Pedro Monreal Gonzalez
30c6de24df
* Miscellaneous minor bug fixes.
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
- Rebase patches:
* openssl-FIPS-140-3-keychecks.patch
* openssl-FIPS-NO-DES-support.patch
* openssl-FIPS-enforce-EMS-support.patch
* openssl-disable-fipsinstall.patch
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=153
29 lines
1.2 KiB
Diff
29 lines
1.2 KiB
Diff
Index: openssl-3.5.0-beta1/Configurations/00-base-templates.conf
|
|
===================================================================
|
|
--- openssl-3.5.0-beta1.orig/Configurations/00-base-templates.conf
|
|
+++ openssl-3.5.0-beta1/Configurations/00-base-templates.conf
|
|
@@ -107,7 +107,7 @@ my %targets=(
|
|
ex_libs =>
|
|
sub {
|
|
my @libs = ();
|
|
- push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
|
|
+ push(@libs, "-l:libjitterentropy.so") if !defined($disabled{jitter});
|
|
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
|
|
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
|
|
push(@libs, "-lbrotlienc");
|
|
Index: openssl-3.5.0-beta1/apps/openssl.cnf
|
|
===================================================================
|
|
--- openssl-3.5.0-beta1.orig/apps/openssl.cnf
|
|
+++ openssl-3.5.0-beta1/apps/openssl.cnf
|
|
@@ -47,6 +47,10 @@ providers = provider_sect
|
|
# Load default TLS policy configuration
|
|
ssl_conf = ssl_module
|
|
alg_section = evp_properties
|
|
+random = random
|
|
+
|
|
+[random]
|
|
+seed=JITTER
|
|
|
|
[ evp_properties ]
|
|
# This section is intentionally added empty here to be tuned on particular systems
|