Allow crypto policies to tweak with the kyber policy entry
This commit is contained in:
Robert Relyea
parent
4eea0aaadb
commit
f5e7a76ada
13
nss-3.101-enable-kyber-policy.patch
Normal file
13
nss-3.101-enable-kyber-policy.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up ./lib/pk11wrap/pk11pars.c.enable_kyber_policy ./lib/pk11wrap/pk11pars.c
|
||||
--- ./lib/pk11wrap/pk11pars.c.enable_kyber_policy 2024-06-12 14:44:24.680338868 -0700
|
||||
+++ ./lib/pk11wrap/pk11pars.c 2024-06-12 14:44:48.368609356 -0700
|
||||
@@ -245,7 +245,8 @@ static const oidValDef curveOptList[] =
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||
{ CIPHER_NAME("CURVE25519"), SEC_OID_CURVE25519,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||
- { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00, 0 },
|
||||
+ { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00,
|
||||
+ NSS_USE_ALG_IN_SSL_KX },
|
||||
/* ANSI X9.62 named elliptic curves (characteristic two field) */
|
||||
{ CIPHER_NAME("C2PNB163V1"), SEC_OID_ANSIX962_EC_C2PNB163V1,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||
11
nss.spec
11
nss.spec
@ -3,7 +3,7 @@
|
||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
||||
# - increment %%{nspr_version}, when updating the NSS part only
|
||||
%global baserelease 1
|
||||
%global baserelease 2
|
||||
%global nss_release %baserelease
|
||||
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
||||
# release number between nss and nspr are different.
|
||||
@ -131,6 +131,8 @@ Patch4: iquote.patch
|
||||
Patch12: nss-signtool-format.patch
|
||||
# fedora disabled dbm by default
|
||||
Patch40: nss-no-dbm-man-page.patch
|
||||
# allow crypto policies to enable kyber
|
||||
Patch41: nss-3.101-enable-kyber-policy.patch
|
||||
|
||||
Patch100: nspr-config-pc.patch
|
||||
Patch101: nspr-gcc-atomics.patch
|
||||
@ -978,14 +980,15 @@ update-crypto-policies &> /dev/null || :
|
||||
%{_includedir}/nss3/ciferfam.h
|
||||
%{_includedir}/nss3/eccutil.h
|
||||
%{_includedir}/nss3/hasht.h
|
||||
%{_includedir}/nss3/kyber.h
|
||||
%{_includedir}/nss3/nssb64.h
|
||||
%{_includedir}/nss3/nssb64t.h
|
||||
%{_includedir}/nss3/nsslocks.h
|
||||
%{_includedir}/nss3/nsshash.h
|
||||
%{_includedir}/nss3/nssilock.h
|
||||
%{_includedir}/nss3/nssilckt.h
|
||||
%{_includedir}/nss3/nssrwlk.h
|
||||
%{_includedir}/nss3/nssrwlkt.h
|
||||
%{_includedir}/nss3/nsshash.h
|
||||
%{_includedir}/nss3/nssutil.h
|
||||
%{_includedir}/nss3/pkcs1sig.h
|
||||
%{_includedir}/nss3/pkcs11.h
|
||||
@ -1012,7 +1015,6 @@ update-crypto-policies &> /dev/null || :
|
||||
%{_includedir}/nss3/utilpars.h
|
||||
%{_includedir}/nss3/utilparst.h
|
||||
%{_includedir}/nss3/utilrename.h
|
||||
%{_includedir}/nss3/kyber.h
|
||||
%{_includedir}/nss3/templates/templates.c
|
||||
|
||||
%files softokn
|
||||
@ -1088,6 +1090,9 @@ update-crypto-policies &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jun 12 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2
|
||||
- Enable the Kyber record so we can control it with policies.
|
||||
|
||||
* Mon Jun 10 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-1
|
||||
- Update NSS to 3.101.0
|
||||
- Turn off deprecated SEED algorithm
|
||||
|
||||
Loading…
Reference in New Issue
Block a user