pool/openssl-3
SHA256
11
0
Fork 2
Code Issues Pull Requests Activity
Files
97acb0832fcd3ac66f67ace4dbd95e7642d5418b5b8d55e74282babf5beebdf2
openssl-3/openssl-FIPS-SUSE-FIPS-module-version.patch
Pedro Monreal Gonzalez 8a00581af4 - Update to 3.5.0: 
* Changes:
    - Default encryption cipher for the req, cms, and smime applications
      changed from des-ede3-cbc to aes-256-cbc.
    - The default TLS supported groups list has been changed to include
      and prefer hybrid PQC KEM groups. Some practically unused groups
      were removed from the default list.
    - The default TLS keyshares have been changed to offer X25519MLKEM768
      and and X25519.
    - All BIO_meth_get_*() functions were deprecated.
  * New features:
    - Support for server side QUIC (RFC 9000)
    - Support for 3rd party QUIC stacks including 0-RTT support
    - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
    - A new configuration option no-tls-deprecated-ec to disable support
      for TLS groups deprecated in RFC8422
    - A new configuration option enable-fips-jitter to make the FIPS
      provider to use the JITTER seed source
    - Support for central key generation in CMP
    - Support added for opaque symmetric key objects (EVP_SKEY)
    - Support for multiple TLS keyshares and improved TLS key establishment
      group configurability
    - API support for pipelining in provided cipher algorithms
  * Remove patches:
    - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
    - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
    - openssl-3-add-defines-CPACF-funcs.patch
    - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
    - openssl-3-add-xof-state-handling-s3_absorb.patch
    - openssl-3-fix-state-handling-sha3_absorb_s390x.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=139
2025-04-16 13:02:20 +00:00

30 lines
1.4 KiB
Diff
Raw Blame History

Index: openssl-3.5.0-beta1/providers/fips/fipsprov.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/fips/fipsprov.c
+++ openssl-3.5.0-beta1/providers/fips/fipsprov.c
@@ -195,18 +195,21 @@ static const OSSL_PARAM *fips_gettable_p
static int fips_get_params(void *provctx, OSSL_PARAM params[])
{
+ #define SUSE_FIPS_VENDOR "SUSE Linux Enterprise - OpenSSL FIPS Provider"
+ #define SUSE_FIPS_VERSION "SUSE Release"
+
OSSL_PARAM *p;
FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx),
OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_FIPS_VENDOR))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_FIPS_VERSION))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_FIPS_VERSION))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
Reference in New Issue View Git Blame Copy Permalink