rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update cipher modes FIPS indicator

Browse Source 
to allow AES wrapping and forbid the GCM mode

Resolves: rhbz#2167764
This commit is contained in:
Jakub Jelen 2023-01-17 14:45:14 +01:00
parent 0c45b03ed1
commit bb8f0dfc24
2 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
libgcrypt-1.10.0-fips-indicator.patch Normal file
View File

@ -0,0 +1,55 @@
From c34c9e70055ee43e5ef257384fa15941f064e5a4 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 15 Nov 2022 10:47:18 +0100
Subject: [PATCH] fips: Mark AES key wrapping as approved.
* src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as
approved.
--
GnuPG-bug-id: 5512
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/fips.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/fips.c b/src/fips.c
index 6599121c..272aabae 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -367,6 +367,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
case GCRY_CIPHER_MODE_CCM:
case GCRY_CIPHER_MODE_GCM:
case GCRY_CIPHER_MODE_XTS:
+ case GCRY_CIPHER_MODE_AESWRAP:
return GPG_ERR_NO_ERROR;
default:
return GPG_ERR_NOT_SUPPORTED;
--
commit d6117b04e0e4d5d68df8fb731f618b0d5126ee14
Author: Jakub Jelen <jjelen@redhat.com>
Date: Tue Jan 17 14:39:34 2023 +0100
fips: Remove GCM mode from the allowed FIPS indicators
* src/fips.c (_gcry_fips_indicator_cipher): Do not mark GCM mode as FIPS
approved.
---
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/src/fips.c b/src/fips.c
index 272aabae..774e7b4c 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -365,7 +365,6 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
case GCRY_CIPHER_MODE_OFB:
case GCRY_CIPHER_MODE_CTR:
case GCRY_CIPHER_MODE_CCM:
- case GCRY_CIPHER_MODE_GCM:
case GCRY_CIPHER_MODE_XTS:
case GCRY_CIPHER_MODE_AESWRAP:
return GPG_ERR_NO_ERROR;
--

4
libgcrypt.spec
View File

@ -35,6 +35,9 @@ Patch9: libgcrypt-1.10.0-sha3-large.patch
Patch10: libgcrypt-1.10.0-fips-keygen.patch Patch10: libgcrypt-1.10.0-fips-keygen.patch
# https://dev.gnupg.org/T6219 # https://dev.gnupg.org/T6219
Patch11: libgcrypt-1.10.0-fips-kdf.patch Patch11: libgcrypt-1.10.0-fips-kdf.patch
# c34c9e70055ee43e5ef257384fa15941f064e5a4
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/13
Patch12: libgcrypt-1.10.0-fips-indicator.patch
%global gcrylibdir %{_libdir} %global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20 %global gcrysoname libgcrypt.so.20
@ -79,6 +82,7 @@ applications using libgcrypt.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
# This package has a configure test which uses ASMs, but does not link the # This package has a configure test which uses ASMs, but does not link the