1.127. libgcrypt

An updated libgcrypt package that fixes various bugs is now available for Red Hat Enterprise Linux 6.
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.
Bug Fixes
BZ#576549
Previously, the build time test did not support FIPS (Federal Information Processing Standard) mode and failed in this mode. This update modifies the test so that it passes successfully on machines set to use FIPS mode.
BZ#669084
In FIPS mode, libgcrypt used the /dev/random device as the source for the RNG (Random Number Generator) seed. This caused the RNG initialization in FIPS mode to take several minutes. With this update, libgcrypt uses the /dev/urandom device for the RNG seed and RNG initialization no longer causes any delays.
All users of libgcrypt are advised to upgrade to this updated package, which resolves these issues.
An updated libgcrypt package that adds an enhancement is now available for Red Hat Enterprise Linux 6.
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.
Enhancement
BZ#709059
With this update, the libgcrypt API for the DSA algorithm has been enhanced to allow for presetting the prime (P) and the subprime (Q) parameters when generating the base (G) parameter. This is necessary for the algorithm correctness validation according to the FIPS-186-3 standard.
All users of libgcrypt are advised to upgrade to this updated package, which adds this enhancement.
An updated libgcrypt package that introduces a feature enhancement is now available for Red Hat Enterprise Linux 6.
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.
Enhancement
BZ#703490
In FIPS mode, libgcrypt can now use a configurable source of RNG (Random Number Generator) seed. On systems with sufficient amount of entropy gathered from the kernel entropy sources or systems with hardware RNGs, the system administrator can add the "/etc/gcrypt/rngseed" symbolic link pointing to the "/dev/random" device node or a hardware RNG device. This symbolic link will be then opened and read by the libgcrypt library to initialize its RNG.
All users of libgcrypt are advised to upgrade to this updated package, which adds this enhancement.