[ol9_baseos_latest] openssl-libs-1:3.0.1-47.0.1.el9_1.i686

OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

• Tue Feb 28 2023 EL Errata <el-errata_ww@oracle.com> - 3.0.1-47.0.1

  - Replace upstream references [Orabug: 34340177]

• Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-47

  - Fixed X.509 Name Constraints Read Buffer Overflow
    Resolves: CVE-2022-4203
  - Fixed Timing Oracle in RSA Decryption
    Resolves: CVE-2022-4304
  - Fixed Double free after calling PEM_read_bio_ex
    Resolves: CVE-2022-4450
  - Fixed Use-after-free following BIO_new_NDEF
    Resolves: CVE-2023-0215
  - Fixed Invalid pointer dereference in d2i_PKCS7 functions
    Resolves: CVE-2023-0216
  - Fixed NULL dereference validating DSA public key
    Resolves: CVE-2023-0217
  - Fixed X.400 address type confusion in X.509 GeneralName
    Resolves: CVE-2023-0286
  - Fixed NULL dereference during PKCS7 data verification
    Resolves: CVE-2023-0401

• Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-46

  - Refactor OpenSSL fips module MAC verification
    Resolves: rhbz#2158412
  - Disallow SHAKE in RSA-OAEP decryption in FIPS mode
    Resolves: rhbz#2144010

• Mon Nov 28 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-45

  - Add support of X25519 and X448 "group" parameter in EVP_PKEY_CTX objects
    Resolves: rhbz#2149010
  - Fix explicit indicator for PSS salt length in FIPS mode when used with
    negative magic values
    Resolves: rhbz#2144012
  - Update change to default PSS salt length with patch state from upstream 
    Related: rhbz#2144012

• Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44

  - SHAKE-128/256 are not allowed with RSA in FIPS mode
    Resolves: rhbz#2144010
  - Avoid memory leaks in TLS
    Resolves: rhbz#2144008
  - FIPS RSA CRT tests must use correct parameters
    Resolves: rhbz#2144006
  - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
    Resolves: rhbz#2144017
  - Remove support for X9.31 signature padding in FIPS mode
    Resolves: rhbz#2144015
  - Add explicit indicator for SP 800-108 KDFs with short key lengths
    Resolves: rhbz#2144019
  - Add explicit indicator for HMAC with short key lengths
    Resolves: rhbz#2144000
  - Set minimum password length for PBKDF2 in FIPS mode
    Resolves: rhbz#2144003
  - Add explicit indicator for PSS salt length in FIPS mode
    Resolves: rhbz#2144012
  - Clamp default PSS salt length to digest size for FIPS 186-4 compliance
    Related: rhbz#2144012
  - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
    Resolves: rhbz#2145170

• Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43

  - CVE-2022-3602: X.509 Email Address Buffer Overflow
  - CVE-2022-3786: X.509 Email Address Buffer Overflow
    Resolves: CVE-2022-3602

• Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42

  - CVE-2022-3602: X.509 Email Address Buffer Overflow
    Resolves: CVE-2022-3602 (rhbz#2137723)

• Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41

  - Zeroize public keys as required by FIPS 140-3
    Related: rhbz#2102542
  - Add FIPS indicator for HKDF
    Related: rhbz#2114772

• Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40

  - Deal with DH keys in FIPS mode according FIPS-140-3 requirements
    Related: rhbz#2102536
  - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
    Related: rhbz#2102537
  - Use signature for RSA pairwise test according FIPS-140-3 requirements
    Related: rhbz#2102540
  - Reseed all the parent DRBGs in chain on reseeding a DRBG
    Related: rhbz#2102541

• Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39

  - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
  - Use Use digest_sign & digest_verify in FIPS signature self test
  - Use FFDHE2048 in Diffie-Hellman FIPS self-test
    Resolves: rhbz#2102535