Overview

File _patchinfo of Package patchinfo.665

<patchinfo incident="665">
  <issue id="896202" tracker="bnc">FIPS: libgcrypt: ECDSA must be FIPS 186-4 compliant [PD=3]</issue>
  <issue id="929919" tracker="bnc">FIPS: libgcrypt: function generate_fips: self-test after key generation failed</issue>
  <issue id="905483" tracker="bnc">FIPS: libgcrypt: DRBG failure mode not hard enough</issue>
  <issue id="900276" tracker="bnc">FIPS: libgcrypt: Implementation of "6.2.2.2 The KeyGen_RandomProbablyPrime 3_3 Test" missing [PD=4]</issue>
  <issue id="899524" tracker="bnc">FIPS: libgcrypt testsuite [PD=3]</issue>
  <issue id="928740" tracker="bnc">FIPS: libgcrypt selftest not performed outside of FIPS mode</issue>
  <issue id="920057" tracker="bnc">VUL-1: CVE-2014-3591, CVE-2015-0837: libgcrypt, gpg: mitigations against side-channel attacks</issue>
  <issue id="896435" tracker="bnc">FIPS: libgcrypt, CAVS AES tests (multiple implementations)</issue>
  <issue id="898003" tracker="bnc">FIPS: libgcrypt: DSA selft-test misses check for the right signature</issue>
  <issue id="900275" tracker="bnc">FIPS: libgcrypt: Implementation of "6.2.2.1 The Known Answer Test for B.3.3 Probably Primes" missing [PD=4]</issue>
  <issue id="CVE-2014-3591" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements.

libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591)

FIPS 140-2 related changes:
* The library performs its self-tests when the module is complete (the -hmac file is also installed).

* Added a NIST 800-90a compliant DRBG.

* Change DSA key generation to be FIPS 186-4 compliant.

* Change RSA key generation to be FIPS 186-4 compliant.

* Enable HW support in fips mode (bnc#896435)

* Make DSA selftest use 2048 bit keys (bnc#898003)

* Added ECDSA selftests and add support for it to the CAVS testing
  framework (bnc#896202)

* Various CAVS testing improvements.
</description>
  <summary>Security update for libgcrypt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places