FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC

Resolves: rhbz#2144017
This commit is contained in:
Dmitry Belyavskiy 2022-11-16 15:55:08 +01:00 committed by Clemens Lang
parent fb8fee4b43
commit 2bd2c7ac27
2 changed files with 3158 additions and 0 deletions

File diff suppressed because it is too large Load Diff

View File

@ -164,6 +164,8 @@ Patch77: 0077-FIPS-140-3-zeroization.patch
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=2137723 #https://bugzilla.redhat.com/show_bug.cgi?id=2137723
Patch79: 0079-CVE-2022-3602.patch Patch79: 0079-CVE-2022-3602.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=2141748
Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=2142121 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
Patch85: 0085-FIPS-RSA-disable-shake.patch Patch85: 0085-FIPS-RSA-disable-shake.patch
#https://github.com/openssl/openssl/pull/17546 #https://github.com/openssl/openssl/pull/17546
@ -507,6 +509,8 @@ install -m644 %{SOURCE9} \
Resolves: rhbz#2144008 Resolves: rhbz#2144008
- FIPS RSA CRT tests must use correct parameters - FIPS RSA CRT tests must use correct parameters
Resolves: rhbz#2144006 Resolves: rhbz#2144006
- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
Resolves: rhbz#2144017
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3602: X.509 Email Address Buffer Overflow