SUSE-SU-2025:3942-1

Описание

This update for qatengine, qatlib fixes the following issues:

Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities:

• bsc#1233363 (CVE-2024-28885)
• bsc#1233365 (CVE-2024-31074)
• bsc#1233366 (CVE-2024-33617)

Update to 1.7.0:

• ipp-crypto name change to cryptography-primitives
• QAT_SW GCM memory leak fix in cleanup function
• Update limitation section in README for v1.7.0 release
• Fix build with OPENSSL_NO_ENGINE
• Fix for build issues with qatprovider in qatlib
• Bug fixes and README updates to v1.7.0
• Remove qat_contig_mem driver support
• Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries
• Fix for DSA issue with openssl3.2
• Fix missing lower bounds check on index i
• Enabled SW Fallback support for FBSD
• Fix for segfault issue when SHIM config section is unavailable
• Fix for Coverity & Resource leak
• Fix for RSA failure with SVM enabled in openssl-3.2
• SM3 Memory Leak Issue Fix
• Fix qatprovider lib name issue with system openssl

Update to 1.6.0:

• Fix issue with make depend for QAT_SW
• QAT_HW GCM Memleak fix & bug fixes
• QAT2.0 FreeBSD14 intree driver support
• Fix OpenSSL 3.2 compatibility issues
• Optimize hex dump logging
• Clear job tlv on error
• QAT_HW RSA Encrypt and Decrypt provider support
• QAT_HW AES-CCM Provider support
• Add ECDH keymgmt support for provider
• Fix QAT_HW SM2 memory leak
• Enable qaeMemFreeNonZeroNUMA() for qatlib
• Fix polling issue for the process that doesn't have QAT_HW instance
• Fix SHA3 qctx initialization issue & potential memleak
• Fix compilation error in SM2 with qat_contig_mem
• Update year in copyright information to 2024

Update to 1.5.0:

• use new --enable-qat_insecure_algorithms to avoid regressions
• improve support for SM{2,3,4} ciphers
• improve SW fallback support
• many bug fixes, refactorisations and documentation updates

• update to 0.6.18:

  • Fix address sanitizer issues
  • Fix issues with Babassl & Openssl3.0
  • Add QAT_HW SM4 CBC support
  • Refactor ECX provider code into single file
  • Fix QAT_HW AES-GCM bad mac record & memleak
  • Fix SHA3 memory leak
  • Fix sm4-cbc build error with system default OpenSSL
  • Symmetric performance Optimization & memleak fixes
  • Bug fix, README & v0.6.18 Version update
  • Please refer README (Software requirements section) for dependent libraries release version and other information.

• update to v0.6.17:

  • Add security policy - c1a7a96
  • Add dependancy update tool file - 522c41d
  • Release v0.6.17 version update - c1a7a96
  • Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82
  • Fix QAT_SW SM2 ECDSA Performance issue - f44a564
  • CPP check and Makefile Bug fixes - 98ccbe8
  • Fix buffer overflow issue with SHA3 and ECX - cab65f3
  • Update version and README for v0.6.16 - 1c95fd7
  • Split --with-qat_sw_install_dir into seperate configures - d5f5656
  • Add seperate err files for Boringssl - 1a09627
  • Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c
  • Fix issue with disable flags in provider - 2e00636
  • Fix coredump issue in provider with qat_sw gcm - 6703c13
  • Fix err files regeneration failure - 510f3dc
  • Add Provider Support for ChachaPoly and SM2 - a98e51d
  • Bug Fixes in testapp and with disable flags. - 0945535
  • QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa
  • Fix issue with SIGUSR1 during reload. - 00ea833
  • Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128
  • Replace deprecated pthread_yield with sched_yield. - d514406
  • BoringSSL support for RSA and ECDSA. - 41c67c7
  • Fix s_server lseek forever issue with qatprovider. - cb3db21
  • Fix aes-cbc failure issue in testapp. - a530427
  • Fix glibc version test - 2461966
  • Fix issue with generator param and ECDSA verify. - c51fc17
  • Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9
  • Fix testapp issues and optimization - e7c2ba8
  • Optimize setup and clear async event notification - 573fe48
  • Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473
  • Add Cofactor to take optimized path in ECDH API - 9a23c7e
  • Fix double free issue with QAT_SW - 1a16708
  • Add thread mapping to specific QAT_HW instance - 5ee799a
  • OpenSSL 3.0 Provider Support - 38086fa
  • Update README and version to v0.6.12 - dca2957
  • Fixed worker process hung forever after nginx reload - bfe97aa
  • Remove OpenSSL 1.1.0 Support - da8682a
  • Add QAT_SW SM2 ECDH & SM3 support - 04a6af2
  • QAT_SW ECDSA SM2 sign and verify Support - d44ae7e
  • Disable SM3, Bug fixes, Readme & version update - d995046

qatlib was updated to:

Update to 24.09.0:

• Improved performance scaling in multi-thread applications
• Set core affinity mapping based on NUMA (libnuma now required for building)
• bug fixes, see https://github.com/intel/qatlib#resolved-issues

Version update to 24.02.0

• Support DC NS (NoSession) APIs
• Support Symmetric Crypto SM3 & SM4
• Support Asymmetric Crypto SM2
• Support DC CompressBound APIs
• Bug Fixes. See Resolved section in README.md

Update to 23.11.0:

• use new --enable-legacy-algorithms to avoid regressions
• add support for data compression chaining (hash then compress)
• add support for additional configuration profiles
• add support DC NS (NoSession) APIs
• add support DC CompressBound APIs
• add Support for Chinese SM{2,3,4} ciphers
• bump shared library major to 4
• refactoring, bug fixes and documentation updates

Update to 22.07.2:

• Changed from yasm to nasm for assembly compilation
• Added configuration option to use C implementation of soft CRC implementation instead of asm
• Added support for pkg-config
• Added missing lock around accesses to some global data in qatmgr
• Fix for QATE-86605 – improve error checking on size param used by qatmgr debug function.
• Fix for issue #10
• Fixed link to Programmer's Guide
• Added support for Compression LZ4 and LZ4s algorithms
• Added support for Compression end-to-end integrity checks
• Added support for PKE Generic Point Multiply APIs
• Added support for CPM2.0b
• Updated library to support new version of QAT APIs
• Updated qat service to allow compression only and crypto only configurations
• Created qatlib-tests rpm package
• Added option to configure script to skip building sample code