Pedro Monreal Gonzalez
c1414c55a9
- Update to 1.11.0:
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
OBS-URL: https://build.opensuse.org/request/show/1183811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=180
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
Index: libgcrypt-1.10.2/src/fips.c
|
|
===================================================================
|
|
--- libgcrypt-1.10.2.orig/src/fips.c
|
|
+++ libgcrypt-1.10.2/src/fips.c
|
|
@@ -520,10 +520,15 @@ int
|
|
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
|
{
|
|
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
|
+ unsigned int keylen = 0;
|
|
|
|
switch (alg)
|
|
{
|
|
case GCRY_KDF_PBKDF2:
|
|
+ keylen = va_arg (arg_ptr, unsigned int);
|
|
+ if (keylen < 112) {
|
|
+ return GPG_ERR_NOT_SUPPORTED;
|
|
+ }
|
|
return GPG_ERR_NO_ERROR;
|
|
default:
|
|
return GPG_ERR_NOT_SUPPORTED;
|
|
Index: libgcrypt-1.10.2/doc/gcrypt.texi
|
|
===================================================================
|
|
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
|
|
+++ libgcrypt-1.10.2/doc/gcrypt.texi
|
|
@@ -970,12 +970,13 @@ is approved under the current FIPS 140-3
|
|
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
|
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
|
|
|
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
|
|
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos [, unsigned int]
|
|
|
|
Check if the given KDF is approved under the current FIPS 140-3
|
|
-certification. If the KDF is approved, this function returns
|
|
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
|
-is returned.
|
|
+certification. The second parameter provides the keylength in bits.
|
|
+Keylength values of less that 112 bits are considered non-approved.
|
|
+If the KDF is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
|
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
|
|
|
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
|
|
|