- update to 1.6.4
- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Other minor bug fixes.
OBS-URL: https://build.opensuse.org/request/show/329637
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=75
- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode
- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa
- use 2048 bit keys in selftests_dsa
OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
- fix an issue in DRBG patchset
* size_t type is 32-bit on 32-bit systems
- fix a potential NULL pointer deference in DRBG patchset
* patches from https://bugs.g10code.com/gnupg/issue1701
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
* added drbg_test.patch
OBS-URL: https://build.opensuse.org/request/show/247239
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=61
As reported via email, libgcrypt has an inconsistency in the 0007-*patch that was added last.
This correction fixes the build failures we are currently seeing in Factory, etc. At least when build against libgcrypt with this patch, the error no longer occurs. However I can not see if this change has any other effect at the moment. (forwarded request 233464 from tittiatcoke)
OBS-URL: https://build.opensuse.org/request/show/233465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=46
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
0007-User-interface-to-DRBG.patch
* only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
applied anyway) (forwarded request 232937 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/232952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=45
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
0007-User-interface-to-DRBG.patch
* only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
applied anyway)
OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
- Cleanup with spec-cleaner to sort out.
- Really apply ppc64 patch as it was ommited probably by mistake.
- FIPS changes (from Fedora):
- replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
libgcrypt-1.6.1-fips-cfgrandom.patch
- libgcrypt-fixed-sizet.patch: fixed an int type for -flto
- libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
- libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests
- use fipscheck only after 13.1
- libgcrypt-fips-allow-legacy.patch: attempt to allow some
legacy algorithms for gpg2 usage even in FIPS mode.
(currently not applied)
OBS-URL: https://build.opensuse.org/request/show/228871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=44
- fix bnc#856915: can't open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency
- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=41
