Security update for openssl-1_1
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
Various FIPS related improvements were done:
- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).
- Port FIPS patches from SLE-12 (bsc#1158101).
- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1157775
FIPS: openssl: Backport SSH KDF to openssl (jsc#SLE-8789)
bnc#1155346
FIPS: openssl: fips_check_rsa: Pairwise consistency test should use SHA2
bnc#1158809
VUL-1: CVE-2019-1551: openssl: Integer overflow in RSAZ modular exponentiation on x86_64
bnc#1158101
FIPS: openssl: Reinstate FIPS patches from SLE-12
