rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
93 Commits 7 Branches 47 Tags 1.1 MiB
c9s
Commit Graph

93 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daiki Ueno
b54e951cdf Bump release to ensure el9 package is greater than el9_* packages 
Related: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-04-05 14:56:17 +09:00
Daiki Ueno
fad6f4c031 Bump release to ensure el9 package is greater than el9_* packages 
Related: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-22 19:08:49 +09:00
Daiki Ueno
4fe94fea35 Fix potential crash during chain building/verification 
Resolves: RHEL-28954
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-21 17:46:23 +09:00
Daiki Ueno
93137eb14d Fix timing side-channel in deterministic ECDSA 
Resolves: RHEL-28959
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-03-21 17:30:00 +09:00
Daiki Ueno
be70c0528f Update to gnutls 3.8.3 
Resolves: RHEL-14891
Resolves: RHEL-21551
Resolves: RHEL-21702
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-01-23 13:54:10 +09:00
Daiki Ueno
858f0f94af Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well 
Resolves: RHEL-18498
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-01-22 15:19:13 +09:00
Daiki Ueno
489749726b Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 
Resolves: RHEL-18498
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-13 17:24:09 +09:00
Daiki Ueno
ea61a3e2d6 Bump runtime requirement of nettle to 3.9.1 
Related: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-12 10:59:26 +09:00
Daiki Ueno
681af9e006 Bump nettle BR to 3.9.1 
Related: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-08 16:38:43 +09:00
Daiki Ueno
df21603693 Update to gnutls 3.8.2 
Resolves: RHEL-14891
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-21 16:06:32 +09:00
Daiki Ueno
7d84a98339 Mark SHA-1 signature verification non-approved in FIPS 
Resolves: #2102751
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-29 13:31:34 +09:00
Daiki Ueno
b6ff2ebf9a Skip KTLS test on old kernel if host and target arches are different 
Related: #2157953
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-18 11:45:22 +02:00
Daiki Ueno
737d8de21b Require use of extended master secret in FIPS mode by default 
Resolves: #2157953
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-07-13 16:14:38 +02:00
Peter Leitmann
d0e62ee489 Fix contact information 
Related: rhbz#2180023

Signed-off-by: Peter Leitmann <pleitman@redhat.com>
 2023-04-27 13:49:46 +02:00
Peter Leitmann
18ed0fef76 Add Testing Farm TMT interoperability tests with OpenSSL/NSS 
Related: rhbz#2180023

Signed-off-by: Peter Leitmann <pleitman@redhat.com>
 2023-04-19 12:37:08 +00:00
Daiki Ueno
33dfec6681 Fix the previous change 
Resolves: #2175214
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-03-14 21:50:42 +09:00
Daiki Ueno
af25913da9 Bump release to ensure el9 package is greater than el9_* packages 
Resolves: #2175214
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-03-10 16:31:47 +09:00
Daiki Ueno
b7884a9359 Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 
Resolves: #2168143
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-28 11:15:06 +09:00
Daiki Ueno
f764d48554 Fix timing side-channel in TLS RSA key exchange 
Resolves: #2162601
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-10 15:10:06 +09:00
Daiki Ueno
bb8f9067ee fips: extend PCT to DH key generation 
Resolves: #2168143
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-02-10 13:31:17 +09:00
Zoltan Fridrich
0efdf6a30a fips: rename hmac file to its previous name 
Resolves: rhbz#2148269

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-12-15 11:32:25 +01:00
Zoltan Fridrich
9727693a0e Revert manual test in gating.yaml 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-30 09:49:29 +01:00
Daiki Ueno
a529ca162b nettle: mark non-compliant RSA-PSS salt length to be not-approved 
Resolves: #2143266
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-11-22 10:58:24 +09:00
Daiki Ueno
53a68f179c cipher: add restriction on CCM tag length under FIPS mode 
Resolves: #2137807
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-11-22 10:58:23 +09:00
Zoltan Fridrich
7dd34fb86b Remove library path checking from FIPS integrity check 
Resolves: rhbz#2140908

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 16:14:17 +01:00
Zoltan Fridrich
ec0dad9c1f Add block cipher API with automatic padding 
Resolves: rhbz#2084161

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 14:26:00 +01:00
Zoltan Fridrich
2adea0884d Clear server's session ticket indication at rehandshake 
Resolves: rhbz#2136072

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 14:25:56 +01:00
Zoltan Fridrich
036ccfaec5 Enable source archive verification again 
Resolves: rhbz#2127094

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-15 13:11:44 +01:00
Zoltan Fridrich
c6974b4fb4 Make XTS key check failure not fatal in FIPS 
Resolves: rhbz#2130971

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-11-07 15:40:02 +01:00
Daiki Ueno
ef1a5b9b4f Fix FIPS140-3 service indicator transitions 
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API

Resolves: #2128229
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-09-29 21:30:20 +09:00
Daiki Ueno
e392f357d1 Supply --with{,out}-{zlib,brotli,zstd} explicitly 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 17:35:22 +09:00
Daiki Ueno
a5a5e06565 Revert nettle version pinning as it doesn't work well in side-tag 
This reverts commit 7fecd39c3d. As there
is a circular dependency between gnutls and gnupg2, that commit added
some fragility to the build process.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 06:48:46 +09:00
Daiki Ueno
7fecd39c3d Pin nettle version in Requires when compiled with FIPS 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-26 00:41:50 +09:00
Daiki Ueno
6c2f661b1a Disable certificate compression support by default 
It turnd out that it will introduce an RFC compliance issue:
https://gitlab.com/gnutls/gnutls/-/issues/1397
This disables the feature by not linking to any compression library.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-25 07:29:14 +09:00
Daiki Ueno
8be21cf2c4 Bundle GMP to privatize memory functions 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-23 22:35:01 +09:00
Daiki Ueno
2b8f733ff8 Update gnutls-3.7.6-cpuid-fixes.patch 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-23 20:25:52 +09:00
Daiki Ueno
fdc014428b accelerated: clear AVX bits if it cannot be queried through XSAVE 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 10:40:55 +09:00
Daiki Ueno
1868932498 Mark RSA SigVer operation approved for known modulus sizes 
Resolves: #2091903
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 09:55:10 +09:00
Daiki Ueno
2a3fb25b16 sysrng: reseed source DRBG for prediction resistance 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-05 19:38:19 +09:00
Daiki Ueno
91b2da8826 Block DES-CBC usage in decrypting PKCS#12 bag under FIPS 
Resolves: #2115244
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-04 21:48:10 +09:00
Daiki Ueno
2a096a6a85 Fix double-free in gnutls_pkcs7_verify 
Resolves: #2109790
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-31 10:42:06 +09:00
Daiki Ueno
6b510e936b Fix the previous patch enabling KTLS in gnutls-cli 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 21:43:26 +09:00
Daiki Ueno
cebd7e3874 Make gnutls-cli work with KTLS for testing 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 11:08:02 +09:00
Daiki Ueno
81119a5e7e Remove gnutls-3.7.6-libgnutlsxx-const.patch 
As GnuTLS 3.7.3 included the change to the API while ABI hadn't been
updated, we don't need to explicitly revert the API change.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:24:04 +09:00
Daiki Ueno
095c10df28 Do not treat GPG verification errors as fatal 
When building the package under FIPS, EdDSA signature verification is
not allowed.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:17:35 +09:00
Daiki Ueno
526db24948 Limit input size for AES-GCM according to SP800-38D 
Resolves: #2095251
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 12:45:47 +09:00
Daiki Ueno
9c2a8c7a27 Allow enabling KTLS with config file 
Resolves: #2042009
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-19 14:17:23 +09:00
Daiki Ueno
a7f3c0212c Update to gnutls 3.7.6 
Resolves: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-04 13:19:23 +09:00
Daiki Ueno
8e01ff674e Enable manual gating 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-06-14 11:34:55 +09:00
Daiki Ueno
8f121242f9 Don't run power-on self-tests on DSA 
Resolves: #2061325
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-03-31 11:23:39 +02:00