pool/openssl-3
SHA256
3
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 908852 from security:tls:unstable

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/908852
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=28
This commit is contained in:
Pedro Monreal Gonzalez 2021-07-28 10:42:52 +00:00 committed by Git OBS Bridge
parent 687459c580
commit dac9bbe2ba
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
openssl-3.changes
View File

@ -93,6 +93,40 @@ Sat May 1 19:58:48 UTC 2021 - Jason Sikes <jsikes@suse.com>
to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
SM2 keys directly and must not create an EVP_PKEY_EC key first.
-------------------------------------------------------------------
Mon Apr 19 12:35:57 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.0.0 Alpha 14
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
-------------------------------------------------------------------
Wed Apr 14 17:55:21 UTC 2021 - Pedro Monreal <pmonreal@suse.com>