| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: openssl-3 | Distribution: openSUSE Tumbleweed | 
| Version: 3.5.3 | Vendor: openSUSE | 
| Release: 1.1 | Build date: Wed Sep 17 02:56:31 2025 | 
| Group: Unspecified | Build host: reproducible | 
| Size: 3089508 | Source RPM: openssl-3-3.5.3-1.1.src.rpm | 
| Packager: http://bugs.opensuse.org | |
| Url: https://www.openssl.org/ | |
| Summary: Secure Sockets and Transport Layer Security | |
OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols.
Apache-2.0
* Wed Sep 17 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 3.5.3:
    * Added FIPS 140-3 PCT on DH key generation.
    * Fixed the synthesised OPENSSL_VERSION_NUMBER.
  - Rebase patches:
    * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
    * openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
    * openssl-FIPS-limit-rsa-encrypt.patch
* Tue Aug 05 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 3.5.2:
    * Miscellaneous minor bug fixes.
    * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
      This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
  - Rebase patches:
    * openssl-FIPS-140-3-keychecks.patch
    * openssl-FIPS-NO-DES-support.patch
    * openssl-FIPS-enforce-EMS-support.patch
    * openssl-disable-fipsinstall.patch
  - Move ssl configuration files to the libopenssl package [bsc#1247463]
  - Don't install unneeded NOTES
* Wed Jul 30 2025 Pedro Monreal <pmonreal@suse.com>
  - Disable LTO for userspace livepatching [jsc#PED-13245]
* Mon Jul 28 2025 Andreas Schwab <schwab@suse.de>
  - Use termios instead of obsolete termio
* Mon Jul 07 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 3.5.1:
    * Fix x509 application adds trusted use instead of rejected use.
      [bsc#1243564, CVE-2025-4575]
  - Remove patches:
    * openssl-Fix-P384-on-P8-targets.patch
    * openssl-CVE-2025-4575.patch
  - Rebase patches:
    * openssl-Allow-disabling-of-SHA1-signatures.patch
    * openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
    * openssl-FIPS-NO-DES-support.patch
  - Fix a bogus warning caused by -Wfree-nonheap-object
    * Add patch openssl-Fix-Wfree-nonheap-object-warning.patch
* Thu May 29 2025 Pedro Monreal <pmonreal@suse.com>
  - Fix P-384 curve on lower-than-P9 PPC64 targets [bsc#1243014]
    * Add openssl-Fix-P384-on-P8-targets.patch [a72f753c]
* Mon May 26 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Security fix: [bsc#1243564, CVE-2025-4575]
    * Fix the x509 application adding trusted use instead of rejected use
    * Add openssl-CVE-2025-4575.patch
* Thu May 15 2025 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Fix the speed command in FIPS mode for KMAC
    * Add openssl-FIPS-Fix-openssl-speed-KMAC.patch
* Mon May 12 2025 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Restore the check to deny SHA1 signatures in FIPS mode and
    the functionality to allow/deny via crypto-policies. [jsc#PED-12224]
    * Remove openssl-rh-allow-sha1-signatures.patch
    * Add patches:
    - openssl-Allow-disabling-of-SHA1-signatures.patch
    - openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
    - openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
* Fri Apr 04 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 3.5.0:
    * Security fixes:
    - [bsc#1243459, CVE-2025-27587] Minerva side channel vulnerability in P-384
    * Changes:
    - Default encryption cipher for the req, cms, and smime applications
      changed from des-ede3-cbc to aes-256-cbc.
    - The default TLS supported groups list has been changed to include
      and prefer hybrid PQC KEM groups. Some practically unused groups
      were removed from the default list.
    - The default TLS keyshares have been changed to offer X25519MLKEM768
      and and X25519.
    - All BIO_meth_get_*() functions were deprecated.
    * New features:
    - Support for server side QUIC (RFC 9000)
    - Support for 3rd party QUIC stacks including 0-RTT support
    - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
    - A new configuration option no-tls-deprecated-ec to disable support
      for TLS groups deprecated in RFC8422
    - A new configuration option enable-fips-jitter to make the FIPS
      provider to use the JITTER seed source
    - Support for central key generation in CMP
    - Support added for opaque symmetric key objects (EVP_SKEY)
    - Support for multiple TLS keyshares and improved TLS key establishment
      group configurability
    - API support for pipelining in provided cipher algorithms
    * Remove patches:
    - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
    - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
    - openssl-3-add-defines-CPACF-funcs.patch
    - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
    - openssl-3-add-xof-state-handling-s3_absorb.patch
    - openssl-3-fix-state-handling-sha3_absorb_s390x.patch
    - openssl-3-fix-s390x_shake_squeeze.patch
    - openssl-3-hw-acceleration-aes-xts-s390x.patch
    - openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
    - openssl-3-fix-state-handling-keccak_final_s390x.patch
    - openssl-3-add-hw-acceleration-hmac.patch
    - openssl-3-fix-state-handling-sha3_final_s390x.patch
    - openssl-3-fix-hmac-digest-detection-s390x.patch
    - openssl-3-support-multiple-sha3_squeeze_s390x.patch
    - openssl-3-fix-sha3-squeeze-ppc64.patch
    - openssl-3-fix-s390x_sha3_absorb.patch
    - openssl-3-fix-state-handling-shake_final_s390x.patch
    - openssl-3-add_EVP_DigestSqueeze_api.patch
    - openssl-FIPS-enforce-security-checks-during-initialization.patch
    - openssl-FIPS-140-3-zeroization.patch
    - openssl-FIPS-Add-explicit-indicator-for-key-length.patch
    - openssl-FIPS-Mark-SHA1-as-nonapproved.patch
    - openssl-Remove-EC-curves.patch
    - openssl-FIPS-services-minimize.patch
    - openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
    - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
    - openssl-3-fix-quic_multistream_test.patch
    - openssl-3-jitterentropy-3.4.0.patch
    - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
    - openssl-FIPS-140-3-DRBG.patch
    - openssl-FIPS-Use-FFDHE2048-in-self-test.patch
    - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
    - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
    - openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
    - openssl-FIPS-enforce-EMS-support.patch
    - openssl-Allow-disabling-of-SHA1-signatures.patch
    - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
    * Rebased patches:
    - openssl-pkgconfig.patch
    - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    - openssl-Add-Kernel-FIPS-mode-flag-support.patch
    - openssl-Force-FIPS.patch
    - openssl-disable-fipsinstall.patch
    - openssl-FIPS-embed-hmac.patch
    - openssl-Add-changes-to-ectest-and-eccurve.patch
    - openssl-Disable-explicit-ec.patch
    - openssl-skipped-tests-EC-curves.patch
    - openssl-FIPS-140-3-keychecks.patch
    - openssl-FIPS-early-KATS.patch
    - openssl-FIPS-limit-rsa-encrypt.patch
    - openssl-FIPS-Expose-a-FIPS-indicator.patch
    - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
    - openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
    - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
    - openssl-FIPS-RSA-disable-shake.patch
    - openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
    - openssl-FIPS-Enforce-error-state.patch
    - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
    - openssl-FIPS-enforce-EMS-support.patch
    - openssl-TESTS-Disable-default-provider-crypto-policies.patch
    - openssl-skip-quic-pairwise.patch
    * Add patches:
    - openssl-FIPS-Fix-encoder-decoder-negative-test.patch
    - openssl-FIPS-SUSE-FIPS-module-version.patch
    - openssl-FIPS-EC-disable-weak-curves.patch
    - openssl-FIPS-NO-DES-support.patch
    - openssl-FIPS-NO-DSA-Support.patch
    - openssl-FIPS-NO-Kmac.patch
    - openssl-FIPS-NO-PQ-ML-SLH-DSA.patch
    - openssl-shared-jitterentropy.patch
    - openssl-rh-allow-sha1-signatures.patch
    - openssl-disable-75-test_quicapi-test.patch
  - Changes between 3.3.0 and 3.4.0:
    * Changes:
    - Deprecation of TS_VERIFY_CTX_set_* functions and addition of
      replacement TS_VERIFY_CTX_set0_* functions with improved semantics
    - The X25519 and X448 key exchange implementation in the FIPS provider
      is unapproved and has fips=no property.
    - SHAKE-128 and SHAKE-256 implementations have no default digest length
      anymore. That means these algorithms cannot be used with
      EVP_DigestFinal/_ex() unless the xoflen param is set before.
    - Setting config_diagnostics=1 in the config file will cause errors to
      be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an
      error in the ssl module configuration.
    - An empty renegotiate extension will be used in TLS client hellos
      instead of the empty renegotiation SCSV, for all connections with a
      minimum TLS version > 1.0.
    - Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and
      SSL_CTX_flush_sessions() functions in favor of their respective _ex
      functions which are Y2038-safe on platforms with Y2038-safe time_t
    * New features:
    - Support for directly fetched composite signature algorithms such as
      RSA-SHA2-256 including new API functions
    - FIPS indicators support in the FIPS provider and various updates of
      the FIPS provider required for future FIPS 140-3 validations
    - Implementation of RFC 9579 (PBMAC1) in PKCS#12
    - An optional additional random seed source RNG JITTER using a statically
      linked jitterentropy library
    - New options -not_before and -not_after for explicit setting start and
      end dates of certificates created with the req and x509 apps
    - Support for integrity-only cipher suites TLS_SHA256_SHA256 and
      TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150
    - Support for retrieving certificate request templates and CRLs in CMP
    - Support for additional X.509v3 extensions related to Attribute Certificates
    - Initial Attribute Certificate (RFC 5755) support
    - Possibility to customize ECC groups initialization to use precomputed
      values to save CPU time and use of this feature by the P-256 implementation
  - Changes between 3.2.0 and 3.3.0:
    * Changes:
    - Optimized AES-CTR for ARM Neoverse V1 and V2
    - Various optimizations for cryptographic routines using RISC-V vector
      crypto extensions
    - Added assembly implementation for md5 on loongarch64
    - Accept longer context for TLS 1.2 exporters
    - The activate and soft_load configuration settings for providers in
      openssl.cnf have been updated to require a value of [1|yes|true|on]
      (in lower or UPPER case) to enable the setting. Conversely a value of
      [0|no|false|off] will disable the setting.
    - In openssl speed, changed the default hash function used with hmac from
      md5 to sha256.
    - The -verify option to the openssl crl and openssl req will make the
      program exit with 1 on failure.
    - The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(),
      and related functions have been augmented to check for a minimum length
      of the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
    - OPENSSL_sk_push() and sk__push() functions now return 0 instead of -1
      if called with a NULL stack argument.
    - New limit on HTTP response headers is introduced to HTTP client.
      The default limit is set to 256 header lines.
    * Bug fixes and mitigations:
    - The BIO_get_new_index() function can only be called 127 times before
      it reaches its upper bound of BIO_TYPE_MASK and will now return -1
      once its exhausted.
    * new features:
    - Support for qlog for tracing QUIC connections has been added
    - Added APIs to allow configuring the negotiated idle timeout for QUIC
      connections, and to allow determining the number of additional streams
      that can currently be created for a QUIC connection.
    - Added APIs to allow disabling implicit QUIC event processing for QUIC
      SSL objects
    - Added APIs to allow querying the size and utilisation of a QUIC
      stream's write buffer
    - New API SSL_write_ex2, which can be used to send an end-of-stream (FIN)
      condition in an optimised way when using QUIC.
    - Limited support for polling of QUIC connection and stream objects in a
      non-blocking manner.
    - Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
      times with different output sizes.
    - The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
      output length.
    - The EVP_PKEY_fromdata function has been augmented to allow for the
      derivation of CRT (Chinese Remainder Theorem) parameters when requested
    - Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
      using time_t which is Y2038 safe on 32 bit systems when 64 bit time
      is enabled.
    - Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
      config
      options and the respective calls to SSL[_CTX]_set1_sigalgs() and
      SSL[_CTX]_set1_client_sigalgs() that start with ? character are ignored
      and the configuration will still be used.
    - Added -set_issuer and -set_subject options to openssl x509 to override
      the Issuer and Subject when creating a certificate. The -subj option
      now is an alias for -set_subject.
    - Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
    - New option SSL_OP_PREFER_NO_DHE_KEX, which allows configuring a TLS1.3
      server to prefer session resumption using PSK-only key exchange over
      PSK with DHE, if both are available.
    - New atexit configuration switch, which controls whether the OPENSSL_cleanup
      is registered when libcrypto is unloaded.
    - Added X509_STORE_get1_objects to avoid issues with the existing
      X509_STORE_get0_objects API in multi-threaded applications.
    - Support for using certificate profiles and extened delayed delivery in CMP
* Fri Mar 21 2025 Lucas Mulling <lucas.mulling@suse.com>
  - FIPS: Mark SHA-1 as non-approved in the SLI. [jsc#PED-12224]
    * Add openssl-FIPS-Mark-SHA1-as-nonapproved.patch
* Wed Mar 05 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Introduce --without lto. When %{optflags} contains -flto=*, tests cases are
    also built using -flto=* which significantly increases build times, this
    option disables lto which improve iteration times when developing.
* Tue Feb 11 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 3.2.4:
    * Fixed RFC7250 handshakes with unauthenticated servers don't abort as
      expected. [bsc#1236599, CVE-2024-12797]
    * Fixed timing side-channel in ECDSA signature computation. [CVE-2024-13176]
    * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
      curve parameters. [CVE-2024-9143]
  - Remove patch openssl-CVE-2024-13176.patch
  - Rebase patches:
    * openssl-3-add_EVP_DigestSqueeze_api.patch
    * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
    * openssl-FIPS-RSA-encapsulate.patch
    * openssl-disable-fipsinstall.patch
* Wed Jan 22 2025 Lucas Mulling <lucas.mulling@suse.com>
  - bsc#1236136 CVE-2024-13176: Fix timing side-channel in ECDSA signature computation
    * Add patch openssl-CVE-2024-13176.patch
* Mon Dec 23 2024 Giuliano Belinassi <giuliano.belinassi@suse.com>
  - Add support for userspace livepatching on ppc64le (jsc#PED-11850).
  - Use gcc-13 for ppc64le.
* Tue Dec 17 2024 Pedro Monreal <pmonreal@suse.com>
  - Fix evp_properties section in the openssl.cnf file [bsc#1234647]
    * Rebase patches:
    - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    - openssl-TESTS-Disable-default-provider-crypto-policies.patch
* Tue Nov 12 2024 Pedro Monreal <pmonreal@suse.com>
  - Do not use HASHBANGPERL to avoid introducing a dependency on the
    perl-base package. [bsc#1233235]
* Thu Nov 07 2024 Angel Yankov <angel.yankov@suse.com>
  - Add missing fixes for SHA3_squeeze and quic_multistream_test on
    pcc64 arch. [jsc#PED-10280]
    * Added openssl-3-fix-sha3-squeeze-ppc64.patch
    * Added openssl-3-fix-quic_multistream_test.patch
* Tue Nov 05 2024 Angel Yankov <angel.yankov@suse.com>
  - Support MSA 11 HMAC on s390x [jsc#PED-10274]
    * Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
    * Add openssl-3-fix-hmac-digest-detection-s390x.patch
    * Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
* Tue Nov 05 2024 Angel Yankov <angel.yankov@suse.com>
  - Add hardware acceleration for full AES-XTS [jsc#PED-10273]
    * Add openssl-3-hw-acceleration-aes-xts-s390x.patch
* Fri Nov 01 2024 Angel Yankov <angel.yankov@suse.com>
  - Support MSA 12 SHA3 on s390x [jsc#PED-10280]
    * Add openssl-3-add_EVP_DigestSqueeze_api.patch
    * Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
    * Add openssl-3-add-xof-state-handling-s3_absorb.patch
    * Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
    * Add openssl-3-fix-state-handling-sha3_final_s390x.patch
    * Add openssl-3-fix-state-handling-shake_final_s390x.patch
    * Add openssl-3-fix-state-handling-keccak_final_s390x.patch
    * Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
    * Add openssl-3-add-defines-CPACF-funcs.patch
    * Add openssl-3-add-hw-acceleration-hmac.patch
    * Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
    * Add openssl-3-fix-s390x_sha3_absorb.patch
    * Add openssl-3-fix-s390x_shake_squeeze.patch
* Mon Oct 28 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.2.3:
    * Changes between 3.2.2 and 3.2.3:
    - Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
    - Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
    * Changes between 3.2.1 and 3.2.2:
    - Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
    - Fixed an issue where checking excessively long DSA keys or parameters may
      be very slow. [CVE-2024-4603]
    - Improved EC/DSA nonce generation routines to avoid bias and timing
      side channel leaks.
    - Fixed an issue where some non-default TLS server configurations can cause
      unbounded memory growth when processing TLSv1.3 sessions. [CVE-2024-2511]
    - New atexit configuration switch, which controls whether the OPENSSL_cleanup
      is registered when libcrypto is unloaded. This can be used on platforms
      where using atexit() from shared libraries causes crashes on exit.
    - Fixed bug where SSL_export_keying_material() could not be used with QUIC
      connections.
    * Add openssl-skip-quic-pairwise.patch to adapt the pairwise tests.
    * Merge openssl-FIPS-release_num_in_version_string.patch into
      openssl-FIPS-services-minimize.patch
    * Rebase patches:
    - openssl-Add-changes-to-ectest-and-eccurve.patch
    - openssl-FIPS-140-3-keychecks.patch
    - openssl-FIPS-embed-hmac.patch
    - openssl-Remove-EC-curves.patch
    - openssl-skipped-tests-EC-curves.patch
    - openssl-FIPS-early-KATS.patch
    - openssl-Allow-disabling-of-SHA1-signatures.patch
    - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
    - openssl-FIPS-limit-rsa-encrypt.patch
    - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
    - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
    - openssl-FIPS-140-3-DRBG.patch
    - openssl-FIPS-140-3-zeroization.patch
    - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
    - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
    - openssl-FIPS-Add-explicit-indicator-for-key-length.patch
    - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
    - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
    - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
    - openssl-FIPS-enforce-EMS-support.patch
    - openssl-3-jitterentropy-3.4.0.patch
    * Remove not needed patches:
    - openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
    - openssl-3-FIPS-PCT_rsa_keygen.patch
* Mon Oct 28 2024 Pedro Monreal <pmonreal@suse.com>
  - Remove the engines' directories and symlinks that were added to
    allow parallel installations with openssl-1_1.
    * Remove openssl-3-use-include-directive.patch
* Mon Oct 28 2024 Pedro Monreal <pmonreal@suse.com>
  - Remove the hardcoded DEFAULT_SUSE cipherlist selection.
    * Remove openssl-DEFAULT_SUSE_cipher.patch
* Fri Oct 25 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.2.1:
    * Changes between 3.2.0 and 3.2.1:
    - A file in PKCS12 format can contain certificates and keys and may come from
      an untrusted source. The PKCS12 specification allows certain fields to be
      NULL, but OpenSSL did not correctly check for this case. [CVE-2024-0727]
    - When function EVP_PKEY_public_check() is called on RSA public keys,
      a computation is done to confirm that the RSA modulus, n, is composite.
      For valid RSA keys, n is a product of two or more large primes and this
      computation completes quickly. However, if n is an overly large prime,
      then this computation would take a long time. [CVE-2023-6237]
    - Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
      have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
      rather than SM2.
    - The POLY1305 MAC (message authentication code) implementation in OpenSSL
      for PowerPC CPUs saves the contents of vector registers in different
      order than they are restored. [CVE-2023-6129]
    - Disable building QUIC server utility when OpenSSL is configured with 'no-apps'.
    * The openssl-crypto-policies-support.patch has been merged into
      openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    * Rename openssl-Disable-default-provider-for-test-suite.patch and rebase to
      openssl-TESTS-Disable-default-provider-crypto-policies.patch
    * Patches removed in the update:
    - openssl-Add_support_for_Windows_CA_certificate_store.patch
    - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
    - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
    - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
    - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
    - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
    - openssl-CVE-2024-41996.patch
    - openssl-CVE-2023-50782.patch
    - openssl-CVE-2024-9143.patch
    * Patches rebased:
    - openssl-3-use-include-directive.patch
    - openssl-Add-Kernel-FIPS-mode-flag-support.patch
    - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    - openssl-DEFAULT_SUSE_cipher.patch
    - openssl-FIPS-embed-hmac.patch
    - openssl-Force-FIPS.patch
    - openssl-load-legacy-provider.patch
    - openssl-no-html-docs.patch
    - openssl-pkgconfig.patch
    - openssl-ppc64-config.patch
    - openssl-truststore.patch
* Fri Oct 25 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.2.0:
    * Changes between 3.1.x and 3.2.0:
    - Fix excessive time spent in DH check/ generation with large Q parameter
      value. [CVE-2023-5678]
    - The BLAKE2b hash algorithm supports a configurable output length
      by setting the "size" parameter.
    - Added a function to delete objects from store by URI - OSSL_STORE_delete()
      and the corresponding provider-storemgmt API function OSSL_FUNC_store_delete().
    - Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to pass
      a passphrase callback when opening a store.
    - Changed the default salt length used by PBES2 KDF's (PBKDF2 and scrypt)
      from 8 bytes to 16 bytes.
    - Changed the default value of the 'ess_cert_id_alg' configuration
      option which is used to calculate the TSA's public key certificate
      identifier. The default algorithm is updated to be sha256 instead of sha1.
    - Added optimization for SM2 algorithm on aarch64. A new configure option
      'no-sm2-precomp' has been added to disable the precomputed table.
    - Added client side support for QUIC
    - Added secp384r1 implementation using Solinas' reduction to improve
      speed of the NIST P-384 elliptic curve. To enable the implementation
      the build option 'enable-ec_nistp_64_gcc_128' must be used.
    - Improved RFC7468 compliance of the asn1parse command.
    - Added SHA256/192 algorithm support.
    - Added support for securely getting root CA certificate update in CMP.
    - Improved contention on global write locks by using more read locks where
      appropriate.
    - Improved performance of OSSL_PARAM lookups in performance critical
      provider functions.
    - Added the SSL_get0_group_name() function to provide access to the
      name of the group used for the TLS key exchange.
    - Provide a new configure option 'no-http' that can be used to disable the
      HTTP support. Provide new configure options 'no-apps' and 'no-docs' to
      disable building the openssl command line application and the documentation.
    - Provide a new configure option 'no-ecx' that can be used to disable the
      X25519, X448, and EdDSA support.
    - When multiple OSSL_KDF_PARAM_INFO parameters are passed to
      the EVP_KDF_CTX_set_params() function they are now concatenated not just
      for the HKDF algorithm but also for SSKDF and X9.63 KDF algorithms.
    - Added OSSL_FUNC_keymgmt_im/export_types_ex() provider functions that get
      the provider context as a parameter.
    - TLS round-trip time calculation was added by a Brigham Young University
      Capstone team partnering with Sandia National Laboratories. A new function
      in ssl_lib titled SSL_get_handshake_rtt will calculate and retrieve this
      value.
    - Added the "-quic" option to s_client to enable connectivity to QUIC servers.
      QUIC requires the use of ALPN, so this must be specified via the "-alpn"
      option. Use of the "advanced" s_client command command via the "-adv" option
      is recommended.
    - Added an "advanced" command mode to s_client. Use this with the "-adv" option.
    - Add Raw Public Key (RFC7250) support.
    - Added support for modular exponentiation and CRT offloading for the
      S390x architecture.
    - Added further assembler code for the RISC-V architecture.
    - Added EC_GROUP_to_params() which creates an OSSL_PARAM array
      from a given EC_GROUP.
    - Improved support for non-default library contexts and property queries
      when parsing PKCS#12 files.
    - Implemented support for all five instances of EdDSA from RFC8032:
      Ed25519, Ed25519ctx, Ed25519ph, Ed448, and Ed448ph.
      The streaming is not yet supported for the HashEdDSA variants
      (Ed25519ph and Ed448ph).
    - Added SM4 optimization for ARM processors using ASIMD and AES HW instructions.
    - Implemented SM4-XTS support.
    - Added platform-agnostic OSSL_sleep() function.
    - Implemented deterministic ECDSA signatures (RFC6979) support.
    - Implemented AES-GCM-SIV (RFC8452) support.
    - Added support for pluggable (provider-based) TLS signature algorithms.
      This enables TLS 1.3 authentication operations with algorithms embedded
      in providers not included by default in OpenSSL. In combination with
      the already available pluggable KEM and X.509 support, this enables
      for example suitable providers to deliver post-quantum or quantum-safe
      cryptography to OpenSSL users.
    - Added support for pluggable (provider-based) CMS signature algorithms.
      This enables CMS sign and verify operations with algorithms embedded
      in providers not included by default in OpenSSL.
    - Implemented HPKE DHKEM support in providers used by HPKE (RFC9180) API.
    - Add support for certificate compression (RFC8879), including
      library support for Brotli and Zstandard compression.
    - Add the ability to add custom attributes to PKCS12 files. Add a new API
      PKCS12_create_ex2, identical to the existing PKCS12_create_ex but allows
      for a user specified callback and optional argument.
      Added a new PKCS12_SAFEBAG_set0_attr, which allows for a new attr to be
      added to the existing STACK_OF attrs.
    - Major refactor of the libssl record layer.
    - Add a mac salt length option for the pkcs12 command.
    - Add more SRTP protection profiles from RFC8723 and RFC8269.
    - Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload.
    - Add support for TCP Fast Open (RFC7413) to macOS, Linux, and FreeBSD where
      supported and enabled.
    - Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
      to the list of ciphersuites providing Perfect Forward Secrecy as
      required by SECLEVEL >= 3.
    - Add new SSL APIs to aid in efficiently implementing TLS/SSL fingerprinting.
      The SSL_CTRL_GET_IANA_GROUPS control code, exposed as the
      SSL_get0_iana_groups() function-like macro, retrieves the list of
      supported groups sent by the peer.
    - Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid()
      to make it possible to use empty passphrase strings.
    - The PKCS12_parse() function now supports MAC-less PKCS12 files.
    - Added ASYNC_set_mem_functions() and ASYNC_get_mem_functions() calls to be able
      to change functions used for allocating the memory of asynchronous call stack.
    - Added support for signed BIGNUMs in the OSSL_PARAM APIs.
    - A failure exit code is returned when using the openssl x509 command to check
      certificate attributes and the checks fail.
    - The default SSL/TLS security level has been changed from 1 to 2. RSA,
      DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys
      of 160 bits and above and less than 224 bits were previously accepted by
      default but are now no longer allowed. By default TLS compression was
      already disabled in previous OpenSSL versions. At security level 2 it cannot
      be enabled.
    - The SSL_CTX_set_cipher_list family functions now accept ciphers using their
      IANA standard names.
    - The PVK key derivation function has been moved from b2i_PVK_bio_ex() into
      the legacy crypto provider as an EVP_KDF. Applications requiring this KDF
      will need to load the legacy crypto provider.
    - CCM8 cipher suites in TLS have been downgraded to security level zero
      because they use a short authentication tag which lowers their strength.
    - Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
      by default. Also spaces surrounding '=' in DN output are removed.
    - Add X.509 certificate codeSigning purpose and related checks on key usage and
      extended key usage of the leaf certificate according to the CA/Browser Forum.
    - The 'x509', 'ca', and 'req' apps now produce X.509 v3 certificates.
      The '-x509v1' option of 'req' prefers generation of X.509 v1 certificates.
      'X509_sign()' and 'X509_sign_ctx()' make sure that the certificate has
      X.509 version 3 if the certificate information includes X.509 extensions.
    - Fix and extend certificate handling and the apps 'x509', 'verify' etc.
      such as adding a trace facility for debugging certificate chain building.
    - Various fixes and extensions to the CMP+CRMF implementation and the 'cmp' app
      in particular supporting requests for central key generation, generalized
      polling, and various types of genm/genp exchanges defined in CMP Updates.
    - Fixes and extensions to the HTTP client and to the HTTP server in 'apps/'
      like correcting the TLS and proxy support and adding tracing for debugging.
    - Extended the CMS API for handling 'CMS_SignedData' and 'CMS_EnvelopedData'.
    - 'CMS_add0_cert()' and 'CMS_add1_cert()' no longer throw an error if
      a certificate to be added is already present. 'CMS_sign_ex()' and
      'CMS_sign()' now ignore any duplicate certificates in their 'certs' argument
      and no longer throw an error for them.
    - Added BIO_s_dgram_pair() and BIO_s_dgram_mem() that provide memory-based
      BIOs with datagram semantics and support for BIO_sendmmsg() and BIO_recvmmsg()
      calls. They can be used as the transport BIOs for QUIC.
    - Add new BIO_sendmmsg() and BIO_recvmmsg() BIO methods which allow
      sending and receiving multiple messages in a single call. An implementation
      is provided for BIO_dgram. For further details, see BIO_sendmmsg(3).
    - Support for loading root certificates from the Windows certificate store
      has been added.
    - Enable KTLS with the TLS 1.3 CCM mode ciphersuites. Note that some linux
      kernel versions that support KTLS have a known bug in CCM processing. That
      has been fixed in stable releases starting from 5.4.164, 5.10.84, 5.15.7,
      and all releases since 5.16. KTLS with CCM ciphersuites should be only used
      on these releases.
    - Added '-ktls' option to 's_server' and 's_client' commands to enable the
      KTLS support.
    - Zerocopy KTLS sendfile() support on Linux.
    - The OBJ_ calls are now thread safe using a global lock.
    - New parameter '-digest' for openssl cms command allowing signing
      pre-computed digests and new CMS API functions supporting that
      functionality.
    - OPENSSL_malloc() and other allocation functions now raise errors on
      allocation failures. The callers do not need to explicitly raise errors
      unless they want to for tracing purposes.
    - Added support for Brainpool curves in TLS-1.3.
    - Support for Argon2d, Argon2i, Argon2id KDFs has been added along with
      a basic thread pool implementation for select platforms.
* Mon Oct 21 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.1.7:
    * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]
    - Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
    - Fixed possible buffer overread in SSL_select_next_proto()
      (CVE-2024-5535)
    * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]
    - Fixed potential use after free after SSL_free_buffers() is
      called (CVE-2024-4741)
    - Fixed an issue where checking excessively long DSA keys or
      parameters may be very slow (CVE-2024-4603)
    - Fixed unbounded memory growth with session handling in TLSv1.3
      (CVE-2024-2511)
    * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
    - Fixed PKCS12 Decoding crashes (CVE-2024-0727)
    - Fixed Excessive time spent checking invalid RSA public keys
      [CVE-2023-6237)
    - Fixed POLY1305 MAC implementation corrupting vector registers
      on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
    - Fix excessive time spent in DH check / generation with large
      Q parameter value (CVE-2023-5678)
    * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
    * Rebase patches:
    - openssl-Force-FIPS.patch
    - openssl-FIPS-embed-hmac.patch
    - openssl-FIPS-services-minimize.patch
    - openssl-FIPS-RSA-disable-shake.patch
    - openssl-CVE-2023-50782.patch
    * Remove patches fixed in the update:
    - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
    - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch
    - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch
    - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch
    - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch
    - openssl-CVE-2023-5678.patch
    - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
    - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
    - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
    - reproducible.patch
* Thu Oct 17 2024 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1231741, CVE-2024-9143]
    * Low-level invalid GF(2^m) parameters lead to OOB memory access
    * Add openssl-CVE-2024-9143.patch
* Thu Oct 17 2024 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1220262, CVE-2023-50782]
    * Implicit rejection in PKCS#1 v1.5
    * Add openssl-CVE-2023-50782.patch
* Thu Sep 19 2024 Angel Yankov <angel.yankov@suse.com>
  - Security fix: [bsc#1230698, CVE-2024-41996]
    * Validating the order of the public keys in the Diffie-Hellman
      Key Agreement Protocol, when an approved safe prime is used.
    * Added openssl-CVE-2024-41996.patch
* Thu Aug 22 2024 Alexander Bergmann <abergmann@suse.com>
  - Security fix: [bsc#1229465, CVE-2024-6119]
    * possible denial of service in X.509 name checks
    * openssl-CVE-2024-6119.patch
* Mon Jul 22 2024 Pedro Monreal <pmonreal@suse.com>
  - Build with no-afalgeng [bsc#1226463]
* Mon Jul 22 2024 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1227138, CVE-2024-5535]
    * SSL_select_next_proto buffer overread
    * Add openssl-CVE-2024-5535.patch
* Wed Jul 17 2024 Pedro Monreal <pmonreal@suse.com>
  - Build with enabled sm2 and sm4 support [bsc#1222899]
* Mon Jul 15 2024 Bernhard Wiedemann <bwiedemann@suse.com>
  - Add reproducible.patch to fix bsc#1223336
    aes-gcm-avx512.pl: fix non-reproducibility issue
* Tue Jul 02 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Deny SHA-1 signature verification in FIPS provider [bsc#1221365]
    * SHA-1 is not allowed anymore in FIPS 186-5 for signature
      verification operations. After 12/31/2030, NIST will disallow
      SHA-1 for all of its usages.
    * Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
* Mon Jul 01 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: RSA keygen PCT requirements.
    * Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the
      self-test requirements are covered by do_rsa_pct() for both
      RSA-OAEP and RSA signatures [bsc#1221760]
    * Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753]
    * Add openssl-3-FIPS-PCT_rsa_keygen.patch
* Wed Jun 19 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Check that the fips provider is available before setting
    it as the default provider in FIPS mode. [bsc#1220523]
    * Rebase openssl-Force-FIPS.patch
* Mon Jun 10 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Port openssl to use jitterentropy [bsc#1220523]
    * Set the module in error state if the jitter RNG fails either on
      initialization or entropy gathering because health tests failed.
    * Add jitterentropy as a seeding source output also in crypto/info.c
    * Move the jitter entropy collector and the associated lock out
      of the header file to avoid redefinitions.
    * Add the fips_local.cnf symlink to the spec file. This simlink
      points to the openssl_fips.config file that is provided by the
      crypto-policies package.
    * Rebase openssl-3-jitterentropy-3.4.0.patch
    * Rebase openssl-FIPS-enforce-EMS-support.patch
* Fri Jun 07 2024 Otto Hollmann <otto.hollmann@suse.com>
  - FIPS: Block non-Approved Elliptic Curves [bsc#1221786]
    * Add patches
    - openssl-Add-changes-to-ectest-and-eccurve.patch
    - openssl-Remove-EC-curves.patch
    - openssl-Disable-explicit-ec.patch
    - openssl-skipped-tests-EC-curves.patch
    - openssl-FIPS-services-minimize.patch
  - FIPS: Service Level Indicator [bsc#1221365]
    * Add patches:
    - openssl-FIPS-Expose-a-FIPS-indicator.patch
    - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
    - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
    - openssl-FIPS-RSA-disable-shake.patch
    - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
    - openssl-FIPS-Add-explicit-indicator-for-key-length.patch
    - openssl-FIPS-limit-rsa-encrypt.patch
    - openssl-FIPS-enforce-EMS-support.patch
    - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
    - openssl-FIPS-services-minimize.patch
    - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
    - openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
    - openssl-FIPS-enforce-security-checks-during-initialization.patch
    - TODO: incomplete
  - FIPS: Output the FIPS-validation name and module version which uniquely
    identify the FIPS validated module. [bsc#1221751]
    * Add openssl-FIPS-release_num_in_version_string.patch
  - FIPS: Add required selftests: [bsc#1221760]
    * Add patches
    - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
    - openssl-FIPS-Use-FFDHE2048-in-self-test.patch
    - openssl-FIPS-early-KATS.patch
    - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
    - openssl-FIPS-140-3-keychecks.patch
  - FIPS: DH: Disable FIPS 186-4 Domain Parameters [bsc#1221821]
    Add openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
  - FIPS: Recommendation for Password-Based Key Derivation [bsc#1221827]
    * Add additional check required by FIPS 140-3. Minimum value for
      PBKDF2 password is 20 characters.
    * Add patches:
    - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
    - openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
  - FIPS: Zeroization is required [bsc#1221752]
    * Add openssl-FIPS-140-3-zeroization.patch
  - FIPS: Reseed DRBG [bsc#1220690, bsc#1220693, bsc#1220696]
    * Enable prediction resistance for primary DRBG
    * Add oversampling of the noise source to comply with requirements of
      NIST SP 800-90C
    * Change CRNG buf size to align with output size of the Jitter RNG
    * Add openssl-FIPS-140-3-DRBG.patch
  - FIPS: NIST SP 800-56Brev2 [bsc#1221824]
    * Add patches:
    - openssl-FIPS-limit-rsa-encrypt.patch
    - openssl-FIPS-RSA-encapsulate.patch
    - openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
  - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 [bsc#1221787]
    * Add patches:
    - openssl-FIPS-services-minimize.patch
    - openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
    - openssl-Allow-disabling-of-SHA1-signatures.patch
    - openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
  - FIPS: Port openssl to use jitterentropy [bsc#1220523]
    * Add openssl-3-jitterentropy-3.4.0.patch
    * Add build dependency on jitterentropy-devel >= 3.4.0 and
      libjitterentropy3 >= 3.4.0
  - FIPS: NIST SP 800-56Arev3 [bsc#1221822]
    * Add openssl-FIPS-140-3-keychecks.patch
  - FIPS: Error state has to be enforced [bsc#1221753]
    * Add patches:
    - openssl-FIPS-140-3-keychecks.patch
    - openssl-FIPS-Enforce-error-state.patch
* Thu Jun 06 2024 Peter Simons <psimons@suse.com>
  - Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
    security vulnerability. Calling the function SSL_free_buffers()
    potentially caused memory to be accessed that was previously
    freed in some situations and a malicious attacker could attempt
    to engineer a stituation where this occurs to facilitate a
    denial-of-service attack. [CVE-2024-4741, bsc#1225551]
* Wed May 29 2024 Martin Wilck <mwilck@suse.com>
  - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448,
    gh#openssl/openssl#23456)
    * Add openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
    * Add openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
* Mon May 20 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1224388, CVE-2024-4603]
    * Check DSA parameters for excessive sizes before validating
    * Add openssl-CVE-2024-4603.patch
* Tue May 07 2024 Giuliano Belinassi <giuliano.belinassi@suse.com>
  - Enable livepatching support (bsc#1223428)
* Tue May 07 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Add ktls capability [bsc#1216950]
    Already added in January, but not mentioned in this changelog.
* Mon May 06 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1222548, CVE-2024-2511]
    * Fix unconstrained session cache growth in TLSv1.3
    * Add openssl-CVE-2024-2511.patch
* Fri Feb 23 2024 Pedro Monreal <pmonreal@suse.com>
  - Build the 32bit flavor of libopenssl-3-fips-provider [bsc#1220232]
    * Update baselibs.conf
* Mon Feb 05 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Add migration script to move old files (bsc#1219562)
    /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave
    /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave
    They will be later restored by openssl-1_1 package
    to engines1.1.d and engdef1.1.d
* Tue Jan 30 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1219243, CVE-2024-0727]
    * Add NULL checks where ContentInfo data can be NULL
    * Add openssl-CVE-2024-0727.patch
* Mon Jan 29 2024 Pedro Monreal <pmonreal@suse.com>
  - Encapsulate the fips provider into a new package called
    libopenssl-3-fips-provider.
* Mon Jan 22 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Added openssl-3-use-include-directive.patch so that the default
    /etc/ssl/openssl.cnf file will include any configuration files that
    other packages might place into /etc/ssl/engines3.d/ and
    /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
    and /etc/ssl/engdef.d/ to above versioned directories.
  - Updated spec file to create the two new necessary directores for
    the above patch and two symbolic links to above directories.
    [bsc#1194187, bsc#1207472, bsc#1218933]
* Tue Jan 16 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1218810, CVE-2023-6237]
    * Limit the execution time of RSA public key check
    * Add openssl-CVE-2023-6237.patch
* Sun Jan 14 2024 Pedro Monreal <pmonreal@suse.com>
  - Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
    to openssl-crypto-policies-support.patch
* Sat Jan 13 2024 Pedro Monreal <pmonreal@suse.com>
  - Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch
* Sat Jan 13 2024 Pedro Monreal <pmonreal@suse.com>
  - Load the FIPS provider and set FIPS properties implicitly.
    * Add openssl-Force-FIPS.patch [bsc#1217934]
  - Disable the fipsinstall command-line utility.
    * Add openssl-disable-fipsinstall.patch
  - Add instructions to load legacy provider in openssl.cnf.
    * openssl-load-legacy-provider.patch
  - Disable the default provider for the test suite.
    * openssl-Disable-default-provider-for-test-suite.patch
* Thu Jan 11 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1218690, CVE-2023-6129]
    * POLY1305: Fix vector register clobbering on PowerPC
    * Add openssl-CVE-2023-6129.patch
* Thu Dec 07 2023 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Add patch to fix BTI enablement on aarch64:
    * openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
* Mon Nov 13 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1216922, CVE-2023-5678]
    * Fix excessive time spent in DH check / generation with large Q
      parameter value.
    * Applications that use the functions DH_generate_key() to generate
      an X9.42 DH key may experience long delays. Likewise,
      applications that use DH_check_pub_key(), DH_check_pub_key_ex
      () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
      DH parameters may experience long delays. Where the key or
      parameters that are being checked have been obtained from an
      untrusted source this may lead to a Denial of Service.
    * Add openssl-CVE-2023-5678.patch
* Tue Oct 24 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.1.4:
    * Fix incorrect key and IV resizing issues when calling
      EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
      with OSSL_PARAM parameters that alter the key or IV length
      [bsc#1216163, CVE-2023-5363].
* Thu Oct 19 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Performance enhancements for cryptography from OpenSSL 3.2
    [jsc#PED-5086, jsc#PED-3514]
    * Add patches:
    - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
    - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
    - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
    - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
    - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
    - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
* Thu Oct 19 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Add the FIPS_mode() compatibility macro and flag support.
    * Add patches:
    - openssl-Add-FIPS_mode-compatibility-macro.patch
    - openssl-Add-Kernel-FIPS-mode-flag-support.patch
* Thu Oct 12 2023 <jengelh@inai.de>
  - As of openssl 3.1.3, the devel package installs at least 5200
    manpage files and is the owner of the most files in the man3
    directory (in second place after lapack-man); move these manpages
    off to the -doc subpackage to reduce the walltime to install just
    openssl-3-devel (because there is also an invocation of mandb
    that runs at some point).
* Tue Sep 19 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.1.3:
    * Fix POLY1305 MAC implementation corrupting XMM registers on
      Windows (CVE-2023-4807)
* Tue Aug 01 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.1.2:
    * Fix excessive time spent checking DH q parameter value
      (bsc#1213853, CVE-2023-3817). The function DH_check() performs
      various checks on DH parameters. After fixing CVE-2023-3446 it
      was discovered that a large q parameter value can also trigger
      an overly long computation during some of these checks. A
      correct q value, if present, cannot be larger than the modulus
      p parameter, thus it is unnecessary to perform these checks if
      q is larger than p. If DH_check() is called with such q parameter
      value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
      computationally intensive checks are skipped.
    * Fix DH_check() excessive time with over sized modulus
      (bsc#1213487, CVE-2023-3446). The function DH_check() performs
      various checks on DH parameters. One of those checks confirms
      that the modulus ("p" parameter) is not too large. Trying to use
      a very large modulus is slow and OpenSSL will not normally use
      a modulus which is over 10,000 bits in length. However the
      DH_check() function checks numerous aspects of the key or
      parameters that have been supplied. Some of those checks use the
      supplied modulus value even if it has already been found to be
      too large. A new limit has been added to DH_check of 32,768 bits.
      Supplying a key/parameters with a modulus over this size will
      simply cause DH_check() to fail.
    * Do not ignore empty associated data entries with AES-SIV
      (bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for
      authentication of multiple associated data entries along with the
      encryption. To authenticate empty data the application has to call
      EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as
      the output buffer and 0 as the input buffer length. The AES-SIV
      implementation in OpenSSL just returns success for such call
      instead of performing the associated data authentication operation.
      The empty data thus will not be authenticated. The fix changes the
      authentication tag value and the ciphertext for applications that
      use empty associated data entries with AES-SIV. To decrypt data
      encrypted with previous versions of OpenSSL the application has to
      skip calls to EVP_DecryptUpdate() for empty associated data entries.
    * When building with the enable-fips option and using the resulting
      FIPS provider, TLS 1.2 will, by default, mandate the use of an
      extended master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC
      DRBGs will not operate with truncated digests (FIPS 140-3 IG G.R).
    * Update openssl.keyring with the OTC members that sign releases
    * Remove openssl-z16-s390x.patch fixed upstream in
      https://github.com/openssl/openssl/pull/21284
    * Remove security patches fixed upstream:
    - openssl-CVE-2023-2975.patch
    - openssl-CVE-2023-3446.patch
    - openssl-CVE-2023-3446-test.patch
* Thu Jul 20 2023 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1213487, CVE-2023-3446]
    * Fix DH_check() excessive time with over sized modulus.
    * The function DH_check() performs various checks on DH parameters.
      One of those checks confirms that the modulus ("p" parameter) is
      not too large. Trying to use a very large modulus is slow and
      OpenSSL will not normally use a modulus which is over 10,000 bits
      in length.
      However the DH_check() function checks numerous aspects of the
      key or parameters that have been supplied. Some of those checks
      use the supplied modulus value even if it has already been found
      to be too large.
      A new limit has been added to DH_check of 32,768 bits. Supplying
      a key/parameters with a modulus over this size will simply cause
      DH_check() to fail.
    * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
* Tue Jul 18 2023 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1213383, CVE-2023-2975]
    * AES-SIV implementation ignores empty associated data entries
    * Add openssl-CVE-2023-2975.patch
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Improve cross-package provides/conflicts [boo#1210313]
    * Add Provides/Conflicts: ssl-devel
    * Remove explicit conflicts with other devel-libraries
    * Remove Provides: openssl(cli) - it's managed by meta package
* Tue May 30 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.1.1:
    * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
      (CVE-2023-2650, bsc#1211430)
    * Multiple algorithm implementation fixes for ARM BE platforms.
    * Added a -pedantic option to fipsinstall that adjusts the various settings
      to ensure strict FIPS compliance rather than backwards compatibility.
    * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
      happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
      trigger a crash of an application using AES-XTS decryption if the memory
      just after the buffer being decrypted is not mapped. Thanks to Anton
      Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
    * Add FIPS provider configuration option to disallow the use of truncated
      digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
      option '-no_drbg_truncated_digests' can optionally be supplied
      to 'openssl fipsinstall'.
    * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
      it does not enable policy checking. Thanks to David Benjamin for
      discovering this issue. (CVE-2023-0466, bsc#1209873)
    * Fixed an issue where invalid certificate policies in leaf certificates are
      silently ignored by OpenSSL and other certificate policy checks are
      skipped for that certificate. A malicious CA could use this to
      deliberately assert invalid certificate policies in order to circumvent
      policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
    * Limited the number of nodes created in a policy tree to mitigate against
      CVE-2023-0464. The default limit is set to 1000 nodes, which should be
      sufficient for most installations. If required, the limit can be adjusted
      by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
      desired maximum number of nodes or zero to allow unlimited growth.
      (CVE-2023-0464, bsc#1209624)
    * Update openssl.keyring with key
      A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)
    * Rebased patches:
    - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    - openssl-Add_support_for_Windows_CA_certificate_store.patch
    * Removed patches:
    - openssl-CVE-2023-0464.patch
    - openssl-Fix-OBJ_nid2obj-regression.patch
    - openssl-CVE-2023-0465.patch
    - openssl-CVE-2023-0466.patch
* Mon May 29 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116]
* Mon May 15 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Add support for Windows CA certificate store [bsc#1209430]
    https://github.com/openssl/openssl/pull/18070
    * Add openssl-Add_support_for_Windows_CA_certificate_store.patch
* Wed Mar 29 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-0465, bsc#1209878]
    * Invalid certificate policies in leaf certificates are silently ignored
    * Add openssl-CVE-2023-0465.patch
  - Security Fix: [CVE-2023-0466, bsc#1209873]
    * Certificate policy check not enabled
    * Add openssl-CVE-2023-0466.patch
* Tue Mar 28 2023 Pedro Monreal <pmonreal@suse.com>
  - Fix regression in the OBJ_nid2obj() function: [bsc#1209430]
    * Upstream https://github.com/openssl/openssl/issues/20555
    * Add openssl-Fix-OBJ_nid2obj-regression.patch
* Mon Mar 27 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Fix compiler error "initializer element is not constant" on s390
    * Add openssl-z16-s390x.patch
* Fri Mar 24 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-0464, bsc#1209624]
    * Excessive Resource Usage Verifying X.509 Policy Constraints
    * Add openssl-CVE-2023-0464.patch
* Wed Mar 15 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Pass over with spec-cleaner
* Tue Mar 14 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.1.0:
    * Add FIPS provider configuration option to enforce the Extended Master
      Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
      optionally be supplied to 'openssl fipsinstall'.
    * The FIPS provider includes a few non-approved algorithms for backward
      compatibility purposes and the "fips=yes" property query must be used for
      all algorithm fetches to ensure FIPS compliance. The algorithms that are
      included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
    * Added support for KMAC in KBKDF.
    * RNDR and RNDRRS support in provider functions to provide random number
      generation for Arm CPUs (aarch64).
    * s_client and s_server apps now explicitly say when the TLS version does not
      include the renegotiation mechanism. This avoids confusion between that
      scenario versus when the TLS version includes secure renegotiation but the
      peer lacks support for it.
    * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
    * The various OBJ_* functions have been made thread safe.
    * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
      capable processors.
    * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
      OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
      OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
      marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
      OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
      favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
      type-specific function definitions for these functions regardless of
      whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
      start receiving deprecation warnings for these functions regardless of
      whether they are using them. It is recommended that users transition to the
      new macro, DEFINE_LHASH_OF_EX.
    * When generating safe-prime DH parameters set the recommended private key
      length equivalent to minimum key lengths as in RFC 7919.
    * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
      maximum size that is smaller or equal to the digest length to comply with
      FIPS 186-4 section 5. This is implemented by a new option
      OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the
      rsa_pss_saltlen parameter, which is now the default. Signature verification
      is not affected by this change and continues to work as before.
    * Update openssl.keyring with key
      8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell)
* Wed Mar 08 2023 Martin Pluskal <mpluskal@suse.com>
  - Build AVX2 enabled hwcaps library for x86_64-v3
* Tue Feb 07 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.0.8:
    * Fixed NULL dereference during PKCS7 data verification.
      A NULL pointer can be dereferenced when signatures are being
      verified on PKCS7 signed or signedAndEnveloped data. In case the hash
      algorithm used for the signature is known to the OpenSSL library but
      the implementation of the hash algorithm is not available the digest
      initialization will fail. There is a missing check for the return
      value from the initialization function which later leads to invalid
      usage of the digest API most likely leading to a crash.
      ([bsc#1207541, CVE-2023-0401])
      PKCS7 data is processed by the SMIME library calls and also by the
      time stamp (TS) library calls. The TLS implementation in OpenSSL does
      not call these functions however third party applications would be
      affected if they call these functions to verify signatures on untrusted
      data.
    * Fixed X.400 address type confusion in X.509 GeneralName.
      There is a type confusion vulnerability relating to X.400 address processing
      inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
      but the public structure definition for GENERAL_NAME incorrectly specified
      the type of the x400Address field as ASN1_TYPE. This field is subsequently
      interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather
      than an ASN1_STRING.
      When CRL checking is enabled (i.e. the application sets the
      X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to
      pass arbitrary pointers to a memcmp call, enabling them to read memory
      contents or enact a denial of service.
      ([bsc#1207533, CVE-2023-0286])
    * Fixed NULL dereference validating DSA public key.
      An invalid pointer dereference on read can be triggered when an
      application tries to check a malformed DSA public key by the
      EVP_PKEY_public_check() function. This will most likely lead
      to an application crash. This function can be called on public
      keys supplied from untrusted sources which could allow an attacker
      to cause a denial of service attack.
      The TLS implementation in OpenSSL does not call this function
      but applications might call the function if there are additional
      security requirements imposed by standards such as FIPS 140-3.
      ([bsc#1207540, CVE-2023-0217])
    * Fixed Invalid pointer dereference in d2i_PKCS7 functions.
      An invalid pointer dereference on read can be triggered when an
      application tries to load malformed PKCS7 data with the
      d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
      The result of the dereference is an application crash which could
      lead to a denial of service attack. The TLS implementation in OpenSSL
      does not call this function however third party applications might
      call these functions on untrusted data.
      ([bsc#1207539, CVE-2023-0216])
    * Fixed Use-after-free following BIO_new_NDEF.
      The public API function BIO_new_NDEF is a helper function used for
      streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
      to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
      be called directly by end user applications.
      The function receives a BIO from the caller, prepends a new BIO_f_asn1
      filter BIO onto the front of it to form a BIO chain, and then returns
      the new head of the BIO chain to the caller. Under certain conditions,
      for example if a CMS recipient public key is invalid, the new filter BIO
      is freed and the function returns a NULL result indicating a failure.
      However, in this case, the BIO chain is not properly cleaned up and the
      BIO passed by the caller still retains internal pointers to the previously
      freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
      then a use-after-free will occur. This will most likely result in a crash.
      ([bsc#1207536, CVE-2023-0215])
    * Fixed Double free after calling PEM_read_bio_ex.
      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
      decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
      data. If the function succeeds then the "name_out", "header" and "data"
      arguments are populated with pointers to buffers containing the relevant
      decoded data. The caller is responsible for freeing those buffers. It is
      possible to construct a PEM file that results in 0 bytes of payload data.
      In this case PEM_read_bio_ex() will return a failure code but will populate
      the header argument with a pointer to a buffer that has already been freed.
      If the caller also frees this buffer then a double free will occur. This
      will most likely lead to a crash.
      The functions PEM_read_bio() and PEM_read() are simple wrappers around
      PEM_read_bio_ex() and therefore these functions are also directly affected.
      These functions are also called indirectly by a number of other OpenSSL
      functions including PEM_X509_INFO_read_bio_ex() and
      SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
      internal uses of these functions are not vulnerable because the caller does
      not free the header argument if PEM_read_bio_ex() returns a failure code.
      ([bsc#1207538, CVE-2022-4450])
    * Fixed Timing Oracle in RSA Decryption.
      A timing based side channel exists in the OpenSSL RSA Decryption
      implementation which could be sufficient to recover a plaintext across
      a network in a Bleichenbacher style attack. To achieve a successful
      decryption an attacker would have to be able to send a very large number
      of trial messages for decryption. The vulnerability affects all RSA padding
      modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
      ([bsc#1207534, CVE-2022-4304])
    * Fixed X.509 Name Constraints Read Buffer Overflow.
      A read buffer overrun can be triggered in X.509 certificate verification,
      specifically in name constraint checking. The read buffer overrun might
      result in a crash which could lead to a denial of service attack.
      In a TLS client, this can be triggered by connecting to a malicious
      server. In a TLS server, this can be triggered if the server requests
      client authentication and a malicious client connects.
      ([bsc#1207535, CVE-2022-4203])
    * Fixed X.509 Policy Constraints Double Locking security issue.
      If an X.509 certificate contains a malformed policy constraint and
      policy processing is enabled, then a write lock will be taken twice
      recursively.  On some operating systems (most widely: Windows) this
      results in a denial of service when the affected process hangs.  Policy
      processing being enabled on a publicly facing server is not considered
      to be a common setup.
      ([CVE-2022-3996])
    * Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and
      `OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
      `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and
      default to `POINT_CONVERSION_UNCOMPRESSED`) when exporting
      `OSSL_PKEY_PARAM_PUB_KEY`, instead of unconditionally using
      `POINT_CONVERSION_COMPRESSED` as in previous 3.x releases.
      For symmetry, our implementation of `EVP_PKEY_ASN1_METHOD->export_to`
      for legacy EC and SM2 keys is also changed similarly to honor the
      equivalent conversion format flag as specified in the underlying
      `EC_KEY` object being exported to a provider, when this function is
      called through `EVP_PKEY_export()`.
    * Removed openssl-3-Fix-double-locking-problem.patch,
      contained in upstream.
    * Rebased openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    * Update openssl.keyring with key
      7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte)
* Thu Jan 26 2023 Pedro Monreal <pmonreal@suse.com>
  - Relax the crypto-policies requirements for the regression tests
* Wed Jan 25 2023 Pedro Monreal <pmonreal@suse.com>
  - Set OpenSSL 3.0.7 as the default openssl [bsc#1205042]
    * Rename openssl-1.1.0-no-html.patch to openssl-no-html-docs.patch
    * Rebase openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    * Package a copy of the original default config file called
      openssl.cnf and name it as openssl-orig.cnf and warn the user
      if the files differ.
    * Add openssl-3-devel as conflicting with libopenssl-1_1-devel
    * Remove patches:
    - fix-config-in-tests.patch
    - openssl-use-versioned-config.patch
* Wed Jan 25 2023 Pedro Monreal <pmonreal@suse.com>
  - Create the openssl ca-certificates directory in case the
    ca-certificates package is not installed. This directory is
    required by the nodejs regression tests. [bsc#1207484]
* Wed Dec 14 2022 Otto Hollmann <otto.hollmann@suse.com>
  - Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996]
    * Add patch: openssl-3-Fix-double-locking-problem.patch
* Wed Dec 14 2022 Pedro Monreal <pmonreal@suse.com>
  - Compute the hmac files for FIPS 140-3 integrity checking of the
    openssl shared libraries using the brp-50-generate-fips-hmac
    script. Also computed for the 32bit package.
* Tue Nov 01 2022 Otto Hollmann <otto.hollmann@suse.com>
  - Temporary disable tests test_ssl_new and test_sslapi because they are
    failing in openSUSE_Tumbleweed
* Tue Nov 01 2022 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
    * Fixed two buffer overflows in punycode decoding functions.
      A buffer overrun can be triggered in X.509 certificate verification,
      specifically in name constraint checking. Note that this occurs after
      certificate chain signature verification and requires either a CA to
      have signed the malicious certificate or for the application to continue
      certificate verification despite failure to construct a path to a trusted
      issuer.
      In a TLS client, this can be triggered by connecting to a malicious
      server.  In a TLS server, this can be triggered if the server requests
      client authentication and a malicious client connects.
      An attacker can craft a malicious email address to overflow
      an arbitrary number of bytes containing the `.`  character (decimal 46)
      on the stack.  This buffer overflow could result in a crash (causing a
      denial of service).
      ([CVE-2022-3786])
      An attacker can craft a malicious email address to overflow four
      attacker-controlled bytes on the stack.  This buffer overflow could
      result in a crash (causing a denial of service) or potentially remote code
      execution depending on stack layout for any given platform/compiler.
      ([CVE-2022-3602])
    * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
      parameters in OpenSSL code.
      Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
      OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
      Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
      Using these invalid names may cause algorithms to use slower methods
      that ignore the CRT parameters.
    * Fixed a regression introduced in 3.0.6 version raising errors on some stack
      operations.
    * Fixed a regression introduced in 3.0.6 version not refreshing the certificate
      data to be signed before signing the certificate.
    * Added RIPEMD160 to the default provider.
    * Ensured that the key share group sent or accepted for the key exchange
      is allowed for the protocol version.
* Tue Nov 01 2022 Otto Hollmann <otto.hollmann@suse.com>
  - Update to 3.0.6: [bsc#1204226, CVE-2022-3358]
    * OpenSSL supports creating a custom cipher via the legacy
      EVP_CIPHER_meth_new() function and associated function calls. This function
      was deprecated in OpenSSL 3.0 and application authors are instead encouraged
      to use the new provider mechanism in order to implement custom ciphers.
    * OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
      passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
      EVP_CipherInit_ex2() functions (as well as other similarly named encryption
      and decryption initialisation functions). Instead of using the custom cipher
      directly it incorrectly tries to fetch an equivalent cipher from the
      available providers. An equivalent cipher is found based on the NID passed
      to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID
      for a given cipher. However it is possible for an application to incorrectly
      pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When
      NID_undef is used in this way the OpenSSL encryption/decryption
      initialisation function will match the NULL cipher as being equivalent and
      will fetch this from the available providers. This will succeed if the
      default provider has been loaded (or if a third party provider has been
      loaded that offers this cipher). Using the NULL cipher means that the
      plaintext is emitted as the ciphertext.
    * Applications are only affected by this issue if they call
      EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to
      an encryption/decryption initialisation function. Applications that only use
      SSL/TLS are not impacted by this issue. ([CVE-2022-3358])
    * Fix LLVM vs Apple LLVM version numbering confusion that caused build
      failures on MacOS 10.11
    * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT
      bn_ops flag. This was causing heap corruption on that platform.
    * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send
      a ticket
    * Correctly handle a retransmitted ClientHello in DTLS
    * Fixed detection of ktls support in cross-compile environment on Linux
    * Fixed some regressions and test failures when running the 3.0.0 FIPS
      provider against 3.0.x
    * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
      report correct results in some cases
    * Fix UWP builds by defining VirtualLock
    * For known safe primes use the minimum key length according to RFC 7919.
      Longer private key sizes unnecessarily raise the cycles needed to compute
      the shared secret without any increase of the real security. This fixes a
      regression from 1.1.1 where these shorter keys were generated for the known
      safe primes.
    * Added the loongarch64 target
    * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
      only passed to the FIPS provider and not to the default or legacy provider.
    * Fixed reported performance degradation on aarch64. Restored the
      implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit
      lane assignment in CTR mode") for 64bit targets only, since it is reportedly
      2-17% slower and the silicon errata only affects 32bit targets. The new
      algorithm is still used for 32 bit targets.
    * Added a missing header for memcmp that caused compilation failure on some
      platforms
* Wed Sep 14 2022 Bruno Pitrus <brunopitrus@hotmail.com>
  - Do not make libopenssl3-32bit obsolete libopenssl1_1-32bit.
    They are independent libraries and can be installed simultaneously.
* Thu Jul 21 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.0.5:
    * The OpenSSL 3.0.4 release introduced a serious bug in the RSA
      implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
      This issue makes the RSA implementation with 2048 bit private keys
      incorrect on such machines and memory corruption will happen during
      the computation. As a consequence of the memory corruption an attacker
      may be able to trigger a remote code execution on the machine performing
      the computation.
      SSL/TLS servers or other servers using 2048 bit RSA private keys running
      on machines supporting AVX512IFMA instructions of the X86_64 architecture
      are affected by this issue. [bsc#1201148, CVE-2022-2274]
    * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
      implementation would not encrypt the entirety of the data under some
      circumstances.  This could reveal sixteen bytes of data that was
      preexisting in the memory that wasn't written.  In the special case of
      "in place" encryption, sixteen bytes of the plaintext would be revealed.
      Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
      they are both unaffected. [bsc#1201099, CVE-2022-2097]
  - Rebase patches:
    * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.0.4: [bsc#1199166, CVE-2022-1292]
    * In addition to the c_rehash shell command injection identified in
      CVE-2022-1292, further bugs where the c_rehash script does not
      properly sanitise shell metacharacters to prevent command injection
      have been fixed.
      When the CVE-2022-1292 was fixed it was not discovered that there
      are other places in the script where the file names of certificates
      being hashed were possibly passed to a command executed through the shell.
      This script is distributed by some operating systems in a manner where
      it is automatically executed.  On such operating systems, an attacker
      could execute arbitrary commands with the privileges of the script.
      Use of the c_rehash script is considered obsolete and should be replaced
      by the OpenSSL rehash command line tool.
    * Case insensitive string comparison no longer uses locales.
      It has instead been directly implemented.
* Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.0.3:
    * Case insensitive string comparison is reimplemented via new locale-agnostic
      comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for
      comparison. The previous implementation had problems when the Turkish locale
      was used.
    * Fixed a bug in the c_rehash script which was not properly sanitising shell
      metacharacters to prevent command injection.  This script is distributed by
      some operating systems in a manner where it is automatically executed.  On
      such operating systems, an attacker could execute arbitrary commands with the
      privileges of the script.
      Use of the c_rehash script is considered obsolete and should be replaced
      by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292]
    * Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer
      certificate on an OCSP response. The bug caused the function in the case
      where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
      response (meaning a successful verification) even in the case where the
      response signing certificate fails to verify.
      It is anticipated that most users of 'OCSP_basic_verify' will not use the
      OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return
      a negative value (indicating a fatal error) in the case of a certificate
      verification failure. The normal expected return value in this case would be 0.
      This issue also impacts the command line OpenSSL "ocsp" application. When
      verifying an ocsp response with the "-no_cert_checks" option the command line
      application will report that the verification is successful even though it
      has in fact failed. In this case the incorrect successful response will also
      be accompanied by error messages showing the failure and contradicting the
      apparently successful result. [bsc#1199167, CVE-2022-1343]
    * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
      AAD data as the MAC key. This made the MAC key trivially predictable.
      An attacker could exploit this issue by performing a man-in-the-middle attack
      to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
      that the modified data would still pass the MAC integrity check.
      Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
      endpoint will always be rejected by the recipient and the connection will
      fail at that point. Many application protocols require data to be sent from
      the client to the server first. Therefore, in such a case, only an OpenSSL
      3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
      [bsc#1199168, CVE-2022-1434]
    * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
      occuppied by the removed hash table entries.
      This function is used when decoding certificates or keys. If a long lived
      process periodically decodes certificates or keys its memory usage will
      expand without bounds and the process might be terminated by the operating
      system causing a denial of service. Also traversing the empty hash table
      entries will take increasingly more time. Typically such long lived processes
      might be TLS clients or TLS servers configured to accept client certificate
      authentication. [bsc#1199169, CVE-2022-1473]
    * The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report
      the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other
      statistics are no longer supported. For compatibility, these statistics are
      still listed in the output but are now always reported as zero.
* Sat Mar 19 2022 Pedro Monreal <pmonreal@suse.com>
  - Enable zlib compression support [bsc#1195149]
* Fri Mar 18 2022 Pedro Monreal <pmonreal@suse.com>
  - Add crypto-policies support.
    * Fix some tests that couldn't find the openssl3.cnf location
    * Rebase patch:
      openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Tue Mar 15 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.0.2: [bsc#1196877, CVE-2022-0778]
    * Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
      in BN_mod_sqrt() reachable when parsing certificates.
    * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
      (RFC 5489) to the list of ciphersuites providing Perfect Forward
      Secrecy as required by SECLEVEL >= 3.
    * Made the AES constant time code for no-asm configurations
      optional due to the resulting 95% performance degradation.
      The AES constant time code can be enabled, for no assembly
      builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
    * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to
      use empty passphrase strings.
    * The negative return value handling of the certificate
      verification callback was reverted. The replacement is to set
      the verification retry state with the SSL_set_retry_verify()
      function.
    * Rebase openssl-use-versioned-config.patch
* Tue Feb 22 2022 Pedro Monreal <pmonreal@suse.com>
  - Keep CA_default and tsa_config1 default paths in openssl3.cnf
  - Rebase patches:
    * openssl-Override-default-paths-for-the-CA-directory-tree.patch
    * openssl-use-versioned-config.patch
* Tue Feb 01 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix conflict with openssl and libressl
* Fri Jan 28 2022 Simon Lees <simonf.lees@suse.com>
  - Remove /etc/pki/CA from the [jsc#SLE-17856, jsc#SLE-19044]
    openssl-Override-default-paths-for-the-CA-directory-tree.patch
  - Remove unused patches
* Fri Jan 21 2022 Simon Lees <simonf.lees@suse.com>
  - Ship openssl-3 as binary names [jsc#SLE-17856, jsc#SLE-19044]
  - Use openssl3.cnf
    * openssl-use-versioned-config.patch
    * fix-config-in-tests.patch
  - Support crypto policies
    * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
    * openssl-Override-default-paths-for-the-CA-directory-tree.patch
  - Remove obsolets, not ready to force an upgrade yet
* Thu Jan 13 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 3.0.1: [bsc#1193740, CVE-2021-4044]
    * RNDR and RNDRRS support in provider functions to provide
      random number generation for Arm CPUs (aarch64).
    * s_client and s_server apps now explicitly say when the TLS
      version does not include the renegotiation mechanism. This
      avoids confusion between that scenario versus when the TLS
      version includes secure renegotiation but the peer lacks
      support for it.
    * The default SSL/TLS security level has been changed from 1 to 2.
      RSA, DSA and DH keys of 1024 bits and above and less than 2048
      bits and ECC keys of 160 bits and above and less than 224 bits
      were previously accepted by default but are now no longer
      allowed. By default TLS compression was already disabled in
      previous OpenSSL versions. At security level 2 it cannot be
      enabled.
    * The SSL_CTX_set_cipher_list family functions now accept
      ciphers using their IANA standard names.
    * The PVK key derivation function has been moved from
      b2i_PVK_bio_ex() into the legacy crypto provider as an
      EVP_KDF. Applications requiring this KDF will need to load
      the legacy crypto provider.
    * The various OBJ_* functions have been made thread safe.
    * CCM8 cipher suites in TLS have been downgraded to security
      level zero because they use a short authentication tag which
      lowers their strength.
    * Subject or issuer names in X.509 objects are now displayed
      as UTF-8 strings by default.
    * Parallel dual-prime 1536/2048-bit modular exponentiation
      for AVX512_IFMA capable processors.
/usr/bin/c_rehash /usr/bin/openssl /usr/share/doc/packages/openssl-3 /usr/share/doc/packages/openssl-3/CHANGES.md /usr/share/doc/packages/openssl-3/NEWS.md /usr/share/doc/packages/openssl-3/README.md /usr/share/licenses/openssl-3 /usr/share/licenses/openssl-3/LICENSE.txt /usr/share/man/man1/CA.pl.13ssl.gz /usr/share/man/man1/asn1parse.13ssl.gz /usr/share/man/man1/c_rehash.13ssl.gz /usr/share/man/man1/ca.13ssl.gz /usr/share/man/man1/ciphers.13ssl.gz /usr/share/man/man1/cmp.13ssl.gz /usr/share/man/man1/cms.13ssl.gz /usr/share/man/man1/crl.13ssl.gz /usr/share/man/man1/crl2pkcs7.13ssl.gz /usr/share/man/man1/dgst.13ssl.gz /usr/share/man/man1/dhparam.13ssl.gz /usr/share/man/man1/dsa.13ssl.gz /usr/share/man/man1/dsaparam.13ssl.gz /usr/share/man/man1/ec.13ssl.gz /usr/share/man/man1/ecparam.13ssl.gz /usr/share/man/man1/enc.13ssl.gz /usr/share/man/man1/engine.13ssl.gz /usr/share/man/man1/errstr.13ssl.gz /usr/share/man/man1/gendsa.13ssl.gz /usr/share/man/man1/genpkey.13ssl.gz /usr/share/man/man1/genrsa.13ssl.gz /usr/share/man/man1/info.13ssl.gz /usr/share/man/man1/kdf.13ssl.gz /usr/share/man/man1/mac.13ssl.gz /usr/share/man/man1/nseq.13ssl.gz /usr/share/man/man1/ocsp.13ssl.gz /usr/share/man/man1/openssl-asn1parse.13ssl.gz /usr/share/man/man1/openssl-ca.13ssl.gz /usr/share/man/man1/openssl-ciphers.13ssl.gz /usr/share/man/man1/openssl-cmds.13ssl.gz /usr/share/man/man1/openssl-cmp.13ssl.gz /usr/share/man/man1/openssl-cms.13ssl.gz /usr/share/man/man1/openssl-crl.13ssl.gz /usr/share/man/man1/openssl-crl2pkcs7.13ssl.gz /usr/share/man/man1/openssl-dgst.13ssl.gz /usr/share/man/man1/openssl-dhparam.13ssl.gz /usr/share/man/man1/openssl-dsa.13ssl.gz /usr/share/man/man1/openssl-dsaparam.13ssl.gz /usr/share/man/man1/openssl-ec.13ssl.gz /usr/share/man/man1/openssl-ecparam.13ssl.gz /usr/share/man/man1/openssl-enc.13ssl.gz /usr/share/man/man1/openssl-engine.13ssl.gz /usr/share/man/man1/openssl-errstr.13ssl.gz /usr/share/man/man1/openssl-fipsinstall.13ssl.gz /usr/share/man/man1/openssl-format-options.13ssl.gz /usr/share/man/man1/openssl-gendsa.13ssl.gz /usr/share/man/man1/openssl-genpkey.13ssl.gz /usr/share/man/man1/openssl-genrsa.13ssl.gz /usr/share/man/man1/openssl-info.13ssl.gz /usr/share/man/man1/openssl-kdf.13ssl.gz /usr/share/man/man1/openssl-list.13ssl.gz /usr/share/man/man1/openssl-mac.13ssl.gz /usr/share/man/man1/openssl-namedisplay-options.13ssl.gz /usr/share/man/man1/openssl-nseq.13ssl.gz /usr/share/man/man1/openssl-ocsp.13ssl.gz /usr/share/man/man1/openssl-passphrase-options.13ssl.gz /usr/share/man/man1/openssl-passwd.13ssl.gz /usr/share/man/man1/openssl-pkcs12.13ssl.gz /usr/share/man/man1/openssl-pkcs7.13ssl.gz /usr/share/man/man1/openssl-pkcs8.13ssl.gz /usr/share/man/man1/openssl-pkey.13ssl.gz /usr/share/man/man1/openssl-pkeyparam.13ssl.gz /usr/share/man/man1/openssl-pkeyutl.13ssl.gz /usr/share/man/man1/openssl-prime.13ssl.gz /usr/share/man/man1/openssl-rand.13ssl.gz /usr/share/man/man1/openssl-rehash.13ssl.gz /usr/share/man/man1/openssl-req.13ssl.gz /usr/share/man/man1/openssl-rsa.13ssl.gz /usr/share/man/man1/openssl-rsautl.13ssl.gz /usr/share/man/man1/openssl-s_client.13ssl.gz /usr/share/man/man1/openssl-s_server.13ssl.gz /usr/share/man/man1/openssl-s_time.13ssl.gz /usr/share/man/man1/openssl-sess_id.13ssl.gz /usr/share/man/man1/openssl-skeyutl.13ssl.gz /usr/share/man/man1/openssl-smime.13ssl.gz /usr/share/man/man1/openssl-speed.13ssl.gz /usr/share/man/man1/openssl-spkac.13ssl.gz /usr/share/man/man1/openssl-srp.13ssl.gz /usr/share/man/man1/openssl-storeutl.13ssl.gz /usr/share/man/man1/openssl-ts.13ssl.gz /usr/share/man/man1/openssl-verification-options.13ssl.gz /usr/share/man/man1/openssl-verify.13ssl.gz /usr/share/man/man1/openssl-version.13ssl.gz /usr/share/man/man1/openssl-x509.13ssl.gz /usr/share/man/man1/openssl.13ssl.gz /usr/share/man/man1/passwd.13ssl.gz /usr/share/man/man1/pkcs12.13ssl.gz /usr/share/man/man1/pkcs7.13ssl.gz /usr/share/man/man1/pkcs8.13ssl.gz /usr/share/man/man1/pkey.13ssl.gz /usr/share/man/man1/pkeyparam.13ssl.gz /usr/share/man/man1/pkeyutl.13ssl.gz /usr/share/man/man1/prime.13ssl.gz /usr/share/man/man1/rand.13ssl.gz /usr/share/man/man1/rehash.13ssl.gz /usr/share/man/man1/req.13ssl.gz /usr/share/man/man1/rsa.13ssl.gz /usr/share/man/man1/rsautl.13ssl.gz /usr/share/man/man1/s_client.13ssl.gz /usr/share/man/man1/s_server.13ssl.gz /usr/share/man/man1/s_time.13ssl.gz /usr/share/man/man1/sess_id.13ssl.gz /usr/share/man/man1/smime.13ssl.gz /usr/share/man/man1/speed.13ssl.gz /usr/share/man/man1/spkac.13ssl.gz /usr/share/man/man1/srp.13ssl.gz /usr/share/man/man1/storeutl.13ssl.gz /usr/share/man/man1/ts.13ssl.gz /usr/share/man/man1/tsget.13ssl.gz /usr/share/man/man1/verify.13ssl.gz /usr/share/man/man1/version.13ssl.gz /usr/share/man/man1/x509.13ssl.gz /usr/share/man/man5/fips_config.53ssl.gz /usr/share/man/man5/openssl.cnf.5.gz /usr/share/man/man5/x509v3_config.53ssl.gz /usr/share/man/man7/EVP_ASYM_CIPHER-RSA.73ssl.gz /usr/share/man/man7/EVP_ASYM_CIPHER-SM2.73ssl.gz /usr/share/man/man7/EVP_CIPHER-AES.73ssl.gz /usr/share/man/man7/EVP_CIPHER-ARIA.73ssl.gz /usr/share/man/man7/EVP_CIPHER-BLOWFISH.73ssl.gz /usr/share/man/man7/EVP_CIPHER-CAMELLIA.73ssl.gz /usr/share/man/man7/EVP_CIPHER-CAST.73ssl.gz /usr/share/man/man7/EVP_CIPHER-CHACHA.73ssl.gz /usr/share/man/man7/EVP_CIPHER-DES.73ssl.gz /usr/share/man/man7/EVP_CIPHER-IDEA.73ssl.gz /usr/share/man/man7/EVP_CIPHER-NULL.73ssl.gz /usr/share/man/man7/EVP_CIPHER-RC2.73ssl.gz /usr/share/man/man7/EVP_CIPHER-RC4.73ssl.gz /usr/share/man/man7/EVP_CIPHER-RC5.73ssl.gz /usr/share/man/man7/EVP_CIPHER-SEED.73ssl.gz /usr/share/man/man7/EVP_CIPHER-SM4.73ssl.gz /usr/share/man/man7/EVP_KDF-ARGON2.73ssl.gz /usr/share/man/man7/EVP_KDF-HKDF.73ssl.gz /usr/share/man/man7/EVP_KDF-HMAC-DRBG.73ssl.gz /usr/share/man/man7/EVP_KDF-KB.73ssl.gz /usr/share/man/man7/EVP_KDF-KRB5KDF.73ssl.gz /usr/share/man/man7/EVP_KDF-PBKDF1.73ssl.gz /usr/share/man/man7/EVP_KDF-PBKDF2.73ssl.gz /usr/share/man/man7/EVP_KDF-PKCS12KDF.73ssl.gz /usr/share/man/man7/EVP_KDF-PVKKDF.73ssl.gz /usr/share/man/man7/EVP_KDF-SCRYPT.73ssl.gz /usr/share/man/man7/EVP_KDF-SS.73ssl.gz /usr/share/man/man7/EVP_KDF-SSHKDF.73ssl.gz /usr/share/man/man7/EVP_KDF-TLS13_KDF.73ssl.gz /usr/share/man/man7/EVP_KDF-TLS1_PRF.73ssl.gz /usr/share/man/man7/EVP_KDF-X942-ASN1.73ssl.gz /usr/share/man/man7/EVP_KDF-X942-CONCAT.73ssl.gz /usr/share/man/man7/EVP_KDF-X963.73ssl.gz /usr/share/man/man7/EVP_KEM-EC.73ssl.gz /usr/share/man/man7/EVP_KEM-ML-KEM-1024.73ssl.gz /usr/share/man/man7/EVP_KEM-ML-KEM-512.73ssl.gz /usr/share/man/man7/EVP_KEM-ML-KEM-768.73ssl.gz /usr/share/man/man7/EVP_KEM-ML-KEM.73ssl.gz /usr/share/man/man7/EVP_KEM-RSA.73ssl.gz /usr/share/man/man7/EVP_KEM-X25519.73ssl.gz /usr/share/man/man7/EVP_KEM-X448.73ssl.gz /usr/share/man/man7/EVP_KEYEXCH-DH.73ssl.gz /usr/share/man/man7/EVP_KEYEXCH-ECDH.73ssl.gz /usr/share/man/man7/EVP_KEYEXCH-X25519.73ssl.gz /usr/share/man/man7/EVP_KEYEXCH-X448.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-CMAC.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-DH.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-DHX.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-DSA.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-EC.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ED25519.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ED448.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-HMAC.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ML-DSA.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ML-KEM-1024.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ML-KEM-512.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ML-KEM-768.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-ML-KEM.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-Poly1305.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-RSA.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-SLH-DSA.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-SM2.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-Siphash.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-X25519.73ssl.gz /usr/share/man/man7/EVP_KEYMGMT-X448.73ssl.gz /usr/share/man/man7/EVP_MAC-BLAKE2.73ssl.gz /usr/share/man/man7/EVP_MAC-BLAKE2BMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-BLAKE2SMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-CMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-GMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-HMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-KMAC.73ssl.gz /usr/share/man/man7/EVP_MAC-KMAC128.73ssl.gz /usr/share/man/man7/EVP_MAC-KMAC256.73ssl.gz /usr/share/man/man7/EVP_MAC-Poly1305.73ssl.gz /usr/share/man/man7/EVP_MAC-Siphash.73ssl.gz /usr/share/man/man7/EVP_MD-BLAKE2.73ssl.gz /usr/share/man/man7/EVP_MD-KECCAK-KMAC.73ssl.gz /usr/share/man/man7/EVP_MD-KECCAK.73ssl.gz /usr/share/man/man7/EVP_MD-MD2.73ssl.gz /usr/share/man/man7/EVP_MD-MD4.73ssl.gz /usr/share/man/man7/EVP_MD-MD5-SHA1.73ssl.gz /usr/share/man/man7/EVP_MD-MD5.73ssl.gz /usr/share/man/man7/EVP_MD-MDC2.73ssl.gz /usr/share/man/man7/EVP_MD-NULL.73ssl.gz /usr/share/man/man7/EVP_MD-RIPEMD160.73ssl.gz /usr/share/man/man7/EVP_MD-SHA1.73ssl.gz /usr/share/man/man7/EVP_MD-SHA2.73ssl.gz /usr/share/man/man7/EVP_MD-SHA3.73ssl.gz /usr/share/man/man7/EVP_MD-SHAKE.73ssl.gz /usr/share/man/man7/EVP_MD-SM3.73ssl.gz /usr/share/man/man7/EVP_MD-WHIRLPOOL.73ssl.gz /usr/share/man/man7/EVP_MD-common.73ssl.gz /usr/share/man/man7/EVP_PKEY-CMAC.73ssl.gz /usr/share/man/man7/EVP_PKEY-DH.73ssl.gz /usr/share/man/man7/EVP_PKEY-DHX.73ssl.gz /usr/share/man/man7/EVP_PKEY-DSA.73ssl.gz /usr/share/man/man7/EVP_PKEY-EC.73ssl.gz /usr/share/man/man7/EVP_PKEY-ED25519.73ssl.gz /usr/share/man/man7/EVP_PKEY-ED448.73ssl.gz /usr/share/man/man7/EVP_PKEY-FFC.73ssl.gz /usr/share/man/man7/EVP_PKEY-HMAC.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-DSA-44.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-DSA-65.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-DSA-87.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-DSA.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-KEM-1024.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-KEM-512.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-KEM-768.73ssl.gz /usr/share/man/man7/EVP_PKEY-ML-KEM.73ssl.gz /usr/share/man/man7/EVP_PKEY-Poly1305.73ssl.gz /usr/share/man/man7/EVP_PKEY-RSA.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256f.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256s.73ssl.gz /usr/share/man/man7/EVP_PKEY-SLH-DSA.73ssl.gz /usr/share/man/man7/EVP_PKEY-SM2.73ssl.gz /usr/share/man/man7/EVP_PKEY-Siphash.73ssl.gz /usr/share/man/man7/EVP_PKEY-X25519.73ssl.gz /usr/share/man/man7/EVP_PKEY-X448.73ssl.gz /usr/share/man/man7/EVP_RAND-CRNG-TEST.73ssl.gz /usr/share/man/man7/EVP_RAND-CTR-DRBG.73ssl.gz /usr/share/man/man7/EVP_RAND-HASH-DRBG.73ssl.gz /usr/share/man/man7/EVP_RAND-HMAC-DRBG.73ssl.gz /usr/share/man/man7/EVP_RAND-JITTER.73ssl.gz /usr/share/man/man7/EVP_RAND-SEED-SRC.73ssl.gz /usr/share/man/man7/EVP_RAND-TEST-RAND.73ssl.gz /usr/share/man/man7/EVP_RAND.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-CMAC.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-DSA.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ECDSA.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ED25519.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ED448.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-HMAC.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ML-DSA-44.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ML-DSA-65.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ML-DSA-87.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-ML-DSA.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-Poly1305.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-RSA.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256f.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256s.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.73ssl.gz /usr/share/man/man7/EVP_SIGNATURE-Siphash.73ssl.gz /usr/share/man/man7/Ed25519.73ssl.gz /usr/share/man/man7/Ed448.73ssl.gz /usr/share/man/man7/OPENSSL_API_COMPAT.73ssl.gz /usr/share/man/man7/OPENSSL_NO_DEPRECATED.73ssl.gz /usr/share/man/man7/OSSL_PROVIDER-FIPS.73ssl.gz /usr/share/man/man7/OSSL_PROVIDER-base.73ssl.gz /usr/share/man/man7/OSSL_PROVIDER-default.73ssl.gz /usr/share/man/man7/OSSL_PROVIDER-legacy.73ssl.gz /usr/share/man/man7/OSSL_PROVIDER-null.73ssl.gz /usr/share/man/man7/OSSL_STORE-winstore.73ssl.gz /usr/share/man/man7/RAND.73ssl.gz /usr/share/man/man7/RSA-PSS.73ssl.gz /usr/share/man/man7/RSA.73ssl.gz /usr/share/man/man7/SM2.73ssl.gz /usr/share/man/man7/X25519.73ssl.gz /usr/share/man/man7/X448.73ssl.gz /usr/share/man/man7/bio.73ssl.gz /usr/share/man/man7/crypto.73ssl.gz /usr/share/man/man7/ct.73ssl.gz /usr/share/man/man7/des_modes.73ssl.gz /usr/share/man/man7/evp.73ssl.gz /usr/share/man/man7/fips_module.73ssl.gz /usr/share/man/man7/fips_module_indicators.73ssl.gz /usr/share/man/man7/life_cycle-cipher.73ssl.gz /usr/share/man/man7/life_cycle-digest.73ssl.gz /usr/share/man/man7/life_cycle-kdf.73ssl.gz /usr/share/man/man7/life_cycle-mac.73ssl.gz /usr/share/man/man7/life_cycle-pkey.73ssl.gz /usr/share/man/man7/life_cycle-rand.73ssl.gz /usr/share/man/man7/migration_guide.73ssl.gz /usr/share/man/man7/openssl-core.h.73ssl.gz /usr/share/man/man7/openssl-core_dispatch.h.73ssl.gz /usr/share/man/man7/openssl-core_names.h.73ssl.gz /usr/share/man/man7/openssl-env.73ssl.gz /usr/share/man/man7/openssl-glossary.73ssl.gz /usr/share/man/man7/openssl-qlog.73ssl.gz /usr/share/man/man7/openssl-quic-concurrency.73ssl.gz /usr/share/man/man7/openssl-quic.73ssl.gz /usr/share/man/man7/openssl-threads.73ssl.gz /usr/share/man/man7/openssl_user_macros.73ssl.gz /usr/share/man/man7/ossl-guide-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-libcrypto-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-libraries-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-libssl-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-migration.73ssl.gz /usr/share/man/man7/ossl-guide-quic-client-block.73ssl.gz /usr/share/man/man7/ossl-guide-quic-client-non-block.73ssl.gz /usr/share/man/man7/ossl-guide-quic-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-quic-multi-stream.73ssl.gz /usr/share/man/man7/ossl-guide-quic-server-block.73ssl.gz /usr/share/man/man7/ossl-guide-quic-server-non-block.73ssl.gz /usr/share/man/man7/ossl-guide-tls-client-block.73ssl.gz /usr/share/man/man7/ossl-guide-tls-client-non-block.73ssl.gz /usr/share/man/man7/ossl-guide-tls-introduction.73ssl.gz /usr/share/man/man7/ossl-guide-tls-server-block.73ssl.gz /usr/share/man/man7/ossl_store-file.73ssl.gz /usr/share/man/man7/ossl_store.73ssl.gz /usr/share/man/man7/passphrase-encoding.73ssl.gz /usr/share/man/man7/property.73ssl.gz /usr/share/man/man7/provider-asym_cipher.73ssl.gz /usr/share/man/man7/provider-base.73ssl.gz /usr/share/man/man7/provider-cipher.73ssl.gz /usr/share/man/man7/provider-decoder.73ssl.gz /usr/share/man/man7/provider-digest.73ssl.gz /usr/share/man/man7/provider-encoder.73ssl.gz /usr/share/man/man7/provider-kdf.73ssl.gz /usr/share/man/man7/provider-kem.73ssl.gz /usr/share/man/man7/provider-keyexch.73ssl.gz /usr/share/man/man7/provider-keymgmt.73ssl.gz /usr/share/man/man7/provider-mac.73ssl.gz /usr/share/man/man7/provider-object.73ssl.gz /usr/share/man/man7/provider-rand.73ssl.gz /usr/share/man/man7/provider-signature.73ssl.gz /usr/share/man/man7/provider-skeymgmt.73ssl.gz /usr/share/man/man7/provider-storemgmt.73ssl.gz /usr/share/man/man7/provider.73ssl.gz /usr/share/man/man7/proxy-certificates.73ssl.gz /usr/share/man/man7/ssl.73ssl.gz /usr/share/man/man7/x509.73ssl.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Oct 19 22:42:15 2025