Changelog for
libgcrypt-debugsource-1.10.3-1.36.x86_64.rpm :
* Tue Nov 21 2023 otto.hollmannAATTsuse.com- Re-create HMAC checksum after RPM build strips the library (bsc#1217058)
* Wed Nov 15 2023 pmonrealAATTsuse.com- Update to 1.10.3:
* Bug fixes: - Fix public key computation for other EdDSA curves. [rC469919751d6e] - Remove out of core handler diagnostic in FIPS mode. [T6515] - Check that the digest size is not zero in gcry_pk_sign_md and gcry_pk_verify_md. [T6539] - Make store an s-exp with \\0 is considered to be binary. [T6747] - Various constant-time improvements.
* Portability: - Use getrandom call only when supported by the platform. [T6442] - Change the default for --with-libtool-modification to never. [T6619]
* Release-info: https://dev.gnupg.org/T6817
* Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
* Tue Oct 17 2023 pmonrealAATTsuse.com- Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number.
* Add libgcrypt-nobetasuffix.patch [bsc#1216334]
* Tue Oct 03 2023 pmonrealAATTsuse.com- POWER: performance enhancements for cryptography [jsc#PED-5088]
* Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006] - Chacha20/poly1305: Optimized chacha20/poly1305 for P10 operation [rC88fe7ac33eb4] - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch-3.00 [rC2c5e5ab6843d]
* Add patches: - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Mon May 22 2023 pmonrealAATTsuse.com- FIPS: Merge the libgcrypt20-hmac package into the library and remove the \"module is complete\" trigger file .fips [bsc#1185116]
* Remove libgcrypt-1.10.0-use-fipscheck.patch
* Tue Apr 11 2023 pmonrealAATTsuse.com- Update to 1.10.2:
* Bug fixes: - Fix Argon2 for the case output > 64. [rC13b5454d26] - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44] - Fix RSA key generation failure in forced FIPS mode. [T5919] - Fix gcry_pk_hash_verify for explicit hash. [T6066] - Fix a wrong result of gcry_mpi_invm. [T5970] - Allow building with --disable-asm for HPPA. [T5976] - Allow building with -Oz. [T6432] - Enable the fast path to ChaCha20 only when supported. [T6384] - Use size_t to avoid counter overflow in Keccak when directly feeding more than 4GiB. [T6217]
* Other: - Do not use secure memory for a DRBG instance. [T5933] - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918] - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990] - Allow verification of small RSA signatures in FIPS mode. [T5975] - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039] - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165] - Add function-name based FIPS indicator function. GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered an ABI changes because the new FIPS features were not yet approved. [rC822ee57f07] - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397] - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9] - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a] - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219] - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba] - Prefer gpgrt-config when available. [T5034] - Mark AESWRAP as approved FIPS algorithm. [T5512] - Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332] - Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25] - Remove GCM mode from the allowed FIPS indicators. [rC1540698389] - Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
* Release-info: https://dev.gnupg.org/T5905
* Rebase FIPS patches: - libgcrypt-FIPS-SLI-hash-mac.patch - libgcrypt-FIPS-SLI-kdf-leylength.patch - libgcrypt-FIPS-SLI-pk.patch
* Wed Mar 08 2023 mpluskalAATTsuse.com- Build AVX2 enabled hwcaps library for x86_64-v3
* Wed Oct 19 2022 pmonrealAATTsuse.com- Update to 1.10.1:
* Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc.
* Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to the /etc/gcrypt/ directory. This file can be used to globally disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package
* Wed Sep 14 2022 pmonrealAATTsuse.com- Update to 1.10.0:
* New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification.
* Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures.
* Bug fixes: - Fix Elgamal encryption for other implementations. [bsc#1190239, CVE-2021-40528] - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for \"Curve25519\".
* Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. - Simplification of the entropy gatherer when using the getentropy system call.
* Interface changes relative to the 1.10.0 release: - GCRYCTL_SET_DECRYPTION_TAG NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code. - GCRYCTL_NO_FIPS_MODE = 83 NEW control code. - GCRY_CIPHER_MODE_SIV NEW mode. - GCRY_CIPHER_MODE_GCM_SIV NEW mode. - GCRY_CIPHER_EXTENDED NEW flag. - GCRY_SIV_BLOCK_LEN NEW macro. - gcry_cipher_set_decryption_tag NEW macro. - GCRY_KDF_ARGON2 NEW constant. - GCRY_KDF_BALLOON NEW constant. - GCRY_KDF_ARGON2D NEW constant. - GCRY_KDF_ARGON2I NEW constant. - GCRY_KDF_ARGON2ID NEW constant. - gcry_kdf_hd_t NEW type. - gcry_kdf_job_fn_t NEW type. - gcry_kdf_dispatch_job_fn_t NEW type. - gcry_kdf_wait_all_jobs_fn_t NEW type. - struct gcry_kdf_thread_ops NEW struct. - gcry_kdf_open NEW function. - gcry_kdf_compute NEW function. - gcry_kdf_final NEW function. - gcry_kdf_close NEW function. - gcry_pk_hash_sign NEW function. - gcry_pk_hash_verify NEW function. - gcry_pk_random_override_new NEW function.
* Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename to libgcrypt-1.10.0-allow_FSM_same_state.patch
* Remove unused CAVS tests and related patches: - cavs_driver.pl cavs-test.sh - libgcrypt-1.6.1-fips-cavs.patch - drbg_test.patch
* Remove DSA sign/verify patches for the FIPS CAVS test since DSA has been disabled in FIPS mode: - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Rebase libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt_indicators_changes.patch and libgcrypt-indicate-shake.patch and merge both into libgcrypt-FIPS-SLI-hash-mac.patch
* Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Rebase libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-out-of-core-handler.patch and rename to libgcrypt-1.10.0-out-of-core-handler.patch
* Since the FIPS .hmac file is now calculated with the internal tool hmac256, only the \"module is complete\" trigger .fips file is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch to libgcrypt-1.10.0-use-fipscheck.patch
* Remove patches fixed upstream: - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - libgcrypt-fix-rng.patch - libgcrypt-1.8.3-fips-ctor.patch - libgcrypt-1.8.4-use_xfree.patch - libgcrypt-1.8.4-getrandom.patch - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch - libgcrypt-dsa-rfc6979-test-fix.patch - libgcrypt-fix-tests-fipsmode.patch - libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch - libgcrypt-1.8.4-fips-keygen.patch - libgcrypt-invoke-global_init-from-constructor.patch - libgcrypt-Restore-self-tests-from-constructor.patch - libgcrypt-FIPS-GMAC_AES-benckmark.patch - libgcrypt-global_init-constructor.patch - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-ECC.patch - libgcrypt-PCT-RSA.patch - libgcrypt-fips_selftest_trigger_file.patch - libgcrypt-pthread-in-t-lock-test.patch - libgcrypt-FIPS-hw-optimizations.patch - libgcrypt-FIPS-module-version.patch - libgcrypt-FIPS-disable-3DES.patch - libgcrypt-FIPS-fix-regression-tests.patch - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch - libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-disable-DSA.patch - libgcrypt-jitterentropy-3.3.0.patch - libgcrypt-FIPS-Zeroize-hmac.patch
* Update libgcrypt.keyring
* Thu Sep 08 2022 pmonrealAATTsuse.com- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Wed Sep 07 2022 pmonrealAATTsuse.com- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 pmonrealAATTsuse.com- FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 pmonrealAATTsuse.com- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983]
* Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 pmonrealAATTsuse.com- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch
* Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch
* Mon Aug 01 2022 cooloAATTsuse.com- Fix reproducible build problems: - Do not use %release in binaries (but use SOURCE_DATE_EPOCH) - Fix date call messed up by spec-cleaner
* Thu Apr 14 2022 dennis.knorrAATTsuse.com- FIPS: extend the service indicator [bsc#1190700]
* introduced a pk indicator function
* adapted the approved and non approved ciphersuites
* Add libgcrypt_indicators_changes.patch
* Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 pmonrealAATTsuse.com- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
* Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2.
* Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases.
* Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
* Add libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt-FIPS-service-indicators.patch- Run the regression tests also in FIPS mode.
* Disable tests for non-FIPS approved algos.
* Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 pmonrealAATTsuse.com- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 pmonrealAATTsuse.com- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not.
* Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch
* Tue Dec 07 2021 pmonrealAATTsuse.com- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
* Tue Nov 30 2021 pmonrealAATTsuse.com- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
* Fri Nov 26 2021 pmonrealAATTsuse.com- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch
* Mon Nov 08 2021 pmonrealAATTsuse.com- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
* Tue Nov 02 2021 pmonrealAATTsuse.com- FIPS: PBKDF requirements [bsc#1185137]
* The PBKDF2 selftests were introduced in libgcrypt version 1.9.1 in the function selftest_pbkdf2()
* Upstream task: https://dev.gnupg.org/T5182
* Thu Oct 28 2021 pmonrealAATTsuse.com- FIPS: Fix regression tests in FIPS mode [bsc#1192131]
* Add libgcrypt-FIPS-fix-regression-tests.patch
* Upstream task: https://dev.gnupg.org/T5520
* Tue Sep 21 2021 pmonrealAATTsuse.com- FIPS: Provide a module name/identifier and version that can be mapped to the validation records. [bsc#1190706]
* Add libgcrypt-FIPS-module-version.patch
* Upstream task: https://dev.gnupg.org/T5600
* Tue Sep 21 2021 pmonrealAATTsuse.com- FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
* Add libgcrypt-FIPS-hw-optimizations.patch
* Upstream task: https://dev.gnupg.org/T5508
* Mon Aug 23 2021 pmonrealAATTsuse.com- Update to 1.9.4:
* Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for \"Curve25519\".
* Other features: - Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Mon Aug 23 2021 pmonrealAATTsuse.com- Remove not needed patch libgcrypt-sparcv9.diff
* Thu Jul 15 2021 pmonrealAATTsuse.com- Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch
* Fri Jun 11 2021 pmonrealAATTsuse.com- Security fix: [bsc#1187212, CVE-2021-33560]
* cipher: Fix ElGamal encryption for other implementations.
* Exponent blinding was added in version 1.9.3. This patch fixes ElGamal encryption, see: https://dev.gnupg.org/T5328- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Tue Apr 20 2021 infoAATTpaolostivanin.com- libgcrypt 1.9.3:
* Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points.
* Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding.
* Wed Feb 17 2021 andreas.stiegerAATTgmx.de- libgcrypt 1.9.2:
* Fix building with --disable-asm on x86
* Check public key for ECDSA verify operation
* Make sure gcry_get_config (NULL) returns a nul-terminated string
* Fix a memory leak in the ECDH code
* Fix a reading beyond end of input buffer in SHA2-avx2- remove obsolete texinfo packaging macros
* Tue Feb 02 2021 pmonrealAATTsuse.com- Update to 1.9.1
*
*Fix exploitable bug
* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.- Update libgpg-error required version
* Mon Feb 01 2021 pmonrealAATTsuse.com- Use the suffix variable correctly in get_hmac_path()- Rebase libgcrypt-fips_selftest_trigger_file.patch
* Mon Jan 25 2021 pmonrealAATTsuse.com- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent.
* Thu Jan 21 2021 pmonrealAATTsuse.com- Update to 1.9.0: New stable branch of Libgcrypt with full API and ABI compatibility to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
* New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area.
* Performance optimizations and bug fixes: See Release-info.
* Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. - Add mitigation against ECC timing attack CVE-2019-13627. - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves.- Rebase patches:
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
* libgcrypt-1.6.1-use-fipscheck.patch
* drbg_test.patch
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* libgcrypt-1.8.4-fips-keygen.patch
* libgcrypt-1.8.4-getrandom.patch
* libgcrypt-fix-tests-fipsmode.patch
* libgcrypt-global_init-constructor.patch
* libgcrypt-ecc-ecdsa-no-blinding.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch- Remove patches:
* libgcrypt-unresolved-dladdr.patch
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
* libgcrypt-CVE-2019-12904-GCM.patch
* libgcrypt-CVE-2019-12904-AES.patch
* libgcrypt-CMAC-AES-TDES-selftest.patch
* libgcrypt-1.6.1-fips-cfgrandom.patch
* libgcrypt-fips_rsa_no_enforced_mode.patch
* Sat Oct 24 2020 andreas.stiegerAATTgmx.de- libgcrypt 1.8.7:
* Support opaque MPI with gcry_mpi_print
* Fix extra entropy collection via clock_gettime, a fallback code path for legacy hardware
* Tue Jul 07 2020 pmonrealgonzalezAATTsuse.com- Update to 1.8.6
* mpi: Consider +0 and -0 the same in mpi_cmp
* mpi: Fix flags in mpi_copy for opaque MPI
* mpi: Fix the return value of mpi_invm_generic
* mpi: DSA,ECDSA: Fix use of mpi_invm - Call mpi_invm before _gcry_dsa_modify_k - Call mpi_invm before _gcry_ecc_ecdsa_sign
* mpi: Constant time mpi_inv with some conditions - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond) - New: mpih_abs_cond, mpi_invm_odd - Rename from _gcry_mpi_invm: mpi_invm_generic - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
* mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
* Fix wrong code execution in Poly1305 ARM/NEON implementation - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
* Set vZZ.16b register to zero before use in armv8 gcm implementation
* random: Fix include of config.h
* Fix declaration of internal function _gcry_mpi_get_ui: Don\'t use ulong
* ecc: Fix wrong handling of shorten PK bytes - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)- Update libgcrypt-ecc-ecdsa-no-blinding.patch
* Tue May 19 2020 pmonrealgonzalezAATTsuse.com- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
* Print the debug messages in test_keys() only in debug mode.- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch libgcrypt-PCT-ECC.patch
* Mon Apr 27 2020 pmonrealgonzalezAATTsuse.com- FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944]
* Use safer gcry_mpi_release() instead of mpi_free()- Update patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
* Thu Apr 16 2020 vcizekAATTsuse.com- Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569)
* add libgcrypt-fips_selftest_trigger_file.patch
* refresh libgcrypt-global_init-constructor.patch- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted by libgcrypt-global_init-constructor.patch
* Wed Apr 15 2020 pmonrealgonzalezAATTsuse.com- FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]- Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates.- Refreshed patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
* Mon Mar 30 2020 pmonrealgonzalezAATTsuse.com- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
* Patches for DSA, RSA and ECDSA test_keys functions: - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-RSA.patch - libgcrypt-PCT-ECC.patch- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Thu Mar 26 2020 pmonrealgonzalezAATTsuse.com- FIPS: Run self-tests from constructor during power-on [bsc#1166748]
* Set up global_init as the constructor function: - libgcrypt-global_init-constructor.patch
* Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch
* Fix benchmark regression test in FIPS mode: - libgcrypt-FIPS-GMAC_AES-benckmark.patch
* Thu Mar 12 2020 pmonrealgonzalezAATTsuse.com- Remove check not needed in _gcry_global_constructor [bsc#1164950]
* Update libgcrypt-Restore-self-tests-from-constructor.patch
* Tue Feb 25 2020 pmonrealgonzalezAATTsuse.com- FIPS: Run the self-tests from the constructor [bsc#1164950]
* Add libgcrypt-invoke-global_init-from-constructor.patch
* Fri Jan 17 2020 pmonrealgonzalezAATTsuse.com- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
* Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch
* Wed Dec 11 2019 pmonrealgonzalezAATTsuse.com- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
* Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* Wed Nov 27 2019 pmonrealgonzalezAATTsuse.com- Fix tests in FIPS mode:
* Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
* Add patch libgcrypt-fix-tests-fipsmode.patch
* Tue Nov 26 2019 pmonrealgonzalezAATTsuse.com- Fix test dsa-rfc6979 in FIPS mode:
* Disable tests in elliptic curves with 192 bits which are not recommended in FIPS mode
* Add patch libgcrypt-dsa-rfc6979-test-fix.patch
* Tue Nov 12 2019 pmonrealgonzalezAATTsuse.com- CMAC AES and TDES FIPS self-tests:
* CMAC AES self test missing [bsc#1155339]
* CMAC TDES self test missing [bsc#1155338]- Add libgcrypt-CMAC-AES-TDES-selftest.patch
* Fri Aug 30 2019 andreas.stiegerAATTgmx.de- libgcrypt 1.8.5:
* CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
* Improve ECDSA unblinding
* Provide a pkg-config file
* Wed Jun 26 2019 jsikesAATTsuse.de- Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808
* Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
* Removed libgcrypt-fips_run_selftest_at_constructor.patch because it was obsoleted by libgcrypt-1.8.3-fips-ctor.patch
* Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
* Fri Jun 21 2019 pmonrealgonzalezAATTsuse.com- Fixed env-script-interpreter in cavs_driver.pl
* Fri Jun 21 2019 pmonrealgonzalezAATTsuse.com- Security fix: [bsc#1138939, CVE-2019-12904]
* The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)
* Added patches: - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch - libgcrypt-CVE-2019-12904-GCM.patch - libgcrypt-CVE-2019-12904-AES.patch
* Fri Apr 26 2019 jsikesAATTsuse.de- do not try to open /dev/urandom if getrandom() works
* Added libgcrypt-1.8.4-getrandom.patch- Drop libgcrypt-init-at-elf-load-fips.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch
* Tue Apr 23 2019 jsikesAATTsuse.de- Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that was partially causing bsc#1131183.- Fixed race condition in multi-threaded applications by allowing a FSM state transition to the current state. This means some tests are run twice.
* Added libgcrypt-1.8.4-allow_FSM_same_state.patch- Fixed an issue in malloc/free wrappers so that memory created by the malloc() wrappers will be destroyed using the free() wrappers.
* Added libgcrypt-1.8.4-use_xfree.patch
* Fri Apr 05 2019 jsikesAATTsuse.de- removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking libotr. bsc#1131183
* Tue Mar 26 2019 vcizekAATTsuse.com- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests are invoked as well as the state transition, adjust the code so a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
* update libgcrypt-binary_integrity_in_non-FIPS.patch
* Tue Mar 26 2019 vcizekAATTsuse.com- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
* add libgcrypt-fips_rsa_no_enforced_mode.patch
* Fri Mar 22 2019 vcizekAATTsuse.com- Don\'t run full self-tests from constructor (bsc#1097073)
* Don\'t call global_init() from the constructor, _gcry_global_constructor() from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary integrity check instead.
* Only the binary checksum will be verified, the remaining self-tests will be run upon the library initialization- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch- Drop libgcrypt-init-at-elf-load-fips.patch and libgcrypt-fips_run_selftest_at_constructor.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch
* Thu Mar 07 2019 pmonrealgonzalezAATTsuse.com- Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073)
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
* Mon Nov 26 2018 vcizekAATTsuse.com- Fail selftests when checksum file is missing in FIPS mode only (bsc#1117355)
* add libgcrypt-binary_integrity_in_non-FIPS.patch
* Sun Oct 28 2018 astiegerAATTsuse.com- libgcrypt 1.8.4:
* Fix infinite loop with specific application implementations
* Fix possible leak of a few bits of secret primes to pageable memory
* Fix possible hang in the RNG (1.8.3)
* Always make use of getrandom if possible and then use its /dev/urandom behaviour
* Mon Jul 02 2018 schwabAATTsuse.de- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch, libgcrypt-strict-aliasing.patch: Remove obsolete patches- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff- Reenable testsuite
* Wed Jun 13 2018 kbabiochAATTsuse.com- Update to version 1.8.3: - Use blinding for ECDSA signing to mitigate a novel side-channel attack. (CVE-2018-0495 bsc#1097410) - Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. - Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. - Fix the gcry_mpi_ec_curve_point point validation function. - Fix rare assertion failure in gcry_prime_check.- Applied spec-cleaner
* Wed May 02 2018 pmonrealgonzalezAATTsuse.com- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they are installed in the right order. [bsc#1090766]
* Thu Mar 29 2018 pmonrealgonzalezAATTsuse.com- Extended the fipsdrv dsa-sign and dsa-verify commands with the - -algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455).
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Wed Dec 13 2017 astiegerAATTsuse.com- libgcrypt 1.8.2:
* Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems.
* Add auto expand secmem feature or use by GnuPG 2.2.4
* Mon Aug 28 2017 astiegerAATTsuse.com- libgcrypt 1.8.1:
* Mitigate a local side-channel attack on Curve25519 dubbed \"May the Fourth be With You\" CVE-2017-0379 bsc#1055837
* Add more extra bytes to the pool after reading a seed file
* Add the OID SHA384WithECDSA from RFC-7427 to SHA-384
* Fix build problems with the Jitter RNG
* Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)
* Mon Jul 24 2017 jengelhAATTinai.de- RPM group fixes.
* Fri Jul 21 2017 astiegerAATTsuse.com- libgcrypt 1.8.0:
* New cipher mode XTS
* New hash function Blake-2
* New function gcry_mpi_point_copy.
* New function gcry_get_config.
* GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
* New gobal configuration file /etc/gcrypt/random.conf.
* GCRYCTL_PRINT_CONFIG does now also print build information for libgpg-error and the used compiler version.
* GCRY_CIPHER_MODE_CFB8 is now supported.
* A jitter based entropy collector is now used in addition to the other entropy collectors.
* Optimized gcry_md_hash_buffers for SHA-256 and SHA-512. random pool lock).
* Interface changes relative to the 1.7.0 release: gcry_get_config NEW function. gcry_mpi_point_copy NEW function. GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro. GCRY_MD_BLAKE2B_512 NEW constant. GCRY_MD_BLAKE2B_384 NEW constant. GCRY_MD_BLAKE2B_256 NEW constant. GCRY_MD_BLAKE2B_160 NEW constant. GCRY_MD_BLAKE2S_256 NEW constant. GCRY_MD_BLAKE2S_224 NEW constant. GCRY_MD_BLAKE2S_160 NEW constant. GCRY_MD_BLAKE2S_128 NEW constant. GCRY_CIPHER_MODE_XTS NEW constant. gcry_md_info DEPRECATED.- Refresh patch libgcrypt-1.6.3-aliasing.patch
* Thu Jun 29 2017 astiegerAATTsuse.com- libgcrypt 1.7.8:
* CVE-2017-7526: Mitigate a flush+reload side-channel attack on RSA secret keys (bsc#1046607)
* Sun Jun 04 2017 astiegerAATTsuse.com- libgcrypt 1.7.7:
* Fix possible timing attack on EdDSA session key (previously patched, drop libgcrypt-secure-EdDSA-session-key.patch)
* Fix long standing bug in secure memory implementation which could lead to a segv on free
* Fri Jun 02 2017 pmonrealgonzalezAATTsuse.com- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
* Store the session key in secure memory to ensure that constant time point operations are used in the MPI library.
* Fri Jan 20 2017 rmaliskaAATTsuse.com- libgcrypt 1.7.6:
* Fix counter operand from read-only to read/write
* Fix too large jump alignment in mpih-rshift
* Thu Dec 15 2016 astiegerAATTsuse.com- libgcrypt 1.7.5:
* Fix regression in mlock detection introduced with 1.7.4
* Tue Dec 13 2016 astiegerAATTsuse.com- libgcrypt 1.7.4:
* ARMv8/AArch32 performance improvements for AES, GCM, SHA-256, and SHA-1.
* Add ARMv8/AArch32 assembly implementation for Twofish and Camellia.
* Add bulk processing implementation for ARMv8/AArch32.
* Add Stribog OIDs.
* Improve the DRBG performance and sync the code with the Linux version.
* When secure memory is requested by the MPI functions or by gcry_xmalloc_secure, they do not anymore lead to a fatal error if the secure memory pool is used up. Instead new pools are allocated as needed. These new pools are not protected against being swapped out (mlock can\'t be used). Mitigation for minor confidentiality issues is encryption swap space.
* Fix GOST 28147 CryptoPro-B S-box.
* Fix error code handling of mlock calls.
* Sat Aug 20 2016 mpluskal,vcizek,astieger}AATTsuse.com- libgcrypt 1.7.3:
* security issue already fixes with 1.6.6
* Fix building of some asm modules with older compilers and CPUs.
* ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.- includes changes from libgcrypt 1.7.2:
* Bug fixes: - Fix setting of the ECC cofactor if parameters are specified. - Fix memory leak in the ECC code. - Remove debug message about unsupported getrandom syscall. - Fix build problems related to AVX use. - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
* Internal changes: - Improved fatal error message for wrong use of gcry_md_read. - Disallow symmetric encryption/decryption if key is not set.- includes changes from 1.7.1:
* Bug fixes: - Fix ecc_verify for cofactor support. - Fix portability bug when using gcc with Solaris 9 SPARC. - Build fix for OpenBSD/amd64 - Add OIDs to the Serpent ciphers.
* Internal changes: - Use getrandom system call on Linux if available. - Blinding is now also used for RSA signature creation. - Changed names of debug envvars- includes changes from 1.7.0:
* New algorithms and modes: - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms. - SHAKE128 and SHAKE256 extendable-output hash algorithms. - ChaCha20 stream cipher. - Poly1305 message authentication algorithm - ChaCha20-Poly1305 Authenticated Encryption with Associated Data mode. - OCB mode. - HMAC-MD2 for use by legacy applications.
* New curves for ECC: - Curve25519. - sec256k1. - GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance: - Improved performance of KDF functions. - Assembler optimized implementations of Blowfish and Serpent on ARM. - Assembler optimized implementation of 3DES on x86. - Improved AES using the SSSE3 based vector permutation method by Mike Hamburg. - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1 about 20% faster than SSSE3 and more than 100% faster than the generic C implementation. - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8. - 60-90% speedup for Whirlpool on x86. - 300% speedup for RIPE MD-160. - Up to 11 times speedup for CRC functions on x86.
* Other features: - Improved ECDSA and FIPS 186-4 compliance. - Support for Montgomery curves. - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher algorithm. - gcry_mpi_ec_sub to subtract two points on a curve. - gcry_mpi_ec_decode_point to decode an MPI into a point object. - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1] - Flag \"pkcs1-raw\" to enable PCKS#1 padding with a user supplied hash part. - Parameter \"saltlen\" to set a non-default salt length for RSA PSS. - A SP800-90A conforming DRNG replaces the former X9.31 alternative random number generator. - Map deprecated RSA algo number to the RSA algo number for better backward compatibility. [from 1.6.2] - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. [from 1.6.3] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. [from 1.6.3] - Flag \"no-keytest\" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. [from 1.6.4] - Speed up the random number generator by requiring less extra seeding. [from 1.6.4] - Always verify a created RSA signature to avoid private key leaks due to hardware failures. [from 1.6.4] - Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. [from 1.6.5]
* Internal changes: - Moved locking out to libgpg-error. - Support of the SYSROOT envvar in the build system. - Refactor some code. - The availability of a 64 bit integer type is now mandatory.
* Bug fixes: - Fixed message digest lookup by OID (regression in 1.6.0). - Fixed a build problem on NetBSD - Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release: gcry_cipher_final NEW macro. GCRY_CIPHER_MODE_CFB8 NEW constant. GCRY_CIPHER_MODE_OCB NEW. GCRY_CIPHER_MODE_POLY1305 NEW. gcry_cipher_set_sbox NEW macro. gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MAC_HMAC_SHA3_224 NEW. GCRY_MAC_HMAC_SHA3_256 NEW. GCRY_MAC_HMAC_SHA3_384 NEW. GCRY_MAC_HMAC_SHA3_512 NEW. GCRY_MAC_POLY1305 NEW. GCRY_MAC_POLY1305_AES NEW. GCRY_MAC_POLY1305_CAMELLIA NEW. GCRY_MAC_POLY1305_SEED NEW. GCRY_MAC_POLY1305_SERPENT NEW. GCRY_MAC_POLY1305_TWOFISH NEW. gcry_md_extract NEW. GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1]. GCRY_MD_GOSTR3411_CP NEW. GCRY_MD_SHA3_224 NEW. GCRY_MD_SHA3_256 NEW. GCRY_MD_SHA3_384 NEW. GCRY_MD_SHA3_512 NEW. GCRY_MD_SHAKE128 NEW. GCRY_MD_SHAKE256 NEW. gcry_mpi_ec_decode_point NEW. gcry_mpi_ec_sub NEW. GCRY_PK_EDDSA NEW constant. GCRYCTL_GET_TAGLEN NEW. GCRYCTL_SET_SBOX NEW. GCRYCTL_SET_TAGLEN NEW.- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian architectures- update drbg_test.patch and install cavs testing directory again- As DRBG is upstream, drop pateches: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch v9-0007-User-interface-to-DRBG.patch libgcrypt-fix-rng.patch- drop obsolete: libgcrypt-fips-dsa.patch libgcrypt-fips_ecdsa.patch
* Wed Aug 17 2016 astiegerAATTsuse.com- libgcrypt 1.6.6:
* fix CVE-2016-6313: Issue in the mixing functions of the random number generators allowed an attacker who obtained a number of bytes from the standard RNG to predict some of the next ouput. (bsc#994157)
* Mon May 16 2016 pjanouchAATTsuse.de- remove conditionals for unsupported distributions (before 13.2), it would not build anyway because of new dependencies
* Mon May 16 2016 pjanouchAATTsuse.de- make the -hmac package depend on the same version of the library, fixing bsc#979629 FIPS: system fails to reboot after installing fips pattern
* Tue Feb 09 2016 astiegerAATTsuse.com- update to 1.6.5:
* CVE-2015-7511: Mitigate side-channel attack on ECDH with Weierstrass curves (boo#965902)
* Sat Oct 10 2015 astiegerAATTsuse.com- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4
* Tue Sep 08 2015 vcizekAATTsuse.com- update to 1.6.4- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
* Speed up the random number generator by requiring less extra seeding.
* New flag \"no-keytest\" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks due to hardware failures.
* Other minor bug fixes.
* Tue Jun 23 2015 dvaleevAATTsuse.com- Fix gpg2 tests on BigEndian architectures: s390x ppc64 libgcrypt-1.6.3-aliasing.patch
* Sun Mar 01 2015 astiegerAATTsuse.com- fix sosuffix for 1.6.3 (20.0.3)
* Sat Feb 28 2015 astiegerAATTsuse.com- libgcrypt 1.6.3 [bnc#920057]:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
* Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical].- update upstream signing keyring
* Fri Feb 06 2015 cooloAATTsuse.com- making the build reproducible - see http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html for a very similiar problem
* Fri Feb 06 2015 dimstarAATTopensuse.org- Move %install_info_delete calls from postun to preun: the files must still be present to be parsed.- Fix the names passed to install_info for gcrypt.info-[12].gz instead of gcrypt-[12].info.gz.
* Fri Feb 06 2015 cooloAATTsuse.com- fix filename for info pages in %post scripts
* Wed Nov 05 2014 andreas.stiegerAATTgmx.de- libgcrypt 1.6.2:
* Map deprecated RSA algo number to the RSA algo number for better backward compatibility.
* Support a 0x40 compression prefix for EdDSA.
* Improve ARM hardware feature detection and building.
* Fix building for the x32 ABI platform.
* Fix some possible NULL deref bugs.- remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream via xtrymalloc macro- remove libgcrypt-fixed-sizet.patch, upstream- adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change
* Sun Sep 21 2014 vcizekAATTsuse.com- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch- don\'t use SHA-1 for ECDSA in FIPS mode- also run the fips self tests only in FIPS mode
* Tue Sep 16 2014 vcizekAATTsuse.com- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
* Tue Sep 16 2014 vcizekAATTsuse.com- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa- use 2048 bit keys in selftests_dsa
* Mon Sep 01 2014 vcizekAATTsuse.com- fix an issue in DRBG patchset
* size_t type is 32-bit on 32-bit systems- fix a potential NULL pointer deference in DRBG patchset
* patches from https://bugs.g10code.com/gnupg/issue1701- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch- added v9-0007-User-interface-to-DRBG.patch- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch- removed v7-0007-User-interface-to-DRBG.patch- add a subpackage for CAVS testing
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
* added drbg_test.patch
* Tue Aug 12 2014 meissnerAATTsuse.com- split off the -hmac package that contains the checksums
* Mon May 26 2014 meissnerAATTsuse.com- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF DSO loading to meet FIPS requirements.
* Tue May 13 2014 vcizekAATTsuse.com- add new 0007-User-interface-to-DRBG.patch from upstream
* fixes bnc#877233
* supersedes the patch from previous entry
* Mon May 12 2014 tittiatcokeAATTgmail.com- Correct patch 0007-User-interface-to-DRBG.patch so that the struct used in the route matches the header of the function
* Tue May 06 2014 vcizekAATTsuse.com- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html): 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch 0007-User-interface-to-DRBG.patch
* only after 13.1 (the patches need libgpg-error 1.13)- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn\'t applied anyway)
* Thu Apr 03 2014 tchvatalAATTsuse.com- Cleanup with spec-cleaner to sort out.- Really apply ppc64 patch as it was ommited probably by mistake.
* Thu Mar 27 2014 meissnerAATTsuse.com- FIPS changes (from Fedora): - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by libgcrypt-1.6.1-fips-cfgrandom.patch - libgcrypt-fixed-sizet.patch: fixed an int type for -flto - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests- use fipscheck only after 13.1- libgcrypt-fips-allow-legacy.patch: attempt to allow some legacy algorithms for gpg2 usage even in FIPS mode. (currently not applied)
* Thu Jan 30 2014 idonmezAATTsuse.com- Drop arm-missing-files.diff, fixed upstream
* Wed Jan 29 2014 andreas.stiegerAATTgmx.de- libgcrypt 1.6.1, a bugfix release with the folloging fixes:
* Added emulation for broken Whirlpool code prior to 1.6.0.
* Improved performance of KDF functions.
* Improved ECDSA compliance.
* Fixed message digest lookup by OID (regression in 1.6.0).
* Fixed memory leaks in ECC code.
* Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release: GCRY_MD_FLAG_BUGEMU1 NEW (minor API change).
* Fri Jan 03 2014 dmuellerAATTsuse.com- add arm-missing-files.diff: Add missing files to fix build
* Fri Jan 03 2014 mvyskocilAATTsuse.com- fix bnc#856915: can\'t open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff- require libgpg-error 1.11 or higher
* Thu Dec 19 2013 mvyskocilAATTsuse.com- fix dependency for 32bit devel package- name hmac files according soname- fix hmac subpackage dependency
* Thu Dec 19 2013 mvyskocilAATTsuse.com- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms.
* Added a random number generator to directly use the system\'s RNG. Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See
[CVE-2013-4242].
* Added support for Deterministic DSA as per RFC-6969.
* Added support for curve Ed25519.
* Added a scatter gather hash convenience function.
* Added several MPI amd SEXP helper functions.
* Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan.
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id.
* Changed gcry_pk_genkey for \"ecc\" to only include the curve name and not the parameters. The flag \"param\" may be used to revert this.
* Added a feature to globally disable selected hardware features.
* Added debug helper functions.- rebased patches
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
* libgcrypt-ppc64.patch- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build- Move all documentation to -devel package
* Fri Jul 26 2013 andreas.stiegerAATTgmx.de- update to 1.5.3 [bnc#831359] CVE-2013-4242
* Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See .
* Thu Jul 25 2013 mvyskocilAATTsuse.com- port SLE enhancenments to Factory (bnc#831028)
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
* add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
* add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff- install .hmac256.hmac (bnc#704068)- enable varuous new options in configure (m-guard, hmac binary check and random device linux)- build with all ciphers, pubkeys and digest by default as whitelist simply allowed them all
* Mon Jun 17 2013 cooloAATTsuse.com- avoid gpg-offline in bootstrap packages
* Sun Jun 16 2013 crrodriguezAATTopensuse.org- Library must be built with large file support in 32 bit archs.
* Thu Apr 18 2013 andreas.stiegerAATTgmx.de- update to 1.5.2
* The upstream sources now contain the IDEA algorithm, dropping: idea.c.gz libgcrypt-1.5.0-idea.patch libgcrypt-1.5.0-idea_codecleanup.patch
* Made the Padlock code work again (regression since 1.5.0).
* Fixed alignment problems for Serpent.
* Fixed two bugs in ECC computations.
* Fri Mar 22 2013 mvyskocilAATTsuse.com- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
* Mon Mar 18 2013 andreas.stiegerAATTgmx.de- update to 1.5.1
* Allow empty passphrase with PBKDF2.
* Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
* Fixed some Valgrind warnings.
* Fixed a problem with select and high fd numbers.
* Improved the build system
* Various minor bug fixes.
* Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW.- add verification of source code signatures- now requires automake 1.11 to build
* Sat Feb 02 2013 cooloAATTsuse.com- update license to new format
* Tue Jun 12 2012 chrisAATTcomputersalat.de- fix deps
* libgpg-error-devel >= 1.8- add libsoname macro
* Sun Feb 12 2012 crrodriguezAATTopensuse.org- Libraries back into %{_libdir}, /usr merge project
* Sat Dec 24 2011 opensuseAATTdstoecker.de- add the missing IDEA algorithm after the patent is no longer relevant
* Sun Nov 13 2011 jengelhAATTmedozas.de- Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Sun Nov 13 2011 cooloAATTsuse.com- add libtool as explicit buildrequire to avoid implicit dependency from prjconf
* Sun Oct 02 2011 crrodriguezAATTopensuse.org- Update to version 1.5.0, most important changes
* Uses the Intel AES-NI instructions if available
* Support ECDH.
* Fri Nov 19 2010 mvyskocilAATTsuse.cz- update to 1.4.6
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%.
* New variants of the TIGER algorithm.
* New cipher algorithm mode for AES-WRAP.
* Interface changes relative to the 1.4.2 release: GCRY_MD_TIGER1 NEW GCRY_MD_TIGER2 NEW GCRY_CIPHER_MODE_AESWRAP NEW
* Sun Jul 04 2010 jengelhAATTmedozas.de- add missing definition of udiv_qrnnd for sparcv9:32- use %_smp_mflags
* Sat Dec 19 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- disable the use of hand-coded assembler functions on sparc - this is giving me an infinite loop with ./tests/prime (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1. Fedora disables this too.
* Tue Apr 07 2009 crrodriguezAATTsuse.de- update to version 1.4.4
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key generation. DSA domain parameters may be given as well.
* Thu Jan 29 2009 olhAATTsuse.de- obsolete libgcrypt-error-XXbit in the library subpackage
* Wed Dec 10 2008 olhAATTsuse.de- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293)
* Tue Nov 11 2008 mkoenigAATTsuse.de- build rijndael.c with -fno-strict-aliasing [bnc#443693]
* Thu Oct 30 2008 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Mon Jun 30 2008 mkoenigAATTsuse.de- update to version 1.4.1
* Fixed a bug which led to the comsumption of far too much entropy for the intial seeding
* Improved AES performance for CFB and CBC modes
* Sun May 11 2008 cooloAATTsuse.de- fix rename of xxbit packages
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Thu Jan 17 2008 mkoenigAATTsuse.de- update to version 1.4.0:
* The entire library is now under the LGPL. The helper programs and the manual are under the GPL
* New control code GCRYCTL_PRINT_CONFIG
* Experimental support for ECDSA
* Assembler support for the AMD64 architecture
* Non executable stack support is now used by default
* New configure option --enable-random-daemon
* The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros.
* Support for DSA2
* Reserved algorithm ranges for use by applications
* gcry_mpi_rshift does not anymore truncate the shift count
* Support for OFB encryption mode
* Support for the Camellia cipher
* Support for the SEED cipher
* Support for SHA-224 and HMAC using SHA-384 and SHA-512
* Reading and writing the random seed file is now protected by a fcntl style file lock
* Made the RNG immune against fork without exec
* Changed the way the RNG gets initialized
* The ASN.1 DER template for SHA-224 has been fixed
* The ACE engine of VIA processors is now used for AES-128- changed package layout to conform shlib policy: new subpackage libgcrypt11- disable static library- for reference: bugzilla entry of last change #304749
* Wed Sep 12 2007 ltinklAATTsuse.cz- add sanity check for mpi of size 0 (#304479)
* Mon Feb 05 2007 mkoenigAATTsuse.de- update to version 1.2.4:
* Fixed a bug in the memory allocator which could have been the reason for some of non-duplicable bugs.
* Other minor bug fixes.
* Wed Dec 13 2006 mkoenigAATTsuse.de- get rid of .la file and fix devel so link
* Tue Dec 05 2006 mkoenigAATTsuse.de- move shared lib to /%_lib
* Thu Aug 31 2006 mkoenigAATTsuse.de- update to version 1.2.3:
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
* Minor bug fixes.- added libgpg-error-devel and glibc-devel to Requires tag of devel subpackage
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Wed Nov 02 2005 hvogelAATTsuse.de- enable noexecstack- build ac.c with fno-strict-aliasing
* Tue Oct 25 2005 hvogelAATTsuse.de- update to version 1.2.2
* Thu Jun 23 2005 hvogelAATTsuse.de- call install_info macro in post/postun of the devel package- depend on libgcrypt- add clean section
* Tue Jan 18 2005 hvogelAATTsuse.de- update to version 1.2.1
* Tue Jan 11 2005 schwabAATTsuse.de- Fix info dir entry.
* Wed Nov 17 2004 hvogelAATTsuse.de- require libgpg-error-devel (Bug #48271)- get rid of the NLD parts
* Wed Jul 14 2004 adrianAATTsuse.de- create -devel subpackage- prepare for nld
* Wed May 19 2004 hvogelAATTsuse.de- update to version 1.2.0
* Mon Mar 22 2004 meissnerAATTsuse.de- disable make check, because it uses /dev/random whihc is not filled on some server machines.
* Wed Mar 17 2004 meissnerAATTsuse.de- fixed too over enthusiastic powerpc switches to make it work on ppc64. (It compiled before, but did not work).- enabled make check.
* Wed Feb 18 2004 kukukAATTsuse.de- Build against system pthread library, not pth.
* Tue Feb 17 2004 hvogelAATTsuse.de- update to version 1.1.91- fix autoconf quotations
* Sat Jan 10 2004 adrianAATTsuse.de- add %run_ldconfig to %postun
* Sun Jul 27 2003 poemlAATTsuse.de- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC
* Thu Apr 24 2003 roAATTsuse.de- fix install_info --delete call and move from preun to postun
* Mon Feb 10 2003 mmjAATTsuse.de- Use %install_info macro [#23433]
* Mon Feb 10 2003 mcAATTsuse.de- switch to version 1.1.12- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an optional pkcs1 flags parameter in the S-expression. A similar flag may be passed to gcry_pk_decrypt but it is only syntactically implemented.- New convenience macro gcry_md_get_asnoid.- There is now some real stuff in the manual.- New algorithm: MD4- Implemented ciphertext stealing.- Support for plain old DES- Smaller bugs fixes and a few new OIDs.
* Tue Jan 14 2003 nadvornikAATTsuse.cz- fixed multi-line string literals
* Thu Aug 01 2002 poemlAATTsuse.de- create package