Revisions of openssl-3
buildservice-autocommit
accepted
request 1126089
from
Otto Hollmann (ohollmann)
(revision 19)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 18)
- Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch
Otto Hollmann (ohollmann)
committed
(revision 17)
- Update to 3.1.4: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length [bsc#1216163, CVE-2023-5363]. - Performance enhancements for cryptography from OpenSSL 3.2 [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - FIPS: Add the FIPS_mode() compatibility macro and flag support. * Add patches: - openssl-Add-FIPS_mode-compatibility-macro.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch
Otto Hollmann (ohollmann)
committed
(revision 16)
Otto Hollmann (ohollmann)
committed
(revision 15)
Otto Hollmann (ohollmann)
committed
(revision 14)
buildservice-autocommit
accepted
request 1112471
from
Otto Hollmann (ohollmann)
(revision 13)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 12)
- Update to 3.1.3: * Fix POLY1305 MAC implementation corrupting XMM registers on Windows (CVE-2023-4807)
Otto Hollmann (ohollmann)
committed
(revision 11)
- Update to 3.1.1: * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate (CVE-2023-2650, bsc#1211430) * Multiple algorithm implementation fixes for ARM BE platforms. * Added a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can trigger a crash of an application using AES-XTS decryption if the memory just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714) * Add FIPS provider configuration option to disallow the use of truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The option '-no_drbg_truncated_digests' can optionally be supplied to 'openssl fipsinstall'. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Update openssl.keyring with key
Otto Hollmann (ohollmann)
accepted
request 1087222
from
Otto Hollmann (ohollmann)
(revision 10)
- Add support for Windows CA certificate store [bsc#1209430] https://github.com/openssl/openssl/pull/18070 * Add openssl-Add_support_for_Windows_CA_certificate_store.patch
buildservice-autocommit
accepted
request 1075338
from
Otto Hollmann (ohollmann)
(revision 9)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 8)
- Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch
buildservice-autocommit
accepted
request 1074731
from
Otto Hollmann (ohollmann)
(revision 7)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 6)
- Fix compiler error "initializer element is not constant" on s390 * Add openssl-z16-s390x.patch
buildservice-autocommit
accepted
request 1074653
from
Otto Hollmann (ohollmann)
(revision 5)
baserev update by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 4)
Otto Hollmann (ohollmann)
committed
(revision 3)
- Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch
Otto Hollmann (ohollmann)
committed
(revision 2)
- Pass over with spec-cleaner
Otto Hollmann (ohollmann)
committed
(revision 1)
Displaying revisions 41 - 59 of 59