[ Tobias Heider ]
* Add fips-mode detection and adjust defaults when running in fips mode
(LP: #2056593):
- d/p/fips/crypto-Add-kernel-FIPS-mode-detection.patch:
Detect if kernel fips mode is enabled
- d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch:
Load FIPS provider if running in FIPS mode
- d/p/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch:
Limit openssl-speed to FIPS compliant algorithms when running in FIPS mode
- d/p/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch
Make sure DRBG respects query properties
- d/p/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch:
Make sure encoding runs with correct library context and provider
[ Adrien Nader ]
* Re-enable intel/0002-AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ.patch
(LP: #2030784)
Thanks Bun K Tan and Dan Zimmerman
* Disable LTO with which the codebase is generally incompatible (LP: #2058017)
This bug was fixed in the package openssl - 3.0.13-0ubuntu2
---------------
openssl (3.0.13-0ubuntu2) noble; urgency=medium
[ Tobias Heider ] crypto- Add-kernel- FIPS-mode- detection. patch: crypto- Automatically- use-the- FIPS-provider- when-the- kerne.patch: apps-speed- Omit-unavailabl e-algorithms- in-FIPS- mode.patch: apps-pass- propquery- arg-to- the-libctx- DRBG-fetches. patch test-Ensure- encoding- runs-with- the-correct- context- during. patch:
* Add fips-mode detection and adjust defaults when running in fips mode
(LP: #2056593):
- d/p/fips/
Detect if kernel fips mode is enabled
- d/p/fips/
Load FIPS provider if running in FIPS mode
- d/p/fips/
Limit openssl-speed to FIPS compliant algorithms when running in FIPS mode
- d/p/fips/
Make sure DRBG respects query properties
- d/p/fips/
Make sure encoding runs with correct library context and provider
[ Adrien Nader ] AES-GCM- enabled- with-AVX512- vAES-and- vPCLMULQDQ. patch
* Re-enable intel/0002-
(LP: #2030784)
Thanks Bun K Tan and Dan Zimmerman
* Disable LTO with which the codebase is generally incompatible (LP: #2058017)
-- Adrien Nader <email address hidden> Fri, 15 Mar 2024 09:46:33 +0100