Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libgcrypt20-32bit-1.10.3-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libgcrypt20-32bit Distribution: openSUSE Tumbleweed
Version: 1.10.3 Vendor: openSUSE
Release: 2.1 Build date: Thu Nov 23 21:44:37 2023
Group: System/Libraries Build host: i04-ch1b
Size: 1029551 Source RPM: libgcrypt-1.10.3-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://gnupg.org/software/libgcrypt
Summary: The GNU Crypto Library
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).

Provides

Requires

License

GPL-2.0-or-later AND LGPL-2.1-or-later

Changelog

* Tue Nov 21 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Re-create HMAC checksum after RPM build strips the library
    (bsc#1217058)
* Wed Nov 15 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.3:
    * Bug fixes:
    - Fix public key computation for other EdDSA curves. [rC469919751d6e]
    - Remove out of core handler diagnostic in FIPS mode. [T6515]
    - Check that the digest size is not zero in gcry_pk_sign_md and
      gcry_pk_verify_md. [T6539]
    - Make store an s-exp with \0 is considered to be binary. [T6747]
    - Various constant-time improvements.
    * Portability:
    - Use getrandom call only when supported by the platform. [T6442]
    - Change the default for --with-libtool-modification to never. [T6619]
    * Release-info: https://dev.gnupg.org/T6817
    * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
* Tue Oct 17 2023 Pedro Monreal <pmonreal@suse.com>
  - Do not pull revision info from GIT when autoconf is run. This
    removes the -unknown suffix after the version number.
    * Add libgcrypt-nobetasuffix.patch [bsc#1216334]
* Tue Oct 03 2023 Pedro Monreal <pmonreal@suse.com>
  - POWER: performance enhancements for cryptography [jsc#PED-5088]
    * Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006]
    - Chacha20/poly1305: Optimized chacha20/poly1305 for
      P10 operation [rC88fe7ac33eb4]
    - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES
      on arch-3.00 [rC2c5e5ab6843d]
    * Add patches:
    - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
    - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Mon May 22 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Merge the libgcrypt20-hmac package into the library and
    remove the "module is complete" trigger file .fips [bsc#1185116]
    * Remove libgcrypt-1.10.0-use-fipscheck.patch
* Tue Apr 11 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.2:
    * Bug fixes:
    - Fix Argon2 for the case output > 64. [rC13b5454d26]
    - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
    - Fix RSA key generation failure in forced FIPS mode. [T5919]
    - Fix gcry_pk_hash_verify for explicit hash. [T6066]
    - Fix a wrong result of gcry_mpi_invm. [T5970]
    - Allow building with --disable-asm for HPPA. [T5976]
    - Allow building with -Oz. [T6432]
    - Enable the fast path to ChaCha20 only when supported. [T6384]
    - Use size_t to avoid counter overflow in Keccak when directly
      feeding more than 4GiB. [T6217]
    * Other:
    - Do not use secure memory for a DRBG instance. [T5933]
    - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
    - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
    - Allow verification of small RSA signatures in FIPS mode. [T5975]
    - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
    - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
    - Add function-name based FIPS indicator function.
      GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
      an ABI changes because the new FIPS features were not yet
      approved. [rC822ee57f07]
    - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
    - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
    - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
    - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
    - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
    - Prefer gpgrt-config when available. [T5034]
    - Mark AESWRAP as approved FIPS algorithm. [T5512]
    - Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
    - Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
    - Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
    - Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
    * Release-info: https://dev.gnupg.org/T5905
    * Rebase FIPS patches:
    - libgcrypt-FIPS-SLI-hash-mac.patch
    - libgcrypt-FIPS-SLI-kdf-leylength.patch
    - libgcrypt-FIPS-SLI-pk.patch
* Wed Mar 08 2023 Martin Pluskal <mpluskal@suse.com>
  - Build AVX2 enabled hwcaps library for x86_64-v3
* Wed Oct 19 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.1:
    * Bug fixes:
    - Fix minor memory leaks in FIPS mode.
    - Build fixes for MUSL libc.
    * Other:
    - More portable integrity check in FIPS mode.
    - Add X9.62 OIDs to sha256 and sha512 modules.
    * Add the hardware optimizations config file hwf.deny to
      the /etc/gcrypt/ directory. This file can be used to globally
      disable the use of hardware based optimizations.
    * Remove not needed separate_hmac256_binary hmac256 package
* Wed Sep 14 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.0:
    * New and extended interfaces:
    - New control codes to check for FIPS 140-3 approved algorithms.
    - New control code to switch into non-FIPS mode.
    - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
    - Extended cipher mode AESWRAP with padding as specified by
      RFC-5649.
    - New set of KDF functions.
    - New KDF modes Argon2 and Balloon.
    - New functions for combining hashing and signing/verification.
    * Performance:
    - Improved support for PowerPC architectures.
    - Improved ECC performance on zSeries/s390x by using accelerated
      scalar multiplication.
    - Many more assembler performance improvements for several
      architectures.
    * Bug fixes:
    - Fix Elgamal encryption for other implementations.
      [bsc#1190239, CVE-2021-40528]
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
    * Other features:
    - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
      because it is useless with the FIPS 140-3 related changes.
    - Update of the jitter entropy RNG code.
    - Simplification of the entropy gatherer when using the getentropy
      system call.
    * Interface changes relative to the 1.10.0 release:
    - GCRYCTL_SET_DECRYPTION_TAG            NEW control code.
    - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
    - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF    NEW control code.
    - GCRYCTL_NO_FIPS_MODE = 83             NEW control code.
    - GCRY_CIPHER_MODE_SIV                  NEW mode.
    - GCRY_CIPHER_MODE_GCM_SIV              NEW mode.
    - GCRY_CIPHER_EXTENDED                  NEW flag.
    - GCRY_SIV_BLOCK_LEN                    NEW macro.
    - gcry_cipher_set_decryption_tag        NEW macro.
    - GCRY_KDF_ARGON2                       NEW constant.
    - GCRY_KDF_BALLOON                      NEW constant.
    - GCRY_KDF_ARGON2D                      NEW constant.
    - GCRY_KDF_ARGON2I                      NEW constant.
    - GCRY_KDF_ARGON2ID                     NEW constant.
    - gcry_kdf_hd_t                         NEW type.
    - gcry_kdf_job_fn_t                     NEW type.
    - gcry_kdf_dispatch_job_fn_t            NEW type.
    - gcry_kdf_wait_all_jobs_fn_t           NEW type.
    - struct gcry_kdf_thread_ops            NEW struct.
    - gcry_kdf_open                         NEW function.
    - gcry_kdf_compute                      NEW function.
    - gcry_kdf_final                        NEW function.
    - gcry_kdf_close                        NEW function.
    - gcry_pk_hash_sign                     NEW function.
    - gcry_pk_hash_verify                   NEW function.
    - gcry_pk_random_override_new           NEW function.
    * Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename
      to libgcrypt-1.10.0-allow_FSM_same_state.patch
    * Remove unused CAVS tests and related patches:
    - cavs_driver.pl cavs-test.sh
    - libgcrypt-1.6.1-fips-cavs.patch
    - drbg_test.patch
    * Remove DSA sign/verify patches for the FIPS CAVS test since DSA
      has been disabled in FIPS mode:
    - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
    - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
    * Rebase libgcrypt-FIPS-SLI-pk.patch
    * Rebase libgcrypt_indicators_changes.patch and
      libgcrypt-indicate-shake.patch and merge both into
      libgcrypt-FIPS-SLI-hash-mac.patch
    * Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to
      libgcrypt-FIPS-SLI-kdf-leylength.patch
    * Rebase libgcrypt-jitterentropy-3.4.0.patch
    * Rebase libgcrypt-FIPS-rndjent_poll.patch
    * Rebase libgcrypt-out-of-core-handler.patch and rename to
      libgcrypt-1.10.0-out-of-core-handler.patch
    * Since the FIPS .hmac file is now calculated with the internal
      tool hmac256, only the "module is complete" trigger .fips file
      is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch
      to libgcrypt-1.10.0-use-fipscheck.patch
    * Remove patches fixed upstream:
    - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
    - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
    - libgcrypt-fix-rng.patch
    - libgcrypt-1.8.3-fips-ctor.patch
    - libgcrypt-1.8.4-use_xfree.patch
    - libgcrypt-1.8.4-getrandom.patch
    - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
    - libgcrypt-dsa-rfc6979-test-fix.patch
    - libgcrypt-fix-tests-fipsmode.patch
    - libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
    - libgcrypt-1.8.4-fips-keygen.patch
    - libgcrypt-invoke-global_init-from-constructor.patch
    - libgcrypt-Restore-self-tests-from-constructor.patch
    - libgcrypt-FIPS-GMAC_AES-benckmark.patch
    - libgcrypt-global_init-constructor.patch
    - libgcrypt-random_selftests-testentropy.patch
    - libgcrypt-rsa-no-blinding.patch
    - libgcrypt-ecc-ecdsa-no-blinding.patch
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-ECC.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-fips_selftest_trigger_file.patch
    - libgcrypt-pthread-in-t-lock-test.patch
    - libgcrypt-FIPS-hw-optimizations.patch
    - libgcrypt-FIPS-module-version.patch
    - libgcrypt-FIPS-disable-3DES.patch
    - libgcrypt-FIPS-fix-regression-tests.patch
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch
    - libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-disable-DSA.patch
    - libgcrypt-jitterentropy-3.3.0.patch
    - libgcrypt-FIPS-Zeroize-hmac.patch
    * Update libgcrypt.keyring
* Thu Sep 08 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
    * Add libgcrypt-FIPS-rndjent_poll.patch
    * Rebase libgcrypt-jitterentropy-3.4.0.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
    * Consider approved keylength greater or equal to 112 bits.
    * Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Zeroize buffer and digest in check_binary_integrity()
    * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
    typing Tab key to Auto-Completion. [bsc#1182983]
    * Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
    * Enable the jitter based entropy generator by default in random.conf
    - Add libgcrypt-jitterentropy-3.3.0.patch
    * Update the internal jitterentropy to version 3.4.0
    - Add libgcrypt-jitterentropy-3.4.0.patch
* Mon Aug 01 2022 Stephan Kulow <coolo@suse.com>
  - Fix reproducible build problems:
    - Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
    - Fix date call messed up by spec-cleaner
* Thu Apr 14 2022 Dennis Knorr <dennis.knorr@suse.com>
  - FIPS: extend the service indicator [bsc#1190700]
    * introduced a pk indicator function
    * adapted the approved and non approved ciphersuites
    * Add libgcrypt_indicators_changes.patch
    * Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
    * Mark RSA public key encryption and private key decryption with
      padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
      peer key assurance validation requirements per SP800-56Brev2.
    * Mark ECC as approved only for NIST curves P-224, P-256, P-384
      and P-521 with check for common NIST names and aliases.
    * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
    * Add libgcrypt-FIPS-SLI-pk.patch
    * Rebase libgcrypt-FIPS-service-indicators.patch
  - Run the regression tests also in FIPS mode.
    * Disable tests for non-FIPS approved algos.
    * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Disable DSA in FIPS mode [bsc#1195385]
    * Upstream task: https://dev.gnupg.org/T5710
    * Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Service level indicator [bsc#1190700]
    * Provide an indicator to check wether the service utilizes an
      approved cryptographic algorithm or not.
    * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch
* Tue Dec 07 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
    * gcry_mpi_sub_ui: fix subtracting from negative value
    * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
* Tue Nov 30 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
    * Disable jitter entropy by default in random.conf
    * Disable only-urandom option by default in random.conf
* Fri Nov 26 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
    * rsa: Check RSA keylen constraints for key operations.
    * rsa: Fix regression in not returning an error for prime generation.
    * tests: Add 2k RSA key working in FIPS mode.
    * tests: pubkey: Replace RSA key to one of 2k.
    * tests: pkcs1v2: Skip tests with small keys in FIPS.
    * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch
* Mon Nov 08 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
    * Add libgcrypt-FIPS-disable-3DES.patch
* Tue Nov 02 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: PBKDF requirements [bsc#1185137]
    * The PBKDF2 selftests were introduced in libgcrypt version
      1.9.1 in the function selftest_pbkdf2()
    * Upstream task: https://dev.gnupg.org/T5182
* Thu Oct 28 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Fix regression tests in FIPS mode [bsc#1192131]
    * Add libgcrypt-FIPS-fix-regression-tests.patch
    * Upstream task: https://dev.gnupg.org/T5520
* Tue Sep 21 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Provide a module name/identifier and version that can be
    mapped to the validation records. [bsc#1190706]
    * Add libgcrypt-FIPS-module-version.patch
    * Upstream task: https://dev.gnupg.org/T5600
* Tue Sep 21 2021 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
    * Add libgcrypt-FIPS-hw-optimizations.patch
    * Upstream task: https://dev.gnupg.org/T5508
* Mon Aug 23 2021 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.9.4:
    * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
    * Other features:
    - Add GCM and CCM to OID mapping table for AES.
    * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Mon Aug 23 2021 Pedro Monreal <pmonreal@suse.com>
  - Remove not needed patch libgcrypt-sparcv9.diff
* Thu Jul 15 2021 Pedro Monreal <pmonreal@suse.com>
  - Fix building test t-lock with pthread. [bsc#1189745]
    * Explicitly add -lpthread to compile the t-lock test.
    * Add libgcrypt-pthread-in-t-lock-test.patch
* Fri Jun 11 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1187212, CVE-2021-33560]
    * cipher: Fix ElGamal encryption for other implementations.
    * Exponent blinding was added in version 1.9.3. This patch
      fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
  - Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Tue Apr 20 2021 Paolo Stivanin <info@paolostivanin.com>
  - libgcrypt 1.9.3:
    * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.
    - Make keygrip computation work for compressed points.
    * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC.
    * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.
* Wed Feb 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - libgcrypt 1.9.2:
    * Fix building with --disable-asm on x86
    * Check public key for ECDSA verify operation
    * Make sure gcry_get_config (NULL) returns a nul-terminated
      string
    * Fix a memory leak in the ECDH code
    * Fix a reading beyond end of input buffer in SHA2-avx2
  - remove obsolete texinfo packaging macros
* Tue Feb 02 2021 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.9.1
    * *Fix exploitable bug* in hash functions introduced with
      1.9.0. [bsc#1181632, CVE-2021-3345]
    * Return an error if a negative MPI is used with sexp scan
      functions.
    * Check for operational FIPS in the random and KDF functions.
    * Fix compile error on ARMv7 with NEON disabled.
    * Fix self-test in KDF module.
    * Improve assembler checks for better LTO support.
    * Fix 32-bit cross build on x86.
    * Fix non-NEON ARM assembly implementation for SHA512.
    * Fix build problems with the cipher_bulk_ops_t typedef.
    * Fix Ed25519 private key handling for preceding ZEROs.
    * Fix overflow in modular inverse implementation.
    * Fix register access for AVX/AVX2 implementations of Blake2.
    * Add optimized cipher and hash functions for s390x/zSeries.
    * Use hardware bit counting functionx when available.
    * Update DSA functions to match FIPS 186-3.
    * New self-tests for CMACs and KDFs.
    * Add bulk cipher functions for OFB and GCM modes.
  - Update libgpg-error required version
* Mon Feb 01 2021 Pedro Monreal <pmonreal@suse.com>
  - Use the suffix variable correctly in get_hmac_path()
  - Rebase libgcrypt-fips_selftest_trigger_file.patch
* Mon Jan 25 2021 Pedro Monreal <pmonreal@suse.com>
  - Add the global config file /etc/gcrypt/random.conf
    * This file can be used to globally change parameters of the random
      generator with the options: only-urandom and disable-jent.
* Thu Jan 21 2021 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.9.0:
    New stable branch of Libgcrypt with full API and ABI compatibility
    to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
    * New and extended interfaces:
    - New curves Ed448, X448, and SM2.
    - New cipher mode EAX.
    - New cipher algo SM4.
    - New hash algo SM3.
    - New hash algo variants SHA512/224 and SHA512/256.
    - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
      SM3, SM4 and for a GOST variant.
    - New convenience function gcry_mpi_get_ui.
    - gcry_sexp_extract_param understands new format specifiers to
      directly store to integers and strings.
    - New function gcry_ecc_mul_point and curve constants for Curve448
      and Curve25519.
    - New function gcry_ecc_get_algo_keylen.
    - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
      secure memory area.
    * Performance optimizations and bug fixes: See Release-info.
    * Other features:
    - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
    - Add mitigation against ECC timing attack CVE-2019-13627.
    - Internal cleanup of the ECC implementation.
    - Support reading EC point in compressed format for some curves.
  - Rebase patches:
    * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
    * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
    * libgcrypt-1.6.1-use-fipscheck.patch
    * drbg_test.patch
    * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
    * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
    * libgcrypt-1.8.4-fips-keygen.patch
    * libgcrypt-1.8.4-getrandom.patch
    * libgcrypt-fix-tests-fipsmode.patch
    * libgcrypt-global_init-constructor.patch
    * libgcrypt-ecc-ecdsa-no-blinding.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
  - Remove patches:
    * libgcrypt-unresolved-dladdr.patch
    * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    * libgcrypt-CVE-2019-12904-GCM.patch
    * libgcrypt-CVE-2019-12904-AES.patch
    * libgcrypt-CMAC-AES-TDES-selftest.patch
    * libgcrypt-1.6.1-fips-cfgrandom.patch
    * libgcrypt-fips_rsa_no_enforced_mode.patch
* Sat Oct 24 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - libgcrypt 1.8.7:
    * Support opaque MPI with gcry_mpi_print
    * Fix extra entropy collection via clock_gettime, a fallback code
      path for legacy hardware
* Tue Jul 07 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Update to 1.8.6
    * mpi: Consider +0 and -0 the same in mpi_cmp
    * mpi: Fix flags in mpi_copy for opaque MPI
    * mpi: Fix the return value of mpi_invm_generic
    * mpi: DSA,ECDSA: Fix use of mpi_invm
    - Call mpi_invm before _gcry_dsa_modify_k
    - Call mpi_invm before _gcry_ecc_ecdsa_sign
    * mpi: Constant time mpi_inv with some conditions
    - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
    - New: mpih_abs_cond, mpi_invm_odd
    - Rename from _gcry_mpi_invm: mpi_invm_generic
    - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
    * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
    * Fix wrong code execution in Poly1305 ARM/NEON implementation
    - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
    * Set vZZ.16b register to zero before use in armv8 gcm implementation
    * random: Fix include of config.h
    * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
    * ecc: Fix wrong handling of shorten PK bytes
    - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
  - Update libgcrypt-ecc-ecdsa-no-blinding.patch
* Tue May 19 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
    * Print the debug messages in test_keys() only in debug mode.
  - Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
    libgcrypt-PCT-ECC.patch
* Mon Apr 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: libgcrypt: Double free in test_keys() on failed signature
    verification [bsc#1169944]
    * Use safer gcry_mpi_release() instead of mpi_free()
  - Update patches:
    * libgcrypt-PCT-DSA.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
* Thu Apr 16 2020 Vítězslav Čížek <vcizek@suse.com>
  - Ship the FIPS checksum file in the shared library package and
    create a separate trigger file for the FIPS selftests (bsc#1169569)
    * add libgcrypt-fips_selftest_trigger_file.patch
    * refresh libgcrypt-global_init-constructor.patch
  - Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
    by libgcrypt-global_init-constructor.patch
* Wed Apr 15 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: Verify that the generated signature and the original input
    differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
  - Add zero-padding when qx and qy have different lengths when
    assembling the Q point from affine coordinates.
  - Refreshed patches:
    * libgcrypt-PCT-DSA.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
* Mon Mar 30 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
    * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
  - Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Thu Mar 26 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: Run self-tests from constructor during power-on [bsc#1166748]
    * Set up global_init as the constructor function:
    - libgcrypt-global_init-constructor.patch
    * Relax the entropy requirements on selftest. This is especially
      important for virtual machines to boot properly before the RNG
      is available:
    - libgcrypt-random_selftests-testentropy.patch
    - libgcrypt-rsa-no-blinding.patch
    - libgcrypt-ecc-ecdsa-no-blinding.patch
    * Fix benchmark regression test in FIPS mode:
    - libgcrypt-FIPS-GMAC_AES-benckmark.patch
* Thu Mar 12 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Remove check not needed in _gcry_global_constructor [bsc#1164950]
    * Update libgcrypt-Restore-self-tests-from-constructor.patch
* Tue Feb 25 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: Run the self-tests from the constructor [bsc#1164950]
    * Add libgcrypt-invoke-global_init-from-constructor.patch
* Fri Jan 17 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
  - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
  - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
    * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch

Files

/usr/lib/libgcrypt.so.20
/usr/lib/libgcrypt.so.20.4.3


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Jan 29 23:32:22 2024