| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: libgcrypt-devel | Distribution: openSUSE Tumbleweed | 
| Version: 1.11.2 | Vendor: openSUSE | 
| Release: 1.1 | Build date: Fri Aug 8 22:05:34 2025 | 
| Group: Development/Libraries/C and C++ | Build host: reproducible | 
| Size: 314825 | Source RPM: libgcrypt-1.11.2-1.1.src.rpm | 
| Packager: https://bugs.opensuse.org | |
| Url: https://gnupg.org/software/libgcrypt | |
| Summary: The GNU Crypto Library | |
Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library.
GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
* Fri Aug 08 2025 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to 1.11.2:
    * portability fixes
    * Support secp256k1 by KEM API.  GnuPG has recently switched to
      use the KEM interface and a few folks are using this curve
    * Fix a missing initialization in RSA's generate_fips.
    * Use '.rodata' section for read-only data of poly1305-p10le
* Thu Jun 05 2025 Angel Yankov <angel.yankov@suse.com>
  - Security fix [bsc#1221107, CVE-2024-2236]
    * Add --enable-marvin-workaround to spec to enable workaround
    * Fix  timing based side-channel in RSA implementation ( Marvin attack )
    * Add libgcrypt-CVE-2024-2236.patch
* Thu May 08 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Update to 1.11.1: [jsc#PED-12227]
    * Bug fixes:
    - Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82]
    - Fix build regression due to the use of AVX512 in Blake. [T7184]
    - Do not build i386 asm on amd64 and vice versa. [T7220]
    - Fix build regression on armhf with gcc-14. [T7226]
    - Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0]
    - Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
    * Performance:
    - Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb]
    - Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
    - Add RISC-V vector permute AES. [rCb24ebd6163]
    - Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
    - Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2]
    - Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
    * Other:
    - Add CET support for i386 and amd64 assembly. [T7220]
    - Add PAC/BTI support for AArch64 asm. [T7220]
    - Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f]
    - Introduce an internal API for a revampled FIPS service indicator. [T7340]
    - Several improvements for constant time operation by the introduction of
      Least Leak Intended (LLI) variants of internal functions. [T7519,T7490]
    * Add libgcrypt-1.11.1-public-SLI-API.patch
    * Rebase patches:
    - libgcrypt-FIPS-SLI-hash-mac.patch
    - libgcrypt-FIPS-SLI-pk.patch
    - libgcrypt-FIPS-jitter-standalone.patch
    * Remove patches:
    - libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
    - libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
    - libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
    - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
    - libgcrypt-fips-tests-Add-t-digest.patch
    - libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch
    - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
    - libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch
    - libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
    - libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch
    - libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch
    - libgcrypt-tests-fips-Rename-t-fips-service-ind.patch
    - libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch
    - libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch
    - libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
    - libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch
    - libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
    - libgcrypt-Fix-the-previous-change.patch
    - libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
    - libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch
    - libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
    - libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch
    - libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
    - libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch
    - libgcrypt-build-Improve-__thread-specifier-check.patch
    - libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch
    - libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
    - libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch
    - libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch
    - libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch
    - libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch
    - libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch
    - libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch
    - libgcrypt-tests-Allow-tests-with-USE_RSA.patch
    - libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch
    - libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch
    - libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch
    - libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch
    - libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch
    - libgcrypt-cipher-ecc-Fix-for-supplied-K.patch
    - libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch
    - libgcrypt-cipher-fips-Fix-for-random-override.patch
    - libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
    - libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch
    - libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch
    - libgcrypt-doc-Fix-syntax-error.patch
    - libgcrypt-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
* Tue May 06 2025 Pedro Monreal <pmonreal@suse.com>
  - CSHAKE basic regression test failure in s390x [bsc#1242419]
    * Disable SHA3 s390x acceleration for CSHAKE [rC2486d9b5ae01]
    * Add libgcrypt-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
* Sun Apr 13 2025 Lucas Mulling <lucas.mulling@suse.com>
  - Differentiate use of SHA1 in the service level indicator [jsc#PED-12227]
    * Include upstream SLI revamp and fips certification fixes
    * Add patches:
    - libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
    - libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
    - libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
    - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
    - libgcrypt-fips-tests-Add-t-digest.patch
    - libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch
    - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
    - libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch
    - libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
    - libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch
    - libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch
    - libgcrypt-tests-fips-Rename-t-fips-service-ind.patch
    - libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch
    - libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch
    - libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
    - libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch
    - libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
    - libgcrypt-Fix-the-previous-change.patch
    - libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
    - libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch
    - libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
    - libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch
    - libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
    - libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch
    - libgcrypt-build-Improve-__thread-specifier-check.patch
    - libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch
    - libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
    - libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch
    - libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch
    - libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch
    - libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch
    - libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch
    - libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch
    - libgcrypt-tests-Allow-tests-with-USE_RSA.patch
    - libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch
    - libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch
    - libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch
    - libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch
    - libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch
    - libgcrypt-cipher-ecc-Fix-for-supplied-K.patch
    - libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch
    - libgcrypt-cipher-fips-Fix-for-random-override.patch
    - libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
    - libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch
    - libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch
    - libgcrypt-doc-Fix-syntax-error.patch
    * Rebase patches:
    - libgcrypt-FIPS-SLI-kdf-leylength.patch
* Tue Jan 07 2025 Pedro Monreal <pmonreal@suse.com>
  - Fix redefinition error of 'rol64'. Remove not used rol64()
    definition after removing the built-in jitter rng.
    * Add libgcrypt-rol64-redefinition.patch
* Mon Dec 02 2024 Pedro Monreal <pmonreal@suse.com>
  - Remove unrecognized option: --enable-m-guard
* Thu Jun 20 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.11.0:
    * New and extended interfaces:
    - Add an API for Key Encapsulation Mechanism (KEM). [T6755]
    - Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
    - Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
    - Add Classic McEliece algorithm. [rC003367b912]
    - Add One-Step KDF with hash and MAC. [T5964]
    - Add KDF algorithm HKDF of RFC-5869. [T5964]
    - Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
    - Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
    - Add ARIA block cipher algorithm. [rC316c6d7715]
    - Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
    - Add support for SHAKE as MGF in RSA. [T6557]
    - Add gcry_md_read support for SHAKE algorithms. [T6539]
    - Add gcry_md_hash_buffers_ext function. [T7035]
    - Add cSHAKE hash algorithm. [rC065b3f4e02]
    - Support internal generation of IV for AEAD cipher mode. [T4873]
    * Performance:
    - Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
    - Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
    - Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
    - Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
    - Add PowerPC vector implementation of SM4. [rC0b2da804ee]
    - Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
    - Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
    - Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
      and Camellia. [rCcf956793af]
    - Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
    - Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
      and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
    - Add AVX512 implementation for SHA512. [rC089223aa3b]
    - Add AVX512 implementation for Serpent. [rCce95b6ec35]
    - Add AVX512 implementation for Poly1305 and ChaCha20. [rCcd3ed49770, rC9a63cfd617]
    - Add AVX512 accelerated implementation for SHA3 and Blake2. [rCbeaad75f46,rC909daa700e]
    - Add VAES/AVX2 accelerated i386 implementation for AES. [rC4a42a042bc]
    - Add bulk processing for XTS mode of Camellia and SM4. [rC32b18cdb87, rCaad3381e93]
    - Accelerate XTS and ECB modes for Twofish and Serpent. [rCd078a928f5,rC8a1fe5f78f]
    - Add AArch64 crypto/SHA512 extension implementation for SHA512. [rCe51d3b8330]
    - Add AArch64 crypto-extension implementation for Camellia. [rC898c857206]
    - Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
    * Bug fixes:
    - For PowerPC check for missing optimization level for vector register usage. [T5785]
    - Fix EdDSA secret key check. [T6511]
    - Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
    - Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
    - Fix AESWRAP padding length check. [T7130]
    * Other:
    - Allow empty password for Argon2 KDF. [rCa20700c55f]
    - Various constant time operation imporvements.
    - Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
    - Support for the random server has been removed. [T5811]
    - The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
      supported any more.  Please use valgrind or other tools. [T5822]
    - Logging is now done via the libgpg-error logging functions. [rCab0bdc72c7]
    * Remove patches fixed upstream:
    - libgcrypt-no-deprecated-grep-alias.patch
    - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
    - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
    * Rebase patches:
    - libgcrypt-FIPS-jitter-errorcodes.patch
    - libgcrypt-FIPS-jitter-whole-entropy.patch
* Wed Mar 20 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
    for the whole length entropy buffer in FIPS mode. [bsc#1220893]
    * Add libgcrypt-FIPS-jitter-whole-entropy.patch
* Wed Mar 20 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Set the FSM into error state if Jitter RNG is returning an
    error code to the caller when an health test error occurs when
    random bytes are requested through the jent_read_entropy_safe()
    function. [bsc#1220895]
    * Add libgcrypt-FIPS-jitter-errorcodes.patch
* Mon Mar 11 2024 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Replace the built-in jitter rng with standalone version
    * Remove the internal jitterentropy copy [bsc#1220896]
    * Add libgcrypt-FIPS-jitter-standalone.patch
    * Remove not needed libgcrypt-jitterentropy-3.4.0.patch
* Mon Feb 26 2024 Pedro Monreal <pmonreal@suse.com>
  - Update upstream libgcrypt.keyring
* Sat Jan 27 2024 Dirk Müller <dmueller@suse.com>
  - add libgcrypt-no-deprecated-grep-alias.patch
* Tue Nov 21 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Re-create HMAC checksum after RPM build strips the library
    (bsc#1217058)
* Wed Nov 15 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.3:
    * Bug fixes:
    - Fix public key computation for other EdDSA curves. [rC469919751d6e]
    - Remove out of core handler diagnostic in FIPS mode. [T6515]
    - Check that the digest size is not zero in gcry_pk_sign_md and
      gcry_pk_verify_md. [T6539]
    - Make store an s-exp with \0 is considered to be binary. [T6747]
    - Various constant-time improvements.
    * Portability:
    - Use getrandom call only when supported by the platform. [T6442]
    - Change the default for --with-libtool-modification to never. [T6619]
    * Release-info: https://dev.gnupg.org/T6817
    * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
* Tue Oct 17 2023 Pedro Monreal <pmonreal@suse.com>
  - Do not pull revision info from GIT when autoconf is run. This
    removes the -unknown suffix after the version number.
    * Add libgcrypt-nobetasuffix.patch [bsc#1216334]
* Tue Oct 03 2023 Pedro Monreal <pmonreal@suse.com>
  - POWER: performance enhancements for cryptography [jsc#PED-5088]
    * Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006]
    - Chacha20/poly1305: Optimized chacha20/poly1305 for
      P10 operation [rC88fe7ac33eb4]
    - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES
      on arch-3.00 [rC2c5e5ab6843d]
    * Add patches:
    - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
    - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Mon May 22 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Merge the libgcrypt20-hmac package into the library and
    remove the "module is complete" trigger file .fips [bsc#1185116]
    * Remove libgcrypt-1.10.0-use-fipscheck.patch
* Tue Apr 11 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.2:
    * Bug fixes:
    - Fix Argon2 for the case output > 64. [rC13b5454d26]
    - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
    - Fix RSA key generation failure in forced FIPS mode. [T5919]
    - Fix gcry_pk_hash_verify for explicit hash. [T6066]
    - Fix a wrong result of gcry_mpi_invm. [T5970]
    - Allow building with --disable-asm for HPPA. [T5976]
    - Allow building with -Oz. [T6432]
    - Enable the fast path to ChaCha20 only when supported. [T6384]
    - Use size_t to avoid counter overflow in Keccak when directly
      feeding more than 4GiB. [T6217]
    * Other:
    - Do not use secure memory for a DRBG instance. [T5933]
    - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
    - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
    - Allow verification of small RSA signatures in FIPS mode. [T5975]
    - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
    - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
    - Add function-name based FIPS indicator function.
      GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
      an ABI changes because the new FIPS features were not yet
      approved. [rC822ee57f07]
    - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
    - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
    - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
    - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
    - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
    - Prefer gpgrt-config when available. [T5034]
    - Mark AESWRAP as approved FIPS algorithm. [T5512]
    - Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
    - Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
    - Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
    - Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
    * Release-info: https://dev.gnupg.org/T5905
    * Rebase FIPS patches:
    - libgcrypt-FIPS-SLI-hash-mac.patch
    - libgcrypt-FIPS-SLI-kdf-leylength.patch
    - libgcrypt-FIPS-SLI-pk.patch
* Wed Mar 08 2023 Martin Pluskal <mpluskal@suse.com>
  - Build AVX2 enabled hwcaps library for x86_64-v3
* Wed Oct 19 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.1:
    * Bug fixes:
    - Fix minor memory leaks in FIPS mode.
    - Build fixes for MUSL libc.
    * Other:
    - More portable integrity check in FIPS mode.
    - Add X9.62 OIDs to sha256 and sha512 modules.
    * Add the hardware optimizations config file hwf.deny to
      the /etc/gcrypt/ directory. This file can be used to globally
      disable the use of hardware based optimizations.
    * Remove not needed separate_hmac256_binary hmac256 package
* Wed Sep 14 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 1.10.0:
    * New and extended interfaces:
    - New control codes to check for FIPS 140-3 approved algorithms.
    - New control code to switch into non-FIPS mode.
    - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
    - Extended cipher mode AESWRAP with padding as specified by
      RFC-5649.
    - New set of KDF functions.
    - New KDF modes Argon2 and Balloon.
    - New functions for combining hashing and signing/verification.
    * Performance:
    - Improved support for PowerPC architectures.
    - Improved ECC performance on zSeries/s390x by using accelerated
      scalar multiplication.
    - Many more assembler performance improvements for several
      architectures.
    * Bug fixes:
    - Fix Elgamal encryption for other implementations.
      [bsc#1190239, CVE-2021-40528]
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
    * Other features:
    - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
      because it is useless with the FIPS 140-3 related changes.
    - Update of the jitter entropy RNG code.
    - Simplification of the entropy gatherer when using the getentropy
      system call.
    * Interface changes relative to the 1.10.0 release:
    - GCRYCTL_SET_DECRYPTION_TAG            NEW control code.
    - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
    - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF    NEW control code.
    - GCRYCTL_NO_FIPS_MODE = 83             NEW control code.
    - GCRY_CIPHER_MODE_SIV                  NEW mode.
    - GCRY_CIPHER_MODE_GCM_SIV              NEW mode.
    - GCRY_CIPHER_EXTENDED                  NEW flag.
    - GCRY_SIV_BLOCK_LEN                    NEW macro.
    - gcry_cipher_set_decryption_tag        NEW macro.
    - GCRY_KDF_ARGON2                       NEW constant.
    - GCRY_KDF_BALLOON                      NEW constant.
    - GCRY_KDF_ARGON2D                      NEW constant.
    - GCRY_KDF_ARGON2I                      NEW constant.
    - GCRY_KDF_ARGON2ID                     NEW constant.
    - gcry_kdf_hd_t                         NEW type.
    - gcry_kdf_job_fn_t                     NEW type.
    - gcry_kdf_dispatch_job_fn_t            NEW type.
    - gcry_kdf_wait_all_jobs_fn_t           NEW type.
    - struct gcry_kdf_thread_ops            NEW struct.
    - gcry_kdf_open                         NEW function.
    - gcry_kdf_compute                      NEW function.
    - gcry_kdf_final                        NEW function.
    - gcry_kdf_close                        NEW function.
    - gcry_pk_hash_sign                     NEW function.
    - gcry_pk_hash_verify                   NEW function.
    - gcry_pk_random_override_new           NEW function.
    * Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename
      to libgcrypt-1.10.0-allow_FSM_same_state.patch
    * Remove unused CAVS tests and related patches:
    - cavs_driver.pl cavs-test.sh
    - libgcrypt-1.6.1-fips-cavs.patch
    - drbg_test.patch
    * Remove DSA sign/verify patches for the FIPS CAVS test since DSA
      has been disabled in FIPS mode:
    - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
    - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
    * Rebase libgcrypt-FIPS-SLI-pk.patch
    * Rebase libgcrypt_indicators_changes.patch and
      libgcrypt-indicate-shake.patch and merge both into
      libgcrypt-FIPS-SLI-hash-mac.patch
    * Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to
      libgcrypt-FIPS-SLI-kdf-leylength.patch
    * Rebase libgcrypt-jitterentropy-3.4.0.patch
    * Rebase libgcrypt-FIPS-rndjent_poll.patch
    * Rebase libgcrypt-out-of-core-handler.patch and rename to
      libgcrypt-1.10.0-out-of-core-handler.patch
    * Since the FIPS .hmac file is now calculated with the internal
      tool hmac256, only the "module is complete" trigger .fips file
      is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch
      to libgcrypt-1.10.0-use-fipscheck.patch
    * Remove patches fixed upstream:
    - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
    - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
    - libgcrypt-fix-rng.patch
    - libgcrypt-1.8.3-fips-ctor.patch
    - libgcrypt-1.8.4-use_xfree.patch
    - libgcrypt-1.8.4-getrandom.patch
    - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
    - libgcrypt-dsa-rfc6979-test-fix.patch
    - libgcrypt-fix-tests-fipsmode.patch
    - libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
    - libgcrypt-1.8.4-fips-keygen.patch
    - libgcrypt-invoke-global_init-from-constructor.patch
    - libgcrypt-Restore-self-tests-from-constructor.patch
    - libgcrypt-FIPS-GMAC_AES-benckmark.patch
    - libgcrypt-global_init-constructor.patch
    - libgcrypt-random_selftests-testentropy.patch
    - libgcrypt-rsa-no-blinding.patch
    - libgcrypt-ecc-ecdsa-no-blinding.patch
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-ECC.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-fips_selftest_trigger_file.patch
    - libgcrypt-pthread-in-t-lock-test.patch
    - libgcrypt-FIPS-hw-optimizations.patch
    - libgcrypt-FIPS-module-version.patch
    - libgcrypt-FIPS-disable-3DES.patch
    - libgcrypt-FIPS-fix-regression-tests.patch
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch
    - libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-disable-DSA.patch
    - libgcrypt-jitterentropy-3.3.0.patch
    - libgcrypt-FIPS-Zeroize-hmac.patch
    * Update libgcrypt.keyring
* Thu Sep 08 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
    * Add libgcrypt-FIPS-rndjent_poll.patch
    * Rebase libgcrypt-jitterentropy-3.4.0.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
    * Consider approved keylength greater or equal to 112 bits.
    * Add libgcrypt-FIPS-kdf-leylength.patch
* Wed Sep 07 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Zeroize buffer and digest in check_binary_integrity()
    * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
* Tue Aug 23 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
    typing Tab key to Auto-Completion. [bsc#1182983]
    * Add libgcrypt-out-of-core-handler.patch
* Mon Aug 08 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
    * Enable the jitter based entropy generator by default in random.conf
    - Add libgcrypt-jitterentropy-3.3.0.patch
    * Update the internal jitterentropy to version 3.4.0
    - Add libgcrypt-jitterentropy-3.4.0.patch
* Mon Aug 01 2022 Stephan Kulow <coolo@suse.com>
  - Fix reproducible build problems:
    - Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
    - Fix date call messed up by spec-cleaner
* Thu Apr 14 2022 Dennis Knorr <dennis.knorr@suse.com>
  - FIPS: extend the service indicator [bsc#1190700]
    * introduced a pk indicator function
    * adapted the approved and non approved ciphersuites
    * Add libgcrypt_indicators_changes.patch
    * Add libgcrypt-indicate-shake.patch
* Tue Mar 22 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
    * Mark RSA public key encryption and private key decryption with
      padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
      peer key assurance validation requirements per SP800-56Brev2.
    * Mark ECC as approved only for NIST curves P-224, P-256, P-384
      and P-521 with check for common NIST names and aliases.
    * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
    * Add libgcrypt-FIPS-SLI-pk.patch
    * Rebase libgcrypt-FIPS-service-indicators.patch
  - Run the regression tests also in FIPS mode.
    * Disable tests for non-FIPS approved algos.
    * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
* Tue Feb 01 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Disable DSA in FIPS mode [bsc#1195385]
    * Upstream task: https://dev.gnupg.org/T5710
    * Add libgcrypt-FIPS-disable-DSA.patch
* Wed Jan 19 2022 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Service level indicator [bsc#1190700]
    * Provide an indicator to check wether the service utilizes an
      approved cryptographic algorithm or not.
    * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch
/usr/bin/dumpsexp /usr/bin/hmac256 /usr/bin/libgcrypt-config /usr/bin/mpicalc /usr/include/gcrypt.h /usr/lib64/libgcrypt.so /usr/lib64/pkgconfig/libgcrypt.pc /usr/share/aclocal/libgcrypt.m4 /usr/share/info/gcrypt.info-1.gz /usr/share/info/gcrypt.info-2.gz /usr/share/info/gcrypt.info.gz /usr/share/licenses/libgcrypt-devel /usr/share/licenses/libgcrypt-devel/COPYING /usr/share/licenses/libgcrypt-devel/COPYING.LIB /usr/share/licenses/libgcrypt-devel/LICENSES /usr/share/man/man1/hmac256.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 22:39:43 2025