Secure Sockets and Transport Layer Security
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
- Developed at security:tls
- Sources inherited from project openSUSE:Factory
-
7
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:ARM/openssl && cd $_ - Create Badge
Refresh
Refresh
Source Files
Revision 118 (latest revision is 171)
Stephan Kulow (coolo)
accepted
request 236989
from
Marcus Meissner (msmeissn)
(revision 118)
NOTE:
I submitted perl-Net-SSLeay 1.64 update to devel:languages:perl which
fixes its regression.
- updated openssl to 1.0.1h (bnc#880891):
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
- CVE-2014-0198.patch: removed, upstream
- 0009-Fix-double-frees.patch: removed, upstream
- 0012-Fix-eckey_priv_encode.patch: removed, upstream
- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
- 0020-Initialize-num-properly.patch: removed, upstream
- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
- openssl-1.0.1c-ipv6-apps.patch: refreshed
- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
- Added new SUSE default cipher suite
openssl-1.0.1e-add-suse-default-cipher.patch
Comments 10
Can anyone explain, openssl-1.0.2i-new-fips-reqs.patch is for what and which code based ? I'm unable to map to any code base either openssl-1.0.2i nor openssl-fips which found in https://www.openssl.org/
It is from a seperate FIPS patchset which we used for FIPS certification of openssl in SLES 12 and SLES 12 SP2.
Can i get the source copy of it ?
check out these sources: SUSE:SLE-12-SP2:Update openssl
I'm sorry, couldn't able to locate the exact link. If you don't mind can you help me to point the link ?
https://build.opensuse.org/package/show/SUSE:SLE-12:Update/openssl
Thanks a lot. anyway i can't find openssl-1.0.2i-new-fips-reqs.patch in this path of any updation. I think it's been deleted, prior to this can find openssl-1.0.1i-new-fips-reqs.patch.
make that https://build.opensuse.org/package/show/SUSE:SLE-12-SP2:Update/openssl
Thank you, got it. Basically the New requirements of FIPS 140-2 RSA/DSA were adopted from Red Hat Inc right ?
The patchset is largely from Redhat, we did some small adaptions to even stricter FIPS requirements but I do not recall the details.