From: "Cygwin libgcrypt Maintainer" <Brian.Inglis@Shaw.ca>
To: "Cygwin Announcements" <cygwin-announce@cygwin.com>
Subject: Updated: libgcrypt20 libgcrypt-devel 1.10.2
Date: Sat, 08 Apr 2023 15:25:20 -0600 [thread overview]
Message-ID: <20230408152520.40855-1-Brian.Inglis@Shaw.ca> (raw)
The following packages have been upgraded in the Cygwin distribution:
* libgcrypt20 1.10.2
* libgcrypt-devel 1.10.2
Libgcrypt is a general purpose cryptography library based on the
code used in GnuPG.
For more information please see the project home page:
https://gnupg.org/software/libgcrypt/
As there are multiple changes each release please see below or read
/usr/share/doc/libgcrypt/NEWS after installation; for complete details
of changes please see the release info links below, or read
/usr/share/doc/libgcrypt/ChangeLog after installation.
Noteworthy changes in version 1.10.2 2023-04-06
Release-info: https://dev.gnupg.org/T5905
* Bug fixes:
- Fix Argon2 for the case output > 64.
- Fix missing HWF_PPC_ARCH_3_10 in HW feature.
- Fix RSA key generation failure in forced FIPS mode.
- Fix gcry_pk_hash_verify for explicit hash.
- Fix a wrong result of gcry_mpi_invm.
- Allow building with --disable-asm for HPPA.
- Fix Jitter RNG for building native on Windows.
- Allow building with -Oz.
- Enable the fast path to ChaCha20 only when supported.
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB.
* Other:
- Do not use secure memory for a DRBG instance.
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
- Fix the behaviour for child process re-seeding in the DRBG.
- Allow verification of small RSA signatures in FIPS mode.
- Allow the use of a shorter salt for KDFs in FIPS mode.
- Run digest+sign self tests for RSA and ECC in FIPS mode.
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved.
- Improve PCT in FIPS mode.
- Use getrandom (GRND_RANDOM) in FIPS mode.
- Disable RSA-OAEP padding in FIPS mode.
- Check minimum allowed key size in PBKDF in FIPS mode.
- Get maximum 32B of entropy at once in FIPS mode.
- Prefer gpgrt-config when available.
- Mark AESWRAP as approved FIPS algorithm.
- Prevent usage of long salt for PSS in FIPS mode.
- Prevent usage of X9.31 keygen in FIPS mode.
- Remove GCM mode from the allowed FIPS indicators.
- Add explicit FIPS indicators for hash and MAC algorithms.
reply other threads:[~2023-04-08 21:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230408152520.40855-1-Brian.Inglis@Shaw.ca \
--to=brian.inglis@shaw.ca \
--cc=cygwin-announce@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).