* Bug fixes:
- Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82]
- Fix build regression due to the use of AVX512 in Blake. [T7184]
- Do not build i386 asm on amd64 and vice versa. [T7220]
- Fix build regression on armhf with gcc-14. [T7226]
- Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0]
- Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
* Performance:
- Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb]
- Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
- Add RISC-V vector permute AES. [rCb24ebd6163]
- Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
- Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2]
- Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
* Other:
- Add CET support for i386 and amd64 assembly. [T7220]
- Add PAC/BTI support for AArch64 asm. [T7220]
- Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f]
- Introduce an internal API for a revampled FIPS service indicator. [T7340]
- Several improvements for constant time operation by the introduction of Least Leak Intended (LLI) variants of internal functions. [T7519,T7490]
* Rebase patches:
- libgcrypt-FIPS-SLI-hash-mac.patch
- libgcrypt-FIPS-SLI-pk.patch
- libgcrypt-FIPS-jitter-standalone.patch
* Remove patches:
- libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
- libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
- libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
- libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=190
- add libgcrypt-no-deprecated-grep-alias.patch
- Build AVX2 enabled hwcaps library for x86_64-v3
* Fix counter operand from read-only to read/write
- Fix gpg2 tests on BigEndian architectures: s390x ppc64
- making the build reproducible - see
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
- Correct patch 0007-User-interface-to-DRBG.patch so that the
- Drop arm-missing-files.diff, fixed upstream
- add arm-missing-files.diff: Add missing files to fix build
- update to 1.6.
- Library must be built with large file support in
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
- Libraries back into %{_libdir}, /usr merge project
* New variants of the TIGER algorithm.
generation. DSA domain parameters may be given as well.
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
entropy for the intial seeding
the manual are under the GPL
- update to version 1.2.2
- require libgpg-error-devel (Bug #48271)
- update to version 1.2.0
- disable make check, because it uses /dev/random whihc is
implemented.
OBS-URL: https://build.opensuse.org/request/show/1141963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=102
- Build AVX2 enabled hwcaps library for x86_64-v3
* Fix counter operand from read-only to read/write
- Fix gpg2 tests on BigEndian architectures: s390x ppc64
- making the build reproducible - see
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
- Correct patch 0007-User-interface-to-DRBG.patch so that the
- Drop arm-missing-files.diff, fixed upstream
- add arm-missing-files.diff: Add missing files to fix build
- update to 1.6.
- Library must be built with large file support in
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
- Libraries back into %{_libdir}, /usr merge project
* New variants of the TIGER algorithm.
generation. DSA domain parameters may be given as well.
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
entropy for the intial seeding
the manual are under the GPL
- update to version 1.2.2
- require libgpg-error-devel (Bug #48271)
- update to version 1.2.0
- disable make check, because it uses /dev/random whihc is
implemented.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=178
- Update to 1.10.3:
* Bug fixes:
- Fix public key computation for other EdDSA curves. [rC469919751d6e]
- Remove out of core handler diagnostic in FIPS mode. [T6515]
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md. [T6539]
- Make store an s-exp with \0 is considered to be binary. [T6747]
- Various constant-time improvements.
* Portability:
- Use getrandom call only when supported by the platform. [T6442]
- Change the default for --with-libtool-modification to never. [T6619]
* Release-info: https://dev.gnupg.org/T6817
* Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
OBS-URL: https://build.opensuse.org/request/show/1126687
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=174
- Update to 1.10.2:
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
- Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
OBS-URL: https://build.opensuse.org/request/show/1078466
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=165
- Update to 1.10.1:
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc.
* Other:
- More portable integrity check in FIPS mode.
- Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to
the /etc/gcrypt/ directory. This file can be used to globally
disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package
- Update to 1.10.0:
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649.
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification.
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
OBS-URL: https://build.opensuse.org/request/show/1038172
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=160
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch
- FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
OBS-URL: https://build.opensuse.org/request/show/1004104
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=158
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an
approved cryptographic algorithm or not.
* Add patches:
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches:
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
- FIPS: PBKDF requirements [bsc#1185137]
OBS-URL: https://build.opensuse.org/request/show/950433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
- Update to 1.9.4:
* Bug fixes:
- Fix Elgamal encryption for other implementations. [CVE-2021-33560]
- Fix alignment problem on macOS.
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
- Remove not needed patch libgcrypt-sparcv9.diff
- libgcrypt 1.9.3:
- Fix for Apple iOS getentropy peculiarity.
- Add VPMSUMD acceleration for GCM mode on PPC.
- Fix rare assertion failure in gcry_prime_check.
OBS-URL: https://build.opensuse.org/request/show/913968
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
