Commit Graph

172 Commits

Author SHA1 Message Date
Todd Zullinger
96a092be6b fix sporadic failures generating RSA keys in FIPS mode
The test suite occasionally fails with "error generating RSA key: Number
is not prime" in FIPS mode¹.  Apply the upstream fix, cd30ed3c (cipher:
Change the bounds for RSA key generation round., 2022-04-20).

¹ https://dev.gnupg.org/T5919
2022-11-09 17:53:31 -05:00
Todd Zullinger
9e608ad3fa enable brainpool curves by default
Thanks to the Fedora Legal team, we are now able to include Brainpool
ECC in Fedora.  Matthew Miller notified the Fedora Legal list.

References:
https://bugzilla.redhat.com/1413618
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/752Z34MTHB6B4XRUW2TTAPEIUUK4O2LA/
2022-11-08 21:52:38 -05:00
Fedora Release Engineering
2fe61ab47d Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 17:51:35 +00:00
Jakub Jelen
491a0e733e Fix annobin flags (#2016349) 2022-06-14 17:03:49 +02:00
Todd Zullinger
6571417ff4 use %bcond_with to disable brainpool curves
The `%bcond_with` macro allows others to rebuild the package with the
brainpool curves enabled by passing `--with brainpool` to `rpmbuild`.
2022-05-29 18:10:15 -04:00
Todd Zullinger
9140219786 improve --disable-brainpool configure output
The configure output from the --disable-brainpool option is confusing:

    checking whether we want to disable the use of brainpool curves... no

Reword the message to make it clearer and match the nearby
configure checks for other `--disable-*` options:

    checking whether brainpool curves support is requested... no
2022-05-29 18:09:33 -04:00
Jakub Jelen
040bc4d9b9 1.10.1-2 2022-04-08 17:13:08 +02:00
Jakub Jelen
e7354685a2 Adjust integrity check creation to match upstream (#2073018) 2022-04-08 17:12:14 +02:00
Jakub Jelen
7b71c161dd Sync the FIPS module name version with RHEL 2022-04-01 11:25:41 +02:00
Jakub Jelen
0b1d9d2b6d libgcrypt-1.10.1-1 2022-03-29 11:18:05 +02:00
Jakub Jelen
364af5a451 libgcrypt-1.10.0-1 2022-02-02 12:58:55 +01:00
Fedora Release Engineering
aff6b907cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 16:16:00 +00:00
Jakub Jelen
4b1e516cd7 Removed unused CAVS patch 2021-10-27 11:52:10 +02:00
Jakub Jelen
02e6d9b5f1 Remove a no longer needed patch 2021-10-27 11:46:31 +02:00
Jakub Jelen
ef01d2c6d0 libgcrypt-1.9.4-1 2021-08-23 14:07:36 +02:00
Jakub Jelen
21fe8b5f71 Aggregate FIPS test patches for upstream submission and backport whats already in 2021-08-23 14:07:12 +02:00
Fedora Release Engineering
af286f213c - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 11:25:34 +00:00
Jakub Jelen
0fd2314056 libgcrypt-1.9.3-3 2021-06-15 13:35:35 +02:00
Jakub Jelen
b67b214174 Fix for CVE-2021-33560 (#1970098]) 2021-06-15 13:34:41 +02:00
Jakub Jelen
ecb230f861 libgcrypt-1.9.3-2 2021-04-28 09:12:52 +02:00
Jakub Jelen
ca49edafdd Restore Intel CET support after upstream release (#1954049) 2021-04-27 20:32:31 +02:00
Jakub Jelen
b9da031d08 Reupload sources without bogus build artifacts 2021-04-20 11:48:05 +02:00
Jakub Jelen
e8a3eea434 libgcrypt-1.9.3-1 2021-04-20 11:35:10 +02:00
Jakub Jelen
a8c423ec7b libgcrypt-1.9.2-3 2021-04-15 10:59:36 +02:00
Jakub Jelen
2e2a35ecb3 Fix coverity reports 2021-04-15 10:58:31 +02:00
Jakub Jelen
643055c06d libgcrypt-1.9.2-2 2021-03-29 19:47:55 +02:00
Jakub Jelen
713d2850dd Fix OCB tag creation on s390x 2021-03-29 19:45:14 +02:00
Jakub Jelen
af59e404ea libgcrypt-1.9.2-1 2021-02-17 13:01:19 +01:00
Jakub Jelen
93ba00ab6f libgcrypt-1.9.1-1 2021-01-29 14:11:06 +01:00
Jakub Jelen
e12a034946 Unbreak builds on non-intel architectures 2021-01-26 12:54:20 +01:00
Jakub Jelen
b661d80e2f libgcrypt-1.9.0-1 2021-01-20 01:34:36 +01:00
Robert Scheck
c3f576ebd7 Update source URLs to HTTPS 2021-01-18 01:16:45 +00:00
Tom Stellard
30dbcc9e60 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-05 01:51:09 +00:00
Robert Scheck
45da8f74c1 Spec file cleanup
Remove instructions no longer needed on any active branch
2020-12-24 10:23:45 +00:00
Jakub Jelen
3f76a6d4b7 Replace version in comments with x.y.z to prevent copy&paste errors 2020-11-24 16:50:18 +01:00
Jakub Jelen
762053927e 1.8.7-1 2020-11-24 15:09:21 +01:00
Jeff Law
42e8971b64 Re-enable LTO 2020-08-21 16:34:01 -06:00
Fedora Release Engineering
0bb7c38613 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 04:41:49 +00:00
Tom Stellard
a87016377d Use make macros
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-21 20:26:48 +00:00
Tomas Mraz
31bc02d1fa new upstream version 1.8.6 2020-07-20 16:41:19 +02:00
Tomas Mraz
0a37c41ff7 use the hmac256 tool to calculate the library hmac 2020-07-01 13:49:13 +02:00
Jeff Law
5cbca409ee Disable LTO. 2020-06-30 13:42:31 -06:00
Tomas Mraz
4b43d13b58 Revert "Temporary hack to workaround fipshmac incompatibility"
This reverts commit 26769c9e86.
2020-04-23 15:31:46 +02:00
Tomas Mraz
26769c9e86 Temporary hack to workaround fipshmac incompatibility 2020-04-23 13:13:57 +02:00
Tomas Mraz
a51c9f8187 Fix regression - missing -ldl linkage 2020-04-23 10:22:16 +02:00
Tomas Mraz
618a71d4e9 AES performance improvements backported from master branch 2020-04-22 19:00:26 +02:00
Tomas Mraz
d7ce942d74 FIPS selftest is run directly from the constructor
FIPS module is implicit with kernel FIPS flag
2020-04-20 19:36:34 +02:00
Tomas Mraz
95e0a34ad5 fix the build on ARMv7 2020-01-30 17:29:55 +01:00
Fedora Release Engineering
e6a86d0e91 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 09:11:09 +00:00
Tomas Mraz
8c18517a25 Intel CET support by H. J. Lu 2020-01-23 15:47:41 +01:00