| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libgcrypt-devel | Distribution: openSUSE:Factory:zSystems |
| Version: 1.10.3 | Vendor: openSUSE |
| Release: 2.1 | Build date: Thu Nov 23 21:41:35 2023 |
| Group: Development/Libraries/C and C++ | Build host: s390zl22 |
| Size: 280817 | Source RPM: libgcrypt-1.10.3-2.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://gnupg.org/software/libgcrypt | |
| Summary: The GNU Crypto Library | |
Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library.
GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
* Tue Nov 21 2023 Otto Hollmann <otto.hollmann@suse.com>
- Re-create HMAC checksum after RPM build strips the library
(bsc#1217058)
* Wed Nov 15 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.3:
* Bug fixes:
- Fix public key computation for other EdDSA curves. [rC469919751d6e]
- Remove out of core handler diagnostic in FIPS mode. [T6515]
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md. [T6539]
- Make store an s-exp with \0 is considered to be binary. [T6747]
- Various constant-time improvements.
* Portability:
- Use getrandom call only when supported by the platform. [T6442]
- Change the default for --with-libtool-modification to never. [T6619]
* Release-info: https://dev.gnupg.org/T6817
* Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
* Tue Oct 17 2023 Pedro Monreal <pmonreal@suse.com>
- Do not pull revision info from GIT when autoconf is run. This
removes the -unknown suffix after the version number.
* Add libgcrypt-nobetasuffix.patch [bsc#1216334]
* Tue Oct 03 2023 Pedro Monreal <pmonreal@suse.com>
- POWER: performance enhancements for cryptography [jsc#PED-5088]
* Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006]
- Chacha20/poly1305: Optimized chacha20/poly1305 for
P10 operation [rC88fe7ac33eb4]
- ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES
on arch-3.00 [rC2c5e5ab6843d]
* Add patches:
- libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
- libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Mon May 22 2023 Pedro Monreal <pmonreal@suse.com>
- FIPS: Merge the libgcrypt20-hmac package into the library and
remove the "module is complete" trigger file .fips [bsc#1185116]
* Remove libgcrypt-1.10.0-use-fipscheck.patch
* Tue Apr 11 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.2:
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
- Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
* Release-info: https://dev.gnupg.org/T5905
* Rebase FIPS patches:
- libgcrypt-FIPS-SLI-hash-mac.patch
- libgcrypt-FIPS-SLI-kdf-leylength.patch
- libgcrypt-FIPS-SLI-pk.patch
* Wed Mar 08 2023 Martin Pluskal <mpluskal@suse.com>
- Build AVX2 enabled hwcaps library for x86_64-v3
* Wed Oct 19 2022 Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.1:
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc.
* Other:
- More portable integrity check in FIPS mode.
- Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to
the /etc/gcrypt/ directory. This file can be used to globally
disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package
* Wed Sep 14 2022 Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.0:
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649.
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification.
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[bsc#1190239, CVE-2021-40528]
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code.
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
- GCRYCTL_SET_DECRYPTION_TAG NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
- GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
- GCRY_CIPHER_MODE_SIV NEW mode.
- GCRY_CIPHER_MODE_GCM_SIV NEW mode.
- GCRY_CIPHER_EXTENDED NEW flag.
- GCRY_SIV_BLOCK_LEN NEW macro.
- gcry_cipher_set_decryption_tag NEW macro.
- GCRY_KDF_ARGON2 NEW constant.
- GCRY_KDF_BALLOON NEW constant.
- GCRY_KDF_ARGON2D NEW constant.
- GCRY_KDF_ARGON2I NEW constant.
- GCRY_KDF_ARGON2ID NEW constant.
- gcry_kdf_hd_t NEW type.
- gcry_kdf_job_fn_t NEW type.
- gcry_kdf_dispatch_job_fn_t NEW type.
- gcry_kdf_wait_all_jobs_fn_t NEW type.
- struct gcry_kdf_thread_ops NEW struct.
- gcry_kdf_open NEW function.
- gcry_kdf_compute NEW function.
- gcry_kdf_final NEW function.
- gcry_kdf_close NEW function.
- gcry_pk_hash_sign NEW function.
- gcry_pk_hash_verify NEW function.
- gcry_pk_random_override_new NEW function.
* Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename
to libgcrypt-1.10.0-allow_FSM_same_state.patch
* Remove unused CAVS tests and related patches:
- cavs_driver.pl cavs-test.sh
- libgcrypt-1.6.1-fips-cavs.patch
- drbg_test.patch
* Remove DSA sign/verify patches for the FIPS CAVS test since DSA
has been disabled in FIPS mode:
- libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
- libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Rebase libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt_indicators_changes.patch and
libgcrypt-indicate-shake.patch and merge both into
libgcrypt-FIPS-SLI-hash-mac.patch
* Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to
libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Rebase libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-out-of-core-handler.patch and rename to
libgcrypt-1.10.0-out-of-core-handler.patch
* Since the FIPS .hmac file is now calculated with the internal
tool hmac256, only the "module is complete" trigger .fips file
is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch
to libgcrypt-1.10.0-use-fipscheck.patch
* Remove patches fixed upstream:
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- libgcrypt-fix-rng.patch
- libgcrypt-1.8.3-fips-ctor.patch
- libgcrypt-1.8.4-use_xfree.patch
- libgcrypt-1.8.4-getrandom.patch
- libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
- libgcrypt-dsa-rfc6979-test-fix.patch
- libgcrypt-fix-tests-fipsmode.patch
- libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
- libgcrypt-1.8.4-fips-keygen.patch
- libgcrypt-invoke-global_init-from-constructor.patch
- libgcrypt-Restore-self-tests-from-constructor.patch
- libgcrypt-FIPS-GMAC_AES-benckmark.patch
- libgcrypt-global_init-constructor.patch
- libgcrypt-random_selftests-testentropy.patch
- libgcrypt-rsa-no-blinding.patch
- libgcrypt-ecc-ecdsa-no-blinding.patch
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-ECC.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-fips_selftest_trigger_file.patch
- libgcrypt-pthread-in-t-lock-test.patch
- libgcrypt-FIPS-hw-optimizations.patch
- libgcrypt-FIPS-module-version.patch
- libgcrypt-FIPS-disable-3DES.patch
- libgcrypt-FIPS-fix-regression-tests.patch
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
- libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-disable-DSA.patch
- libgcrypt-jitterentropy-3.3.0.patch
- libgcrypt-FIPS-Zeroize-hmac.patch
* Update libgcrypt.keyring
* Thu Sep 08 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
* Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
- Add libgcrypt-jitterentropy-3.3.0.patch
* Update the internal jitterentropy to version 3.4.0
- Add libgcrypt-jitterentropy-3.4.0.patch
* Mon Aug 01 2022 Stephan Kulow <coolo@suse.com>
- Fix reproducible build problems:
- Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
- Fix date call messed up by spec-cleaner
* Thu Apr 14 2022 Dennis Knorr <dennis.knorr@suse.com>
- FIPS: extend the service indicator [bsc#1190700]
* introduced a pk indicator function
* adapted the approved and non approved ciphersuites
* Add libgcrypt_indicators_changes.patch
* Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
* Mark RSA public key encryption and private key decryption with
padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
peer key assurance validation requirements per SP800-56Brev2.
* Mark ECC as approved only for NIST curves P-224, P-256, P-384
and P-521 with check for common NIST names and aliases.
* Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
* Add libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt-FIPS-service-indicators.patch
- Run the regression tests also in FIPS mode.
* Disable tests for non-FIPS approved algos.
* Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 Pedro Monreal <pmonreal@suse.com>
- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an
approved cryptographic algorithm or not.
* Add patches:
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
* Tue Dec 07 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
* Tue Nov 30 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
* Fri Nov 26 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches:
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
* Mon Nov 08 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
* Tue Nov 02 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: PBKDF requirements [bsc#1185137]
* The PBKDF2 selftests were introduced in libgcrypt version
1.9.1 in the function selftest_pbkdf2()
* Upstream task: https://dev.gnupg.org/T5182
* Thu Oct 28 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Fix regression tests in FIPS mode [bsc#1192131]
* Add libgcrypt-FIPS-fix-regression-tests.patch
* Upstream task: https://dev.gnupg.org/T5520
* Tue Sep 21 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Provide a module name/identifier and version that can be
mapped to the validation records. [bsc#1190706]
* Add libgcrypt-FIPS-module-version.patch
* Upstream task: https://dev.gnupg.org/T5600
* Tue Sep 21 2021 Pedro Monreal <pmonreal@suse.com>
- FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
* Add libgcrypt-FIPS-hw-optimizations.patch
* Upstream task: https://dev.gnupg.org/T5508
* Mon Aug 23 2021 Pedro Monreal <pmonreal@suse.com>
- Update to 1.9.4:
* Bug fixes:
- Fix Elgamal encryption for other implementations. [CVE-2021-33560]
- Fix alignment problem on macOS.
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Mon Aug 23 2021 Pedro Monreal <pmonreal@suse.com>
- Remove not needed patch libgcrypt-sparcv9.diff
* Thu Jul 15 2021 Pedro Monreal <pmonreal@suse.com>
- Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch
* Fri Jun 11 2021 Pedro Monreal <pmonreal@suse.com>
- Security fix: [bsc#1187212, CVE-2021-33560]
* cipher: Fix ElGamal encryption for other implementations.
* Exponent blinding was added in version 1.9.3. This patch
fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Tue Apr 20 2021 Paolo Stivanin <info@paolostivanin.com>
- libgcrypt 1.9.3:
* Bug fixes:
- Fix build problems on i386 using gcc-4.7.
- Fix checksum calculation in OCB decryption for AES on s390.
- Fix a regression in gcry_mpi_ec_add related to certain usages
of curve 25519.
- Fix a symbol not found problem on Apple M1.
- Fix for Apple iOS getentropy peculiarity.
- Make keygrip computation work for compressed points.
* Performance:
- Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
- Add x86_64 VAES/AVX2 accelerated implementation of AES.
- Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes.
- Harden MPI conditional code against EM leakage.
- Harden Elgamal by introducing exponent blinding.
* Wed Feb 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
- libgcrypt 1.9.2:
* Fix building with --disable-asm on x86
* Check public key for ECDSA verify operation
* Make sure gcry_get_config (NULL) returns a nul-terminated
string
* Fix a memory leak in the ECDH code
* Fix a reading beyond end of input buffer in SHA2-avx2
- remove obsolete texinfo packaging macros
* Tue Feb 02 2021 Pedro Monreal <pmonreal@suse.com>
- Update to 1.9.1
* *Fix exploitable bug* in hash functions introduced with
1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan
functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version
* Mon Feb 01 2021 Pedro Monreal <pmonreal@suse.com>
- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch
* Mon Jan 25 2021 Pedro Monreal <pmonreal@suse.com>
- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random
generator with the options: only-urandom and disable-jent.
* Thu Jan 21 2021 Pedro Monreal <pmonreal@suse.com>
- Update to 1.9.0:
New stable branch of Libgcrypt with full API and ABI compatibility
to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
* New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to
directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448
and Curve25519.
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
secure memory area.
* Performance optimizations and bug fixes: See Release-info.
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
- Add mitigation against ECC timing attack CVE-2019-13627.
- Internal cleanup of the ECC implementation.
- Support reading EC point in compressed format for some curves.
- Rebase patches:
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
* libgcrypt-1.6.1-use-fipscheck.patch
* drbg_test.patch
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* libgcrypt-1.8.4-fips-keygen.patch
* libgcrypt-1.8.4-getrandom.patch
* libgcrypt-fix-tests-fipsmode.patch
* libgcrypt-global_init-constructor.patch
* libgcrypt-ecc-ecdsa-no-blinding.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
- Remove patches:
* libgcrypt-unresolved-dladdr.patch
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
* libgcrypt-CVE-2019-12904-GCM.patch
* libgcrypt-CVE-2019-12904-AES.patch
* libgcrypt-CMAC-AES-TDES-selftest.patch
* libgcrypt-1.6.1-fips-cfgrandom.patch
* libgcrypt-fips_rsa_no_enforced_mode.patch
* Sat Oct 24 2020 Andreas Stieger <andreas.stieger@gmx.de>
- libgcrypt 1.8.7:
* Support opaque MPI with gcry_mpi_print
* Fix extra entropy collection via clock_gettime, a fallback code
path for legacy hardware
* Tue Jul 07 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.8.6
* mpi: Consider +0 and -0 the same in mpi_cmp
* mpi: Fix flags in mpi_copy for opaque MPI
* mpi: Fix the return value of mpi_invm_generic
* mpi: DSA,ECDSA: Fix use of mpi_invm
- Call mpi_invm before _gcry_dsa_modify_k
- Call mpi_invm before _gcry_ecc_ecdsa_sign
* mpi: Constant time mpi_inv with some conditions
- mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
- New: mpih_abs_cond, mpi_invm_odd
- Rename from _gcry_mpi_invm: mpi_invm_generic
- Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
* mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
* Fix wrong code execution in Poly1305 ARM/NEON implementation
- Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
* Set vZZ.16b register to zero before use in armv8 gcm implementation
* random: Fix include of config.h
* Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
* ecc: Fix wrong handling of shorten PK bytes
- Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
- Update libgcrypt-ecc-ecdsa-no-blinding.patch
* Tue May 19 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
* Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
libgcrypt-PCT-ECC.patch
* Mon Apr 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: libgcrypt: Double free in test_keys() on failed signature
verification [bsc#1169944]
* Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
* Thu Apr 16 2020 Vítězslav Čížek <vcizek@suse.com>
- Ship the FIPS checksum file in the shared library package and
create a separate trigger file for the FIPS selftests (bsc#1169569)
* add libgcrypt-fips_selftest_trigger_file.patch
* refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
by libgcrypt-global_init-constructor.patch
* Wed Apr 15 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: Verify that the generated signature and the original input
differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
assembling the Q point from affine coordinates.
- Refreshed patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
* Mon Mar 30 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
* Patches for DSA, RSA and ECDSA test_keys functions:
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Thu Mar 26 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: Run self-tests from constructor during power-on [bsc#1166748]
* Set up global_init as the constructor function:
- libgcrypt-global_init-constructor.patch
* Relax the entropy requirements on selftest. This is especially
important for virtual machines to boot properly before the RNG
is available:
- libgcrypt-random_selftests-testentropy.patch
- libgcrypt-rsa-no-blinding.patch
- libgcrypt-ecc-ecdsa-no-blinding.patch
* Fix benchmark regression test in FIPS mode:
- libgcrypt-FIPS-GMAC_AES-benckmark.patch
* Thu Mar 12 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Remove check not needed in _gcry_global_constructor [bsc#1164950]
* Update libgcrypt-Restore-self-tests-from-constructor.patch
* Tue Feb 25 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: Run the self-tests from the constructor [bsc#1164950]
* Add libgcrypt-invoke-global_init-from-constructor.patch
* Fri Jan 17 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
* Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch
/usr/bin/dumpsexp /usr/bin/hmac256 /usr/bin/libgcrypt-config /usr/bin/mpicalc /usr/include/gcrypt.h /usr/lib64/libgcrypt.so /usr/lib64/pkgconfig/libgcrypt.pc /usr/share/aclocal/libgcrypt.m4 /usr/share/info/gcrypt.info-1.gz /usr/share/info/gcrypt.info-2.gz /usr/share/info/gcrypt.info.gz /usr/share/licenses/libgcrypt-devel /usr/share/licenses/libgcrypt-devel/COPYING /usr/share/licenses/libgcrypt-devel/COPYING.LIB /usr/share/licenses/libgcrypt-devel/LICENSES /usr/share/man/man1/hmac256.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024