diff --git a/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch b/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch deleted file mode 100644 index 1b53dc6..0000000 --- a/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch +++ /dev/null @@ -1,75 +0,0 @@ -commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c -Author: Alexander Sosedkin -Date: Wed Nov 19 10:48:51 2025 +0100 - - Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits" - - This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec. - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 5986a410c2..d14efbaaf0 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, - - bits = mpz_sizeinbase(pub.n, 2); - -- /* In FIPS 140-3, RSA key size should be larger than 2048-bit. -+ /* In FIPS 140-3, RSA key size should be larger than -+ * 2048-bit or one of the known lengths (1024, 1280, -+ * 1536, 1792; i.e., multiple of 256-bits). -+ * - * In addition to this, only SHA-2 is allowed - * for SigVer; it is checked in _pkcs1_rsa_verify_sig in - * lib/pubkey.c. - */ -- if (unlikely(bits < 2048)) { -+ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 && -+ bits != 1536 && bits != 1792)) { - not_approved = true; - } - -diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c -index 61a76d3c09..d134a35f8c 100644 ---- a/tests/fips-rsa-sizes.c -+++ b/tests/fips-rsa-sizes.c -@@ -250,24 +250,35 @@ void doit(void) - - assert(gnutls_fips140_context_init(&fips_context) == 0); - -+ /* 512-bit RSA: no generate, no sign, no verify */ - generate_unsuccessfully(&privkey, &pubkey, 512); - sign_verify_unsuccessfully(privkey, pubkey); -+ /* 512-bit RSA again (to be safer about going in and out of FIPS) */ - generate_unsuccessfully(&privkey, &pubkey, 512); - sign_verify_unsuccessfully(privkey, pubkey); -+ /* 600-bit RSA: no generate, no sign, no verify */ - generate_unsuccessfully(&privkey, &pubkey, 600); - sign_verify_unsuccessfully(privkey, pubkey); -+ -+ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */ - generate_unsuccessfully(&privkey, &pubkey, 768); - sign_verify_unsuccessfully(privkey, pubkey); -+ /* 1024-bit RSA exception: nogenerate, nosign, verify */ - generate_unsuccessfully(&privkey, &pubkey, 1024); -- sign_verify_unsuccessfully(privkey, pubkey); -+ nosign_verify(privkey, pubkey); -+ /* 1280-bit RSA exception: nogenerate, nosign, verify */ - generate_unsuccessfully(&privkey, &pubkey, 1280); -- sign_verify_unsuccessfully(privkey, pubkey); -+ nosign_verify(privkey, pubkey); -+ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */ - generate_unsuccessfully(&privkey, &pubkey, 1500); - sign_verify_unsuccessfully(privkey, pubkey); -+ /* 1536-bit RSA exception: nogenerate, nosign, verify */ - generate_unsuccessfully(&privkey, &pubkey, 1536); -- sign_verify_unsuccessfully(privkey, pubkey); -+ nosign_verify(privkey, pubkey); -+ /* 1792-bit RSA exception: nogenerate, nosign, verify */ - generate_unsuccessfully(&privkey, &pubkey, 1792); -- sign_verify_unsuccessfully(privkey, pubkey); -+ nosign_verify(privkey, pubkey); -+ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */ - generate_unsuccessfully(&privkey, &pubkey, 2000); - sign_verify_unsuccessfully(privkey, pubkey); - diff --git a/gnutls.spec b/gnutls.spec index 50c1208..2475221 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16)) } Version: 3.8.10 -Release: 6%{?dist} +Release: 7%{?dist} # not upstreamed Patch: gnutls-3.2.7-rpath.patch Patch: gnutls-3.7.2-enable-intel-cet.patch @@ -32,8 +32,6 @@ Patch: gnutls-3.8.10-tests-ktls.patch # reverts # * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch -# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits -Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch # CVE fixes backported from 3.8.12 release # upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 @@ -516,6 +514,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x %endif %changelog +* Thu Jul 02 2026 Alexander Sosedkin - 3.8.10-7 +- fips: Allow SigVer only with RSA keys with modulus >= 2048 bits + * Fri Jun 12 2026 Daiki Ueno - 3.8.10-6 - Fix order of previous changelog entries (RHEL-172270)