forked from pool/openssl-1_1
1434a42e91
OpenSSL Security Advisory [12 June 2018]
* Reject excessively large primes in DH key generation
(bsc#1097158, CVE-2018-0732)
* Make EVP_PKEY_asn1_new() a bit stricter about its input
* Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
* Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
* Increase the number of Miller-Rabin rounds for DSA key generating to 64.
* Add blinding to ECDSA and DSA signatures to protect against side channel
attacks
* When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
* Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
* Fixed a text canonicalisation bug in CMS
- drop patches (upstream):
* 0001-Limit-scope-of-CN-name-constraints.patch
* 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
* 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
* 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
- refresh patches:
* openssl-1.1.0-fips.patch
* openssl-disable_rsa_keygen_tests_with_small_modulus.patch
- rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch
as it now only includes changes to the fips code
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=17
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch | ||
| 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch | ||
| 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch | ||
| 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch | ||
| 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch | ||
| 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch | ||
| 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch | ||
| 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch | ||
| 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch | ||
| 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch | ||
| 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch | ||
| 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch | ||
| 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch | ||
| baselibs.conf | ||
| openssl-1_1.changes | ||
| openssl-1_1.spec | ||
| openssl-1.0.1e-add-suse-default-cipher.patch | ||
| openssl-1.0.1e-add-test-suse-default-cipher-suite.patch | ||
| openssl-1.1.0-fips.patch | ||
| openssl-1.1.0-no-html.patch | ||
| openssl-1.1.0i.tar.gz | ||
| openssl-1.1.0i.tar.gz.asc | ||
| openssl-CVE-2018-0737-fips.patch | ||
| openssl-disable_rsa_keygen_tests_with_small_modulus.patch | ||
| openssl-fips_disallow_ENGINE_loading.patch | ||
| openssl-fips-clearerror.patch | ||
| openssl-fips-dont_run_FIPS_module_installed.patch | ||
| openssl-fips-dont-fall-back-to-default-digest.patch | ||
| openssl-fips-fix-odd-rsakeybits.patch | ||
| openssl-fips-rsagen-d-bits.patch | ||
| openssl-fips-selftests_in_nonfips_mode.patch | ||
| openssl-no-date.patch | ||
| openssl-pkgconfig.patch | ||
| openssl-ppc64-config.patch | ||
| openssl-rsakeygen-minimum-distance.patch | ||
| openssl-static-deps.patch | ||
| openssl-truststore.patch | ||
| openssl-urandom-reseeding.patch | ||
| openssl.keyring | ||
| showciphers.c | ||