rpms
/
gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
93 Commits 6 Branches 43 Tags 1.1 MiB
Commit Graph

93 Commits

Author SHA1 Message Date
Daiki Ueno b54e951cdf Bump release to ensure el9 package is greater than el9_* packages 
Related: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-04-05 14:56:17 +09:00
Daiki Ueno fad6f4c031 Bump release to ensure el9 package is greater than el9_* packages 
Related: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-22 19:08:49 +09:00
Daiki Ueno 4fe94fea35 Fix potential crash during chain building/verification 
Resolves: RHEL-28954
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-21 17:46:23 +09:00
Daiki Ueno 93137eb14d Fix timing side-channel in deterministic ECDSA 
Resolves: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-21 17:30:00 +09:00
Daiki Ueno be70c0528f Update to gnutls 3.8.3 
Resolves: RHEL-14891
Resolves: RHEL-21551
Resolves: RHEL-21702
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-01-23 13:54:10 +09:00
Daiki Ueno 858f0f94af Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well 
Resolves: RHEL-18498
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-01-22 15:19:13 +09:00
Daiki Ueno 489749726b Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 
Resolves: RHEL-18498
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-13 17:24:09 +09:00
Daiki Ueno ea61a3e2d6 Bump runtime requirement of nettle to 3.9.1 
Related: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-12 10:59:26 +09:00
Daiki Ueno 681af9e006 Bump nettle BR to 3.9.1 
Related: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-08 16:38:43 +09:00
Daiki Ueno df21603693 Update to gnutls 3.8.2 
Resolves: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-21 16:06:32 +09:00
Daiki Ueno 7d84a98339 Mark SHA-1 signature verification non-approved in FIPS 
Resolves: #2102751
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-29 13:31:34 +09:00
Daiki Ueno b6ff2ebf9a Skip KTLS test on old kernel if host and target arches are different 
Related: #2157953
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-18 11:45:22 +02:00
Daiki Ueno 737d8de21b Require use of extended master secret in FIPS mode by default 
Resolves: #2157953
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-13 16:14:38 +02:00
Peter Leitmann d0e62ee489 Fix contact information 
Related: rhbz#2180023

Signed-off-by: Peter Leitmann <pleitman@redhat.com>
 2023-04-27 13:49:46 +02:00
Peter Leitmann 18ed0fef76 Add Testing Farm TMT interoperability tests with OpenSSL/NSS 
Related: rhbz#2180023

Signed-off-by: Peter Leitmann <pleitman@redhat.com>
 2023-04-19 12:37:08 +00:00
Daiki Ueno 33dfec6681 Fix the previous change 
Resolves: #2175214
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-03-14 21:50:42 +09:00
Daiki Ueno af25913da9 Bump release to ensure el9 package is greater than el9_* packages 
Resolves: #2175214
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-03-10 16:31:47 +09:00
Daiki Ueno b7884a9359 Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 
Resolves: #2168143
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-28 11:15:06 +09:00
Daiki Ueno f764d48554 Fix timing side-channel in TLS RSA key exchange 
Resolves: #2162601
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-10 15:10:06 +09:00
Daiki Ueno bb8f9067ee fips: extend PCT to DH key generation 
Resolves: #2168143
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-10 13:31:17 +09:00
Zoltan Fridrich 0efdf6a30a fips: rename hmac file to its previous name 
Resolves: rhbz#2148269

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-12-15 11:32:25 +01:00
Zoltan Fridrich 9727693a0e Revert manual test in gating.yaml 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-30 09:49:29 +01:00
Daiki Ueno a529ca162b nettle: mark non-compliant RSA-PSS salt length to be not-approved 
Resolves: #2143266
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-11-22 10:58:24 +09:00
Daiki Ueno 53a68f179c cipher: add restriction on CCM tag length under FIPS mode 
Resolves: #2137807
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-11-22 10:58:23 +09:00
Zoltan Fridrich 7dd34fb86b Remove library path checking from FIPS integrity check 
Resolves: rhbz#2140908

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 16:14:17 +01:00
Zoltan Fridrich ec0dad9c1f Add block cipher API with automatic padding 
Resolves: rhbz#2084161

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 14:26:00 +01:00
Zoltan Fridrich 2adea0884d Clear server's session ticket indication at rehandshake 
Resolves: rhbz#2136072

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 14:25:56 +01:00
Zoltan Fridrich 036ccfaec5 Enable source archive verification again 
Resolves: rhbz#2127094

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 13:11:44 +01:00
Zoltan Fridrich c6974b4fb4 Make XTS key check failure not fatal in FIPS 
Resolves: rhbz#2130971

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-07 15:40:02 +01:00
Daiki Ueno ef1a5b9b4f Fix FIPS140-3 service indicator transitions 
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API

Resolves: #2128229
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-09-29 21:30:20 +09:00
Daiki Ueno e392f357d1 Supply --with{,out}-{zlib,brotli,zstd} explicitly 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 17:35:22 +09:00
Daiki Ueno a5a5e06565 Revert nettle version pinning as it doesn't work well in side-tag 
This reverts commit 7fecd39c3d. As there
is a circular dependency between gnutls and gnupg2, that commit added
some fragility to the build process.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 06:48:46 +09:00
Daiki Ueno 7fecd39c3d Pin nettle version in Requires when compiled with FIPS 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 00:41:50 +09:00
Daiki Ueno 6c2f661b1a Disable certificate compression support by default 
It turnd out that it will introduce an RFC compliance issue:
https://gitlab.com/gnutls/gnutls/-/issues/1397
This disables the feature by not linking to any compression library.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-25 07:29:14 +09:00
Daiki Ueno 8be21cf2c4 Bundle GMP to privatize memory functions 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-23 22:35:01 +09:00
Daiki Ueno 2b8f733ff8 Update gnutls-3.7.6-cpuid-fixes.patch 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-23 20:25:52 +09:00
Daiki Ueno fdc014428b accelerated: clear AVX bits if it cannot be queried through XSAVE 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 10:40:55 +09:00
Daiki Ueno 1868932498 Mark RSA SigVer operation approved for known modulus sizes 
Resolves: #2091903
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 09:55:10 +09:00
Daiki Ueno 2a3fb25b16 sysrng: reseed source DRBG for prediction resistance 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-05 19:38:19 +09:00
Daiki Ueno 91b2da8826 Block DES-CBC usage in decrypting PKCS#12 bag under FIPS 
Resolves: #2115244
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-04 21:48:10 +09:00
Daiki Ueno 2a096a6a85 Fix double-free in gnutls_pkcs7_verify 
Resolves: #2109790
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-31 10:42:06 +09:00
Daiki Ueno 6b510e936b Fix the previous patch enabling KTLS in gnutls-cli 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 21:43:26 +09:00
Daiki Ueno cebd7e3874 Make gnutls-cli work with KTLS for testing 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 11:08:02 +09:00
Daiki Ueno 81119a5e7e Remove gnutls-3.7.6-libgnutlsxx-const.patch 
As GnuTLS 3.7.3 included the change to the API while ABI hadn't been
updated, we don't need to explicitly revert the API change.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:24:04 +09:00
Daiki Ueno 095c10df28 Do not treat GPG verification errors as fatal 
When building the package under FIPS, EdDSA signature verification is
not allowed.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:17:35 +09:00
Daiki Ueno 526db24948 Limit input size for AES-GCM according to SP800-38D 
Resolves: #2095251
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 12:45:47 +09:00
Daiki Ueno 9c2a8c7a27 Allow enabling KTLS with config file 
Resolves: #2042009
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-19 14:17:23 +09:00
Daiki Ueno a7f3c0212c Update to gnutls 3.7.6 
Resolves: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-04 13:19:23 +09:00
Daiki Ueno 8e01ff674e Enable manual gating 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-06-14 11:34:55 +09:00
Daiki Ueno 8f121242f9 Don't run power-on self-tests on DSA 
Resolves: #2061325
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-03-31 11:23:39 +02:00