SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgcrypt20-1.10.3-1.1.x86_64.rpm :

* Sat Jan 27 2024 Dirk Müller - add libgcrypt-no-deprecated-grep-alias.patch
* Tue Nov 21 2023 Otto Hollmann - Re-create HMAC checksum after RPM build strips the library (bsc#1217058)
* Wed Nov 15 2023 Pedro Monreal - Update to 1.10.3:
* Bug fixes: - Fix public key computation for other EdDSA curves. [rC469919751d6e] - Remove out of core handler diagnostic in FIPS mode. [T6515] - Check that the digest size is not zero in gcry_pk_sign_md and gcry_pk_verify_md. [T6539] - Make store an s-exp with \\0 is considered to be binary. [T6747] - Various constant-time improvements.
* Portability: - Use getrandom call only when supported by the platform. [T6442] - Change the default for --with-libtool-modification to never. [T6619]
* Release-info: https://dev.gnupg.org/T6817
* Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
* Tue Oct 17 2023 Pedro Monreal - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number.
* Add libgcrypt-nobetasuffix.patch [bsc#1216334]
* Tue Oct 03 2023 Pedro Monreal - POWER: performance enhancements for cryptography [jsc#PED-5088]
* Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006] - Chacha20/poly1305: Optimized chacha20/poly1305 for P10 operation [rC88fe7ac33eb4] - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch-3.00 [rC2c5e5ab6843d]
* Add patches: - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Mon May 22 2023 Pedro Monreal - FIPS: Merge the libgcrypt20-hmac package into the library and remove the \"module is complete\" trigger file .fips [bsc#1185116]
* Remove libgcrypt-1.10.0-use-fipscheck.patch
* Tue Apr 11 2023 Pedro Monreal - Update to 1.10.2:
* Bug fixes: - Fix Argon2 for the case output > 64. [rC13b5454d26] - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44] - Fix RSA key generation failure in forced FIPS mode. [T5919] - Fix gcry_pk_hash_verify for explicit hash. [T6066] - Fix a wrong result of gcry_mpi_invm. [T5970] - Allow building with --disable-asm for HPPA. [T5976] - Allow building with -Oz. [T6432] - Enable the fast path to ChaCha20 only when supported. [T6384] - Use size_t to avoid counter overflow in Keccak when directly feeding more than 4GiB. [T6217]
* Other: - Do not use secure memory for a DRBG instance. [T5933] - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918] - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990] - Allow verification of small RSA signatures in FIPS mode. [T5975] - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039] - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165] - Add function-name based FIPS indicator function. GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered an ABI changes because the new FIPS features were not yet approved. [rC822ee57f07] - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397] - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9] - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a] - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219] - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba] - Prefer gpgrt-config when available. [T5034] - Mark AESWRAP as approved FIPS algorithm. [T5512] - Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332] - Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25] - Remove GCM mode from the allowed FIPS indicators. [rC1540698389] - Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
* Release-info: https://dev.gnupg.org/T5905
* Rebase FIPS patches: - libgcrypt-FIPS-SLI-hash-mac.patch - libgcrypt-FIPS-SLI-kdf-leylength.patch - libgcrypt-FIPS-SLI-pk.patch
* Wed Mar 08 2023 Martin Pluskal - Build AVX2 enabled hwcaps library for x86_64-v3
* Wed Oct 19 2022 Pedro Monreal - Update to 1.10.1:
* Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc.
* Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to the /etc/gcrypt/ directory. This file can be used to globally disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package
* Wed Sep 14 2022 Pedro Monreal - Update to 1.10.0:
* New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification.
* Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures.
* Bug fixes: - Fix Elgamal encryption for other implementations. [bsc#1190239, CVE-2021-40528] - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for \"Curve25519\".
* Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. - Simplification of the entropy gatherer when using the getentropy system call.
* Interface changes relative to the 1.10.0 release: - GCRYCTL_SET_DECRYPTION_TAG NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code. - GCRYCTL_NO_FIPS_MODE = 83 NEW control code. - GCRY_CIPHER_MODE_SIV NEW mode. - GCRY_CIPHER_MODE_GCM_SIV NEW mode. - GCRY_CIPHER_EXTENDED NEW flag. - GCRY_SIV_BLOCK_LEN NEW macro. - gcry_cipher_set_decryption_tag NEW macro. - GCRY_KDF_ARGON2 NEW constant. - GCRY_KDF_BALLOON NEW constant. - GCRY_KDF_ARGON2D NEW constant. - GCRY_KDF_ARGON2I NEW constant. - GCRY_KDF_ARGON2ID NEW constant. - gcry_kdf_hd_t NEW type. - gcry_kdf_job_fn_t NEW type. - gcry_kdf_dispatch_job_fn_t NEW type. - gcry_kdf_wait_all_jobs_fn_t NEW type. - struct gcry_kdf_thread_ops NEW struct. - gcry_kdf_open NEW function. - gcry_kdf_compute NEW function. - gcry_kdf_final NEW function. - gcry_kdf_close NEW function. - gcry_pk_hash_sign NEW function. - gcry_pk_hash_verify NEW function. - gcry_pk_random_override_new NEW function.
* Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename to libgcrypt-1.10.0-allow_FSM_same_state.patch
* Remove unused CAVS tests and related patches: - cavs_driver.pl cavs-test.sh - libgcrypt-1.6.1-fips-cavs.patch - drbg_test.patch
* Remove DSA sign/verify patches for the FIPS CAVS test since DSA has been disabled in FIPS mode: - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Rebase libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt_indicators_changes.patch and libgcrypt-indicate-shake.patch and merge both into libgcrypt-FIPS-SLI-hash-mac.patch
* Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Rebase libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-out-of-core-handler.patch and rename to libgcrypt-1.10.0-out-of-core-handler.patch
* Since the FIPS .hmac file is now calculated with the internal tool hmac256, only the \"module is complete\" trigger .fips file is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch to libgcrypt-1.10.0-use-fipscheck.patch
* Remove patches fixed upstream: - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - libgcrypt-fix-rng.patch - libgcrypt-1.8.3-fips-ctor.patch - libgcrypt-1.8.4-use_xfree.patch - libgcrypt-1.8.4-getrandom.patch - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch - libgcrypt-dsa-rfc6979-test-fix.patch - libgcrypt-fix-tests-fipsmode.patch - libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch - libgcrypt-1.8.4-fips-keygen.patch - libgcrypt-invoke-global_init-from-constructor.patch - libgcrypt-Restore-self-tests-from-constructor.patch - libgcrypt-FIPS-GMAC_AES-benckmark.patch - libgcrypt-global_init-constructor.patch - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-ECC.patch - libgcrypt-PCT-RSA.patch - libgcrypt-fips_selftest_trigger_file.patch - libgcrypt-pthread-in-t-lock-test.patch - libgcrypt-FIPS-hw-optimizations.patch - libgcrypt-FIPS-module-version.patch - libgcrypt-FIPS-disable-3DES.patch - libgcrypt-FIPS-fix-regression-tests.patch - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch - libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-disable-DSA.patch - libgcrypt-jitterentropy-3.3.0.patch - libgcrypt-FIPS-Zeroize-hmac.patch
* Update libgcrypt.keyring
* Thu Sep 08 2022 Pedro Monreal - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Wed Sep 07 2022 Pedro Monreal - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 Pedro Monreal - FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 Pedro Monreal - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983]
* Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 Pedro Monreal - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch
* Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch
* Mon Aug 01 2022 Stephan Kulow - Fix reproducible build problems: - Do not use %release in binaries (but use SOURCE_DATE_EPOCH) - Fix date call messed up by spec-cleaner
* Thu Apr 14 2022 Dennis Knorr - FIPS: extend the service indicator [bsc#1190700]
* introduced a pk indicator function
* adapted the approved and non approved ciphersuites
* Add libgcrypt_indicators_changes.patch
* Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 Pedro Monreal - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
* Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2.
* Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases.
* Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
* Add libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt-FIPS-service-indicators.patch- Run the regression tests also in FIPS mode.
* Disable tests for non-FIPS approved algos.
* Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 Pedro Monreal - FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 Pedro Monreal - FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not.
* Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch
* Tue Dec 07 2021 Pedro Monreal - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
* Tue Nov 30 2021 Pedro Monreal - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
* Fri Nov 26 2021 Pedro Monreal - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch
* Mon Nov 08 2021 Pedro Monreal - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
* Tue Nov 02 2021 Pedro Monreal - FIPS: PBKDF requirements [bsc#1185137]
* The PBKDF2 selftests were introduced in libgcrypt version 1.9.1 in the function selftest_pbkdf2()
* Upstream task: https://dev.gnupg.org/T5182
* Thu Oct 28 2021 Pedro Monreal - FIPS: Fix regression tests in FIPS mode [bsc#1192131]
* Add libgcrypt-FIPS-fix-regression-tests.patch
* Upstream task: https://dev.gnupg.org/T5520
* Tue Sep 21 2021 Pedro Monreal - FIPS: Provide a module name/identifier and version that can be mapped to the validation records. [bsc#1190706]
* Add libgcrypt-FIPS-module-version.patch
* Upstream task: https://dev.gnupg.org/T5600
* Tue Sep 21 2021 Pedro Monreal - FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
* Add libgcrypt-FIPS-hw-optimizations.patch
* Upstream task: https://dev.gnupg.org/T5508
* Mon Aug 23 2021 Pedro Monreal - Update to 1.9.4:
* Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for \"Curve25519\".
* Other features: - Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Mon Aug 23 2021 Pedro Monreal - Remove not needed patch libgcrypt-sparcv9.diff
* Thu Jul 15 2021 Pedro Monreal - Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch
* Fri Jun 11 2021 Pedro Monreal - Security fix: [bsc#1187212, CVE-2021-33560]
* cipher: Fix ElGamal encryption for other implementations.
* Exponent blinding was added in version 1.9.3. This patch fixes ElGamal encryption, see: https://dev.gnupg.org/T5328- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
* Tue Apr 20 2021 Paolo Stivanin - libgcrypt 1.9.3:
* Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points.
* Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding.
* Wed Feb 17 2021 Andreas Stieger - libgcrypt 1.9.2:
* Fix building with --disable-asm on x86
* Check public key for ECDSA verify operation
* Make sure gcry_get_config (NULL) returns a nul-terminated string
* Fix a memory leak in the ECDH code
* Fix a reading beyond end of input buffer in SHA2-avx2- remove obsolete texinfo packaging macros
* Tue Feb 02 2021 Pedro Monreal - Update to 1.9.1
*
*Fix exploitable bug
* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.- Update libgpg-error required version
* Mon Feb 01 2021 Pedro Monreal - Use the suffix variable correctly in get_hmac_path()- Rebase libgcrypt-fips_selftest_trigger_file.patch
* Mon Jan 25 2021 Pedro Monreal - Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent.
* Thu Jan 21 2021 Pedro Monreal - Update to 1.9.0: New stable branch of Libgcrypt with full API and ABI compatibility to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
* New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area.
* Performance optimizations and bug fixes: See Release-info.
* Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. - Add mitigation against ECC timing attack CVE-2019-13627. - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves.- Rebase patches:
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
* libgcrypt-1.6.1-use-fipscheck.patch
* drbg_test.patch
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* libgcrypt-1.8.4-fips-keygen.patch
* libgcrypt-1.8.4-getrandom.patch
* libgcrypt-fix-tests-fipsmode.patch
* libgcrypt-global_init-constructor.patch
* libgcrypt-ecc-ecdsa-no-blinding.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch- Remove patches:
* libgcrypt-unresolved-dladdr.patch
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
* libgcrypt-CVE-2019-12904-GCM.patch
* libgcrypt-CVE-2019-12904-AES.patch
* libgcrypt-CMAC-AES-TDES-selftest.patch
* libgcrypt-1.6.1-fips-cfgrandom.patch
* libgcrypt-fips_rsa_no_enforced_mode.patch
  
ICM