Overview

File _patchinfo of Package patchinfo.25966

<patchinfo incident="25966">
  <issue tracker="bnc" id="1180995">L3: openssl s_server fails when FIPS is enabled ref:_00D1igLOd._5001iXhsJE:ref</issue>
  <issue tracker="bnc" id="1203069">FIPS: OpenSSL: Add KAT for the RAND_DRBG implementation</issue>
  <issue tracker="bnc" id="1190888">[SLES15SP4][SECURITY][FIPS][Build 39.1] openssl list FIPS disapproved Hash while system working in fips mode</issue>
  <issue tracker="bnc" id="1190653">FIPS: OpenSSL Provide methods to zeroize all unprotected SSPs and key components</issue>
  <issue tracker="bnc" id="1193859">[SLES15SP4][Build 74.1][SECURITY][FIPS] openssl error output about digital envelope routines:EVP_DigestInit_ex:disabled for FIPS:crypto/evp/digest.c:135</issue>
  <issue tracker="bnc" id="1201293">FIPS: openssl: RAND api should call into FIPS DRBG</issue>
  <issue tracker="bnc" id="1121365">[FIPS] OpenSSL X25519 algorithm is still approved in fips mode</issue>
  <issue tracker="bnc" id="1203046">FIPS: OpenSSL: Memory leak in OpenSSL when FIPS mode is enabled</issue>
  <issue tracker="bnc" id="1190651">FIPS: OpenSSL Provide a service-level indicator</issue>
  <issue tracker="bnc" id="1198472">[SLES15SP4][SECURITY][FIPS][Build 117.1][ppc64le][manual] openssl list public key algorithms that is not allowed while system working in fips mode</issue>
  <issue tracker="bnc" id="1198471">[SLES15SP4][SECURITY][FIPS][Build 117.1][ppc64le][manual] openssl list FIPS disapproved digest algorithms while system working in fips mode</issue>
  <issue tracker="bnc" id="1202148">FIPS: OpenSSL: Port openssl to use jitterentropy</issue>
  <issue tracker="jsc" id="SLE-24941"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for openssl-1_1</summary>
  <description>This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
  [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
  * The FIPS_drbg implementation is not FIPS validated anymore. To
    provide backwards compatibility for applications that need FIPS
    compliant RNG number generation and use FIPS_drbg_generate,
    this function was re-wired to call the FIPS validated DRBG
    instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
  libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
  function FIPSCHECK_verify(). [bsc#1190653]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places