Overview

File _patchinfo of Package patchinfo.37939

<patchinfo incident="37939">
  <issue tracker="bnc" id="1220896">[FIPS][libgcrypt] Consider the replacement of the built-in jitter rng with the standalone version</issue>
  <issue tracker="bnc" id="1225941">[FIPS 140-3][Libgcrypt] disallow rsa &lt; 2048</issue>
  <issue tracker="bnc" id="1225942">[FIPS 140-3][Libgcrypt] consider deprecate sha1</issue>
  <issue tracker="bnc" id="1220895">[FIPS][Libgcrypt] libgcrypt should enforce the interpretation and use of jitter rng</issue>
  <issue tracker="bnc" id="1225939">[FIPS 140-3][Libgcrypt] redundant indicator functions</issue>
  <issue tracker="bnc" id="1225936">[FIPS 140-3][Libgcrypt] Unnecessary KAT Encryption/Decryption</issue>
  <issue tracker="bnc" id="1220893">[FIPS][Libgcrypt] libgcrypt should use jitter for the whole entropy</issue>
  <packager>lmulling</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for libgcrypt</summary>
  <description>This update for libgcrypt fixes the following issues:

- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa &lt; 2048 [bsc#1225941]
  * Mark RSA operations with keysize &lt; 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
  * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
    transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
  * cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
  for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
  error code to the caller when an health test error occurs when
  random bytes are requested through the jent_read_entropy_safe()
  function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
  * Remove the internal jitterentropy copy [bsc#1220896]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places