Commit Graph

188 Commits

Author SHA256 Message Date
Dominique Leuenberger
1f229e1cb7 Accepting request 1078615 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1078615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=96
2023-04-14 11:12:01 +00:00
d2525ea576 Accepting request 1078614 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1078614
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=166
2023-04-12 09:52:01 +00:00
07ae165632 Accepting request 1078466 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.2:
  * Bug fixes:
    - Fix Argon2 for the case output > 64. [rC13b5454d26]
    - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
    - Fix RSA key generation failure in forced FIPS mode. [T5919]
    - Fix gcry_pk_hash_verify for explicit hash. [T6066]
    - Fix a wrong result of gcry_mpi_invm. [T5970]
    - Allow building with --disable-asm for HPPA. [T5976]
    - Allow building with -Oz. [T6432]
    - Enable the fast path to ChaCha20 only when supported. [T6384]
    - Use size_t to avoid counter overflow in Keccak when directly
      feeding more than 4GiB. [T6217]
  * Other:
    - Do not use secure memory for a DRBG instance. [T5933]
    - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
    - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
    - Allow verification of small RSA signatures in FIPS mode. [T5975]
    - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
    - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
    - Add function-name based FIPS indicator function.
      GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
      an ABI changes because the new FIPS features were not yet
      approved. [rC822ee57f07]
    - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
    - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
    - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
    - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
    - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
    - Prefer gpgrt-config when available. [T5034]
    - Mark AESWRAP as approved FIPS algorithm. [T5512]

OBS-URL: https://build.opensuse.org/request/show/1078466
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=165
2023-04-11 14:55:16 +00:00
Dominique Leuenberger
9a8e9a51cb Accepting request 1070246 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1070246
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=95
2023-03-12 15:22:13 +00:00
7483d2b690 Accepting request 1070143 from home:pluskalm:branches:devel:libraries:c_c++
- Build AVX2 enabled hwcaps library for x86_64-v3

OBS-URL: https://build.opensuse.org/request/show/1070143
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=163
2023-03-08 18:05:37 +00:00
Dominique Leuenberger
42ed2c4012 Accepting request 1038228 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1038228
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=94
2022-11-27 11:52:48 +00:00
f23b31a152 Accepting request 1038227 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch

OBS-URL: https://build.opensuse.org/request/show/1038227
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=161
2022-11-25 14:49:39 +00:00
725ec59b57 Accepting request 1038172 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.1:
  * Bug fixes:
    - Fix minor memory leaks in FIPS mode.
    - Build fixes for MUSL libc.
  * Other:
    - More portable integrity check in FIPS mode.
    - Add X9.62 OIDs to sha256 and sha512 modules.
  * Add the hardware optimizations config file hwf.deny to
    the /etc/gcrypt/ directory. This file can be used to globally
    disable the use of hardware based optimizations.
  * Remove not needed separate_hmac256_binary hmac256 package

- Update to 1.10.0:
  * New and extended interfaces:
    - New control codes to check for FIPS 140-3 approved algorithms.
    - New control code to switch into non-FIPS mode.
    - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
    - Extended cipher mode AESWRAP with padding as specified by
      RFC-5649.
    - New set of KDF functions.
    - New KDF modes Argon2 and Balloon.
    - New functions for combining hashing and signing/verification.
  * Performance:
    - Improved support for PowerPC architectures.
    - Improved ECC performance on zSeries/s390x by using accelerated
      scalar multiplication.
    - Many more assembler performance improvements for several
      architectures.
  * Bug fixes:
    - Fix Elgamal encryption for other implementations.

OBS-URL: https://build.opensuse.org/request/show/1038172
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=160
2022-11-25 14:23:58 +00:00
Dominique Leuenberger
cf0b6d06ec Accepting request 1004197 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1004197
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=93
2022-09-19 14:02:44 +00:00
a52145f041 Accepting request 1004104 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
  * Add libgcrypt-FIPS-rndjent_poll.patch
  * Rebase libgcrypt-jitterentropy-3.4.0.patch

- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
  * Consider approved keylength greater or equal to 112 bits.
  * Add libgcrypt-FIPS-kdf-leylength.patch

- FIPS: Zeroize buffer and digest in check_binary_integrity()
  * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]

OBS-URL: https://build.opensuse.org/request/show/1004104
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=158
2022-09-16 21:00:13 +00:00
Dominique Leuenberger
87139e3bce Accepting request 1001249 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1001249
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=92
2022-09-07 09:05:09 +00:00
82bc8eba9a Accepting request 1001247 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
Sync the FIPS changes to be added in SLE-15-SP4

OBS-URL: https://build.opensuse.org/request/show/1001247
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=156
2022-09-05 10:55:04 +00:00
Dominique Leuenberger
8ec4bc8590 Accepting request 991962 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/991962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=91
2022-08-04 11:22:40 +00:00
80f9a1053d Accepting request 991956 from home:coolo:branches:devel:libraries:c_c++
- Fix reproducible build problems:
   - Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
   - Fix date call messed up by spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/991956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=154
2022-08-01 08:35:47 +00:00
Dominique Leuenberger
4021e5fdc1 Accepting request 950434 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/950434
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=90
2022-02-05 22:22:53 +00:00
c941c8db1e Accepting request 950433 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
  * Upstream task: https://dev.gnupg.org/T5710
  * Add libgcrypt-FIPS-disable-DSA.patch

- FIPS: Service level indicator [bsc#1190700]
  * Provide an indicator to check wether the service utilizes an
    approved cryptographic algorithm or not.
  * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch

- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
  * Disable jitter entropy by default in random.conf
  * Disable only-urandom option by default in random.conf

- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
  * rsa: Check RSA keylen constraints for key operations.
  * rsa: Fix regression in not returning an error for prime generation.
  * tests: Add 2k RSA key working in FIPS mode.
  * tests: pubkey: Replace RSA key to one of 2k.
  * tests: pkcs1v2: Skip tests with small keys in FIPS.
  * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch

- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
  * Add libgcrypt-FIPS-disable-3DES.patch

- FIPS: PBKDF requirements [bsc#1185137]

OBS-URL: https://build.opensuse.org/request/show/950433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
2022-02-01 13:12:14 +00:00
Dominique Leuenberger
2a9591aeaf Accepting request 940475 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/940475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=89
2021-12-18 19:29:55 +00:00
ca014dcd4e Accepting request 940468 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

OBS-URL: https://build.opensuse.org/request/show/940468
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=152
2021-12-14 13:04:25 +00:00
Dominique Leuenberger
69de87215c Accepting request 913986 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/913986
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=88
2021-08-28 20:31:04 +00:00
b49d3291e1 Accepting request 913985 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fix building test t-lock with pthread. [bsc#1189745]
  * Explicitly add -lpthread to compile the t-lock test.
  * Add libgcrypt-pthread-in-t-lock-test.patch

OBS-URL: https://build.opensuse.org/request/show/913985
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=151
2021-08-24 10:37:54 +00:00
00b6c7a408 Accepting request 913968 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.4:
  * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
  * Other features:
    - Add GCM and CCM to OID mapping table for AES.
  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

- Remove not needed patch libgcrypt-sparcv9.diff

- libgcrypt 1.9.3:
    - Fix for Apple iOS getentropy peculiarity.
    - Add VPMSUMD acceleration for GCM mode on PPC.
  - Fix rare assertion failure in gcry_prime_check.

OBS-URL: https://build.opensuse.org/request/show/913968
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
2021-08-24 10:13:55 +00:00
Dominique Leuenberger
3dba002cd7 Accepting request 900114 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/900114
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=87
2021-06-18 08:13:11 +00:00
79c721ab6b Accepting request 899923 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Security fix: [bsc#1187212, CVE-2021-33560]
  * cipher: Fix ElGamal encryption for other implementations.
  * Exponent blinding was added in version 1.9.3. This patch
    fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

OBS-URL: https://build.opensuse.org/request/show/899923
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=148
2021-06-15 09:30:21 +00:00
Dominique Leuenberger
07dafd246e Accepting request 887034 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/887034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=86
2021-04-26 14:38:12 +00:00
c47eb17c1d Accepting request 886925 from home:polslinux:branches:devel:libraries:c_c++
- libgcrypt 1.9.3: 
  * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.  
    - Make keygrip computation work for compressed points.
  * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC. 
  * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.

OBS-URL: https://build.opensuse.org/request/show/886925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=146
2021-04-20 14:18:49 +00:00
Dominique Leuenberger
91f02deb34 Accepting request 873072 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/873072
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=85
2021-02-23 19:18:45 +00:00
ed96a78f46 Accepting request 873060 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.9.2

OBS-URL: https://build.opensuse.org/request/show/873060
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=144
2021-02-17 10:20:09 +00:00
Dominique Leuenberger
032f6c67ac Accepting request 868946 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/868946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=84
2021-02-08 10:47:03 +00:00
dea0435690 Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.1
   * *Fix exploitable bug* in hash functions introduced with
     1.9.0. [bsc#1181632, CVE-2021-3345]
   * Return an error if a negative MPI is used with sexp scan
     functions.
   * Check for operational FIPS in the random and KDF functions.
   * Fix compile error on ARMv7 with NEON disabled.
   * Fix self-test in KDF module.
   * Improve assembler checks for better LTO support.
   * Fix 32-bit cross build on x86.
   * Fix non-NEON ARM assembly implementation for SHA512.
   * Fix build problems with the cipher_bulk_ops_t typedef.
   * Fix Ed25519 private key handling for preceding ZEROs.
   * Fix overflow in modular inverse implementation.
   * Fix register access for AVX/AVX2 implementations of Blake2.
   * Add optimized cipher and hash functions for s390x/zSeries.
   * Use hardware bit counting functionx when available.
   * Update DSA functions to match FIPS 186-3.
   * New self-tests for CMACs and KDFs.
   * Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version

- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch

- Add the global config file /etc/gcrypt/random.conf
  * This file can be used to globally change parameters of the random
    generator with the options: only-urandom and disable-jent.

- Update to 1.9.0:

OBS-URL: https://build.opensuse.org/request/show/868925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142
2021-02-03 12:44:42 +00:00
Dominique Leuenberger
700b9e13cb Accepting request 843816 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/843816
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=83
2020-10-29 08:21:24 +00:00
a15018a4a1 Accepting request 843758 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.7

OBS-URL: https://build.opensuse.org/request/show/843758
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=140
2020-10-24 20:30:16 +00:00
Dominique Leuenberger
fa4a386d83 Accepting request 819169 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/819169
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=82
2020-07-15 09:11:12 +00:00
211bd2f53b Accepting request 819163 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.8.6
  * mpi: Consider +0 and -0 the same in mpi_cmp
  * mpi: Fix flags in mpi_copy for opaque MPI
  * mpi: Fix the return value of mpi_invm_generic
  * mpi: DSA,ECDSA: Fix use of mpi_invm
    - Call mpi_invm before _gcry_dsa_modify_k
    - Call mpi_invm before _gcry_ecc_ecdsa_sign
  * mpi: Constant time mpi_inv with some conditions
    - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
    - New: mpih_abs_cond, mpi_invm_odd
    - Rename from _gcry_mpi_invm: mpi_invm_generic
    - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
  * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
  * Fix wrong code execution in Poly1305 ARM/NEON implementation
    - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
  * Set vZZ.16b register to zero before use in armv8 gcm implementation
  * random: Fix include of config.h
  * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
  * ecc: Fix wrong handling of shorten PK bytes
    - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
- Update libgcrypt-ecc-ecdsa-no-blinding.patch

OBS-URL: https://build.opensuse.org/request/show/819163
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=138
2020-07-07 09:36:56 +00:00
Yuchen Lin
f20d49ff1e Accepting request 807319 from devel:libraries:c_c++
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807319
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=81
2020-05-23 15:19:49 +00:00
Dominique Leuenberger
ae21839c90 Accepting request 805629 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/805629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=80
2020-05-19 12:43:00 +00:00
Vítězslav Čížek
b626ac7062 Accepting request 807298 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807298
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=135
2020-05-19 12:29:20 +00:00
Vítězslav Čížek
9a7cde5372 Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch

- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134
2020-05-14 15:39:34 +00:00
Dominique Leuenberger
d9360a0b9a Accepting request 766879 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/766879
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=79
2020-01-30 08:31:14 +00:00
Tomáš Chvátal
e37716ed54 Accepting request 766877 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
  * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch

- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
  * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

- Fix tests in FIPS mode:
  * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
  * Add patch libgcrypt-fix-tests-fipsmode.patch

- Fix test dsa-rfc6979 in FIPS mode:
  * Disable tests in elliptic curves with 192 bits which are not
    recommended in FIPS mode
  * Add patch libgcrypt-dsa-rfc6979-test-fix.patch

- CMAC AES and TDES FIPS self-tests:
  * CMAC AES self test missing [bsc#1155339]
  * CMAC TDES self test missing [bsc#1155338]
- Add libgcrypt-CMAC-AES-TDES-selftest.patch

OBS-URL: https://build.opensuse.org/request/show/766877
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=132
2020-01-24 12:13:28 +00:00
Dominique Leuenberger
07fa0c0e85 Accepting request 727334 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/727334
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=78
2019-09-07 09:28:42 +00:00
74a1d44e1d Accepting request 727257 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.5 CVE-2019-13627 boo#1148987

OBS-URL: https://build.opensuse.org/request/show/727257
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=130
2019-08-30 20:13:27 +00:00
Dominique Leuenberger
7ad624cbce Accepting request 712272 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/712272
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=77
2019-06-30 08:18:38 +00:00
d57c784f09 Accepting request 712076 from home:jsikes:branches:devel:libraries:c_c++
This fixes bsc#1133808. Hope it doesn't break anything else. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/712076
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=128
2019-06-27 15:31:10 +00:00
02d04cf4ae Accepting request 711377 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fixed env-script-interpreter in cavs_driver.pl

- Security fix: [bsc#1138939, CVE-2019-12904]
  * The C implementation of AES is vulnerable to a flush-and-reload
    side-channel attack because physical addresses are available to
    other processes. (The C implementation is used on platforms where
    an assembly-language implementation is unavailable.)
  * Added patches:
    - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    - libgcrypt-CVE-2019-12904-GCM.patch
    - libgcrypt-CVE-2019-12904-AES.patch

OBS-URL: https://build.opensuse.org/request/show/711377
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=127
2019-06-25 12:49:02 +00:00
Dominique Leuenberger
8d3c3ab6bd Accepting request 698628 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/698628
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=76
2019-06-07 16:00:42 +00:00
Tomáš Chvátal
61eeda1b5c Accepting request 698242 from home:jsikes:branches:devel:libraries:c_c++
Hopefully this fixes bsc#1131369. Hopefully.

OBS-URL: https://build.opensuse.org/request/show/698242
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=125
2019-04-27 08:19:28 +00:00
Tomáš Chvátal
44e7a5642f Accepting request 697283 from home:jsikes:branches:devel:libraries:c_c++
Fixed a few bugs. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/697283
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=124
2019-04-24 08:43:31 +00:00
Tomáš Chvátal
9521655df0 Accepting request 692407 from home:jsikes:branches:devel:libraries:c_c++
Fixed a little oops. Enjoy.

OBS-URL: https://build.opensuse.org/request/show/692407
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=123
2019-04-09 06:12:53 +00:00
9563eb9685 Accepting request 689095 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
  are invoked as well as the state transition, adjust the code so
  a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
  * update libgcrypt-binary_integrity_in_non-FIPS.patch

- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
  * add libgcrypt-fips_rsa_no_enforced_mode.patch

OBS-URL: https://build.opensuse.org/request/show/689095
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=122
2019-03-27 14:36:50 +00:00
Tomáš Chvátal
655523d262 Accepting request 688356 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Don't run full self-tests from constructor (bsc#1097073)
  * Don't call global_init() from the constructor, _gcry_global_constructor()
    from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
    integrity check instead.
  * Only the binary checksum will be verified, the remaining
    self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
  libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
  by libgcrypt-1.8.3-fips-ctor.patch

- Skip all the self-tests except for binary integrity when called
  from the constructor (bsc#1097073)
  * Added libgcrypt-1.8.3-fips-ctor.patch from Fedora

OBS-URL: https://build.opensuse.org/request/show/688356
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=121
2019-03-25 18:52:00 +00:00