Overview

File _patchinfo of Package patchinfo.17236

<patchinfo incident="17236">
  <issue tracker="bnc" id="1163569">FIPS: openssl: Wrong return value of DSA and ECDH selftests</issue>
  <issue tracker="bnc" id="1161203">FIPS: openssl: enable TLS 1.0 in FIPS</issue>
  <issue tracker="bnc" id="1166848">FIPS: openssl-1_1 locking changes cause python3 testsuite hangs</issue>
  <issue tracker="bnc" id="1161198">FIPS: openssl: Incorrect CTR and HMAC DRBG results</issue>
  <issue tracker="bnc" id="1165281">openssl deadlock in FIPS mode while obtaining random seed</issue>
  <issue tracker="bnc" id="1177479">FIPS: openssl: regression in EC_KEY_check_key</issue>
  <issue tracker="bnc" id="1160158">FIPS: openssl regression makes nodejs testsuite fail</issue>
  <issue tracker="bnc" id="1158499">[Migration][Build 101.1] openQA test fails in resolve_dependency_issues - libopenssl-1_0_0-devel-1.0.2p-3.22.1.x86_64 conflicts with libopenssl-devel &gt; 1.0.2p</issue>
  <issue tracker="bnc" id="1175847">FIPS: openssl: (EC)Diffie-Hellman requirements from SP800-56Arev3 SLE-15-SP0</issue>
  <issue tracker="bnc" id="1165534">openssl-1_1 breaks openssh on fips environment</issue>
  <issue tracker="jsc" id="SLE-8789"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for openssl-1_1</summary>
  <description>This update for openssl-1_1 fixes the following issues:

This update backports various bugfixes for FIPS:

- Restore private key check in EC_KEY_check_key [bsc#1177479]
- Add shared secret KAT to FIPS DH selftest [bsc#1175847]
- Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847]
- Fix locking issue uncovered by python testsuite (bsc#1166848)
- Fix the sequence of locking operations in FIPS mode [bsc#1165534]
- Fix deadlock in FIPS rand code (bsc#1165281)
- Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569)
- Fix FIPS DRBG without derivation function (bsc#1161198)
- Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203)
- Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12
  (bsc#1158499)

- Restore the EVP_PBE_scrypt() behavior from before the KDF patch
  by treating salt=NULL as salt="" (bsc#1160158)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places