Overview

File _patchinfo of Package patchinfo.28620

<patchinfo incident="28620">
  <issue tracker="bnc" id="1210359">FIPS 140-3: fips enabled openssl + openssl-ibmca engine + fips enable libica fails TLS connections</issue>
  <issue tracker="bnc" id="1210058">SLES 15 SP4 - A timing-based side channel exists in the IBMCA provider (openssl-ibmca)</issue>
  <packager>ngueorguiev</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for openssl-ibmca</summary>
  <description>This update for openssl-ibmca fixes the following issues:

Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) 

- Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)


- FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places