Hello community, here is the log from the commit of package gnutls for openSUSE:Leap:15.2 checked in at 2020-05-19 14:08:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/gnutls (Old) and /work/SRC/openSUSE:Leap:15.2/.gnutls.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Tue May 19 14:08:02 2020 rev:48 rq:805966 version:3.6.7 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/gnutls/gnutls.changes 2020-04-30 18:51:22.900590631 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.gnutls.new.2738/gnutls.changes 2020-05-19 14:08:37.815016057 +0200 @@ -1,0 +2,6 @@ +Mon May 11 06:38:58 UTC 2020 - Alexander Bergmann <[email protected]> + +- Add RSA 4096 key generation support in FIPS mode (bsc#1171422) + * add gnutls-3.6.7-fips-rsa-4096.patch + +------------------------------------------------------------------- New: ---- gnutls-3.6.7-fips-rsa-4096.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.2UPXeS/_old 2020-05-19 14:08:38.307017013 +0200 +++ /var/tmp/diff_new_pack.2UPXeS/_new 2020-05-19 14:08:38.307017013 +0200 @@ -48,6 +48,7 @@ Patch8: 0001-Vendor-in-XTS-functionality-from-Nettle.patch Patch9: gnutls-fips_XTS_key_check.patch Patch10: gnutls-fips_mode_enabled.patch +Patch11: gnutls-3.6.7-fips-rsa-4096.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -192,6 +193,7 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1 ++++++ gnutls-3.6.7-fips-rsa-4096.patch ++++++ diff -Nurp gnutls-3.6.7-orig/lib/nettle/int/rsa-keygen-fips186.c gnutls-3.6.7/lib/nettle/int/rsa-keygen-fips186.c --- gnutls-3.6.7-orig/lib/nettle/int/rsa-keygen-fips186.c 2019-01-05 12:28:47.000000000 +0100 +++ gnutls-3.6.7/lib/nettle/int/rsa-keygen-fips186.c 2020-05-08 23:39:04.206472627 +0200 @@ -269,7 +269,8 @@ _rsa_generate_fips186_4_keypair(struct r FIPS_RULE(n_size == 2048 && seed_length != 14 * 2, 0, "seed length other than 28 bytes\n"); FIPS_RULE(n_size == 3072 && seed_length != 16 * 2, 0, "seed length other than 32 bytes\n"); - FIPS_RULE(n_size != 2048 && n_size != 3072, 0, "unsupported size for modulus\n"); + FIPS_RULE(n_size == 4096 && seed_length != 24 * 2, 0, "seed length other than 48 bytes\n"); + FIPS_RULE(n_size != 2048 && n_size != 3072 && n_size != 4096, 0, "unsupported size for modulus\n"); if (!mpz_tstbit(pub->e, 0)) { _gnutls_debug_log("Unacceptable e (it is even)\n"); @@ -407,7 +408,7 @@ rsa_generate_fips186_4_keypair(struct rs unsigned seed_length; int ret; - FIPS_RULE(n_size != 2048 && n_size != 3072, 0, "size of prime of other than 2048 or 3072\n"); + FIPS_RULE(n_size != 2048 && n_size != 3072 && n_size != 4096, 0, "size of prime of other than 2048, 3072 or 4096\n"); seed_length = SEED_LENGTH(n_size); if (seed_length > sizeof(seed))
