openSUSE Build Service

Recommended update for openssl-1_1

This update for openssl-1_1 fixes the following issues:

This update backports various bugfixes for FIPS:

- Restore private key check in EC_KEY_check_key [bsc#1177479]
- Add shared secret KAT to FIPS DH selftest [bsc#1175847]
- Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847]
- Fix locking issue uncovered by python testsuite (bsc#1166848)
- Fix the sequence of locking operations in FIPS mode [bsc#1165534]
- Fix deadlock in FIPS rand code (bsc#1165281)
- Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569)
- Fix FIPS DRBG without derivation function (bsc#1161198)
- Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203)
- Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12
(bsc#1158499)

- Restore the EVP_PBE_scrypt() behavior from before the KDF patch
by treating salt=NULL as salt="" (bsc#1160158)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Submitted by Pedro Monreal Gonzalez (pmonrealgonzalez)

Fixed bugs

bnc#1163569

FIPS: openssl: Wrong return value of DSA and ECDH selftests

bnc#1161203

FIPS: openssl: enable TLS 1.0 in FIPS

bnc#1166848

FIPS: openssl-1_1 locking changes cause python3 testsuite hangs

bnc#1161198

FIPS: openssl: Incorrect CTR and HMAC DRBG results

bnc#1165281

openssl deadlock in FIPS mode while obtaining random seed

bnc#1177479

FIPS: openssl: regression in EC_KEY_check_key

bnc#1160158

FIPS: openssl regression makes nodejs testsuite fail

bnc#1158499

[Migration][Build 101.1] openQA test fails in resolve_dependency_issues - libopenssl-1_0_0-devel-1.0.2p-3.22.1.x86_64 conflicts with libopenssl-devel > 1.0.2p

bnc#1175847

FIPS: openssl: (EC)Diffie-Hellman requirements from SP800-56Arev3 SLE-15-SP0

bnc#1165534

openssl-1_1 breaks openssh on fips environment

Places

Fixed bugs

Selected Binaries

Places