rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
57 Commits 7 Branches 47 Tags 1.1 MiB
fdc014428b
Commit Graph

57 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daiki Ueno
fdc014428b accelerated: clear AVX bits if it cannot be queried through XSAVE 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 10:40:55 +09:00
Daiki Ueno
1868932498 Mark RSA SigVer operation approved for known modulus sizes 
Resolves: #2091903
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-20 09:55:10 +09:00
Daiki Ueno
2a3fb25b16 sysrng: reseed source DRBG for prediction resistance 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-05 19:38:19 +09:00
Daiki Ueno
91b2da8826 Block DES-CBC usage in decrypting PKCS#12 bag under FIPS 
Resolves: #2115244
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-08-04 21:48:10 +09:00
Daiki Ueno
2a096a6a85 Fix double-free in gnutls_pkcs7_verify 
Resolves: #2109790
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-31 10:42:06 +09:00
Daiki Ueno
6b510e936b Fix the previous patch enabling KTLS in gnutls-cli 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 21:43:26 +09:00
Daiki Ueno
cebd7e3874 Make gnutls-cli work with KTLS for testing 
Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-29 11:08:02 +09:00
Daiki Ueno
81119a5e7e Remove gnutls-3.7.6-libgnutlsxx-const.patch 
As GnuTLS 3.7.3 included the change to the API while ABI hadn't been
updated, we don't need to explicitly revert the API change.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:24:04 +09:00
Daiki Ueno
095c10df28 Do not treat GPG verification errors as fatal 
When building the package under FIPS, EdDSA signature verification is
not allowed.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 14:17:35 +09:00
Daiki Ueno
526db24948 Limit input size for AES-GCM according to SP800-38D 
Resolves: #2095251
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-25 12:45:47 +09:00
Daiki Ueno
9c2a8c7a27 Allow enabling KTLS with config file 
Resolves: #2042009
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-19 14:17:23 +09:00
Daiki Ueno
a7f3c0212c Update to gnutls 3.7.6 
Resolves: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-07-04 13:19:23 +09:00
Daiki Ueno
8e01ff674e Enable manual gating 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-06-14 11:34:55 +09:00
Daiki Ueno
8f121242f9 Don't run power-on self-tests on DSA 
Resolves: #2061325
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-03-31 11:23:39 +02:00
Daiki Ueno
81d601383e Use only the first component of VERSION from /etc/os-release 
Resolves: #2070249
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-03-31 09:33:42 +02:00
Daiki Ueno
3ee3f894e0 Ensure allowlist API is called before priority string construction 
Related: #1975421
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-25 19:55:31 +01:00
Daiki Ueno
c0068e3bc7 Stop using typeof keyword for tss2 function prototypes 
Resolves: #2057490
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-25 18:40:49 +01:00
Daiki Ueno
79ee77ae83 Fix previous change for loading libtss2* 
Resolves: #2057490
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-25 09:08:03 +01:00
Daiki Ueno
ce3e58a2d0 Use dlopen for loading libtss2* to avoid OpenSSL dependency 
Resolves: #2057490
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-24 14:09:33 +01:00
Daiki Ueno
89eb1823f0 Make allowlisting configuration robuster 
- Increase GNUTLS_MAX_ALGORITHM_NUM for allowlisting
- Ensure allowlisting API is called before priority string is constructed

Related: #2033220
Related: #2042532
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-24 13:15:12 +01:00
Daiki Ueno
7784eaae22 Compile out GOST algorithm IDs 
Resolves: #1945292
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-22 17:38:51 +01:00
Zoltan Fridrich
74d64f9b6a Fix upstream testsuite in fips mode 
Resolves: #2051637
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-02-17 15:35:50 +01:00
Daiki Ueno
7c4fdadf07 Fix issues found after the rebase 
- fips: allow a few more primes in RSA key generation
- fips: tighten PKCS#12 algorithm checks
- Correct return value of KTLS stub API

Resolves: #2033220
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-16 12:14:42 +01:00
Daiki Ueno
1454d59d19 Specify --with-fips140-module-name and --with-fips140-module-version 
Related: #2033220
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-02-16 11:01:25 +01:00
Zoltan Fridrich
8b49674631 Disable live config reload 
Resolves: rhbz#2042532
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-02-15 12:45:10 +01:00
Daiki Ueno
778c959c06 Build with TPM2 support 
Related: #2033220
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
 2022-02-02 13:01:18 +01:00
Daiki Ueno
4030e24b19 Update to gnutls 3.7.3 
Resolves: #2033220
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-01-18 09:31:38 +01:00
Daiki Ueno
7089af2e2d Update gnutls_{hash,hmac}_copy man-pages as well 
Related: #1999639
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-12-22 17:22:57 +01:00
Daiki Ueno
99deb50ba7 Drop support for GNUTLS_NO_EXPLICIT_INIT envvar 
Also expand documentation of gnutls_{hash,hmac}_copy, mentioning that
those do not always work.

Resolves: #1999639
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-12-22 08:54:15 +01:00
Daiki Ueno
8b8a1a12e3 Fix changelog entry 
Related: #2012249
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-12-21 16:23:35 +01:00
Daiki Ueno
f86e12e4cb Fix race condition when resolving SYSTEM priority in allowlisting 
Resolves: #2012249
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-10-26 13:02:28 +02:00
Daiki Ueno
8daf88e559 Fix issues in bundled libopts, spotted by covscan 
Resolves: #1938730
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-10-21 14:19:04 +02:00
Daiki Ueno
b9240f3e7a Enable Intel CET 
- Remove unnecessary CCASFLAGS setting for annocheck

Related: #1999639
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-10-12 17:06:51 +02:00
Daiki Ueno
f5efe3155e Temporarily disable LTO for aarch64 and ppc64le 
Related: #1975482
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-08-19 09:52:15 +02:00
Daiki Ueno
7cd5b1fd6a Reorder doc/invoke-*.texi generation 
Resolves: #1975482
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-08-19 09:48:33 +02:00
Mohan Boddu
da12d34e99 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 20:17:27 +00:00
Daiki Ueno
e1125ad1bd Re-enable LTO 
Resolves: #1986143
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-08-02 16:06:58 +02:00
Daiki Ueno
c90f32feef Fix timestamp adjustment for non-bootstrapping build 
Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-08-02 15:53:31 +02:00
Daiki Ueno
d3478ae6b5 Disable GOST cryptography by default 
Also tighten timestamp adjustment when not bootstrapping.

Resolves: #1945292
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-08-02 11:08:07 +02:00
Aleksandra Fedorova
484128d379 Add RHEL gating configuration 2021-07-15 03:09:42 +02:00
Daiki Ueno
4d8e88418f Enable allowlisting configuration mode 
Resolves: #1975421
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-28 10:05:45 +02:00
Daiki Ueno
15799e2305 Switch to using %gpgverify macro 
Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-26 16:48:33 +02:00
Daiki Ueno
1a6956388d Use correct source URL 
Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-26 16:48:29 +02:00
Daiki Ueno
4e166415c3 hobble-gnutls: Remove SRP removal 
The SRP patent expired in May 2015 so this doesn't make any sense.

We actually haven't used this hobble-gnutls script since 3.5.12 update
in 2017:
5651d6db31

OpenSSL also does no longer disable it since:
1ff978b22e

Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-26 16:48:25 +02:00
Daiki Ueno
4a71fb0b4d libpkcs11mock1.* is not installed anymore 
Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-26 16:48:22 +02:00
Daiki Ueno
66bb80596c Remove %defattr invocations which are no longer necessary 
Related: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-26 16:48:18 +02:00
Daiki Ueno
a72e12d7b8 Update to upstream 3.7.2 release 
Resolves: #1966479
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-25 16:52:19 +02:00
Mohan Boddu
549f76f914 Rebuilt for RHEL 9 BETA for openssl 3.0 
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-06-22 18:38:03 +00:00
Daiki Ueno
01a25e137c Fix typo in TPM 1.2 disablement 
Resolves: #1927370

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-06-03 15:34:33 +02:00
Daiki Ueno
c625967bd4 Disable TPM support by default 
Resolves: #1927370

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2021-05-27 18:33:40 +02:00