openssl-fips-provider-3.5.1-3.el9 RPM for s390x

From CentOS Stream 9 BaseOS for s390x

OpenSSL is a toolkit for supporting cryptography. The openssl-fips-provider
package provides the fips.so provider, a cryptography provider that follows
FIPS requirements and provides FIPS approved algorithms.

Provides

• openssl-fips-provider
• fips-provider-so
• openssl-fips-provider(s390-64)

Requires

• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.16)(64bit)
• libc.so.6(GLIBC_2.2)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• openssl-libs(s390-64) = 1:3.5.1-3.el9
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

Apache-2.0

Changelog

* Thu Jul 17 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
  - Add custom define to disable symbol versioning in downstream patched code
    Also add stricter Suggests for openssl-fips-provider
    Resolves: RHEL-104236
  - Fix Requires/Provider to fix default install of fips providers
    Resolves: RHEL-104856
* Wed Jul 16 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-2
  - Move fips.so to a seprate subpackage
    Reverts FIPS self test for SLH-DSA
    Add Suggests to try to prefer the openssl-fips-provider package
    over the fips-provider-next package by default
    Revolves: RHEL-102408
    Related: RHEL-80854
* Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1
  - Rebasing to OpenSSL 3.5.1
    Resolves: RHEL-97797
    Resolves: RHEL-98723
    Resolves: RHEL-99352
* Mon Jun 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-4
  - Compact patches for better maintainability
    Related: RHEL-80854
  - Make hybrid MLKEM work with our FIPS provider (3.0.7)
    Resolves: RHEL-95239
* Thu May 22 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-3
  - Fix regressions caused by rebase to OpenSSL 3.5
    Related: RHEL-80854
* Fri May 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
  - OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
    Resolves: RHEL-88910
  - PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
    Resolves: RHEL-88912
  - Fix `openssl speed` running in FIPS mode
    Resolves: RHEL-89860
  - pkeyutl ecdsa signature with sha1 shouldn't work by default
    Resolves: RHEL-89861
  - Expose settable params for EVP_SKEY
    Resolves: RHEL-89862
  - Restore RHEL9-style indicators defines
    Resolves: RHEL-89859
  - Enable sslkeylog support
    Resolves: RHEL-90854
* Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
  - Rebasing OpenSSL to 3.5
    Resolves: RHEL-80854
    Resolves: RHEL-50208
    Resolves: RHEL-50210
    Resolves: RHEL-50211
    Resolves: RHEL-85954
* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
  - RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
    Resolves: RHEL-76756
* Thu Sep 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
  - rebuilt
    Related: RHEL-55339
* Wed Sep 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-5
  - Fix CVE-2024-6119: Possible denial of service in X.509 name checks
    Resolves: RHEL-55339
* Wed Aug 21 2024 Clemens Lang <cllang@redhat.com> - 1:3.2.2-4
  - Fix CVE-2024-5535: SSL_select_next_proto buffer overread
    Resolves: RHEL-45657
* Sat Jun 22 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
  - Replace HKDF backward compatibility patch with the official one
    Related: RHEL-40823
* Wed Jun 12 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-2
  - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
    Resolves: RHEL-40823
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
  - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
    and Minerva attack.
    Resolves: RHEL-32148
    Resolves: RHEL-36792
    Resolves: RHEL-38514
    Resolves: RHEL-39111
* Thu May 23 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-2
  - Update RNG changing for FIPS purpose
    Resolves: RHEL-35380
* Wed Apr 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-1
  - Rebasing OpenSSL to 3.2.1
    Resolves: RHEL-26271
* Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Related: RHEL-23474
* Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26
  - Avoid implicit function declaration when building openssl
    Related: RHEL-1780
  - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
    Resolves: RHEL-17104
  - Add a directory for OpenSSL providers configuration
    Resolves: RHEL-17193
  - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
    Resolves: RHEL-19515
  - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
    Resolves: RHEL-21151
  - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
    Resolves: RHEL-21654
  - SSL ECDHE Kex fails when pkcs11 engine is set in config file
    Resolves: RHEL-20249
  - Denial of service via null dereference in PKCS#12
    Resolves: RHEL-22486
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Resolves: RHEL-23474
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
  - Provide relevant diagnostics when FIPS checksum is corrupted
    Resolves: RHEL-5317
  - Don't limit using SHA1 in KDFs in non-FIPS mode.
    Resolves: RHEL-5295
  - Provide empty evp_properties section in main OpenSSL configuration file
    Resolves: RHEL-11439
  - Avoid implicit function declaration when building openssl
    Resolves: RHEL-1780
  - Forbid explicit curves when created via EVP_PKEY_fromdata
    Resolves: RHEL-5304
  - AES-SIV cipher implementation contains a bug that causes it to ignore empty
    associated data entries (CVE-2023-2975)
    Resolves: RHEL-5302
  - Excessive time spent checking DH keys and parameters (CVE-2023-3446)
    Resolves: RHEL-5306
  - Excessive time spent checking DH q parameter value (CVE-2023-3817)
    Resolves: RHEL-5308
  - Fix incorrect cipher key and IV length processing (CVE-2023-5363)
    Resolves: RHEL-13251
  - Switch explicit FIPS indicator for RSA-OAEP to approved following
    clarification with CMVP
    Resolves: RHEL-14083
  - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
    Resolves: RHEL-14083
  - Add missing ECDH Public Key Check in FIPS mode
    Resolves: RHEL-15990
  - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
    Resolves: RHEL-15954

Files

/usr/lib/.build-id
/usr/lib/.build-id/8a
/usr/lib/.build-id/8a/8da1bb588254f907431e510b48e8d0b498cfd5
/usr/lib64/ossl-modules/fips.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Jul 30 06:05:27 2025