Jakub Jelen
c54e9e9ce8
Fix CVE-2024-2236
...
Resolves: RHEL-34579
2024-08-01 16:52:35 +02:00
Jakub Jelen
5c4ee956d3
libgcrypt-1.10.0-10
...
Related: rhbz#2176145
2023-03-24 09:23:16 +01:00
Jakub Jelen
c2869151f5
Add FIPS indicator for public key operations flags
...
Resolves: rhbz#2176145
2023-03-24 09:23:16 +01:00
Jakub Jelen
d7a150a176
Improve test coverage of the new FIPS indicators
...
Resolves: rhbz#2176145
2023-03-24 09:23:12 +01:00
Jakub Jelen
12a13f840d
Update KDF selftest to run allowed cases
...
Resolves: rhbz#2176145
2023-03-07 15:10:50 +01:00
Jakub Jelen
65342ad3f8
Check return value from ftell
...
Thanks coverity
Resolves: rhbz#2176145
2023-03-07 15:10:45 +01:00
Jakub Jelen
37892dbca7
Remove useless SHA384 from DRBG
...
Resolves: rhbz#2176145
2023-03-07 15:10:41 +01:00
Jakub Jelen
828a5f801b
Check FIPS status during sign/verify_md
...
Resolves: rhbz#2176145
2023-03-07 15:10:38 +01:00
Jakub Jelen
80b16e463d
Improve error reporting from PCT and make the tests mandatory
...
Resolves: rhbz#2176145
2023-03-07 15:10:33 +01:00
Jakub Jelen
987df146aa
Add MD and HMAC FIPS indicators
...
Resolves: rhbz#2176145
2023-03-07 15:10:29 +01:00
Jakub Jelen
3dc4d5f5d5
1.10.0-9
...
Related: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
1a44c3bb53
Disable jitter entropy generator
...
The kernel is using jitter entropy source and using another in libgcrypt
does not make much sense as it would be hard to claim it is independent
from the kernel one.
Resolves: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
de7c377ef9
Avoid usage of invalid arguments size for PBKDF2
...
Related: rhbz#2137577
2023-02-14 10:35:53 +01:00
Jakub Jelen
fdf75fc702
Do not allow large salt lengts with PSS padding
...
Related: rhbz#2137577
2023-02-14 10:35:53 +01:00
Jakub Jelen
8d0820609b
Disable usage of X9.31 key generation in FIPS mode
...
Related: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
7e0fcaf4ab
Backport the FIPS integrity checking
...
Resolves: rhbz#2157966
2023-02-14 10:35:53 +01:00
Jakub Jelen
bb8f0dfc24
Update cipher modes FIPS indicator
...
to allow AES wrapping and forbid the GCM mode
Resolves: rhbz#2167764
2023-02-07 14:33:59 +01:00
Jakub Jelen
0c45b03ed1
libgcrypt-1.10.0-8
...
Resolves: rhbz#2130275
2022-10-21 14:15:46 +02:00
Jakub Jelen
c0e2cdd3ce
Handle key length limits also in the md API in FIPS Mode
...
Resolves: rhbz#2130275
2022-10-21 14:15:44 +02:00
Jakub Jelen
2786fa2515
Drop unneeded passphrase length check for PBKDF2
...
Resolves: rhbz#2130275
2022-10-21 14:15:36 +02:00
Jakub Jelen
6abf6e0a54
libgcrypt-1.10.0-7
...
Related: rhbz#2130275
2022-10-06 09:46:21 +02:00
Jakub Jelen
5c38333ed4
Skip RSA encryption selftest in FIPS mode
...
Related: rhbz#2130275
2022-10-06 09:46:16 +02:00
Jakub Jelen
d712a009a1
Drop selective RSA encryption/decryption disablement in FIPS mode
...
Related: rhbz#2130275
2022-10-06 09:46:12 +02:00
Jakub Jelen
242f11d393
Fix function name FIPS service indicator and disable PK encryption
...
Related: rhbz#2130275
2022-10-06 09:46:05 +02:00
Jakub Jelen
e851661d50
Free memory on error path during the test
...
Related: rhbz#2129150
2022-10-06 09:45:54 +02:00
Jakub Jelen
5fda6cb2b0
Properly enforce limits to the KDF input and output in FIPS mode
...
Resolves: rhbz#2130275
2022-10-06 09:45:47 +02:00
Jakub Jelen
d780bf3ce3
libgcrypt-1.10.0-6
...
Related: rhbz#2130275
2022-09-27 19:19:43 +02:00
Jakub Jelen
a4616eb060
Get max 32B from getrandom in FIPS mode
...
Resolves: rhbz#2130275
2022-09-27 19:19:38 +02:00
Jakub Jelen
d9dbf8b325
Fix FIPS Keygen that non-deterministically fails
...
Related: rhbz#2130275
2022-09-27 19:19:34 +02:00
Jakub Jelen
cbe7d48792
Fix FIPS RSA PCT
...
Resolves: rhbz#2128455
2022-09-26 13:49:58 +02:00
Jakub Jelen
bc7ebe1048
Fix SHA3 digests with large inputs
...
Resolves: rhbz#2129150
2022-09-26 13:17:01 +02:00
Jakub Jelen
cec0bff092
libgcrypt-1.10.0-5
...
Related: rhbz#2118695
2022-08-17 11:10:05 +02:00
Jakub Jelen
c5605976bf
Disable RSA-OAEP padding in FIPS mode
...
Resolves: rhbz#2118695
2022-08-17 10:35:24 +02:00
Jakub Jelen
f42be9ce3d
Address FIPS review comments around selftests
...
Resolves: rhbz#2118695
2022-08-16 20:07:25 +02:00
Jakub Jelen
af1e1e5923
Reseed the kernel DRBG by using GRND_RANDOM
...
Resolves: rhbz#2118695
2022-08-16 16:40:58 +02:00
Jakub Jelen
c59f3d1447
Allow short salt for KDF
...
Resolves: rhbz#2114870
2022-08-16 11:47:00 +02:00
Jakub Jelen
58504a6c0b
Allow signature verification with smaller RSA keys
...
Resolves: rhbz#2083846
2022-08-16 11:30:15 +02:00
Jakub Jelen
e912ea38ae
libgcrypt-1.10.0-4
...
Related: rhbz#2061328
2022-05-06 09:53:34 +02:00
Jakub Jelen
d744a9ad4f
Add misisng hwf detection
...
Resolves: hrbz#2051307
2022-05-06 09:51:58 +02:00
Jakub Jelen
e5ba5309c6
Disable PKCS1.5 encryption in FIPS mode
...
Resolves: rhbz#2061328
2022-05-06 09:46:24 +02:00
Jakub Jelen
39ec934f65
Prevent 9.1 builds to pass gating for now
2022-04-20 13:49:37 +02:00
Jakub Jelen
20cc3acc68
libgcrypt-1.10.0-3
...
Related: rhbz#2067123
2022-03-31 11:45:31 +02:00
Jakub Jelen
59b0c7fd9e
Use only major version for FIPS module name
...
Resolves: rhbz#2067123
2022-03-31 11:45:31 +02:00
Jakub Jelen
4994807d85
libgcrypt-1.10.0-2
...
Related: rhbz#2026636
2022-02-17 15:30:00 +01:00
Jakub Jelen
d855f5d266
Synchronize FIPS module version with gnutls
...
Related: rhbz#2026636
2022-02-17 15:28:46 +01:00
Jakub Jelen
afbbd96aa3
libgcrypt-1.10.0-1
...
Resolves: rhbz#2026636
2022-02-02 09:42:15 +01:00
Jakub Jelen
554d85f093
libgcrypt-1.10.0-0.3
...
Fix bad soname in the beta tarball
Related: rhbz#2026636
2022-01-27 17:52:40 +01:00
Jakub Jelen
e89d5d8b63
libgcrypt-1.10.0-0.2
...
Related: rhbz#2026636
2022-01-27 13:20:30 +01:00
Jakub Jelen
ded46b157c
libgcrypt-1.10.0-0.1 (beta221)
...
* Update to latest upstream beta release
* Remove no longer needed patches
* The DSA is not going to be certified in FIPS
* Continuous entropy test is no longer needed (Clarified on [Fips140-external-list] and from rhbz#1525068)
*
* Update HMAC calculation from external file into the library file
* Run tests in FIPS Mode
* Provide FIPS module name-version for RHEL, CentOS and Fedora versions
* Use configure API to provide HMAC integrity check key
* Provide unique FIPS module version
* Do not build SM* ciphers
* Remove hobbling and disable brainpool at configure time
* Remove no longer needed random.conf
Resolves: rhbz#2026636
2022-01-26 17:31:29 +01:00
Jakub Jelen
ceb8c03537
Remove osci tests from dist git and gating
...
Related: rhbz#2026636
2022-01-26 17:19:54 +01:00