Revisions of libgcrypt
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 6)
- FIPS: extend the service indicator [bsc#1190700] * introduced a pk indicator function * adapted the approved and non approved ciphersuites * Add libgcrypt_indicators_changes.patch * Add libgcrypt-indicate-shake.patch
Stefan Weiberg (suntorytimed)
committed
(revision 5)
- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] * Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2. * Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases. * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. * Add libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt-FIPS-service-indicators.patch - Run the regression tests also in FIPS mode. * Disable tests for non-FIPS approved algos. * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
Stefan Weiberg (suntorytimed)
committed
(revision 4)
- FIPS: Disable DSA in FIPS mode [bsc#1195385] * Upstream task: https://dev.gnupg.org/T5710 * Add libgcrypt-FIPS-disable-DSA.patch - FIPS: Service level indicator [bsc#1190700] * Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not. * Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140] * Disable jitter entropy by default in random.conf * Disable only-urandom option by default in random.conf - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240] * rsa: Check RSA keylen constraints for key operations. * rsa: Fix regression in not returning an error for prime generation. * tests: Add 2k RSA key working in FIPS mode. * tests: pubkey: Replace RSA key to one of 2k. * tests: pkcs1v2: Skip tests with small keys in FIPS. * Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 3)
- Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734] * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch - Remove not needed patch libgcrypt-sparcv9.diff - Fix building test t-lock with pthread. [bsc#1189745]
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 2)
- libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413] * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch - Fix building test t-lock with pthread. * Explicitly add -lpthread to compile the t-lock test. * Add libgcrypt-pthread-in-t-lock-test.patch - Upgrade to 1.9.2 in SLE-15-SP4 [jsc#SLE-17558, jsc#SLE-19413] - Remove patches: * CVE-2018-0495.patch * libgcrypt-CVE-2019-13627.patch * libgcrypt-AES-KW-fix-in-place-encryption.patch * libgcrypt-ECDSA_check_coordinates_range.patch * libgcrypt-check-re-open-dev_random-after-fork.patch
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 1)
initialize package
Displaying all 6 revisions