ELBA-2020-6010 - openssl bug fix update

Release Date:2020-12-18


- add selftest of the RAND_DRBG implementation

- fix incorrect error return value from FIPS_selftest_dsa
- S390x: properly restore SIGILL signal handler

- additional fix for the edk2 build

- disallow use of SHA-1 signatures in TLS in FIPS mode

- fix CVE-2019-1547 - side-channel weak encryption vulnerability
- fix CVE-2019-1563 - padding oracle in CMS API
- fix CVE-2019-1549 - ensure fork safety of the DRBG
- fix handling of non-FIPS allowed EC curves in FIPS mode
- fix TLS compliance issues

- backported ARM performance fixes from master

- backport of S390x ECC CPACF enhancements from master
- FIPS mode: properly disable 1024 bit DSA key generation
- FIPS mode: skip ED25519 and ED448 algorithms in openssl speed
- FIPS mode: allow AES-CCM ciphersuites

- make the code suitable for edk2 build

- backport of SSKDF from master

- backport of KBKDF and KRB5KDF from master

- do not try to use EC groups disallowed in FIPS mode
in TLS
- fix Valgrind regression with constant-time code

- update to the 1.1.1c release

- adjust the default cert pbe algorithm for pkcs12 -export
in the FIPS mode

- Fix small regressions related to the rebase

- FIPS compliance fixes

- update to the 1.1.1b release
- EVP_KDF API backport from master
- SSH KDF implementation for EVP_KDF API backport from master
- add S390x chacha20-poly1305 assembler support from master branch

- make openssl ts default to using SHA256 digest

- use /dev/urandom for seeding the RNG in FIPS POST

- make SECLEVEL=3 work

- fix defects found in Coverity scan

- drop SSLv3 support

- drop the TLS-1.3 version revert

- disable RC4-MD5 ciphersuites completely

- update to the final 1.1.1 version
- for consistent support of security policies we build
RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
- use only /dev/urandom if getrandom() is not available
- disable SM4

- update to the latest 1.1.1 beta version
- temporarily revert TLS-1.3 to draft 28 version

- bidirectional shutdown fixes from upstream

- do not put error on stack when using fixed protocol version
with the default config (#1615098)

- load crypto policy config file from the default config

- update to the latest 1.1.1 beta version

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

- fix FIPS RSA key generation failure

- ppc64le is not multilib arch (#1584994)

- fix regression of c_rehash (#1562953)

- fix FIPS symbol versions

- update to upstream version 1.1.0h
- add Recommends for openssl-pkcs11

- one more try to apply RPM_LD_FLAGS properly (#1541033)
- dropped unneeded starttls xmpp patch (#1417017)

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

- apply RPM_LD_FLAGS properly (#1541033)

- silence the .rnd write failure as that is auxiliary functionality (#1524833)

- put the Makefile.certificate in pkgdocdir and drop the requirement on make

- update to upstream version 1.1.0g

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

- make s_client and s_server work with -ssl3 option (#1471783)

- perl dependency renamed to perl-interpreter

- disable verification of all insecure hashes

- make DTLS work (#1462541)

- enable 3DES SSL ciphersuites, RC4 is kept disabled (#1453066)

- only release thread-local key if we created it (from upstream) (#1458775)

- update to upstream version 1.1.0f
- SRP and GOST is now allowed, note that GOST support requires
adding GOST engine which is not part of openssl anymore

- update to upstream version 1.1.0e
- add documentation of the PROFILE=SYSTEM special cipher string (#1420232)

- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

- applied upstream fixes (fix regression in X509_CRL_digest)

- update to upstream version 1.1.0d

- preserve new line in fd BIO BIO_gets() as other BIOs do

- FIPS mode fixes for TLS

- revert SSL_read() behavior change - patch from upstream (#1394677)
- fix behavior on client certificate request in renegotiation (#1393579)

- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
to less than optimal security

- update to upstream version 1.1.0c

- use a random seed if the supplied one did not generate valid
parameters in dsa_builtin_paramgen2()

- do not break contract on return value when using dsa_builtin_paramgen2()

- fix afalg failure on big endian

- update to upstream version 1.1.0b

- Add flags for riscv64.

- minor upstream release 1.0.2j fixing regression from previous release

- Fix enginesdir in libcrypto.c (#1375361)

- minor upstream release 1.0.2i fixing security issues
- move man pages for perl based scripts to perl subpackage (#1377617)

- fix regression in Cisco AnyConnect VPN support (#1354588)

- require libcrypto in libssl.pc (#1301301)

- minor upstream release 1.0.2h fixing security issues

- disable SSLv2 support altogether (without ABI break)

- enable RC5

- reenable SSL2 in the build to avoid ABI break (it does not
make the openssl vulnerable to DROWN attack)

- minor upstream release 1.0.2g fixing security issues

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

- minor upstream release 1.0.2f fixing security issues
- add support for MIPS secondary architecture

- document some options of openssl speed command

- enable sctp support in DTLS

- remove unimplemented EC method from header (#1289599)

- the fast nistp implementation works only on little endian architectures

- minor upstream release 1.0.2e fixing moderate severity security issues
- enable fast assembler implementation for NIST P-256 and P-521
elliptic curves (#1164210)
- filter out unwanted link options from the .pc files (#1257836)
- do not set serial to 0 in Makefile.certificate (#1135719)

- fix sigill on some AMD CPUs (#1278194)

- re-enable secp256k1 (bz1021898)

- minor upstream release 1.0.2d fixing a high severity security issue

- fix the aarch64 build

- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

- minor upstream release 1.0.2c fixing multiple security issues

- Add aarch64 sslarch details

- fix some 64 bit build targets

- add alternative certificate chain discovery support from upstream

- rebase to 1.0.2 branch

- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)

- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

- fix bug in the CRYPTO_128_unwrap()

- fix bug in the RFC 5649 support (#1185878)

- Rebuilt for Fedora 23 Change

- test in the non-FIPS RSA keygen for minimal distance of p and q
similarly to the FIPS RSA keygen

- new upstream release fixing multiple security issues

- disable SSLv3 by default again (mail servers and possibly
LDAP servers should probably allow it explicitly for legacy

- update the FIPS RSA keygen to be FIPS 186-4 compliant

- new upstream release fixing multiple security issues

- copy negotiated digests when switching certs by SNI (#1150032)

- add support for RFC 5649

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

- drop RSA X9.31 from RSA FIPS selftests
- add Power 8 optimalizations

- new upstream release fixing multiple moderate security issues
- for now disable only SSLv2 by default

- fix license handling

- disable SSLv2 and SSLv3 protocols by default (can be enabled
via appropriate SSL_CTX_clear_options() call)

- use system profile for default cipher list

- make FIPS mode keygen bit length restriction enforced only when
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

- new upstream release 1.0.1h

- Drop obsolete and irrelevant docs
- Move devel docs to appropriate package

- new upstream release 1.0.1g
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty

- pull in upstream patch for CVE-2014-0160
- removed CHANGES file portion from patch for expediency

- add support for ppc64le architecture (#1072633)

- properly detect encryption failure in BIO
- use 2048 bit RSA key in FIPS selftests

- use the key length from configuration file if req -newkey rsa is invoked

- print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing

- make expiration and key length changeable by DAYS and KEYLEN
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)

- make 3des strength to be 128 bits instead of 168 (#1056616)

- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1

- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
- more FIPS validation requirement changes

- drop weak ciphers from the default TLS ciphersuite list
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes

- fix locking and reseeding problems with FIPS drbg

- additional changes required for FIPS validation

- disable verification of certificate, CRL, and OCSP signatures
using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
is not set

- add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)

- fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)

- do not advertise ECC curves we do not support (#1022493)

- only ECC NIST Suite B curves support
- drop -fips subpackage

- resolve bugzilla 319901 (phew! only took 6 years & 9 days)

- make DTLS1 work in FIPS mode
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode

- avoid dlopening libssl.so from libcrypto (#1010357)

- fix small memory leak in FIPS aes selftest

- fix segfault in openssl speed hmac in the FIPS mode

- document the nextprotoneg option in manual pages
original patch by Hubert Kario

- [arm] use elf auxv to figure out armcap.c instead of playing silly
games with SIGILL handlers. (#1006474)

- try to avoid some races when updating the -fips subpackage

- use version-release in .hmac suffix to avoid overwrite
during upgrade

- allow deinitialization of the FIPS mode

- always perform the FIPS selftests in library constructor
if FIPS module is installed

- add -fips subpackage that contains the FIPS module files

- fix use of rdrand if available
- more commits cherry picked from upstream
- documentation fixes

- Perl 5.18 rebuild

- additional manual page fix
- use symbol versioning also for the textual version

- additional manual page fixes

- use _prefix macro

- Perl 5.18 rebuild

- add openssl.cnf.5 manpage symlink to config.5

- add relro linking flag

- add support for the -trusted_first option for certificate chain verification

- fix build of manual pages with current pod2man (#959439)

- Enable ARM optimised build

- fix random bad record mac errors (#918981)


- disable ZLIB loading by default (due to CRIME attack)

- new upstream version

- more fixes from upstream
- fix errors in manual causing build failure (#904777)

- add script for renewal of a self-signed cert by Philip Prindeville (#871566)
- allow X509_issuer_and_serial_hash() produce correct result in
the FIPS mode (#881336)

- do not load default verify paths if CApath or CAfile specified (#884305)

- more fixes from upstream CVS
- fix DSA key pairwise check (#878597)

- use 1024 bit DH parameters in s_server as 512 bit is not allowed
in FIPS mode and it is quite weak anyway

- add missing initialization of str in aes_ccm_init_key (#853963)
- add important patches from upstream CVS
- use the secure_getenv() with new glibc

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

- use __getenv_secure() instead of __libc_enable_secure

- do not move libcrypto to /lib
- do not use environment variables if __libc_enable_secure is on
- fix strict aliasing problems in modes

- fix DSA key generation in FIPS mode (#833866)
- allow duplicate FIPS_mode_set(1)
- enable build on ppc64 subarch (#834652)

- fix s_server with new glibc when no global IPv6 address (#839031)
- make it build with new Perl

- new upstream version

- new upstream version

- new upstream version fixing CVE-2012-2110

- add Kerberos 5 libraries to pkgconfig for static linking (#807050)

- backports from upstream CVS
- fix segfault when /dev/urandom is not available (#809586)

- new upstream release

- add obsoletes to assist multilib updates (#799636)

- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- new upstream release from the 1.0.1 branch
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)

- new upstream release from the 1.0.1 branch, ABI compatible
- add documentation for the -no_ign_eof option

- new upstream release fixing CVE-2012-0050 - DoS regression in
DTLS support introduced by the previous release (#782795)

- new upstream release fixing multiple CVEs

- move the libraries needed for static linking to Libs.private

- do not use AVX instructions when osxsave bit not set
- add direct known answer tests for SHA2 algorithms

- fix missing initialization of variable in CHIL engine

- new upstream release fixing CVE-2011-3207 (#736088)

- drop the separate engine for Intel acceleration improvements
and merge in the AES-NI, SHA1, and RC4 optimizations
- add support for OPENSSL_DISABLE_AES_NI environment variable
that disables the AES-NI support

- correct openssl cms help output (#636266)
- more tolerant starttls detection in XMPP protocol (#608239)

- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine

- allow the AES-NI engine in the FIPS mode

- add API necessary for CAVS testing of the new DSA parameter generation

- add support for VIA Padlock on 64bit arch from upstream (#617539)
- do not return bogus values from load_certs (#652286)

- clarify apps help texts for available digest algorithms (#693858)

- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
to allow using MD5 when the system is in the maintenance state
even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode

- listen on ipv6 wildcard in s_server so we accept connections
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
with FIPS allowed ciphers

- new upstream version fixing CVE-2010-4180

- replace the revert for the s390x bignum asm routines with
fix from upstream

- revert upstream change in s390x bignum asm routines

- new upstream version fixing CVE-2010-3864 (#649304)

- make SHLIB_VERSION reflect the library suffix

- openssl man page fix (#609484)

- new upstream patch release, fixes CVE-2010-0742 (#598738)
and CVE-2010-1633 (#598732)

Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (x86_64) openssl-1.1.1c-15.ksplice1.el8.src.rpm896c54e790aee4ba2b46a160eb25ee23-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team