openssl-3/openssl-3.1.0.tar.gz.asc

Accepting request 1071820 from security:tls:unstable - Update to 3.1.0: * Add FIPS provider configuration option to enforce the Extended Master Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can optionally be supplied to 'openssl fipsinstall'. * The FIPS provider includes a few non-approved algorithms for backward compatibility purposes and the "fips=yes" property query must be used for all algorithm fetches to ensure FIPS compliance. The algorithms that are included but not approved are Triple DES ECB, Triple DES CBC and EdDSA. * Added support for KMAC in KBKDF. * RNDR and RNDRRS support in provider functions to provide random number generation for Arm CPUs (aarch64). * s_client and s_server apps now explicitly say when the TLS version does not include the renegotiation mechanism. This avoids confusion between that scenario versus when the TLS version includes secure renegotiation but the peer lacks support for it. * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. * The various OBJ_* functions have been made thread safe. * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors. * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding type-specific function definitions for these functions regardless of whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may start receiving deprecation warnings for these functions regardless of whether they are using them. It is recommended that users transition to the new macro, DEFINE_LHASH_OF_EX. OBS-URL: https://build.opensuse.org/request/show/1071820 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=57 2023-03-14 17:01:30 +01:00			`-----BEGIN PGP SIGNATURE-----`

			`iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmQQb54ACgkQ2cTSbQ5g`
			`RJGINAf9EsijdAcZ3BlsmP+HAt0oOhq2hrRru1Wd/KZ7pGJBVtitmVPPKiegRyL3`
			`/Y0zgnQvGQvBTQhTWRsT7Rp1LJc8q6P7KPMfh3jDYIk9p/bjI9w7LXOglXmUJQQ1`
			`aUu++AoVTxGjr7dpdLP80W+MJmdhp9Z3EqDU3Jrumada8JX/v25Y6V7nBX+e6xmB`
			`xn6acau1eKDFLOFgJ9aXTXwmHk17xWUw7dcW6RB9bQAMlLB3p/7Jkk4bJZU8eQ7t`
			`eCCZVSudH4kILogoPHGjU7XETYRa27b+djpWguGRIv2faqr65KP7JZUpl6LFiH1M`
			`087Nc1+uKdHfpps3OO6HIGcmf+ZrLQ==`
			`=bdJW`
			`-----END PGP SIGNATURE-----`