[ANNOUNCEMENT] Updated: libgcrypt20 libgcrypt-devel 1.10.2
Cygwin libgcrypt Maintainer via Cygwin-announce
cygwin-announce@cygwin.com
Sat Apr 8 21:25:20 GMT 2023
The following packages have been upgraded in the Cygwin distribution:
* libgcrypt20 1.10.2
* libgcrypt-devel 1.10.2
Libgcrypt is a general purpose cryptography library based on the
code used in GnuPG.
For more information please see the project home page:
https://gnupg.org/software/libgcrypt/
As there are multiple changes each release please see below or read
/usr/share/doc/libgcrypt/NEWS after installation; for complete details
of changes please see the release info links below, or read
/usr/share/doc/libgcrypt/ChangeLog after installation.
Noteworthy changes in version 1.10.2 2023-04-06
Release-info: https://dev.gnupg.org/T5905
* Bug fixes:
- Fix Argon2 for the case output > 64.
- Fix missing HWF_PPC_ARCH_3_10 in HW feature.
- Fix RSA key generation failure in forced FIPS mode.
- Fix gcry_pk_hash_verify for explicit hash.
- Fix a wrong result of gcry_mpi_invm.
- Allow building with --disable-asm for HPPA.
- Fix Jitter RNG for building native on Windows.
- Allow building with -Oz.
- Enable the fast path to ChaCha20 only when supported.
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB.
* Other:
- Do not use secure memory for a DRBG instance.
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
- Fix the behaviour for child process re-seeding in the DRBG.
- Allow verification of small RSA signatures in FIPS mode.
- Allow the use of a shorter salt for KDFs in FIPS mode.
- Run digest+sign self tests for RSA and ECC in FIPS mode.
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved.
- Improve PCT in FIPS mode.
- Use getrandom (GRND_RANDOM) in FIPS mode.
- Disable RSA-OAEP padding in FIPS mode.
- Check minimum allowed key size in PBKDF in FIPS mode.
- Get maximum 32B of entropy at once in FIPS mode.
- Prefer gpgrt-config when available.
- Mark AESWRAP as approved FIPS algorithm.
- Prevent usage of long salt for PSS in FIPS mode.
- Prevent usage of X9.31 keygen in FIPS mode.
- Remove GCM mode from the allowed FIPS indicators.
- Add explicit FIPS indicators for hash and MAC algorithms.
More information about the Cygwin
mailing list