* Mon Jun 09 2025 angel.yankov@suse.com
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236.patch
* Thu May 08 2025 lucas.mulling@suse.com
- Update to 1.11.1: [jsc#PED-12227]
* Bug fixes:
- Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82]
- Fix build regression due to the use of AVX512 in Blake. [T7184]
- Do not build i386 asm on amd64 and vice versa. [T7220]
- Fix build regression on armhf with gcc-14. [T7226]
- Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0]
- Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
* Performance:
- Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb]
- Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
- Add RISC-V vector permute AES. [rCb24ebd6163]
- Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
- Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2]
- Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
* Other:
- Add CET support for i386 and amd64 assembly. [T7220]
- Add PAC/BTI support for AArch64 asm. [T7220]
- Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f]
- Introduce an internal API for a revampled FIPS service indicator. [T7340]
- Several improvements for constant time operation by the introduction of
Least Leak Intended (LLI) variants of internal functions. [T7519,T7490]
* Add libgcrypt-1.11.1-public-SLI-API.patch
* Rebase patches:
- libgcrypt-FIPS-SLI-hash-mac.patch
- libgcrypt-FIPS-SLI-pk.patch
- libgcrypt-FIPS-jitter-standalone.patch
* Remove patches:
- libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
- libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
- libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
- libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
- libgcrypt-fips-tests-Add-t-digest.patch
- libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch
- libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
- libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch
- libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
- libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch
- libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch
- libgcrypt-tests-fips-Rename-t-fips-service-ind.patch
- libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch
- libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch
- libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
- libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch
- libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
- libgcrypt-Fix-the-previous-change.patch
- libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
- libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch
- libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
- libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch
- libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
- libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch
- libgcrypt-build-Improve-__thread-specifier-check.patch
- libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch
- libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
- libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch
- libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch
- libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch
- libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch
- libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch
- libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch
- libgcrypt-tests-Allow-tests-with-USE_RSA.patch
- libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch
- libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch
- libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch
- libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch
- libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch
- libgcrypt-cipher-ecc-Fix-for-supplied-K.patch
- libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch
- libgcrypt-cipher-fips-Fix-for-random-override.patch
- libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
- libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch
- libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch
- libgcrypt-doc-Fix-syntax-error.patch
- libgcrypt-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
* Tue May 06 2025 pmonreal@suse.com
- CSHAKE basic regression test failure in s390x [bsc#1242419]
* Disable SHA3 s390x acceleration for CSHAKE [rC2486d9b5ae01]
* Add libgcrypt-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
* Sun Apr 13 2025 lucas.mulling@suse.com
- Differentiate use of SHA1 in the service level indicator [jsc#PED-12227]
* Include upstream SLI revamp and fips certification fixes
* Add patches:
- libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
- libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
- libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
- libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
- libgcrypt-fips-tests-Add-t-digest.patch
- libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch
- libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
- libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch
- libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
- libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch
- libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch
- libgcrypt-tests-fips-Rename-t-fips-service-ind.patch
- libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch
- libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch
- libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
- libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch
- libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
- libgcrypt-Fix-the-previous-change.patch
- libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
- libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch
- libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
- libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch
- libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
- libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch
- libgcrypt-build-Improve-__thread-specifier-check.patch
- libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch
- libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
- libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch
- libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch
- libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch
- libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch
- libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch
- libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch
- libgcrypt-tests-Allow-tests-with-USE_RSA.patch
- libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch
- libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch
- libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch
- libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch
- libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch
- libgcrypt-cipher-ecc-Fix-for-supplied-K.patch
- libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch
- libgcrypt-cipher-fips-Fix-for-random-override.patch
- libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
- libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch
- libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch
- libgcrypt-doc-Fix-syntax-error.patch
* Rebase patches:
- libgcrypt-FIPS-SLI-kdf-leylength.patch
* Tue Jan 07 2025 pmonreal@suse.com
- Fix redefinition error of 'rol64'. Remove not used rol64()
definition after removing the built-in jitter rng.
* Add libgcrypt-rol64-redefinition.patch
* Mon Dec 02 2024 pmonreal@suse.com
- Remove unrecognized option: --enable-m-guard
* Thu Jun 20 2024 pmonreal@suse.com
- Update to 1.11.0:
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20. [rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2. [rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES. [rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4. [rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent. [rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia. [rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions. [rCab0bdc72c7]
* Remove patches fixed upstream:
- libgcrypt-no-deprecated-grep-alias.patch
- libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
- libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Rebase patches:
- libgcrypt-FIPS-jitter-errorcodes.patch
- libgcrypt-FIPS-jitter-whole-entropy.patch
* Wed Mar 20 2024 pmonreal@suse.com
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
* Add libgcrypt-FIPS-jitter-whole-entropy.patch
* Wed Mar 20 2024 pmonreal@suse.com
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
* Add libgcrypt-FIPS-jitter-errorcodes.patch
* Mon Mar 11 2024 pmonreal@suse.com
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
* Add libgcrypt-FIPS-jitter-standalone.patch
* Remove not needed libgcrypt-jitterentropy-3.4.0.patch