Commit Graph

55 Commits

Author SHA1 Message Date
Jakub Jelen
c54e9e9ce8 Fix CVE-2024-2236
Resolves: RHEL-34579
2024-08-01 16:52:35 +02:00
Jakub Jelen
5c4ee956d3 libgcrypt-1.10.0-10
Related: rhbz#2176145
2023-03-24 09:23:16 +01:00
Jakub Jelen
c2869151f5 Add FIPS indicator for public key operations flags
Resolves: rhbz#2176145
2023-03-24 09:23:16 +01:00
Jakub Jelen
65342ad3f8 Check return value from ftell
Thanks coverity

Resolves: rhbz#2176145
2023-03-07 15:10:45 +01:00
Jakub Jelen
37892dbca7 Remove useless SHA384 from DRBG
Resolves: rhbz#2176145
2023-03-07 15:10:41 +01:00
Jakub Jelen
828a5f801b Check FIPS status during sign/verify_md
Resolves: rhbz#2176145
2023-03-07 15:10:38 +01:00
Jakub Jelen
80b16e463d Improve error reporting from PCT and make the tests mandatory
Resolves: rhbz#2176145
2023-03-07 15:10:33 +01:00
Jakub Jelen
987df146aa Add MD and HMAC FIPS indicators
Resolves: rhbz#2176145
2023-03-07 15:10:29 +01:00
Jakub Jelen
3dc4d5f5d5 1.10.0-9
Related: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
1a44c3bb53 Disable jitter entropy generator
The kernel is using jitter entropy source and using another in libgcrypt
does not make much sense as it would be hard to claim it is independent
from the kernel one.

Resolves: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
de7c377ef9 Avoid usage of invalid arguments size for PBKDF2
Related: rhbz#2137577
2023-02-14 10:35:53 +01:00
Jakub Jelen
fdf75fc702 Do not allow large salt lengts with PSS padding
Related: rhbz#2137577
2023-02-14 10:35:53 +01:00
Jakub Jelen
8d0820609b Disable usage of X9.31 key generation in FIPS mode
Related: rhbz#2167764
2023-02-14 10:35:53 +01:00
Jakub Jelen
7e0fcaf4ab Backport the FIPS integrity checking
Resolves: rhbz#2157966
2023-02-14 10:35:53 +01:00
Jakub Jelen
bb8f0dfc24 Update cipher modes FIPS indicator
to allow AES wrapping and forbid the GCM mode

Resolves: rhbz#2167764
2023-02-07 14:33:59 +01:00
Jakub Jelen
0c45b03ed1 libgcrypt-1.10.0-8
Resolves: rhbz#2130275
2022-10-21 14:15:46 +02:00
Jakub Jelen
6abf6e0a54 libgcrypt-1.10.0-7
Related: rhbz#2130275
2022-10-06 09:46:21 +02:00
Jakub Jelen
d712a009a1 Drop selective RSA encryption/decryption disablement in FIPS mode
Related: rhbz#2130275
2022-10-06 09:46:12 +02:00
Jakub Jelen
5fda6cb2b0 Properly enforce limits to the KDF input and output in FIPS mode
Resolves: rhbz#2130275
2022-10-06 09:45:47 +02:00
Jakub Jelen
d780bf3ce3 libgcrypt-1.10.0-6
Related: rhbz#2130275
2022-09-27 19:19:43 +02:00
Jakub Jelen
d9dbf8b325 Fix FIPS Keygen that non-deterministically fails
Related: rhbz#2130275
2022-09-27 19:19:34 +02:00
Jakub Jelen
cbe7d48792 Fix FIPS RSA PCT
Resolves: rhbz#2128455
2022-09-26 13:49:58 +02:00
Jakub Jelen
bc7ebe1048 Fix SHA3 digests with large inputs
Resolves: rhbz#2129150
2022-09-26 13:17:01 +02:00
Jakub Jelen
cec0bff092 libgcrypt-1.10.0-5
Related: rhbz#2118695
2022-08-17 11:10:05 +02:00
Jakub Jelen
c5605976bf Disable RSA-OAEP padding in FIPS mode
Resolves: rhbz#2118695
2022-08-17 10:35:24 +02:00
Jakub Jelen
f42be9ce3d Address FIPS review comments around selftests
Resolves: rhbz#2118695
2022-08-16 20:07:25 +02:00
Jakub Jelen
af1e1e5923 Reseed the kernel DRBG by using GRND_RANDOM
Resolves: rhbz#2118695
2022-08-16 16:40:58 +02:00
Jakub Jelen
c59f3d1447 Allow short salt for KDF
Resolves: rhbz#2114870
2022-08-16 11:47:00 +02:00
Jakub Jelen
58504a6c0b Allow signature verification with smaller RSA keys
Resolves: rhbz#2083846
2022-08-16 11:30:15 +02:00
Jakub Jelen
e912ea38ae libgcrypt-1.10.0-4
Related: rhbz#2061328
2022-05-06 09:53:34 +02:00
Jakub Jelen
d744a9ad4f Add misisng hwf detection
Resolves: hrbz#2051307
2022-05-06 09:51:58 +02:00
Jakub Jelen
e5ba5309c6 Disable PKCS1.5 encryption in FIPS mode
Resolves: rhbz#2061328
2022-05-06 09:46:24 +02:00
Jakub Jelen
20cc3acc68 libgcrypt-1.10.0-3
Related: rhbz#2067123
2022-03-31 11:45:31 +02:00
Jakub Jelen
59b0c7fd9e Use only major version for FIPS module name
Resolves: rhbz#2067123
2022-03-31 11:45:31 +02:00
Jakub Jelen
4994807d85 libgcrypt-1.10.0-2
Related: rhbz#2026636
2022-02-17 15:30:00 +01:00
Jakub Jelen
d855f5d266 Synchronize FIPS module version with gnutls
Related: rhbz#2026636
2022-02-17 15:28:46 +01:00
Jakub Jelen
afbbd96aa3 libgcrypt-1.10.0-1
Resolves: rhbz#2026636
2022-02-02 09:42:15 +01:00
Jakub Jelen
554d85f093 libgcrypt-1.10.0-0.3
Fix bad soname in the beta tarball

Related: rhbz#2026636
2022-01-27 17:52:40 +01:00
Jakub Jelen
e89d5d8b63 libgcrypt-1.10.0-0.2
Related: rhbz#2026636
2022-01-27 13:20:30 +01:00
Jakub Jelen
ded46b157c libgcrypt-1.10.0-0.1 (beta221)
* Update to latest upstream beta release
 * Remove no longer needed patches
   * The DSA is not going to be certified in FIPS
   * Continuous entropy test is no longer needed (Clarified on [Fips140-external-list] and from rhbz#1525068)
   *
 * Update HMAC calculation from external file into the library file
 * Run tests in FIPS Mode
   * Provide FIPS module name-version for RHEL, CentOS and Fedora versions
   * Use configure API to provide HMAC integrity check key
 * Provide unique FIPS module version
 * Do not build SM* ciphers
 * Remove hobbling and disable brainpool at configure time
 * Remove no longer needed random.conf

Resolves: rhbz#2026636
2022-01-26 17:31:29 +01:00
Jakub Jelen
6649066af0 libgcrypt-1.9.3-5
Related: rhbz#1990059
2021-10-12 14:45:53 +02:00
Jakub Jelen
ca46048bb3 We can use HW optimizations in FIPS
Resolves: rhbz#1990059
2021-10-12 14:45:32 +02:00
Mohan Boddu
f55c126dec Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 21:24:54 +00:00
Jakub Jelen
5ab1a1adc8 libgcrypt-1.9.3-3
Resolves: rhbz#1971422
2021-06-15 13:58:14 +02:00
Jakub Jelen
a9a8b1b181 Fix for CVE-2021-33560
Resolves: rhbz#1971422
2021-06-15 13:58:11 +02:00
Jakub Jelen
b117db4efa Restore the CET protection
Resolves: rhbz#1954422
2021-04-28 19:34:06 +02:00
Jakub Jelen
04dfd884d5 libgcrypt-1.9.3-1
Source: https://src.fedoraproject.org/rpms/libgcrypt.git#b9da031d089079959adf7eaab6668681783a8873

Resolves: rhbz#1870616
2021-04-23 15:56:32 +02:00
Mohan Boddu
10509a1fa8 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 01:15:07 +00:00
Jakub Jelen
09142bed87 Fix issues reported by coverity
Resolves: rhbz#1938767
2021-04-15 11:01:19 +02:00
DistroBaker
c8757a0488 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/libgcrypt.git#643055c06da6b5f5d720aba61a57827bab556995
2021-04-01 07:50:25 +00:00