diff --git a/Feature-enable-sm3-hash-algorithm.patch b/Feature-enable-sm3-hash-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..d3bd4e8d96f985f84d2f10daa3fe5a9946df17a7 --- /dev/null +++ b/Feature-enable-sm3-hash-algorithm.patch @@ -0,0 +1,68 @@ +From 4261d6f4ddf00db39c40d9206d6f75f2c20484a7 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Fri, 11 Nov 2022 15:46:41 +0800 +Subject: [PATCH] enable sm3 algorithm + +Signed-off-by: Huaxin Lu +--- + policies/DEFAULT.pol | 2 +- + policies/FUTURE.pol | 2 +- + policies/LEGACY.pol | 2 +- + policies/NEXT.pol | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/policies/DEFAULT.pol b/policies/DEFAULT.pol +index fa589fd..29b58e5 100644 +--- a/policies/DEFAULT.pol ++++ b/policies/DEFAULT.pol +@@ -20,7 +20,7 @@ group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + ssh_group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 + +-hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 ++hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 SM3 + + sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ + ECDSA-SHA3-384 ECDSA-SHA2-384 \ +diff --git a/policies/FUTURE.pol b/policies/FUTURE.pol +index e9e1237..f298381 100644 +--- a/policies/FUTURE.pol ++++ b/policies/FUTURE.pol +@@ -21,7 +21,7 @@ mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 + group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 + +-hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 ++hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SM3 + + sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ + ECDSA-SHA3-384 ECDSA-SHA2-384 \ +diff --git a/policies/LEGACY.pol b/policies/LEGACY.pol +index 41c3ecb..9a063c6 100644 +--- a/policies/LEGACY.pol ++++ b/policies/LEGACY.pol +@@ -22,7 +22,7 @@ group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + ssh_group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 + +-hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 ++hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 SM3 + + sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ + ECDSA-SHA3-384 ECDSA-SHA2-384 \ +diff --git a/policies/NEXT.pol b/policies/NEXT.pol +index b817332..6db5c84 100644 +--- a/policies/NEXT.pol ++++ b/policies/NEXT.pol +@@ -17,7 +17,7 @@ mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 + group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \ + FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 + +-hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 ++hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 SM3 + + sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ + ECDSA-SHA3-384 ECDSA-SHA2-384 \ +-- +2.33.0 + diff --git a/crypto-policies.spec b/crypto-policies.spec index fb8b09136ba8d66a394c97c55240a754a05304f1..d7fa5a34bf96dd7991573b2a56093c2374159044 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -4,7 +4,7 @@ Name: crypto-policies Version: %{git_date} -Release: 3.git%{git_commit_hash} +Release: 4.git%{git_commit_hash} Summary: Crypto policies package for Fedora License: LGPLv2+ @@ -19,6 +19,8 @@ Patch1: backport-policygenerators-nss-output-sigalgs-nss-3-59.patch Patch2: crypto-policies-tests-outputs-NEXT-nss-output-sigalgs-nss-3-59.patch Patch3: backport-Describe-some-of-the-quirks-of-the-back-end-config-g.patch +Patch9000: Feature-enable-sm3-hash-algorithm.patch + BuildArch: noarch BuildRequires: asciidoc BuildRequires: libxslt @@ -149,6 +151,9 @@ make check %{?_smp_mflags} %license COPYING.LESSER %changelog +* Fri Nov 18 2022 luhuaxin - 20200619-4.git781bbd4 +- enable sm3 hash algorithm + * Thu Oct 20 2022 yixiangzhike - 20200619-3.git781bbd4 - backport upstream patch to add more notes for crypto-policies exceptions