• None
    • Moderate
    • Rebase
    • 2
    • rhel-sst-security-crypto
    • ssg_security
    • 14
    • 30
    • 3
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto24Q2, Crypto24Q3
    • Hide

      Test coverage for CRYPTO-13634 CRYPTO-13635 CRYPTO-13636 CRYPTO-13637 CRYPTO-13638 CRYPTO-13639 CRYPTO-13640 CRYPTO-13641 is created.

      Show
      Test coverage for CRYPTO-13634 CRYPTO-13635 CRYPTO-13636 CRYPTO-13637 CRYPTO-13638 CRYPTO-13639 CRYPTO-13640 CRYPTO-13641 is created.
    • Pass
    • Needed
    • None
    • Rebase
    • Hide
      .OpenSSL rebased to 3.2.2

      The OpenSSL packages have been rebased to upstream version 3.2.2. This update brings various enhancements and bug fixes, most notably the following:

      * The `openssl req` command with the `-extensions` option no longer mishandles extensions when creating certificate signing requests (CSR). Previously, the command fetched, parsed, and checked the name of the configuration file section for consistency but the name was not used for adding extensions to the created CSR file. With this fix, the extension is added to the generated CSR. As a side effect of this change, if the section specifies an extension incompatible with its use in the CSR, the command might fail with an error like `error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=server_cert, name=authorityKeyIdentifier, value=keyid, issuer:always`.
      * The default X.500 distinguished name (DN) formatting has been changed to use the UTF-8 formatter. This also causes the removal of space characters around the equal sign (`=`) that separates DN element types from their values.
      * Certificate compression extension (RFC 8879) is now supported.
      * The QUIC protocol can now be used on the client side as a Technology Preview.
      * The Argon2d, Argon2i, and Argon2id key derivation functions (KDF) are supported.
      * Brainpool curves have been added to the TLS 1.3 protocol (RFC 8734) but Brainpool curves remain disabled in all supported system-wide cryptographic policies.
      Show
      .OpenSSL rebased to 3.2.2 The OpenSSL packages have been rebased to upstream version 3.2.2. This update brings various enhancements and bug fixes, most notably the following: * The `openssl req` command with the `-extensions` option no longer mishandles extensions when creating certificate signing requests (CSR). Previously, the command fetched, parsed, and checked the name of the configuration file section for consistency but the name was not used for adding extensions to the created CSR file. With this fix, the extension is added to the generated CSR. As a side effect of this change, if the section specifies an extension incompatible with its use in the CSR, the command might fail with an error like `error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=server_cert, name=authorityKeyIdentifier, value=keyid, issuer:always`. * The default X.500 distinguished name (DN) formatting has been changed to use the UTF-8 formatter. This also causes the removal of space characters around the equal sign (`=`) that separates DN element types from their values. * Certificate compression extension (RFC 8879) is now supported. * The QUIC protocol can now be used on the client side as a Technology Preview. * The Argon2d, Argon2i, and Argon2id key derivation functions (KDF) are supported. * Brainpool curves have been added to the TLS 1.3 protocol (RFC 8734) but Brainpool curves remain disabled in all supported system-wide cryptographic policies.
    • Done
    • None

      What were you trying to do that didn't work?

      OpenSSL 3.0 caused a big slowdown of some operations. 3.2 series has significantly improved the situation.

      Please provide the package NVR for which bug is seen:

      OpenSSL 3.0.x

      How reproducible:

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Actual results

              hkario@redhat.com Alicja Kario
              dbelyavs@redhat.com Dmitry Belyavskiy
              Clemens Lang, Sahana Prasad Hebbur Narasimha Prasad
              Dmitry Belyavskiy Dmitry Belyavskiy
              Alicja Kario Alicja Kario
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: