strongswan

rpm/strongswan

SHA256

Fork 0

forked from pool/strongswan

Commit Graph

Author	SHA256	Message	Date
Mohd Saquib	26fbd0f033	Accepting request 1094809 from home:msaquib:branches:network:vpn - Removed .hmac files + hmac integrity check logic from strongswan-hmac package as it is not mandated anymore by FIPS (boo#1185116) - Removed folliwng files: [- strongswan_fipscheck.patch] [- fipscheck.sh.in] Note: strongswan-hmac package is not removed as it still provides a config file that doesn't allow non-fips approved algorithms OBS-URL: https://build.opensuse.org/request/show/1094809 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153	2023-06-23 09:01:07 +00:00
Marius Tomaschewski	9463c65a84	- Added generation of fips hmac hash files using fipshmac utility and a _fipscheck script to verify binaries/libraries/plugings shipped in the strongswan-hmac package. With enabled fips in the kernel, the ipsec script will call it before any action or in a enforced/manual "ipsec _fipscheck" call. Added config file to load openssl and kernel af-alg plugins, but not all the other modules which provide further/alternative algs. Applied a filter disallowing non-approved algorithms in fips mode. (fate#316931,bnc#856322). [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch] - Fixed file list in the optional (disabled) strongswan-test package. - Fixed build of the strongswan built-in integrity checksum library and enabled building it only on architectures tested to work. - Fix to use bug number 897048 instead 856322 in last changes entry. - Applied an upstream patch reverting to store algorithms in the registration order again as ordering them by identifier caused weaker algorithms to be proposed first by default (bsc#897512). [+0001-restore-registration-algorithm-order.bug897512.patch] OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=77	2014-11-21 12:01:59 +00:00

Author

SHA256

Message

Date

Mohd Saquib

26fbd0f033

Accepting request 1094809 from home:msaquib:branches:network:vpn

- Removed .hmac files + hmac integrity check logic from strongswan-hmac
  package as it is not mandated anymore by FIPS (boo#1185116)
- Removed folliwng files:
  [- strongswan_fipscheck.patch]
  [- fipscheck.sh.in]
  Note: strongswan-hmac package is not removed as it still provides a
  config file that doesn't allow non-fips approved algorithms

OBS-URL: https://build.opensuse.org/request/show/1094809
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153

2023-06-23 09:01:07 +00:00

Marius Tomaschewski

9463c65a84

- Added generation of fips hmac hash files using fipshmac utility

and a _fipscheck script to verify binaries/libraries/plugings
  shipped in the strongswan-hmac package.
  With enabled fips in the kernel, the ipsec script will call it
  before any action or in a enforced/manual "ipsec _fipscheck" call.
  Added config file to load openssl and kernel af-alg plugins, but
  not all the other modules which provide further/alternative algs.
  Applied a filter disallowing non-approved algorithms in fips mode.
  (fate#316931,bnc#856322).
  [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
  and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
  registration order again as ordering them by identifier caused
  weaker algorithms to be proposed first by default (bsc#897512).
  [+0001-restore-registration-algorithm-order.bug897512.patch]

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=77

2014-11-21 12:01:59 +00:00

2 Commits