- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an
approved cryptographic algorithm or not.
* Add patches:
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches:
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
- FIPS: PBKDF requirements [bsc#1185137]
OBS-URL: https://build.opensuse.org/request/show/950433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
- Update to 1.9.1
* *Fix exploitable bug* in hash functions introduced with
1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan
functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version
- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch
- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random
generator with the options: only-urandom and disable-jent.
- Update to 1.9.0:
OBS-URL: https://build.opensuse.org/request/show/868925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142
