libgcrypt

rpm/libgcrypt

SHA256

Fork 0

forked from pool/libgcrypt

Commit Graph

Author	SHA256	Message	Date
Pedro Monreal Gonzalez	dea0435690	Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 1.9.1 * Fix exploitable bug in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345] * Return an error if a negative MPI is used with sexp scan functions. * Check for operational FIPS in the random and KDF functions. * Fix compile error on ARMv7 with NEON disabled. * Fix self-test in KDF module. * Improve assembler checks for better LTO support. * Fix 32-bit cross build on x86. * Fix non-NEON ARM assembly implementation for SHA512. * Fix build problems with the cipher_bulk_ops_t typedef. * Fix Ed25519 private key handling for preceding ZEROs. * Fix overflow in modular inverse implementation. * Fix register access for AVX/AVX2 implementations of Blake2. * Add optimized cipher and hash functions for s390x/zSeries. * Use hardware bit counting functionx when available. * Update DSA functions to match FIPS 186-3. * New self-tests for CMACs and KDFs. * Add bulk cipher functions for OFB and GCM modes. - Update libgpg-error required version - Use the suffix variable correctly in get_hmac_path() - Rebase libgcrypt-fips_selftest_trigger_file.patch - Add the global config file /etc/gcrypt/random.conf * This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent. - Update to 1.9.0: OBS-URL: https://build.opensuse.org/request/show/868925 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142	2021-02-03 12:44:42 +00:00
Vítězslav Čížek	9a7cde5372	Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944] * Use safer gcry_mpi_release() instead of mpi_free() - Update patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) * add libgcrypt-fips_selftest_trigger_file.patch * refresh libgcrypt-global_init-constructor.patch - Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted by libgcrypt-global_init-constructor.patch - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC: [bsc#1165539] - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Refreshed patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - FIPS: Switch the PCT to use the new signature operation [bsc#1165539] * Patches for DSA, RSA and ECDSA test_keys functions: - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-RSA.patch - libgcrypt-PCT-ECC.patch - Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch OBS-URL: https://build.opensuse.org/request/show/805624 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134	2020-05-14 15:39:34 +00:00
Tomáš Chvátal	e37716ed54	Accepting request 766877 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch - Fix tests in FIPS mode: * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem * Add patch libgcrypt-fix-tests-fipsmode.patch - Fix test dsa-rfc6979 in FIPS mode: * Disable tests in elliptic curves with 192 bits which are not recommended in FIPS mode * Add patch libgcrypt-dsa-rfc6979-test-fix.patch - CMAC AES and TDES FIPS self-tests: * CMAC AES self test missing [bsc#1155339] * CMAC TDES self test missing [bsc#1155338] - Add libgcrypt-CMAC-AES-TDES-selftest.patch OBS-URL: https://build.opensuse.org/request/show/766877 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=132	2020-01-24 12:13:28 +00:00

Author

SHA256

Message

Date

Pedro Monreal Gonzalez

dea0435690

Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 1.9.1
* *Fix exploitable bug* in hash functions introduced with
1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan
functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version

- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch

- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random
generator with the options: only-urandom and disable-jent.

- Update to 1.9.0:

OBS-URL: https://build.opensuse.org/request/show/868925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142

2021-02-03 12:44:42 +00:00

Vítězslav Čížek

9a7cde5372

Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch

- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134

2020-05-14 15:39:34 +00:00

Tomáš Chvátal

e37716ed54

Accepting request 766877 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
  * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch

- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
  * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

- Fix tests in FIPS mode:
  * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
  * Add patch libgcrypt-fix-tests-fipsmode.patch

- Fix test dsa-rfc6979 in FIPS mode:
  * Disable tests in elliptic curves with 192 bits which are not
    recommended in FIPS mode
  * Add patch libgcrypt-dsa-rfc6979-test-fix.patch

- CMAC AES and TDES FIPS self-tests:
  * CMAC AES self test missing [bsc#1155339]
  * CMAC TDES self test missing [bsc#1155338]
- Add libgcrypt-CMAC-AES-TDES-selftest.patch

OBS-URL: https://build.opensuse.org/request/show/766877
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=132

2020-01-24 12:13:28 +00:00

3 Commits