* SHA-1 is not allowed anymore in FIPS 186-5 for signature
verification operations. After 12/31/2030, NIST will disallow
SHA-1 for all of its usages.
* Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
- FIPS: RSA keygen PCT requirements.
* Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the
self-test requirements are covered by do_rsa_pct() for both
RSA-OAEP and RSA signatures [bsc#1221760]
* Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753]
* Add openssl-3-FIPS-PCT_rsa_keygen.patch
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode. [bsc#1220523]
* Rebase openssl-Force-FIPS.patch
- FIPS: Port openssl to use jitterentropy [bsc#1220523]
* Set the module in error state if the jitter RNG fails either on
initialization or entropy gathering because health tests failed.
* Add jitterentropy as a seeding source output also in crypto/info.c
* Move the jitter entropy collector and the associated lock out
of the header file to avoid redefinitions.
* Add the fips_local.cnf symlink to the spec file. This simlink
points to the openssl_fips.config file that is provided by the
crypto-policies package.
* Rebase openssl-3-jitterentropy-3.4.0.patch
* Rebase openssl-FIPS-enforce-EMS-support.patch
- FIPS: Block non-Approved Elliptic Curves [bsc#1221786]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=110
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
OBS-URL: https://build.opensuse.org/request/show/1189030
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=107
- Add migration script to move old files (bsc#1219562)
/etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave
/etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave
They will be later restored by openssl-1_1 package
to engines1.1.d and engdef1.1.d
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
OBS-URL: https://build.opensuse.org/request/show/1144625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=20
- Encapsulate the fips provider into a new package called
libopenssl-3-fips-provider.
- Added openssl-3-use-include-directive.patch so that the default
/etc/ssl/openssl.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
the above patch and two symbolic links to above directories.
[bsc#1194187, bsc#1207472, bsc#1218933]
- Security fix: [bsc#1218810, CVE-2023-6237]
* Limit the execution time of RSA public key check
* Add openssl-CVE-2023-6237.patch
- Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
to openssl-crypto-policies-support.patch
- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch
- Load the FIPS provider and set FIPS properties implicitly.
* Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
* Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
* openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
* openssl-Disable-default-provider-for-test-suite.patch
OBS-URL: https://build.opensuse.org/request/show/1142584
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=19
- Added openssl-3-use-include-directive.patch so that the default
/etc/ssl/openssl.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
the above patch and two symbolic links to above directories.
[bsc#1194187, bsc#1207472, bsc#1218933]
- Replace our reverted commit with an upstream version
* rename openssl-Revert-Makefile-Call-mknum.pl-on-make-ordinals-only-if.patch
to openssl-Remove-the-source-directory-.num-targets.patch
OBS-URL: https://build.opensuse.org/request/show/1141236
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=88
- Update to 3.2.0:
* The BLAKE2b hash algorithm supports a configurable output length
by setting the "size" parameter.
* Enable extra Arm64 optimization on Windows for GHASH, RAND and
AES.
* Added a function to delete objects from store by URI -
OSSL_STORE_delete() and the corresponding provider-storemgmt API
function OSSL_FUNC_store_delete().
* Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to
pass a passphrase callback when opening a store.
* Changed the default salt length used by PBES2 KDF's (PBKDF2 and
scrypt) from 8 bytes to 16 bytes. The PKCS5 (RFC 8018) standard
uses a 64 bit salt length for PBE, and recommends a minimum of 64
bits for PBES2. For FIPS compliance PBKDF2 requires a salt length
of 128 bits. This affects OpenSSL command line applications such
as "genrsa" and "pkcs8" and API's such as
PEM_write_bio_PrivateKey() that are reliant on the default value.
The additional commandline option 'saltlen' has been added to the
OpenSSL command line applications for "pkcs8" and "enc" to allow
the salt length to be set to a non default value.
* Changed the default value of the ess_cert_id_alg configuration
option which is used to calculate the TSA's public key
certificate identifier. The default algorithm is updated to be
sha256 instead of sha1.
* Added optimization for SM2 algorithm on aarch64. It uses a huge
precomputed table for point multiplication of the base point,
which increases the size of libcrypto from 4.4 MB to 4.9 MB. A
new configure option no-sm2-precomp has been added to disable the
precomputed table.
* Added client side support for QUIC
OBS-URL: https://build.opensuse.org/request/show/1129505
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=80
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
OBS-URL: https://build.opensuse.org/request/show/1126784
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=18
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
OBS-URL: https://build.opensuse.org/request/show/1126089
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=78
- Update to 3.1.4:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
[bsc#1216163, CVE-2023-5363].
- Performance enhancements for cryptography from OpenSSL 3.2
[jsc#PED-5086, jsc#PED-3514]
* Add patches:
- openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
- openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
- openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
- openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
- openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
- openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
- FIPS: Add the FIPS_mode() compatibility macro and flag support.
* Add patches:
- openssl-Add-FIPS_mode-compatibility-macro.patch
- openssl-Add-Kernel-FIPS-mode-flag-support.patch
OBS-URL: https://build.opensuse.org/request/show/1120189
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=17
- Update to 3.1.2:
* Fix excessive time spent checking DH q parameter value
(bsc#1213853, CVE-2023-3817). The function DH_check() performs
various checks on DH parameters. After fixing CVE-2023-3446 it
was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A
correct q value, if present, cannot be larger than the modulus
p parameter, thus it is unnecessary to perform these checks if
q is larger than p. If DH_check() is called with such q parameter
value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
computationally intensive checks are skipped.
* Fix DH_check() excessive time with over sized modulus
(bsc#1213487, CVE-2023-3446). The function DH_check() performs
various checks on DH parameters. One of those checks confirms
that the modulus ("p" parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length. However the
DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the
supplied modulus value even if it has already been found to be
too large. A new limit has been added to DH_check of 32,768 bits.
Supplying a key/parameters with a modulus over this size will
simply cause DH_check() to fail.
* Do not ignore empty associated data entries with AES-SIV
(bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for
authentication of multiple associated data entries along with the
encryption. To authenticate empty data the application has to call
EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as
the output buffer and 0 as the input buffer length. The AES-SIV
implementation in OpenSSL just returns success for such call
OBS-URL: https://build.opensuse.org/request/show/1101930
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=70
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
OBS-URL: https://build.opensuse.org/request/show/1099662
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=68
- Update to 3.1.1:
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
(CVE-2023-2650, bsc#1211430)
* Multiple algorithm implementation fixes for ARM BE platforms.
* Added a -pedantic option to fipsinstall that adjusts the various settings
to ensure strict FIPS compliance rather than backwards compatibility.
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped. Thanks to Anton
Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
* Add FIPS provider configuration option to disallow the use of truncated
digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
option '-no_drbg_truncated_digests' can optionally be supplied
to 'openssl fipsinstall'.
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
it does not enable policy checking. Thanks to David Benjamin for
discovering this issue. (CVE-2023-0466, bsc#1209873)
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are
skipped for that certificate. A malicious CA could use this to
deliberately assert invalid certificate policies in order to circumvent
policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
* Limited the number of nodes created in a policy tree to mitigate against
CVE-2023-0464. The default limit is set to 1000 nodes, which should be
sufficient for most installations. If required, the limit can be adjusted
by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
desired maximum number of nodes or zero to allow unlimited growth.
(CVE-2023-0464, bsc#1209624)
* Update openssl.keyring with key
OBS-URL: https://build.opensuse.org/request/show/1089933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=11
