Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl-3 for openSUSE:Factory
checked in at 2025-03-27 22:31:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-3 (Old)
and /work/SRC/openSUSE:Factory/.openssl-3.new.2696 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-3"
Thu Mar 27 22:31:30 2025 rev:39 rq:1255522 version:3.2.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-3/openssl-3.changes 2025-03-08
17:51:17.111635607 +0100
+++ /work/SRC/openSUSE:Factory/.openssl-3.new.2696/openssl-3.changes
2025-03-27 22:31:32.290710930 +0100
@@ -1,0 +2,6 @@
+Fri Mar 21 17:19:40 UTC 2025 - Lucas Mulling <lucas.mull...@suse.com>
+
+- FIPS: Mark SHA-1 as non-approved in the SLI. [jsc#PED-12224]
+ * Add openssl-FIPS-Mark-SHA1-as-nonapproved.patch
+
+-------------------------------------------------------------------
New:
----
openssl-FIPS-Mark-SHA1-as-nonapproved.patch
BETA DEBUG BEGIN:
New:- FIPS: Mark SHA-1 as non-approved in the SLI. [jsc#PED-12224]
* Add openssl-FIPS-Mark-SHA1-as-nonapproved.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-3.spec ++++++
--- /var/tmp/diff_new_pack.0R34tf/_old 2025-03-27 22:31:33.634766565 +0100
+++ /var/tmp/diff_new_pack.0R34tf/_new 2025-03-27 22:31:33.638766730 +0100
@@ -149,6 +149,8 @@
# PATCH-FIX-UPSTREAM: Fix failing tests on ppc64 jsc#PED-10280
Patch65: openssl-3-fix-sha3-squeeze-ppc64.patch
Patch66: openssl-3-fix-quic_multistream_test.patch
+# PATCH-FIX-SUSE jsc#PED-12224 FIPS: Mark SHA1 as nonapproved in the SLI
+Patch67: openssl-FIPS-Mark-SHA1-as-nonapproved.patch
# ulp-macros is available according to SUSE version.
%ifarch x86_64
++++++ openssl-FIPS-Mark-SHA1-as-nonapproved.patch ++++++
Index: openssl-3.2.4/providers/fips/fipsprov.c
===================================================================
--- openssl-3.2.4.orig/providers/fips/fipsprov.c
+++ openssl-3.2.4/providers/fips/fipsprov.c
@@ -278,7 +278,7 @@ static int fips_self_test(void *provctx)
*/
static const OSSL_ALGORITHM fips_digests[] = {
/* Our primary name:NiST name[:our older names] */
- { PROV_NAMES_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_sha1_functions },
+ { PROV_NAMES_SHA1, FIPS_UNAPPROVED_PROPERTIES, ossl_sha1_functions },
{ PROV_NAMES_SHA2_224, FIPS_DEFAULT_PROPERTIES, ossl_sha224_functions },
{ PROV_NAMES_SHA2_256, FIPS_DEFAULT_PROPERTIES, ossl_sha256_functions },
{ PROV_NAMES_SHA2_384, FIPS_DEFAULT_PROPERTIES, ossl_sha384_functions },
@@ -355,9 +355,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
ALG(PROV_NAMES_AES_256_WRAP_PAD_INV, ossl_aes256wrappadinv_functions),
ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions),
ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions),
- ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions,
+ UNAPPROVED_ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1,
ossl_aes128cbc_hmac_sha1_functions,
ossl_cipher_capable_aes_cbc_hmac_sha1),
- ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions,
+ UNAPPROVED_ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1,
ossl_aes256cbc_hmac_sha1_functions,
ossl_cipher_capable_aes_cbc_hmac_sha1),
ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256,
ossl_aes128cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
