rpms/crypto-policies
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update from upstream (gnutls and nss PQ hybrid groups)

Browse Source 
- gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
- nss: add mlkem768x25519 and mlkem768secp256r1

Resolves: RHEL-66149
Resolves: RHEL-66146
This commit is contained in:
Alexander Sosedkin 2024-11-06 14:50:12 +01:00
parent 382dcb0a5e
commit bb96d210ce
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto-policies.spec
View File

@ -1,5 +1,5 @@
%global git_date 20241105 %global git_date 20241106
%global git_commit 978ac269655ae739f577a8fc78e6b672c78524f8 %global git_commit 1bdaba3df8bd2d98367958fd2b1b5c8eee8bb1ee
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0 %global _python_bytecompile_extra 0
@ -30,10 +30,10 @@ BuildRequires: make
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
Conflicts: openssl-libs < 1:3.2 Conflicts: openssl-libs < 1:3.2
Conflicts: nss < 3.101 Conflicts: nss < 3.101.0-9
Conflicts: libreswan < 4.12 Conflicts: libreswan < 4.12
Conflicts: openssh < 9.9p1 Conflicts: openssh < 9.9p1
Conflicts: gnutls < 3.8.5 Conflicts: gnutls < 3.8.8
%description %description
This package provides pre-built configuration files with This package provides pre-built configuration files with
@ -82,6 +82,12 @@ sed -i "s/'NSS_NO_TLS_REQUIRE_EMS', '0'/'NSS_NO_TLS_REQUIRE_EMS', '1'/" \
sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt
%endif %endif
%if 0%{?rhel} == 11
# currently ELN NSS doesn't support mlkem768secp256r1
sed -i '/P256-MLKEM768/d' python/policygenerators/nss.py
sed -i "s/:mlkem768secp256r1:/:/" tests/outputs/*:TEST-PQ-nss.txt
%endif
%make_build %make_build
%install %install
@ -251,6 +257,10 @@ exit 0
%changelog %changelog
* Wed Nov 06 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241106-1.git1bdaba3
- gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
- nss: add mlkem768x25519 and mlkem768secp256r1
* Tue Nov 05 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241105-1.git978ac26 * Tue Nov 05 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241105-1.git978ac26
- gnutls: `allow-rsa-pkcs1-encrypt = false` everywhere but in LEGACY - gnutls: `allow-rsa-pkcs1-encrypt = false` everywhere but in LEGACY

2
sources
View File

@ -1 +1 @@
SHA512 (crypto-policies-git978ac26.tar.gz) = 23eb51a863a5b750e5ee724d4d8bd998b1ac2c90b378297bcb7f94cf278023833f95f8e36335807cbd66198e18ced3236e38fa8f60972a2dc44690b50fe37546 SHA512 (crypto-policies-git1bdaba3.tar.gz) = f9b722338f69cb6a0712938ea2ba80592a0a74803ce3430d64dbe30643dc9d0360522ad9c248efa8c335a8c2a8df7e0776e68e1f6eb5a229371e64c0635b5437