Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libgcrypt20-hmac-1.9.4-150500.10.19 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: libgcrypt20-hmac Distribution: SUSE Linux Enterprise 15
Version: 1.9.4 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150500.10.19 Build date: Wed May 17 15:27:03 2023
Group: System/Libraries Build host: sheep16
Size: 0 Source RPM: libgcrypt-1.9.4-150500.10.19.src.rpm
Packager: https://www.suse.com/
Url: https://gnupg.org/software/libgcrypt
Summary: HMAC checksums for the GNU Crypto Library
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version). This package contains the HMAC checksum files
for integrity checking the library, as required by FIPS 140-2.

Provides

Requires

License

GPL-2.0-or-later AND LGPL-2.1-or-later

Changelog

* Thu Nov 24 2022 pmonreal@suse.com
  - POWER10 performance enhancements for cryptography [jsc#PED-566]
    * Backport upstream fixes:
    - AES-GCM: Bulk implementation of AES-GCM acceleration for ppc64le
    - hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature
    - Chacha20/poly1305: Optimized chacha20/poly1305 for P10 operation
    * Add patches:
    - libgcrypt-Bulk-implementation-of-AES-GCM-acceleration-ppc64le.patch
    - libgcrypt-hwf-ppc-fix-missing-HWF_PPC_ARCH_3_10-in-HW-feature.patch
    - libgcrypt-Optimized-chacha20-poly1305-for-P10-operation.patch
* Thu Sep 08 2022 pmonreal@suse.com
  - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
    * Add libgcrypt-FIPS-rndjent_poll.patch
* Wed Sep 07 2022 pmonreal@suse.com
  - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
    * Consider approved keylength greater or equal to 112 bits.
    * Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 pmonreal@suse.com
  - FIPS: Zeroize buffer and digest in check_binary_integrity()
    * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 pmonreal@suse.com
  - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
    typing Tab key to Auto-Completion. [bsc#1182983]
    * Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 pmonreal@suse.com
  - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
    * Enable the jitter based entropy generator by default in random.conf
    - Add libgcrypt-jitterentropy-3.3.0.patch
    * Update the internal jitterentropy to version 3.4.0
    - Add libgcrypt-jitterentropy-3.4.0.patch
* Thu Apr 14 2022 dennis.knorr@suse.com
  - FIPS: extend the service indicator [bsc#1190700]
    * introduced a pk indicator function
    * adapted the approved and non approved ciphersuites
    * Add libgcrypt_indicators_changes.patch
    * Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 pmonreal@suse.com
  - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
    * Mark RSA public key encryption and private key decryption with
      padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
      peer key assurance validation requirements per SP800-56Brev2.
    * Mark ECC as approved only for NIST curves P-224, P-256, P-384
      and P-521 with check for common NIST names and aliases.
    * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
    * Add libgcrypt-FIPS-SLI-pk.patch
    * Rebase libgcrypt-FIPS-service-indicators.patch
  - Run the regression tests also in FIPS mode.
    * Disable tests for non-FIPS approved algos.
    * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 pmonreal@suse.com
  - FIPS: Disable DSA in FIPS mode [bsc#1195385]
    * Upstream task: https://dev.gnupg.org/T5710
    * Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 pmonreal@suse.com
  - FIPS: Service level indicator [bsc#1190700]
    * Provide an indicator to check wether the service utilizes an
      approved cryptographic algorithm or not.
    * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch
* Tue Dec 07 2021 pmonreal@suse.com
  - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
    * gcry_mpi_sub_ui: fix subtracting from negative value
    * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
* Tue Nov 30 2021 pmonreal@suse.com
  - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
    * Disable jitter entropy by default in random.conf
    * Disable only-urandom option by default in random.conf
* Fri Nov 26 2021 pmonreal@suse.com
  - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
    * rsa: Check RSA keylen constraints for key operations.
    * rsa: Fix regression in not returning an error for prime generation.
    * tests: Add 2k RSA key working in FIPS mode.
    * tests: pubkey: Replace RSA key to one of 2k.
    * tests: pkcs1v2: Skip tests with small keys in FIPS.
    * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch
* Mon Nov 08 2021 pmonreal@suse.com
  - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
    * Add libgcrypt-FIPS-disable-3DES.patch
* Tue Nov 02 2021 pmonreal@suse.com
  - FIPS: PBKDF requirements [bsc#1185137]
    * The PBKDF2 selftests were introduced in libgcrypt version
      1.9.1 in the function selftest_pbkdf2()
    * Upstream task: https://dev.gnupg.org/T5182
* Thu Oct 28 2021 pmonreal@suse.com
  - FIPS: Fix regression tests in FIPS mode [bsc#1192131]
    * Add libgcrypt-FIPS-fix-regression-tests.patch
    * Upstream task: https://dev.gnupg.org/T5520
* Tue Sep 21 2021 pmonreal@suse.com
  - FIPS: Provide a module name/identifier and version that can be
    mapped to the validation records. [bsc#1190706]
    * Add libgcrypt-FIPS-module-version.patch
    * Upstream task: https://dev.gnupg.org/T5600
* Tue Sep 21 2021 pmonreal@suse.com
  - FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
    * Add libgcrypt-FIPS-hw-optimizations.patch
    * Upstream task: https://dev.gnupg.org/T5508
* Mon Aug 23 2021 pmonreal@suse.com
  - Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734]
    * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
    * Other features:
    - Add GCM and CCM to OID mapping table for AES.
    * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Mon Aug 23 2021 pmonreal@suse.com
  - Remove not needed patch libgcrypt-sparcv9.diff
* Fri Jul 16 2021 pmonreal@suse.com
  - libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413]
    * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.
    - Make keygrip computation work for compressed points.
    * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC.
    * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.
    * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
* Thu Jul 15 2021 pmonreal@suse.com
  - Fix building test t-lock with pthread. [bsc#1189745]
    * Explicitly add -lpthread to compile the t-lock test.
    * Add libgcrypt-pthread-in-t-lock-test.patch
* Fri Jun 11 2021 pmonreal@suse.com
  - Security fix: [bsc#1187212, CVE-2021-33560]
    * Libgcrypt mishandles ElGamal encryption because it lacks exponent
      blinding to address a side-channel attack against mpi_powm
  - Add patches:
    * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
    * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Tue Apr 13 2021 pmonreal@suse.com
  - Upgrade to 1.9.2 in SLE-15-SP4 [jsc#SLE-17558, jsc#SLE-19413]
  - Remove patches:
    * CVE-2018-0495.patch
    * libgcrypt-CVE-2019-13627.patch
    * libgcrypt-AES-KW-fix-in-place-encryption.patch
    * libgcrypt-ECDSA_check_coordinates_range.patch
    * libgcrypt-check-re-open-dev_random-after-fork.patch
* Wed Feb 17 2021 andreas.stieger@gmx.de
  - libgcrypt 1.9.2:
    * Fix building with --disable-asm on x86
    * Check public key for ECDSA verify operation
    * Make sure gcry_get_config (NULL) returns a nul-terminated
      string
    * Fix a memory leak in the ECDH code
    * Fix a reading beyond end of input buffer in SHA2-avx2
  - remove obsolete texinfo packaging macros
* Tue Feb 02 2021 pmonreal@suse.com
  - Update to 1.9.1
    * *Fix exploitable bug* in hash functions introduced with
      1.9.0. [bsc#1181632, CVE-2021-3345]
    * Return an error if a negative MPI is used with sexp scan
      functions.
    * Check for operational FIPS in the random and KDF functions.
    * Fix compile error on ARMv7 with NEON disabled.
    * Fix self-test in KDF module.
    * Improve assembler checks for better LTO support.
    * Fix 32-bit cross build on x86.
    * Fix non-NEON ARM assembly implementation for SHA512.
    * Fix build problems with the cipher_bulk_ops_t typedef.
    * Fix Ed25519 private key handling for preceding ZEROs.
    * Fix overflow in modular inverse implementation.
    * Fix register access for AVX/AVX2 implementations of Blake2.
    * Add optimized cipher and hash functions for s390x/zSeries.
    * Use hardware bit counting functionx when available.
    * Update DSA functions to match FIPS 186-3.
    * New self-tests for CMACs and KDFs.
    * Add bulk cipher functions for OFB and GCM modes.
  - Update libgpg-error required version
* Mon Feb 01 2021 pmonreal@suse.com
  - Use the suffix variable correctly in get_hmac_path()
  - Rebase libgcrypt-fips_selftest_trigger_file.patch
* Mon Jan 25 2021 pmonreal@suse.com
  - Add the global config file /etc/gcrypt/random.conf
    * This file can be used to globally change parameters of the random
      generator with the options: only-urandom and disable-jent.
* Thu Jan 21 2021 pmonreal@suse.com
  - Update to 1.9.0:
    New stable branch of Libgcrypt with full API and ABI compatibility
    to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
    * New and extended interfaces:
    - New curves Ed448, X448, and SM2.
    - New cipher mode EAX.
    - New cipher algo SM4.
    - New hash algo SM3.
    - New hash algo variants SHA512/224 and SHA512/256.
    - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
      SM3, SM4 and for a GOST variant.
    - New convenience function gcry_mpi_get_ui.
    - gcry_sexp_extract_param understands new format specifiers to
      directly store to integers and strings.
    - New function gcry_ecc_mul_point and curve constants for Curve448
      and Curve25519.
    - New function gcry_ecc_get_algo_keylen.
    - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
      secure memory area.
    * Performance optimizations and bug fixes: See Release-info.
    * Other features:
    - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
    - Add mitigation against ECC timing attack CVE-2019-13627.
    - Internal cleanup of the ECC implementation.
    - Support reading EC point in compressed format for some curves.
  - Rebase patches:
    * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
    * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
    * libgcrypt-1.6.1-use-fipscheck.patch
    * drbg_test.patch
    * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
    * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
    * libgcrypt-1.8.4-fips-keygen.patch
    * libgcrypt-1.8.4-getrandom.patch
    * libgcrypt-fix-tests-fipsmode.patch
    * libgcrypt-global_init-constructor.patch
    * libgcrypt-ecc-ecdsa-no-blinding.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
  - Remove patches:
    * libgcrypt-unresolved-dladdr.patch
    * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    * libgcrypt-CVE-2019-12904-GCM.patch
    * libgcrypt-CVE-2019-12904-AES.patch
    * libgcrypt-CMAC-AES-TDES-selftest.patch
    * libgcrypt-1.6.1-fips-cfgrandom.patch
    * libgcrypt-fips_rsa_no_enforced_mode.patch
* Sat Oct 24 2020 andreas.stieger@gmx.de
  - libgcrypt 1.8.7:
    * Support opaque MPI with gcry_mpi_print
    * Fix extra entropy collection via clock_gettime, a fallback code
      path for legacy hardware
* Tue Jul 07 2020 pmonrealgonzalez@suse.com
  - Update to 1.8.6
    * mpi: Consider +0 and -0 the same in mpi_cmp
    * mpi: Fix flags in mpi_copy for opaque MPI
    * mpi: Fix the return value of mpi_invm_generic
    * mpi: DSA,ECDSA: Fix use of mpi_invm
    - Call mpi_invm before _gcry_dsa_modify_k
    - Call mpi_invm before _gcry_ecc_ecdsa_sign
    * mpi: Constant time mpi_inv with some conditions
    - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
    - New: mpih_abs_cond, mpi_invm_odd
    - Rename from _gcry_mpi_invm: mpi_invm_generic
    - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
    * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
    * Fix wrong code execution in Poly1305 ARM/NEON implementation
    - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
    * Set vZZ.16b register to zero before use in armv8 gcm implementation
    * random: Fix include of config.h
    * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
    * ecc: Fix wrong handling of shorten PK bytes
    - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
  - Update libgcrypt-ecc-ecdsa-no-blinding.patch
* Tue May 19 2020 pmonrealgonzalez@suse.com
  - FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
    * Print the debug messages in test_keys() only in debug mode.
  - Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
    libgcrypt-PCT-ECC.patch
* Mon Apr 27 2020 pmonrealgonzalez@suse.com
  - FIPS: libgcrypt: Double free in test_keys() on failed signature
    verification [bsc#1169944]
    * Use safer gcry_mpi_release() instead of mpi_free()
  - Update patches:
    * libgcrypt-PCT-DSA.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
* Thu Apr 16 2020 vcizek@suse.com
  - Ship the FIPS checksum file in the shared library package and
    create a separate trigger file for the FIPS selftests (bsc#1169569)
    * add libgcrypt-fips_selftest_trigger_file.patch
    * refresh libgcrypt-global_init-constructor.patch
  - Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
    by libgcrypt-global_init-constructor.patch
* Wed Apr 15 2020 pmonrealgonzalez@suse.com
  - FIPS: Verify that the generated signature and the original input
    differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
  - Add zero-padding when qx and qy have different lengths when
    assembling the Q point from affine coordinates.
  - Refreshed patches:
    * libgcrypt-PCT-DSA.patch
    * libgcrypt-PCT-RSA.patch
    * libgcrypt-PCT-ECC.patch
* Mon Mar 30 2020 pmonrealgonzalez@suse.com
  - FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
    * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
  - Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Thu Mar 26 2020 pmonrealgonzalez@suse.com
  - FIPS: Fix drbg to be threadsafe [bsc#1167674]
    * Detect fork and re-open devices in_gcry_rndlinux_gather_random
    * libgcrypt-check-re-open-dev_random-after-fork.patch
* Thu Mar 26 2020 pmonrealgonzalez@suse.com
  - FIPS: Run self-tests from constructor during power-on [bsc#1166748]
    * Set up global_init as the constructor function:
    - libgcrypt-global_init-constructor.patch
    * Relax the entropy requirements on selftest. This is especially
      important for virtual machines to boot properly before the RNG
      is available:
    - libgcrypt-random_selftests-testentropy.patch
    - libgcrypt-rsa-no-blinding.patch
    - libgcrypt-ecc-ecdsa-no-blinding.patch
    * Fix benchmark regression test in FIPS mode:
    - libgcrypt-FIPS-GMAC_AES-benckmark.patch
* Thu Mar 12 2020 pmonrealgonzalez@suse.com
  - Remove check not needed in _gcry_global_constructor [bsc#1164950]
    * Update libgcrypt-Restore-self-tests-from-constructor.patch
* Thu Mar 12 2020 pmonrealgonzalez@suse.com
  - FIPS: Restore the full _gcry_global_constructor function to run
    the self-test from the constructor [bsc#1164950]
    * Add libgcrypt-Restore-self-tests-from-constructor.patch
* Tue Feb 25 2020 pmonrealgonzalez@suse.com
  - FIPS: Run the self-tests from the constructor [bsc#1164950]
    * Add libgcrypt-invoke-global_init-from-constructor.patch
* Mon Jan 20 2020 vcizek@suse.com
  - ECDSA: Check range of coordinates (bsc#1161216)
    * add libgcrypt-ECDSA_check_coordinates_range.patch
* Fri Jan 17 2020 pmonrealgonzalez@suse.com
  - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
  - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
  - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
    * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch
* Fri Jan 17 2020 pmonrealgonzalez@suse.com
  - FIPS: keywrap gives incorrect results [bsc#1161218]
    * Add libgcrypt-AES-KW-fix-in-place-encryption.patch
* Wed Dec 11 2019 pmonrealgonzalez@suse.com
  - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
    * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Wed Nov 27 2019 pmonrealgonzalez@suse.com
  - Fix tests in FIPS mode:
    * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
    * Add patch libgcrypt-fix-tests-fipsmode.patch
* Tue Nov 26 2019 pmonrealgonzalez@suse.com
  - Fix test dsa-rfc6979 in FIPS mode:
    * Disable tests in elliptic curves with 192 bits which are not
      recommended in FIPS mode
    * Add patch libgcrypt-dsa-rfc6979-test-fix.patch
* Tue Nov 12 2019 pmonrealgonzalez@suse.com
  - CMAC AES and TDES FIPS self-tests:
    * CMAC AES self test missing [bsc#1155339]
    * CMAC TDES self test missing [bsc#1155338]
  - Add libgcrypt-CMAC-AES-TDES-selftest.patch
* Mon Sep 02 2019 pmonrealgonzalez@suse.com
  - Security fix: [bsc#1148987,CVE-2019-13627]
    * Mitigation against an ECDSA timing attack
    * Added libgcrypt-CVE-2019-13627.patch
* Fri Aug 30 2019 andreas.stieger@gmx.de
  - libgcrypt 1.8.5:
    * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
    * Improve ECDSA unblinding
    * Provide a pkg-config file
* Wed Jul 31 2019 jsikes@suse.com
  - Fixed an issue created by incomplete implementation of previous change - [bsc#1097073]
    * Removed section of libgcrypt-binary_integrity_in_non-FIPS.patch
      that caused some tests to be executed more than once.
* Thu Jul 18 2019 jsikes@suse.de
  - Fixed a race condition in initialization.
    * Added libgcrypt-1.8.4-allow_FSM_same_state.patch
* Tue Jul 02 2019 jsikes@suse.de
  - Fixed redundant fips tests in some situations causing sudo to stop
    working when pam-kwallet is installed. bsc#1133808
    * Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
    * Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
      because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
* Fri Jun 21 2019 pmonrealgonzalez@suse.com
  - Fixed env-script-interpreter in cavs_driver.pl
* Fri Jun 21 2019 pmonrealgonzalez@suse.com
  - Security fix: [bsc#1138939, CVE-2019-12904]
    * The C implementation of AES is vulnerable to a flush-and-reload
      side-channel attack because physical addresses are available to
      other processes. (The C implementation is used on platforms where
      an assembly-language implementation is unavailable.)
    * Added patches:
    - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    - libgcrypt-CVE-2019-12904-GCM.patch
    - libgcrypt-CVE-2019-12904-AES.patch
* Fri Apr 26 2019 jsikes@suse.de
  - do not try to open /dev/urandom if getrandom() works
    * Added libgcrypt-1.8.4-getrandom.patch
  - Drop libgcrypt-init-at-elf-load-fips.patch obsoleted
    by libgcrypt-1.8.3-fips-ctor.patch
* Tue Apr 23 2019 jsikes@suse.de
  - Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that
    was partially causing bsc#1131183.
  - Fixed race condition in multi-threaded applications by allowing a FSM state
    transition to the current state. This means some tests are run twice.
    * Added libgcrypt-1.8.4-allow_FSM_same_state.patch
  - Fixed an issue in malloc/free wrappers so that memory created by the malloc()
    wrappers will be destroyed using the free() wrappers.
    * Added libgcrypt-1.8.4-use_xfree.patch
* Mon Apr 15 2019 jsikes@suse.de
  - remove section of libgcrypt-binary_integrity_in_non-FIPS.patch that caused
    some tests to be executed twice.
* Fri Apr 05 2019 jsikes@suse.de
  - removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking
    libotr. bsc#1131183
* Tue Mar 26 2019 vcizek@suse.com
  - libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
    are invoked as well as the state transition, adjust the code so
    a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
    * update libgcrypt-binary_integrity_in_non-FIPS.patch
* Tue Mar 26 2019 vcizek@suse.com
  - Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
    * add libgcrypt-fips_rsa_no_enforced_mode.patch
* Fri Mar 22 2019 vcizek@suse.com
  - Don't run full self-tests from constructor (bsc#1097073)
    * Don't call global_init() from the constructor, _gcry_global_constructor()
      from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
      integrity check instead.
    * Only the binary checksum will be verified, the remaining
      self-tests will be run upon the library initialization
  - Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
  - Drop libgcrypt-init-at-elf-load-fips.patch and
    libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
    by libgcrypt-1.8.3-fips-ctor.patch
* Thu Mar 07 2019 pmonrealgonzalez@suse.com
  - Skip all the self-tests except for binary integrity when called
    from the constructor (bsc#1097073)
    * Added libgcrypt-1.8.3-fips-ctor.patch
* Wed Nov 28 2018 pmonrealgonzalez@suse.com
  - Fail selftests when checksum file is missing in FIPS mode only
    (bsc#1117355)
    * add libgcrypt-binary_integrity_in_non-FIPS.patch
* Sun Oct 28 2018 astieger@suse.com
  - libgcrypt 1.8.4:
    * Fix infinite loop with specific application implementations
    * Fix possible leak of a few bits of secret primes to pageable
      memory
    * Fix possible hang in the RNG (1.8.3)
    * Always make use of getrandom if possible and then use
      its /dev/urandom behaviour
* Mon Jul 02 2018 schwab@suse.de
  - libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch,
    libgcrypt-strict-aliasing.patch: Remove obsolete patches
  - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff
  - Reenable testsuite
* Wed Jun 20 2018 psimons@suse.com
  - Apply "CVE-2018-0495.patch" from upstream to enable blinding for
    ECDSA signing. This change mitigates a novel side-channel attack.
    [CVE-2018-0495, bsc#1097410]
* Wed Jun 13 2018 kbabioch@suse.com
  - Update to version 1.8.3:
    - Use blinding for ECDSA signing to mitigate a novel side-channel
      attack. (CVE-2018-0495 bsc#1097410)
    - Fix incorrect counter overflow handling for GCM when using an IV
      size other than 96 bit.
    - Fix incorrect output of AES-keywrap mode for in-place encryption
      on some platforms.
    - Fix the gcry_mpi_ec_curve_point point validation function.
    - Fix rare assertion failure in gcry_prime_check.
  - Applied spec-cleaner
* Wed May 02 2018 pmonrealgonzalez@suse.com
  - Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
    are installed in the right order. [bsc#1090766]
* Thu Mar 29 2018 pmonrealgonzalez@suse.com
  - Extended the fipsdrv dsa-sign and dsa-verify commands with the
    - -algo parameter for the FIPS testing of DSA SigVer and SigGen
    (bsc#1064455).
    * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
    * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Thu Feb 22 2018 fvogt@suse.com
  - Use %license (boo#1082318)
* Wed Dec 13 2017 astieger@suse.com
  - libgcrypt 1.8.2:
    * Fix fatal out of secure memory status in the s-expression
      parser on heavy loaded systems.
    * Add auto expand secmem feature or use by GnuPG 2.2.4
* Mon Aug 28 2017 astieger@suse.com
  - libgcrypt 1.8.1:
    * Mitigate a local side-channel attack on Curve25519 dubbed "May
      the Fourth be With You" CVE-2017-0379 bsc#1055837
    * Add more extra bytes to the pool after reading a seed file
    * Add the OID SHA384WithECDSA from RFC-7427 to SHA-384
    * Fix build problems with the Jitter RNG
    * Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)
* Mon Jul 24 2017 jengelh@inai.de
  - RPM group fixes.
* Fri Jul 21 2017 astieger@suse.com
  - libgcrypt 1.8.0:
    * New cipher mode XTS
    * New hash function Blake-2
    * New function gcry_mpi_point_copy.
    * New function gcry_get_config.
    * GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
    * New gobal configuration file /etc/gcrypt/random.conf.
    * GCRYCTL_PRINT_CONFIG does now also print build information for
      libgpg-error and the used compiler version.
    * GCRY_CIPHER_MODE_CFB8 is now supported.
    * A jitter based entropy collector is now used in addition to the
      other entropy collectors.
    * Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
      random pool lock).
    * Interface changes relative to the 1.7.0 release:
      gcry_get_config                 NEW function.
      gcry_mpi_point_copy             NEW function.
      GCRYCTL_REINIT_SYSCALL_CLAMP    NEW macro.
      GCRY_MD_BLAKE2B_512             NEW constant.
      GCRY_MD_BLAKE2B_384             NEW constant.
      GCRY_MD_BLAKE2B_256             NEW constant.
      GCRY_MD_BLAKE2B_160             NEW constant.
      GCRY_MD_BLAKE2S_256             NEW constant.
      GCRY_MD_BLAKE2S_224             NEW constant.
      GCRY_MD_BLAKE2S_160             NEW constant.
      GCRY_MD_BLAKE2S_128             NEW constant.
      GCRY_CIPHER_MODE_XTS            NEW constant.
      gcry_md_info                    DEPRECATED.
  - Refresh patch libgcrypt-1.6.3-aliasing.patch
* Thu Jun 29 2017 astieger@suse.com
  - libgcrypt 1.7.8:
    * CVE-2017-7526: Mitigate a flush+reload side-channel attack on
      RSA secret keys (bsc#1046607)
* Sun Jun 04 2017 astieger@suse.com
  - libgcrypt 1.7.7:
    * Fix possible timing attack on EdDSA session key (previously
      patched, drop libgcrypt-secure-EdDSA-session-key.patch)
    * Fix long standing bug in secure memory implementation which
      could lead to a segv on free
* Fri Jun 02 2017 pmonrealgonzalez@suse.com
  - Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
    * Store the session key in secure memory to ensure that constant
      time point operations are used in the MPI library.
* Fri Jan 20 2017 rmaliska@suse.com
  - libgcrypt 1.7.6:
    * Fix counter operand from read-only to read/write
    * Fix too large jump alignment in mpih-rshift
* Thu Dec 15 2016 astieger@suse.com
  - libgcrypt 1.7.5:
    * Fix regression in mlock detection introduced with 1.7.4
* Tue Dec 13 2016 astieger@suse.com
  - libgcrypt 1.7.4:
    * ARMv8/AArch32 performance improvements for AES, GCM, SHA-256,
      and SHA-1.
    * Add ARMv8/AArch32 assembly implementation for Twofish and
      Camellia.
    * Add bulk processing implementation for ARMv8/AArch32.
    * Add Stribog OIDs.
    * Improve the DRBG performance and sync the code with the Linux
      version.
    * When secure memory is requested by the MPI functions or by
      gcry_xmalloc_secure, they do not anymore lead to a fatal error
      if the secure memory pool is used up.  Instead new pools are
      allocated as needed.  These new pools are not protected against
      being swapped out (mlock can't be used). Mitigation for
      minor confidentiality issues is encryption swap space.
    * Fix GOST 28147 CryptoPro-B S-box.
    * Fix error code handling of mlock calls.
* Sat Aug 20 2016 mpluskal,vcizek,astieger}@suse.com
  - libgcrypt 1.7.3:
    * security issue already fixes with 1.6.6
    * Fix building of some asm modules with older compilers and CPUs.
    * ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
  - includes changes from libgcrypt 1.7.2:
    * Bug fixes:
    - Fix setting of the ECC cofactor if parameters are specified.
    - Fix memory leak in the ECC code.
    - Remove debug message about unsupported getrandom syscall.
    - Fix build problems related to AVX use.
    - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
    * Internal changes:
    - Improved fatal error message for wrong use of gcry_md_read.
    - Disallow symmetric encryption/decryption if key is not set.
  - includes changes from 1.7.1:
    * Bug fixes:
    - Fix ecc_verify for cofactor support.
    - Fix portability bug when using gcc with Solaris 9 SPARC.
    - Build fix for OpenBSD/amd64
    - Add OIDs to the Serpent ciphers.
    * Internal changes:
    - Use getrandom system call on Linux if available.
    - Blinding is now also used for RSA signature creation.
    - Changed names of debug envvars
  - includes changes from 1.7.0:
    * New algorithms and modes:
    - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
    - SHAKE128 and SHAKE256 extendable-output hash algorithms.
    - ChaCha20 stream cipher.
    - Poly1305 message authentication algorithm
    - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
      mode.
    - OCB mode.
    - HMAC-MD2 for use by legacy applications.
    * New curves for ECC:
    - Curve25519.
    - sec256k1.
    - GOST R 34.10-2001 and GOST R 34.10-2012.
    * Performance:
    - Improved performance of KDF functions.
    - Assembler optimized implementations of Blowfish and Serpent on
      ARM.
    - Assembler optimized implementation of 3DES on x86.
    - Improved AES using the SSSE3 based vector permutation method by
      Mike Hamburg.
    - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
      about 20% faster than SSSE3 and more than 100% faster than the
      generic C implementation.
    - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
    - 60-90% speedup for Whirlpool on x86.
    - 300% speedup for RIPE MD-160.
    - Up to 11 times speedup for CRC functions on x86.
    * Other features:
    - Improved ECDSA and FIPS 186-4 compliance.
    - Support for Montgomery curves.
    - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
      algorithm.
    - gcry_mpi_ec_sub to subtract two points on a curve.
    - gcry_mpi_ec_decode_point to decode an MPI into a point object.
    - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]
    - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
      hash part.
    - Parameter "saltlen" to set a non-default salt length for RSA PSS.
    - A SP800-90A conforming DRNG replaces the former X9.31 alternative
      random number generator.
    - Map deprecated RSA algo number to the RSA algo number for better
      backward compatibility. [from 1.6.2]
    - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
      See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
      [from 1.6.3]
    - Fixed data-dependent timing variations in modular exponentiation
      [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical]. [from 1.6.3]
    - Flag "no-keytest" for ECC key generation.  Due to a bug in
      the parser that flag will also be accepted but ignored by older
      version of Libgcrypt. [from 1.6.4]
    - Speed up the random number generator by requiring less extra
      seeding. [from 1.6.4]
    - Always verify a created RSA signature to avoid private key leaks
      due to hardware failures. [from 1.6.4]
    - Mitigate side-channel attack on ECDH with Weierstrass curves
      [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
      details. [from 1.6.5]
    * Internal changes:
    - Moved locking out to libgpg-error.
    - Support of the SYSROOT envvar in the build system.
    - Refactor some code.
    - The availability of a 64 bit integer type is now mandatory.
    * Bug fixes:
    - Fixed message digest lookup by OID (regression in 1.6.0).
    - Fixed a build problem on NetBSD
    - Fixed some asm build problems and feature detection bugs.
    * Interface changes relative to the 1.6.0 release:
    gcry_cipher_final               NEW macro.
    GCRY_CIPHER_MODE_CFB8           NEW constant.
    GCRY_CIPHER_MODE_OCB            NEW.
    GCRY_CIPHER_MODE_POLY1305       NEW.
    gcry_cipher_set_sbox            NEW macro.
    gcry_mac_get_algo               NEW.
    GCRY_MAC_HMAC_MD2               NEW.
    GCRY_MAC_HMAC_SHA3_224          NEW.
    GCRY_MAC_HMAC_SHA3_256          NEW.
    GCRY_MAC_HMAC_SHA3_384          NEW.
    GCRY_MAC_HMAC_SHA3_512          NEW.
    GCRY_MAC_POLY1305               NEW.
    GCRY_MAC_POLY1305_AES           NEW.
    GCRY_MAC_POLY1305_CAMELLIA      NEW.
    GCRY_MAC_POLY1305_SEED          NEW.
    GCRY_MAC_POLY1305_SERPENT       NEW.
    GCRY_MAC_POLY1305_TWOFISH       NEW.
    gcry_md_extract                 NEW.
    GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
    GCRY_MD_GOSTR3411_CP            NEW.
    GCRY_MD_SHA3_224                NEW.
    GCRY_MD_SHA3_256                NEW.
    GCRY_MD_SHA3_384                NEW.
    GCRY_MD_SHA3_512                NEW.
    GCRY_MD_SHAKE128                NEW.
    GCRY_MD_SHAKE256                NEW.
    gcry_mpi_ec_decode_point        NEW.
    gcry_mpi_ec_sub                 NEW.
    GCRY_PK_EDDSA                   NEW constant.
    GCRYCTL_GET_TAGLEN              NEW.
    GCRYCTL_SET_SBOX                NEW.
    GCRYCTL_SET_TAGLEN              NEW.
  - Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
    architectures
  - update drbg_test.patch and install cavs testing directory again
  - As DRBG is upstream, drop pateches:
    v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    v9-0007-User-interface-to-DRBG.patch
    libgcrypt-fix-rng.patch
  - drop obsolete:
    libgcrypt-fips-dsa.patch
    libgcrypt-fips_ecdsa.patch
* Wed Aug 17 2016 astieger@suse.com
  - libgcrypt 1.6.6:
    * fix CVE-2016-6313: Issue in the mixing functions of the random
      number generators allowed an attacker who obtained a number of
      bytes from the standard RNG to predict some of the next ouput.
      (bsc#994157)
* Mon May 16 2016 pjanouch@suse.de
  - remove conditionals for unsupported distributions (before 13.2),
    it would not build anyway because of new dependencies
* Mon May 16 2016 pjanouch@suse.de
  - make the -hmac package depend on the same version of the library,
    fixing bsc#979629 FIPS: system fails to reboot after installing
    fips pattern
* Tue Feb 09 2016 astieger@suse.com
  - update to 1.6.5:
    * CVE-2015-7511: Mitigate side-channel attack on ECDH with
      Weierstrass curves (boo#965902)
* Sat Oct 10 2015 astieger@suse.com
  - follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4
* Tue Sep 08 2015 vcizek@suse.com
  - update to 1.6.4
  - fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
    * Speed up the random number generator by requiring less extra
    seeding.
    * New flag "no-keytest" for ECC key generation.  Due to a bug in the
    parser that flag will also be accepted but ignored by older version
    of Libgcrypt.
    * Always verify a created RSA signature to avoid private key leaks
    due to hardware failures.
    * Other minor bug fixes.
* Tue Jun 23 2015 dvaleev@suse.com
  - Fix gpg2 tests on BigEndian architectures: s390x ppc64
    libgcrypt-1.6.3-aliasing.patch
* Sun Mar 01 2015 astieger@suse.com
  - fix sosuffix for 1.6.3 (20.0.3)
* Sat Feb 28 2015 astieger@suse.com
  - libgcrypt 1.6.3 [bnc#920057]:
    * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
    * Fixed data-dependent timing variations in modular exponentiation
    [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
    are Practical].
  - update upstream signing keyring
* Fri Feb 06 2015 coolo@suse.com
  - making the build reproducible - see
    http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html
    for a very similiar problem
* Fri Feb 06 2015 dimstar@opensuse.org
  - Move %install_info_delete calls from postun to preun: the files
    must still be present to be parsed.
  - Fix the names passed to install_info for gcrypt.info-[12].gz
    instead of gcrypt-[12].info.gz.
* Fri Feb 06 2015 coolo@suse.com
  - fix filename for info pages in %post scripts
* Wed Nov 05 2014 andreas.stieger@gmx.de
  - libgcrypt 1.6.2:
    * Map deprecated RSA algo number to the RSA algo number for better
    backward compatibility.
    * Support a 0x40 compression prefix for EdDSA.
    * Improve ARM hardware feature detection and building.
    * Fix building for the x32 ABI platform.
    * Fix some possible NULL deref bugs.
  - remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream
    via xtrymalloc macro
  - remove libgcrypt-fixed-sizet.patch, upstream
  - adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change

Files

/usr/lib64/.libgcrypt.so.20.fips


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024