- FIPS: extend the service indicator [bsc#1190700]
  * introduced a pk indicator function
  * adapted the approved and non approved ciphersuites
  * Add libgcrypt_indicators_changes.patch
  * Add libgcrypt-indicate-shake.patch

• Files Changed
• Browse Source

- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
  * Mark RSA public key encryption and private key decryption with
    padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
    peer key assurance validation requirements per SP800-56Brev2.
  * Mark ECC as approved only for NIST curves P-224, P-256, P-384
    and P-521 with check for common NIST names and aliases.
  * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
  * Add libgcrypt-FIPS-SLI-pk.patch
  * Rebase libgcrypt-FIPS-service-indicators.patch
- Run the regression tests also in FIPS mode.
  * Disable tests for non-FIPS approved algos.
  * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch

• Files Changed
• Browse Source

- FIPS: Disable DSA in FIPS mode [bsc#1195385]
  * Upstream task: https://dev.gnupg.org/T5710
  * Add libgcrypt-FIPS-disable-DSA.patch

- FIPS: Service level indicator [bsc#1190700]
  * Provide an indicator to check wether the service utilizes an
    approved cryptographic algorithm or not.
  * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch

- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
  * Disable jitter entropy by default in random.conf
  * Disable only-urandom option by default in random.conf

- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
  * rsa: Check RSA keylen constraints for key operations.
  * rsa: Fix regression in not returning an error for prime generation.
  * tests: Add 2k RSA key working in FIPS mode.
  * tests: pubkey: Replace RSA key to one of 2k.
  * tests: pkcs1v2: Skip tests with small keys in FIPS.
  * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch

• Files Changed
• Browse Source

- Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734]
  * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
  * Other features:
    - Add GCM and CCM to OID mapping table for AES.
  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

- Remove not needed patch libgcrypt-sparcv9.diff

- Fix building test t-lock with pthread. [bsc#1189745]

• Files Changed
• Browse Source

- libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413]
  * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.
    - Make keygrip computation work for compressed points.
  * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC.
  * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.
  * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch

- Fix building test t-lock with pthread.
  * Explicitly add -lpthread to compile the t-lock test.
  * Add libgcrypt-pthread-in-t-lock-test.patch

- Upgrade to 1.9.2 in SLE-15-SP4 [jsc#SLE-17558, jsc#SLE-19413]
- Remove patches:
  * CVE-2018-0495.patch
  * libgcrypt-CVE-2019-13627.patch
  * libgcrypt-AES-KW-fix-in-place-encryption.patch
  * libgcrypt-ECDSA_check_coordinates_range.patch
  * libgcrypt-check-re-open-dev_random-after-fork.patch

• Files Changed
• Browse Source

initialize package

• Browse Source