- Don't run full self-tests from constructor (bsc#1097073)
* Don't call global_init() from the constructor, _gcry_global_constructor()
from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
integrity check instead.
* Only the binary checksum will be verified, the remaining
self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
by libgcrypt-1.8.3-fips-ctor.patch
- Skip all the self-tests except for binary integrity when called
from the constructor (bsc#1097073)
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
OBS-URL: https://build.opensuse.org/request/show/688356
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=121
- Update to version 1.8.3:
- Use blinding for ECDSA signing to mitigate a novel side-channel
attack. (CVE-2018-0495 bsc#1097410)
- Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit.
- Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms.
- Fix the gcry_mpi_ec_curve_point point validation function.
- Fix rare assertion failure in gcry_prime_check.
- Applied spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/616502
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=113
- update to 1.6.4
- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Other minor bug fixes.
OBS-URL: https://build.opensuse.org/request/show/329637
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=75
- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode
- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa
- use 2048 bit keys in selftests_dsa
OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
- fix an issue in DRBG patchset
* size_t type is 32-bit on 32-bit systems
- fix a potential NULL pointer deference in DRBG patchset
* patches from https://bugs.g10code.com/gnupg/issue1701
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
* added drbg_test.patch
OBS-URL: https://build.opensuse.org/request/show/247239
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=61
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
0007-User-interface-to-DRBG.patch
* only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
applied anyway)
OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
- fix bnc#856915: can't open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency
- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=41