gnutls

Author	SHA1	Message	Date
Daiki Ueno	91e77b2f9c	Update to 3.8.10 upstream release Resolves: RHEL-102557 Resolves: RHEL-85829 Resolves: RHEL-97627 Resolves: RHEL-102048 Resolves: RHEL-102055 Resolves: RHEL-102064 Resolves: RHEL-102051 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-07-10 16:37:39 +09:00
Daiki Ueno	4855eb5996	algorithms: assign hash strength to ML-DSA signature algorithms Also map GNUTLS_MAC_SHAKE_{128,256} to GNUTLS_DIG_SHAKE_{128,256}. Resolves: RHEL-100779 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-07-04 15:52:03 +09:00
Daiki Ueno	727975545c	nettle/pk: mark ML-DSA as FIPS-unapproved Related: RHEL-64740 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-06-25 13:13:34 +09:00
Daiki Ueno	d355a4fb6f	Enable ML-DSA at TLS 1.3 level Resolves: RHEL-64740 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-06-19 14:18:34 +09:00
Alexander Sosedkin	6e0ba93d2a	Preserve ARM registers, reenable ARM assembly https://github.com/smuellerDD/leancrypto/commit/3c32c1afe3e4653fd4093ed77090c36 Resolves: RHEL-89715	2025-05-08 12:39:56 +02:00
Alexander Sosedkin	8d31a65d90	Disable assembly on aarch64 as a stopgap measure See also: https://github.com/smuellerDD/leancrypto/issues/27 Related: RHEL-89715	2025-05-07 17:57:36 +02:00
Daiki Ueno	a4b2d06505	tests: make pqc-hybrid-kx.sh work when system time set beyond 2038 Resolves: RHEL-82904 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-04-24 14:25:21 +09:00
Daiki Ueno	c94e6c1df7	Update gnutls-3.8.9-cli-earlydata.patch to the upstream version Resolves: RHEL-83590 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-04-22 20:55:54 +09:00
Daiki Ueno	a3bb1addff	Update leancrypto to 1.3.0 Resolves: RHEL-85466 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-04-14 19:29:22 +09:00
Daiki Ueno	3d3b0ed386	Improve 0-RTT handling in commands Related: RHEL-58246 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-17 20:52:02 +09:00
Daiki Ueno	4f3d3a5d4e	Update bundled nettle to 3.10.1 Also switch away from hobbling to configure time disablement, following the changes in the main nettle package. Related: RHEL-58246 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-17 20:51:54 +09:00
Daiki Ueno	eb680340c9	Update leancrypto-1.2.0-intel-cet.patch Related: RHEL-70818 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-13 12:11:22 +09:00
Daiki Ueno	dd046ab8d8	handshake: only shuffle extensions in the first Client Hello Related: RHEL-58246 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-13 09:47:58 +09:00
Daiki Ueno	050ed4a962	Enable Intel CET in leancrypto Related: RHEL-70818 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-13 09:47:57 +09:00
Daiki Ueno	39822d7024	Update gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch Related: RHEL-69524 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-12 16:54:38 +09:00
Daiki Ueno	41757482ef	Increase verbosity level of leancrypto compilation Related: RHEL-70818 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-11 09:57:09 +09:00
Daiki Ueno	893a2b5110	Fix static linking to libhogweed.a Related: RHEL-70818 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-11 09:56:17 +09:00
Daiki Ueno	e5e6ca4128	fips: perform only signature PCT for all RSA algorithms Resolves: RHEL-69524 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-10 16:00:51 +09:00
Daiki Ueno	510d9c743d	Switch from liboqs to leancrypto Related: RHEL-70818 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-10 14:53:27 +09:00
Daiki Ueno	22dcf8b347	Update to 3.8.9 release Resolves: RHEL-70818 Resolves: RHEL-77881 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2025-02-10 11:44:48 +09:00
Daiki Ueno	8f088143d3	Update to 3.8.8 upstream release Upstream tag: 3.8.8 Upstream commit: 40267b5e Commit authored by Packit automation (https://packit.dev/) Resolves: RHEL-58246 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-11-05 20:40:17 +09:00
Troy Dawson	eb38da0990	Bump release for October 2024 mass rebuild: Resolves: RHEL-64018	2024-10-29 08:27:54 -07:00
Daiki Ueno	b326315a53	Disable GOST in RHEL-9 or later Resolves: RHEL-56919 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-10-10 12:36:11 +00:00
Alexander Sosedkin	1e5040d1da	Initial CI and gating setup for RHEL-10 Ticket is not really related, it's just that the file used to be named gating.yml and the wrong name is not covered by the exclusion list. Related: RHEL-50011	2024-10-08 15:42:53 +02:00
Daiki Ueno	a317e16f72	Fix issues in bundling nettle This unbreaks FIPS integrity checks against missing Nettle libs, as well as stop exposing them through gnutls.pc. Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-08-21 15:42:35 +09:00
Daiki Ueno	112336b5f6	Statically link to Nettle libraries Like GMP, this changes the package build process so the libnettle and libhogweed are built and linked statically to libgnutls. That makes it a little simpler to handle FIPS installation, so the users don't need to install a specific version of the nettle package by themselves, at the cost of duplicating cryptography implementation provided by Nettle. Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-08-20 19:46:47 +09:00
Daiki Ueno	daac4e78f5	Update to 3.8.7 upstream release Upstream tag: 3.8.7 Upstream commit: 994d9392 Commit authored by Packit automation (https://packit.dev/) Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-08-16 13:44:43 +09:00
Daiki Ueno	3ac22bcadb	Forward port downstream patches from c9s Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-08-15 09:38:50 +09:00
Daiki Ueno	0ad408d5bc	liboqs: check whether Kyber768 is compiled in Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-07-29 09:13:24 +09:00
Daiki Ueno	3559e33707	Fix configure check on nettle_rsa_oaep_* functions Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-07-28 08:17:10 +09:00
Daiki Ueno	1cd714c58b	Enable X25519Kyber768Draft00 key exchange in TLS Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-07-28 08:17:10 +09:00
Daiki Ueno	9f3cab5d41	Switch to using dlwrap for loading compression libraries Related: RHEL-50011 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-07-28 08:17:10 +09:00
Yaakov Selkowitz	e7ce6b1ef5	Fix FIPS build with RPM 4.20 The FIPS build runs *_install_post commands early during %install so that the binaries will not be modified after running fipshmac, since those commands are supposed to be no-op if re-run. However, __debug_install_post is only run if __debug_package is defined, which is triggered by the automatic creation of the debuginfo subpackage where appropriate. Previously, a hack in redhat-rpm-config caused this to be enabled by %install, but with RPM 4.20 this is no longer needed, and the hack was removed from redhat-rpm-config for F41. On Fedora builds, %mingw_debug_package triggers this and therefore it still builds, but ELN is build without mingw and therefore there now is nothing to trigger the debuginfo generation during %install. As a result, the binaries would just be stripped without any debuginfo generation during the first run, leaving nothing to detect in the second run, and the build would fail for lack of debug symbols/sources. https://github.com/rpm-software-management/rpm/issues/2204 `7a1571ee80` Related: RHEL-50011	2024-07-28 08:17:10 +09:00
Zoltan Fridrich	7a0d2e97dd	Update to 3.8.6 upstream release Upstream tag: 3.8.6 Upstream commit: cd953cfa Commit authored by Packit automation (https://packit.dev/) Resolves: RHEL-50011	2024-07-27 10:39:23 +09:00
Alexander Sosedkin	e3df0307e0	Rebuild against nettle-3.9.1-11.el10	2024-07-02 16:05:49 +02:00
Troy Dawson	1fcc00cba9	Bump release for June 2024 mass rebuild	2024-06-24 08:44:49 -07:00
Zoltan Fridrich	c3464bd0f2	Build with certificate compression enabled Resolves: RHEL-42514 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2024-06-17 15:42:00 +02:00
Alexander Sosedkin	d0d82d7432	Add gmp tarball to sources file, add gmp patch Related: RHEL-35857	2024-05-16 21:00:10 +09:00
Daiki Ueno	c8d0a15246	Add bcond to statically link to GMP In CentOS Stream 9 and RHEL 9, we link to libgmp statically to ensure zeroization of internally allocated memory areas according to FIPS 140-3. This ports the ability to Fedora, in a way it is configured with a `--with bundled_gmp` build conditional. Resolves: RHEL-35857 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-05-16 20:57:31 +09:00
Daiki Ueno	e49ae825cb	Add virtual package to pull in nettle/gmp dependencies for FIPS This adds a new subpackage `gnutls-fips` with strict version requirements to nettle and gmp under FIPS, as gnutls now calculates library integrity (HMAC) over those libraries. Related: RHEL-35857 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-05-16 17:52:24 +09:00
Zoltan Fridrich	2ab069ca80	3.8.5 upstream release Upstream tag: 3.8.5 Upstream commit: 49f4ae21 Related: RHEL-35857	2024-05-16 17:51:59 +09:00
Zoltan Fridrich	4f944dc84a	3.8.4 upstream release Upstream tag: 3.8.4 Upstream commit: 4a4cefef Related: RHEL-35857	2024-05-16 17:51:26 +09:00
Zoltan Fridrich	fc9a2819eb	Fix mingw build failure Related: RHEL-35857 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2024-05-16 17:50:57 +09:00
Zoltan Fridrich	c5694f3e42	Update keyring Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2024-01-24 10:10:45 +01:00
Zoltan Fridrich	da7f0db0fe	[packit] 3.8.3 upstream release Upstream tag: 3.8.3 Upstream commit: 2f04c14d	2024-01-23 10:28:06 +01:00
Fedora Release Engineering	c42ee03de2	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 23:15:46 +00:00
Simon de Vlieger	be817c2d2d	Bump Nettle dependency. GnuTLS depends on symbols from a newer version of Nettle (3.9). Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>	2023-12-12 10:58:20 +01:00
Daiki Ueno	23ac5676a4	Tentatively revert newly added Ed448 keys support in PKCS#11 To fix regression with Ed25519 reported in: https://gitlab.com/gnutls/gnutls/-/issues/1515 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2023-12-01 17:44:03 +09:00
Daiki Ueno	7543c5d148	[packit] 3.8.2 upstream release Upstream tag: 3.8.2 Upstream commit: e840a07f	2023-11-22 15:23:57 +09:00
Daiki Ueno	5e97cebf83	Remove patches no longer needed in 3.8.2 Also use XFAIL_TESTS envvar to skip ktls_keyupdate.sh, instead of patching the source code. Signed-off-by: Daiki Ueno <dueno@redhat.com>	2023-11-22 14:41:15 +09:00

1 2 3 4 5 ...

429 Commits