
- openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
- openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
- openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
- openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
- openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
- FIPS: Add the FIPS_mode() compatibility macro and flag support.
* Add patches:
- openssl-Add-FIPS_mode-compatibility-macro.patch
- openssl-Add-Kernel-FIPS-mode-flag-support.patch
Otto Hollmann (ohollmann)
committed
(revision 16)
Otto Hollmann (ohollmann)
committed
(revision 15)
Otto Hollmann (ohollmann)
committed
(revision 14)
buildservice-autocommit
accepted
request 1112471
from
Otto Hollmann (ohollmann)
(revision 13)
Otto Hollmann (ohollmann)
(revision 13)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 12)
- Update to 3.1.3:
* Fix POLY1305 MAC implementation corrupting XMM registers on
Windows (CVE-2023-4807)
Otto Hollmann (ohollmann)
committed
(revision 11)
- Update to 3.1.1:
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
(CVE-2023-2650, bsc#1211430)
* Multiple algorithm implementation fixes for ARM BE platforms.
* Added a -pedantic option to fipsinstall that adjusts the various settings
to ensure strict FIPS compliance rather than backwards compatibility.
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped. Thanks to Anton
Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
* Add FIPS provider configuration option to disallow the use of truncated
digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
option '-no_drbg_truncated_digests' can optionally be supplied
to 'openssl fipsinstall'.
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
it does not enable policy checking. Thanks to David Benjamin for
discovering this issue. (CVE-2023-0466, bsc#1209873)
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are
skipped for that certificate. A malicious CA could use this to
deliberately assert invalid certificate policies in order to circumvent
policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
* Limited the number of nodes created in a policy tree to mitigate against
CVE-2023-0464. The default limit is set to 1000 nodes, which should be
sufficient for most installations. If required, the limit can be adjusted
by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
desired maximum number of nodes or zero to allow unlimited growth.
(CVE-2023-0464, bsc#1209624)
* Update openssl.keyring with key
Otto Hollmann (ohollmann)
accepted
request 1087222
from
Otto Hollmann (ohollmann)
(revision 10)
- Add support for Windows CA certificate store [bsc#1209430] https://github.com/openssl/openssl/pull/18070 * Add openssl-Add_support_for_Windows_CA_certificate_store.patch
buildservice-autocommit
accepted
request 1075338
from
Otto Hollmann (ohollmann)
(revision 9)
Otto Hollmann (ohollmann)
(revision 9)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 8)
- Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch
buildservice-autocommit
accepted
request 1074731
from
Otto Hollmann (ohollmann)
(revision 7)
Otto Hollmann (ohollmann)
(revision 7)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 6)
- Fix compiler error "initializer element is not constant" on s390 * Add openssl-z16-s390x.patch
buildservice-autocommit
accepted
request 1074653
from
Otto Hollmann (ohollmann)
(revision 5)
Otto Hollmann (ohollmann)
(revision 5)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 4)
Otto Hollmann (ohollmann)
committed
(revision 3)
- Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch
Otto Hollmann (ohollmann)
committed
(revision 1)
Displaying revisions 41 - 59 of 59
