[ol8_developer_EPEL] openssl3-3.2.1-1.2.el8.x86_64

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

Changelog (Show File list) (Show related packages)

• Thu May 02 2024 Michel Lind <salimma@fedoraproject.org> - 3.2.1-1.2

  - Drop openssl-fips-provider requirement, accidentally included due to incorrect gating

• Mon Apr 22 2024 Michel Lind <salimma@fedoraproject.org> - 3.2.1-1.1

  - Merge c9s openssl changes to pick up CVE fixes

• Wed Apr 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-1

  - Rebasing OpenSSL to 3.2.1
    Resolves: RHEL-26271

• Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27

  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Related: RHEL-23474

• Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26

  - Avoid implicit function declaration when building openssl
    Related: RHEL-1780
  - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
    Resolves: RHEL-17104
  - Add a directory for OpenSSL providers configuration
    Resolves: RHEL-17193
  - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
    Resolves: RHEL-19515
  - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
    Resolves: RHEL-21151
  - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
    Resolves: RHEL-21654
  - SSL ECDHE Kex fails when pkcs11 engine is set in config file
    Resolves: RHEL-20249
  - Denial of service via null dereference in PKCS#12
    Resolves: RHEL-22486
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Resolves: RHEL-23474

• Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25

  - Provide relevant diagnostics when FIPS checksum is corrupted
    Resolves: RHEL-5317
  - Don't limit using SHA1 in KDFs in non-FIPS mode.
    Resolves: RHEL-5295
  - Provide empty evp_properties section in main OpenSSL configuration file
    Resolves: RHEL-11439
  - Avoid implicit function declaration when building openssl
    Resolves: RHEL-1780
  - Forbid explicit curves when created via EVP_PKEY_fromdata
    Resolves: RHEL-5304
  - AES-SIV cipher implementation contains a bug that causes it to ignore empty
    associated data entries (CVE-2023-2975)
    Resolves: RHEL-5302
  - Excessive time spent checking DH keys and parameters (CVE-2023-3446)
    Resolves: RHEL-5306
  - Excessive time spent checking DH q parameter value (CVE-2023-3817)
    Resolves: RHEL-5308
  - Fix incorrect cipher key and IV length processing (CVE-2023-5363)
    Resolves: RHEL-13251
  - Switch explicit FIPS indicator for RSA-OAEP to approved following
    clarification with CMVP
    Resolves: RHEL-14083
  - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
    Resolves: RHEL-14083
  - Add missing ECDH Public Key Check in FIPS mode
    Resolves: RHEL-15990
  - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
    Resolves: RHEL-15954

• Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24

  - Make FIPS module configuration more crypto-policies friendly
    Related: rhbz#2216256

• Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23

  - Add a workaround for lack of EMS in FIPS mode
    Resolves: rhbz#2216256

• Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22

  - Remove unsupported curves from nist_curves.
    Resolves: rhbz#2069336

• Mon Jun 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-21

  - Remove the listing of brainpool curves in FIPS mode.
    Related: rhbz#2188180