forked from pool/libgcrypt
Compare commits
4 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| c43f006f6b | |||
| 643993cbfa | |||
| 250026d56d | |||
| c4e721bdfb |
@@ -1,37 +0,0 @@
|
|||||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
|
||||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
|
||||||
@@ -335,12 +335,9 @@ enum gcry_ctl_cmds
|
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
|
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
|
||||||
- GCRYCTL_MD_CUSTOMIZE = 88
|
|
||||||
-#ifdef _GCRYPT_IN_LIBGCRYPT /* This is not yet part of the public API. */
|
|
||||||
- ,
|
|
||||||
+ GCRYCTL_MD_CUSTOMIZE = 88,
|
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
|
||||||
GCRYCTL_FIPS_REJECT_NON_FIPS = 90
|
|
||||||
-#endif /*_GCRYPT_IN_LIBGCRYPT*/
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Perform various operations defined by CMD. */
|
|
||||||
@@ -1977,8 +1974,6 @@ void gcry_log_debugsxp (const char *text
|
|
||||||
char *gcry_get_config (int mode, const char *what);
|
|
||||||
|
|
||||||
/* Convinience macro to access the FIPS service indicator. */
|
|
||||||
-#ifdef _GCRYPT_IN_LIBGCRYPT /* This is not yet part of the public API. */
|
|
||||||
-
|
|
||||||
#define gcry_get_fips_service_indicator() \
|
|
||||||
gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR)
|
|
||||||
|
|
||||||
@@ -2012,9 +2007,6 @@ char *gcry_get_config (int mode, const c
|
|
||||||
#define GCRY_FIPS_FLAG_REJECT_DEFAULT \
|
|
||||||
GCRY_FIPS_FLAG_REJECT_COMPAT110
|
|
||||||
|
|
||||||
-#endif /*_GCRYPT_IN_LIBGCRYPT*/
|
|
||||||
-
|
|
||||||
-
|
|
||||||
/* Log levels used by the internal logging facility. */
|
|
||||||
enum gcry_log_levels
|
|
||||||
{
|
|
||||||
BIN
libgcrypt-1.11.1.tar.bz2
LFS
BIN
libgcrypt-1.11.1.tar.bz2
LFS
Binary file not shown.
Binary file not shown.
33
libgcrypt-1.12.0-ec_regression.patch
Normal file
33
libgcrypt-1.12.0-ec_regression.patch
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
==========================
|
||||||
|
diff --git a/mpi/ec.c b/mpi/ec.c
|
||||||
|
index d7bad4a6..b0b6f427 100644
|
||||||
|
--- a/mpi/ec.c
|
||||||
|
+++ b/mpi/ec.c
|
||||||
|
@@ -1220,18 +1220,20 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
|
||||||
|
|
||||||
|
if (x)
|
||||||
|
{
|
||||||
|
- mpi_resize (point->x, ctx->p->nlimbs);
|
||||||
|
- point->x->nlimbs = ctx->p->nlimbs;
|
||||||
|
- ec_mulm_lli (x, point->x, z2, ctx);
|
||||||
|
+ mpi_set (x, point->x);
|
||||||
|
+ mpi_resize (x, ctx->p->nlimbs);
|
||||||
|
+ x->nlimbs = ctx->p->nlimbs;
|
||||||
|
+ ec_mulm_lli (x, x, z2, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (y)
|
||||||
|
{
|
||||||
|
- mpi_resize (point->y, ctx->p->nlimbs);
|
||||||
|
- point->y->nlimbs = ctx->p->nlimbs;
|
||||||
|
+ mpi_set (y, point->y);
|
||||||
|
+ mpi_resize (y, ctx->p->nlimbs);
|
||||||
|
+ y->nlimbs = ctx->p->nlimbs;
|
||||||
|
z3 = mpi_new (0);
|
||||||
|
ec_mulm_lli (z3, z2, z1, ctx); /* z3 = z^(-3) mod p */
|
||||||
|
- ec_mulm_lli (y, point->y, z3, ctx);
|
||||||
|
+ ec_mulm_lli (y, y, z3, ctx);
|
||||||
|
mpi_free (z3);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
BIN
libgcrypt-1.12.0.tar.bz2
LFS
Normal file
BIN
libgcrypt-1.12.0.tar.bz2
LFS
Normal file
Binary file not shown.
BIN
libgcrypt-1.12.0.tar.bz2.sig
Normal file
BIN
libgcrypt-1.12.0.tar.bz2.sig
Normal file
Binary file not shown.
@@ -19,10 +19,10 @@ Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|||||||
src/const-time.h | 6 ++++++
|
src/const-time.h | 6 ++++++
|
||||||
2 files changed, 8 insertions(+)
|
2 files changed, 8 insertions(+)
|
||||||
|
|
||||||
Index: libgcrypt-1.11.1/cipher/rsa-common.c
|
Index: libgcrypt-1.12.0/cipher/rsa-common.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/cipher/rsa-common.c
|
--- libgcrypt-1.12.0.orig/cipher/rsa-common.c
|
||||||
+++ libgcrypt-1.11.1/cipher/rsa-common.c
|
+++ libgcrypt-1.12.0/cipher/rsa-common.c
|
||||||
@@ -28,6 +28,7 @@
|
@@ -28,6 +28,7 @@
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "pubkey-internal.h"
|
#include "pubkey-internal.h"
|
||||||
@@ -344,10 +344,10 @@ Index: libgcrypt-1.11.1/cipher/rsa-common.c
|
|||||||
if (!seed)
|
if (!seed)
|
||||||
{
|
{
|
||||||
rc = gpg_err_code_from_syserror ();
|
rc = gpg_err_code_from_syserror ();
|
||||||
Index: libgcrypt-1.11.1/src/const-time.h
|
Index: libgcrypt-1.12.0/src/const-time.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/const-time.h
|
--- libgcrypt-1.12.0.orig/src/const-time.h
|
||||||
+++ libgcrypt-1.11.1/src/const-time.h
|
+++ libgcrypt-1.12.0/src/const-time.h
|
||||||
@@ -26,6 +26,7 @@
|
@@ -26,6 +26,7 @@
|
||||||
#define ct_not_memequal _gcry_ct_not_memequal
|
#define ct_not_memequal _gcry_ct_not_memequal
|
||||||
#define ct_memequal _gcry_ct_memequal
|
#define ct_memequal _gcry_ct_memequal
|
||||||
@@ -377,45 +377,45 @@ Index: libgcrypt-1.11.1/src/const-time.h
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Return 0 if A is 0 and return 1 otherwise.
|
* Return 0 if A is 0 and return 1 otherwise.
|
||||||
@@ -114,7 +129,7 @@ unsigned int _gcry_ct_memequal (const vo
|
@@ -115,7 +130,7 @@ DEFINE_CT_TYPE_GEN_MASK(uintptr, uintptr
|
||||||
DEFINE_CT_TYPE_GEN_MASK(uintptr, uintptr_t)
|
|
||||||
DEFINE_CT_TYPE_GEN_MASK(ulong, unsigned long)
|
DEFINE_CT_TYPE_GEN_MASK(ulong, unsigned long)
|
||||||
DEFINE_CT_TYPE_GEN_MASK(int16, int16_t)
|
DEFINE_CT_TYPE_GEN_MASK(int16, int16_t)
|
||||||
|
DEFINE_CT_TYPE_GEN_MASK(u64, u64)
|
||||||
-
|
-
|
||||||
+DEFINE_CT_TYPE_GEN_MASK(uchar, unsigned char)
|
+DEFINE_CT_TYPE_GEN_MASK(uchar, unsigned char)
|
||||||
/*
|
/*
|
||||||
* Return all bits set if A is 0 and return 1 otherwise.
|
* Return all bits set if A is 0 and return 1 otherwise.
|
||||||
*/
|
*/
|
||||||
@@ -139,7 +154,7 @@ DEFINE_CT_TYPE_GEN_MASK(int16, int16_t)
|
@@ -141,7 +156,7 @@ DEFINE_CT_TYPE_GEN_INV_MASK(uintptr, uin
|
||||||
DEFINE_CT_TYPE_GEN_INV_MASK(uintptr, uintptr_t)
|
|
||||||
DEFINE_CT_TYPE_GEN_INV_MASK(ulong, unsigned long)
|
DEFINE_CT_TYPE_GEN_INV_MASK(ulong, unsigned long)
|
||||||
DEFINE_CT_TYPE_GEN_INV_MASK(int16, int16_t)
|
DEFINE_CT_TYPE_GEN_INV_MASK(int16, int16_t)
|
||||||
|
DEFINE_CT_TYPE_GEN_INV_MASK(u64, u64)
|
||||||
-
|
-
|
||||||
+DEFINE_CT_TYPE_GEN_INV_MASK(uchar, unsigned char)
|
+DEFINE_CT_TYPE_GEN_INV_MASK(uchar, unsigned char)
|
||||||
/*
|
/*
|
||||||
* Return A when OP_ENABLED=1
|
* Return A when OP_ENABLED=1
|
||||||
* otherwise, return B
|
* otherwise, return B
|
||||||
@@ -155,7 +170,7 @@ DEFINE_CT_TYPE_GEN_INV_MASK(int16, int16
|
@@ -158,7 +173,7 @@ DEFINE_CT_TYPE_SELECT_FUNC(uintptr, uint
|
||||||
DEFINE_CT_TYPE_SELECT_FUNC(uintptr, uintptr_t)
|
|
||||||
DEFINE_CT_TYPE_SELECT_FUNC(ulong, unsigned long)
|
DEFINE_CT_TYPE_SELECT_FUNC(ulong, unsigned long)
|
||||||
DEFINE_CT_TYPE_SELECT_FUNC(int16, int16_t)
|
DEFINE_CT_TYPE_SELECT_FUNC(int16, int16_t)
|
||||||
|
DEFINE_CT_TYPE_SELECT_FUNC(u64, u64)
|
||||||
-
|
-
|
||||||
+DEFINE_CT_TYPE_SELECT_FUNC(uchar, unsigned char)
|
+DEFINE_CT_TYPE_SELECT_FUNC(uchar, unsigned char)
|
||||||
/*
|
/*
|
||||||
* Return NULL when OP_ENABLED=1
|
* Return NULL when OP_ENABLED=1
|
||||||
* otherwise, return W
|
* otherwise, return W
|
||||||
@@ -174,5 +189,6 @@ sexp_null_cond (gcry_sexp_t w, unsigned
|
@@ -177,5 +192,6 @@ sexp_null_cond (gcry_sexp_t w, unsigned
|
||||||
*/
|
*/
|
||||||
void _gcry_ct_memmov_cond (void *dst, const void *src, size_t len,
|
void _gcry_ct_memmov_cond (void *dst, const void *src, size_t len,
|
||||||
unsigned long op_enable);
|
unsigned long op_enable);
|
||||||
+void _gcry_ct_memcpy (void *dst, const void *src, size_t len, size_t buffer_len);
|
+void _gcry_ct_memcpy (void *dst, const void *src, size_t len, size_t buffer_len);
|
||||||
|
|
||||||
#endif /*GCRY_CONST_TIME_H*/
|
#endif /*GCRY_CONST_TIME_H*/
|
||||||
Index: libgcrypt-1.11.1/cipher/rsa.c
|
Index: libgcrypt-1.12.0/cipher/rsa.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/cipher/rsa.c
|
--- libgcrypt-1.12.0.orig/cipher/rsa.c
|
||||||
+++ libgcrypt-1.11.1/cipher/rsa.c
|
+++ libgcrypt-1.12.0/cipher/rsa.c
|
||||||
@@ -1197,7 +1197,11 @@ secret_blinded (gcry_mpi_t output, gcry_
|
@@ -1198,7 +1198,11 @@ secret_blinded (gcry_mpi_t output, gcry_
|
||||||
/* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x
|
/* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x
|
||||||
* is the blinded decrypted data, ri is the modular multiplicative
|
* is the blinded decrypted data, ri is the modular multiplicative
|
||||||
* inverse of r and n is the RSA modulus. */
|
* inverse of r and n is the RSA modulus. */
|
||||||
@@ -427,7 +427,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
|
|
||||||
_gcry_mpi_release (r);
|
_gcry_mpi_release (r);
|
||||||
_gcry_mpi_release (ri);
|
_gcry_mpi_release (ri);
|
||||||
@@ -1432,6 +1436,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
|
@@ -1433,6 +1437,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -435,7 +435,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
static gcry_err_code_t
|
static gcry_err_code_t
|
||||||
rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
||||||
|
|
||||||
@@ -1447,6 +1452,9 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
@@ -1448,6 +1453,9 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||||
unsigned int nbits = rsa_get_nbits (keyparms);
|
unsigned int nbits = rsa_get_nbits (keyparms);
|
||||||
gcry_sexp_t result = NULL;
|
gcry_sexp_t result = NULL;
|
||||||
gcry_sexp_t dummy = NULL;
|
gcry_sexp_t dummy = NULL;
|
||||||
@@ -445,7 +445,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
|
|
||||||
rc = rsa_check_keysize (nbits);
|
rc = rsa_check_keysize (nbits);
|
||||||
if (rc)
|
if (rc)
|
||||||
@@ -1494,6 +1502,71 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
@@ -1495,6 +1503,71 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||||
mpi_normalize (data);
|
mpi_normalize (data);
|
||||||
mpi_fdiv_r (data, data, sk.n);
|
mpi_fdiv_r (data, data, sk.n);
|
||||||
|
|
||||||
@@ -517,7 +517,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
/* Allocate MPI for the plaintext. */
|
/* Allocate MPI for the plaintext. */
|
||||||
plain = mpi_snew (nbits);
|
plain = mpi_snew (nbits);
|
||||||
|
|
||||||
@@ -1524,10 +1597,26 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
@@ -1525,10 +1598,26 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||||
switch (ctx.encoding)
|
switch (ctx.encoding)
|
||||||
{
|
{
|
||||||
case PUBKEY_ENC_PKCS1:
|
case PUBKEY_ENC_PKCS1:
|
||||||
@@ -544,7 +544,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
||||||
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
||||||
sexp_release (dummy);
|
sexp_release (dummy);
|
||||||
@@ -1541,7 +1630,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
@@ -1542,7 +1631,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||||
plain, ctx.label, ctx.labellen);
|
plain, ctx.label, ctx.labellen);
|
||||||
mpi_free (plain);
|
mpi_free (plain);
|
||||||
plain = NULL;
|
plain = NULL;
|
||||||
@@ -556,11 +556,11 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
|||||||
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
||||||
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
||||||
sexp_release (dummy);
|
sexp_release (dummy);
|
||||||
Index: libgcrypt-1.11.1/configure.ac
|
Index: libgcrypt-1.12.0/configure.ac
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/configure.ac
|
--- libgcrypt-1.12.0.orig/configure.ac
|
||||||
+++ libgcrypt-1.11.1/configure.ac
|
+++ libgcrypt-1.12.0/configure.ac
|
||||||
@@ -582,6 +582,22 @@ AC_ARG_ENABLE(jent-support,
|
@@ -602,6 +602,22 @@ AC_ARG_ENABLE(jent-support,
|
||||||
jentsupport=$enableval,jentsupport=yes)
|
jentsupport=$enableval,jentsupport=yes)
|
||||||
AC_MSG_RESULT($jentsupport)
|
AC_MSG_RESULT($jentsupport)
|
||||||
|
|
||||||
@@ -583,10 +583,10 @@ Index: libgcrypt-1.11.1/configure.ac
|
|||||||
# Implementation of the --disable-padlock-support switch.
|
# Implementation of the --disable-padlock-support switch.
|
||||||
AC_MSG_CHECKING([whether padlock support is requested])
|
AC_MSG_CHECKING([whether padlock support is requested])
|
||||||
AC_ARG_ENABLE(padlock-support,
|
AC_ARG_ENABLE(padlock-support,
|
||||||
Index: libgcrypt-1.11.1/mpi/Makefile.am
|
Index: libgcrypt-1.12.0/mpi/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/mpi/Makefile.am
|
--- libgcrypt-1.12.0.orig/mpi/Makefile.am
|
||||||
+++ libgcrypt-1.11.1/mpi/Makefile.am
|
+++ libgcrypt-1.12.0/mpi/Makefile.am
|
||||||
@@ -181,3 +181,7 @@ EXTRA_libmpi_la_SOURCES = \
|
@@ -181,3 +181,7 @@ EXTRA_libmpi_la_SOURCES = \
|
||||||
asm-common-aarch64.h \
|
asm-common-aarch64.h \
|
||||||
asm-common-amd64.h \
|
asm-common-amd64.h \
|
||||||
@@ -595,11 +595,11 @@ Index: libgcrypt-1.11.1/mpi/Makefile.am
|
|||||||
+if WITH_MARVIN_WORKAROUND
|
+if WITH_MARVIN_WORKAROUND
|
||||||
+libmpi_la_SOURCES += mpi-mul-cs.c
|
+libmpi_la_SOURCES += mpi-mul-cs.c
|
||||||
+endif
|
+endif
|
||||||
Index: libgcrypt-1.11.1/mpi/mpi-internal.h
|
Index: libgcrypt-1.12.0/mpi/mpi-internal.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/mpi/mpi-internal.h
|
--- libgcrypt-1.12.0.orig/mpi/mpi-internal.h
|
||||||
+++ libgcrypt-1.11.1/mpi/mpi-internal.h
|
+++ libgcrypt-1.12.0/mpi/mpi-internal.h
|
||||||
@@ -241,6 +241,12 @@ void _gcry_mpih_mul_karatsuba_case( mpi_
|
@@ -238,6 +238,12 @@ void _gcry_mpih_mul_karatsuba_case( mpi_
|
||||||
mpi_ptr_t vp, mpi_size_t vsize,
|
mpi_ptr_t vp, mpi_size_t vsize,
|
||||||
struct karatsuba_ctx *ctx );
|
struct karatsuba_ctx *ctx );
|
||||||
|
|
||||||
@@ -612,10 +612,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-internal.h
|
|||||||
|
|
||||||
/*-- mpih-mul_1.c (or xxx/cpu/ *.S) --*/
|
/*-- mpih-mul_1.c (or xxx/cpu/ *.S) --*/
|
||||||
mpi_limb_t _gcry_mpih_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
|
mpi_limb_t _gcry_mpih_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
|
||||||
Index: libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
Index: libgcrypt-1.12.0/mpi/mpi-mul-cs.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
+++ libgcrypt-1.12.0/mpi/mpi-mul-cs.c
|
||||||
@@ -0,0 +1,263 @@
|
@@ -0,0 +1,263 @@
|
||||||
+/* Copyright (c) 2024, Hubert Kario, Red Hat
|
+/* Copyright (c) 2024, Hubert Kario, Red Hat
|
||||||
+ * Released under BSD 2-Clause License, see LICENSE for details
|
+ * Released under BSD 2-Clause License, see LICENSE for details
|
||||||
@@ -880,10 +880,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
|||||||
+
|
+
|
||||||
+ memcpy (ret, &atmp[anum], sizeof(limb_t)*modnum);
|
+ memcpy (ret, &atmp[anum], sizeof(limb_t)*modnum);
|
||||||
+}
|
+}
|
||||||
Index: libgcrypt-1.11.1/mpi/mpi-mul.c
|
Index: libgcrypt-1.12.0/mpi/mpi-mul.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/mpi/mpi-mul.c
|
--- libgcrypt-1.12.0.orig/mpi/mpi-mul.c
|
||||||
+++ libgcrypt-1.11.1/mpi/mpi-mul.c
|
+++ libgcrypt-1.12.0/mpi/mpi-mul.c
|
||||||
@@ -203,6 +203,133 @@ _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t
|
@@ -203,6 +203,133 @@ _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t
|
||||||
_gcry_mpi_free_limb_space (tmp_limb, tmp_limb_nlimbs);
|
_gcry_mpi_free_limb_space (tmp_limb, tmp_limb_nlimbs);
|
||||||
}
|
}
|
||||||
@@ -1064,10 +1064,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-mul.c
|
|||||||
+ _gcry_mpi_reverse_sec (m); /* -- this might be still used by the calling function */
|
+ _gcry_mpi_reverse_sec (m); /* -- this might be still used by the calling function */
|
||||||
+}
|
+}
|
||||||
+#endif /* WITH_MARVIN_WORKAROUND */
|
+#endif /* WITH_MARVIN_WORKAROUND */
|
||||||
Index: libgcrypt-1.11.1/src/gcrypt-int.h
|
Index: libgcrypt-1.12.0/src/gcrypt-int.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/gcrypt-int.h
|
--- libgcrypt-1.12.0.orig/src/gcrypt-int.h
|
||||||
+++ libgcrypt-1.11.1/src/gcrypt-int.h
|
+++ libgcrypt-1.12.0/src/gcrypt-int.h
|
||||||
@@ -470,6 +470,9 @@ void _gcry_mpi_subm (gcry_mpi_t w, gcry_
|
@@ -470,6 +470,9 @@ void _gcry_mpi_subm (gcry_mpi_t w, gcry_
|
||||||
void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
|
void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
|
||||||
void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
|
void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
|
||||||
@@ -1088,24 +1088,24 @@ Index: libgcrypt-1.11.1/src/gcrypt-int.h
|
|||||||
#define mpi_powm(w,b,e,m) _gcry_mpi_powm ( (w), (b), (e), (m) )
|
#define mpi_powm(w,b,e,m) _gcry_mpi_powm ( (w), (b), (e), (m) )
|
||||||
#define mpi_tdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), 0)
|
#define mpi_tdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), 0)
|
||||||
#define mpi_fdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), -1)
|
#define mpi_fdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), -1)
|
||||||
Index: libgcrypt-1.11.1/src/const-time.c
|
Index: libgcrypt-1.12.0/src/const-time.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/const-time.c
|
--- libgcrypt-1.12.0.orig/src/const-time.c
|
||||||
+++ libgcrypt-1.11.1/src/const-time.c
|
+++ libgcrypt-1.12.0/src/const-time.c
|
||||||
@@ -77,8 +77,8 @@ _gcry_ct_memmov_cond (void *dst, const v
|
@@ -105,8 +105,8 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||||
unsigned long op_enable)
|
unsigned long op_enable)
|
||||||
{
|
{
|
||||||
/* Note: dual mask with AND/OR used for EM leakage mitigation */
|
/* Note: dual mask with AND/OR used for EM leakage mitigation */
|
||||||
- unsigned char mask1 = ct_ulong_gen_mask(op_enable);
|
- u64 mask1 = ct_u64_gen_mask (op_enable);
|
||||||
- unsigned char mask2 = ct_ulong_gen_inv_mask(op_enable);
|
- u64 mask2 = ct_u64_gen_inv_mask (op_enable);
|
||||||
+ volatile unsigned char mask1 = ct_ulong_gen_mask(op_enable);
|
+ volatile u64 mask1 = ct_u64_gen_mask (op_enable);
|
||||||
+ volatile unsigned char mask2 = ct_ulong_gen_inv_mask(op_enable);
|
+ volatile u64 mask2 = ct_u64_gen_inv_mask (op_enable);
|
||||||
unsigned char *b_dst = dst;
|
unsigned char *b_dst = dst;
|
||||||
const unsigned char *b_src = src;
|
const unsigned char *b_src = src;
|
||||||
size_t i;
|
|
||||||
@@ -86,3 +86,27 @@ _gcry_ct_memmov_cond (void *dst, const v
|
@@ -130,3 +130,27 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||||
for (i = 0; i < len; i++)
|
len--;
|
||||||
b_dst[i] = (b_dst[i] & mask2) | (b_src[i] & mask1);
|
}
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
@@ -1131,10 +1131,10 @@ Index: libgcrypt-1.11.1/src/const-time.c
|
|||||||
+ b_dst[i] = (b_src[i] & mask_a) | (b_dst[i] & mask_b);
|
+ b_dst[i] = (b_src[i] & mask_a) | (b_dst[i] & mask_b);
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
Index: libgcrypt-1.11.1/src/sexp.c
|
Index: libgcrypt-1.12.0/src/sexp.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/sexp.c
|
--- libgcrypt-1.12.0.orig/src/sexp.c
|
||||||
+++ libgcrypt-1.11.1/src/sexp.c
|
+++ libgcrypt-1.12.0/src/sexp.c
|
||||||
@@ -31,6 +31,7 @@
|
@@ -31,6 +31,7 @@
|
||||||
|
|
||||||
#define GCRYPT_NO_MPI_MACROS 1
|
#define GCRYPT_NO_MPI_MACROS 1
|
||||||
@@ -1215,10 +1215,10 @@ Index: libgcrypt-1.11.1/src/sexp.c
|
|||||||
}
|
}
|
||||||
else if (*p == 'd')
|
else if (*p == 'd')
|
||||||
{
|
{
|
||||||
Index: libgcrypt-1.11.1/cipher/pubkey-internal.h
|
Index: libgcrypt-1.12.0/cipher/pubkey-internal.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/cipher/pubkey-internal.h
|
--- libgcrypt-1.12.0.orig/cipher/pubkey-internal.h
|
||||||
+++ libgcrypt-1.11.1/cipher/pubkey-internal.h
|
+++ libgcrypt-1.12.0/cipher/pubkey-internal.h
|
||||||
@@ -55,6 +55,14 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi
|
@@ -55,6 +55,14 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi
|
||||||
gpg_err_code_t
|
gpg_err_code_t
|
||||||
_gcry_rsa_pkcs1_decode_for_enc (unsigned char **r_result, size_t *r_resultlen,
|
_gcry_rsa_pkcs1_decode_for_enc (unsigned char **r_result, size_t *r_resultlen,
|
||||||
@@ -1234,11 +1234,11 @@ Index: libgcrypt-1.11.1/cipher/pubkey-internal.h
|
|||||||
gpg_err_code_t
|
gpg_err_code_t
|
||||||
_gcry_rsa_pkcs1_encode_raw_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
|
_gcry_rsa_pkcs1_encode_raw_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
|
||||||
const unsigned char *value, size_t valuelen);
|
const unsigned char *value, size_t valuelen);
|
||||||
Index: libgcrypt-1.11.1/cipher/pubkey-util.c
|
Index: libgcrypt-1.12.0/cipher/pubkey-util.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/cipher/pubkey-util.c
|
--- libgcrypt-1.12.0.orig/cipher/pubkey-util.c
|
||||||
+++ libgcrypt-1.11.1/cipher/pubkey-util.c
|
+++ libgcrypt-1.12.0/cipher/pubkey-util.c
|
||||||
@@ -193,6 +193,15 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_
|
@@ -195,6 +195,15 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_
|
||||||
rc = GPG_ERR_INV_FLAG;
|
rc = GPG_ERR_INV_FLAG;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -1254,58 +1254,22 @@ Index: libgcrypt-1.11.1/cipher/pubkey-util.c
|
|||||||
default:
|
default:
|
||||||
if (!igninvflag)
|
if (!igninvflag)
|
||||||
rc = GPG_ERR_INV_FLAG;
|
rc = GPG_ERR_INV_FLAG;
|
||||||
Index: libgcrypt-1.11.1/src/cipher.h
|
Index: libgcrypt-1.12.0/src/cipher.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/cipher.h
|
--- libgcrypt-1.12.0.orig/src/cipher.h
|
||||||
+++ libgcrypt-1.11.1/src/cipher.h
|
+++ libgcrypt-1.12.0/src/cipher.h
|
||||||
@@ -26,24 +26,25 @@
|
@@ -46,6 +46,7 @@
|
||||||
|
#define PUBKEY_FLAG_PREHASH (1 << 17)
|
||||||
#include "../random/random.h"
|
#define PUBKEY_FLAG_BYTE_STRING (1 << 18)
|
||||||
|
#define PUBKEY_FLAG_NO_PREFIX (1 << 19)
|
||||||
-#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
|
+#define PUBKEY_FLAG_NO_IMPLICIT_REJECTION (1 << 20)
|
||||||
-#define PUBKEY_FLAG_RFC6979 (1 << 1)
|
/*
|
||||||
-#define PUBKEY_FLAG_FIXEDLEN (1 << 2)
|
* The internal flag to select least leak implementation for ECC.
|
||||||
-#define PUBKEY_FLAG_LEGACYRESULT (1 << 3)
|
* It needs to be a distinct value not covered by PUBKEY_* above.
|
||||||
-#define PUBKEY_FLAG_RAW_FLAG (1 << 4)
|
Index: libgcrypt-1.12.0/tests/pkcs1v2-v15c.h
|
||||||
-#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 5)
|
|
||||||
-#define PUBKEY_FLAG_USE_X931 (1 << 6)
|
|
||||||
-#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
|
|
||||||
-#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
|
|
||||||
-#define PUBKEY_FLAG_PARAM (1 << 9)
|
|
||||||
-#define PUBKEY_FLAG_COMP (1 << 10)
|
|
||||||
-#define PUBKEY_FLAG_NOCOMP (1 << 11)
|
|
||||||
-#define PUBKEY_FLAG_EDDSA (1 << 12)
|
|
||||||
-#define PUBKEY_FLAG_GOST (1 << 13)
|
|
||||||
-#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
|
|
||||||
-#define PUBKEY_FLAG_DJB_TWEAK (1 << 15)
|
|
||||||
-#define PUBKEY_FLAG_SM2 (1 << 16)
|
|
||||||
-#define PUBKEY_FLAG_PREHASH (1 << 17)
|
|
||||||
+#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
|
|
||||||
+#define PUBKEY_FLAG_RFC6979 (1 << 1)
|
|
||||||
+#define PUBKEY_FLAG_FIXEDLEN (1 << 2)
|
|
||||||
+#define PUBKEY_FLAG_LEGACYRESULT (1 << 3)
|
|
||||||
+#define PUBKEY_FLAG_RAW_FLAG (1 << 4)
|
|
||||||
+#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 5)
|
|
||||||
+#define PUBKEY_FLAG_USE_X931 (1 << 6)
|
|
||||||
+#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
|
|
||||||
+#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
|
|
||||||
+#define PUBKEY_FLAG_PARAM (1 << 9)
|
|
||||||
+#define PUBKEY_FLAG_COMP (1 << 10)
|
|
||||||
+#define PUBKEY_FLAG_NOCOMP (1 << 11)
|
|
||||||
+#define PUBKEY_FLAG_EDDSA (1 << 12)
|
|
||||||
+#define PUBKEY_FLAG_GOST (1 << 13)
|
|
||||||
+#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
|
|
||||||
+#define PUBKEY_FLAG_DJB_TWEAK (1 << 15)
|
|
||||||
+#define PUBKEY_FLAG_SM2 (1 << 16)
|
|
||||||
+#define PUBKEY_FLAG_PREHASH (1 << 17)
|
|
||||||
+#define PUBKEY_FLAG_NO_IMPLICIT_REJECTION (1 << 18)
|
|
||||||
|
|
||||||
|
|
||||||
enum pk_operation
|
|
||||||
Index: libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/tests/pkcs1v2-v15c.h
|
--- libgcrypt-1.12.0.orig/tests/pkcs1v2-v15c.h
|
||||||
+++ libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
+++ libgcrypt-1.12.0/tests/pkcs1v2-v15c.h
|
||||||
@@ -21,6 +21,7 @@
|
@@ -21,6 +21,7 @@
|
||||||
const char *mesg;
|
const char *mesg;
|
||||||
const char *seed;
|
const char *seed;
|
||||||
@@ -1623,10 +1587,10 @@ Index: libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
|||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
Index: libgcrypt-1.11.1/tests/pkcs1v2.c
|
Index: libgcrypt-1.12.0/tests/pkcs1v2.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/tests/pkcs1v2.c
|
--- libgcrypt-1.12.0.orig/tests/pkcs1v2.c
|
||||||
+++ libgcrypt-1.11.1/tests/pkcs1v2.c
|
+++ libgcrypt-1.12.0/tests/pkcs1v2.c
|
||||||
@@ -82,7 +82,7 @@ data_from_hex (const char *string, size_
|
@@ -82,7 +82,7 @@ data_from_hex (const char *string, size_
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/doc/gcrypt.texi
|
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||||
+++ libgcrypt-1.11.1/doc/gcrypt.texi
|
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
@@ -998,13 +998,21 @@ certification. If the function is approv
|
@@ -1007,13 +1007,21 @@ certification. If the function is approv
|
||||||
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
|
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
|
||||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
|
||||||
@@ -28,11 +28,11 @@ Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
|||||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
|
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
|
||||||
|
|
||||||
Check if the given message digest algorithm is approved under the current
|
Check if the given message digest algorithm is approved under the current
|
||||||
Index: libgcrypt-1.11.1/src/fips.c
|
Index: libgcrypt-1.12.0/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/fips.c
|
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||||
+++ libgcrypt-1.11.1/src/fips.c
|
+++ libgcrypt-1.12.0/src/fips.c
|
||||||
@@ -512,31 +512,6 @@ _gcry_fips_indicator_pk (va_list arg_ptr
|
@@ -538,31 +538,6 @@ _gcry_fips_indicator_pk (va_list arg_ptr
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -64,7 +64,7 @@ Index: libgcrypt-1.11.1/src/fips.c
|
|||||||
_gcry_fips_indicator_md (va_list arg_ptr)
|
_gcry_fips_indicator_md (va_list arg_ptr)
|
||||||
{
|
{
|
||||||
enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
|
enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
|
||||||
@@ -647,6 +622,62 @@ _gcry_fips_indicator_pk_flags (va_list a
|
@@ -673,6 +648,62 @@ _gcry_fips_indicator_pk_flags (va_list a
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -127,11 +127,11 @@ Index: libgcrypt-1.11.1/src/fips.c
|
|||||||
|
|
||||||
/* This is a test on whether the library is in the error or
|
/* This is a test on whether the library is in the error or
|
||||||
operational state. */
|
operational state. */
|
||||||
Index: libgcrypt-1.11.1/src/g10lib.h
|
Index: libgcrypt-1.12.0/src/g10lib.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/g10lib.h
|
--- libgcrypt-1.12.0.orig/src/g10lib.h
|
||||||
+++ libgcrypt-1.11.1/src/g10lib.h
|
+++ libgcrypt-1.12.0/src/g10lib.h
|
||||||
@@ -478,6 +478,7 @@ void _gcry_fips_signal_error (const char
|
@@ -485,6 +485,7 @@ void _gcry_fips_signal_error (const char
|
||||||
gpg_err_code_t _gcry_fips_indicator (void);
|
gpg_err_code_t _gcry_fips_indicator (void);
|
||||||
|
|
||||||
int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
||||||
@@ -139,11 +139,11 @@ Index: libgcrypt-1.11.1/src/g10lib.h
|
|||||||
int _gcry_fips_indicator_mac (va_list arg_ptr);
|
int _gcry_fips_indicator_mac (va_list arg_ptr);
|
||||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
Index: libgcrypt-1.12.0/src/gcrypt.h.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
--- libgcrypt-1.12.0.orig/src/gcrypt.h.in
|
||||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
+++ libgcrypt-1.12.0/src/gcrypt.h.in
|
||||||
@@ -338,7 +338,8 @@ enum gcry_ctl_cmds
|
@@ -345,7 +345,8 @@ enum gcry_ctl_cmds
|
||||||
GCRYCTL_MD_CUSTOMIZE = 88,
|
GCRYCTL_MD_CUSTOMIZE = 88,
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
||||||
GCRYCTL_FIPS_REJECT_NON_FIPS = 90,
|
GCRYCTL_FIPS_REJECT_NON_FIPS = 90,
|
||||||
@@ -153,10 +153,10 @@ Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
|||||||
};
|
};
|
||||||
|
|
||||||
/* Perform various operations defined by CMD. */
|
/* Perform various operations defined by CMD. */
|
||||||
Index: libgcrypt-1.11.1/src/global.c
|
Index: libgcrypt-1.12.0/src/global.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/global.c
|
--- libgcrypt-1.12.0.orig/src/global.c
|
||||||
+++ libgcrypt-1.11.1/src/global.c
|
+++ libgcrypt-1.12.0/src/global.c
|
||||||
@@ -808,6 +808,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
@@ -808,6 +808,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
rc = _gcry_fips_indicator_cipher (arg_ptr);
|
rc = _gcry_fips_indicator_cipher (arg_ptr);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
Index: libgcrypt-1.11.0/src/fips.c
|
Index: libgcrypt-1.12.0/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.0.orig/src/fips.c
|
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||||
+++ libgcrypt-1.11.0/src/fips.c
|
+++ libgcrypt-1.12.0/src/fips.c
|
||||||
@@ -523,10 +523,15 @@ int
|
@@ -594,10 +594,15 @@ int
|
||||||
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
||||||
{
|
{
|
||||||
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
||||||
@@ -18,11 +18,11 @@ Index: libgcrypt-1.11.0/src/fips.c
|
|||||||
return GPG_ERR_NO_ERROR;
|
return GPG_ERR_NO_ERROR;
|
||||||
default:
|
default:
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
Index: libgcrypt-1.11.0/doc/gcrypt.texi
|
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
|
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||||
+++ libgcrypt-1.11.0/doc/gcrypt.texi
|
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
@@ -983,12 +983,13 @@ is approved under the current FIPS 140-3
|
@@ -992,12 +992,13 @@ is approved under the current FIPS 140-3
|
||||||
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
|
||||||
@@ -40,10 +40,10 @@ Index: libgcrypt-1.11.0/doc/gcrypt.texi
|
|||||||
|
|
||||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
|
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
|
||||||
|
|
||||||
Index: libgcrypt-1.11.0/tests/t-kdf.c
|
Index: libgcrypt-1.12.0/tests/t-kdf.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.0.orig/tests/t-kdf.c
|
--- libgcrypt-1.12.0.orig/tests/t-kdf.c
|
||||||
+++ libgcrypt-1.11.0/tests/t-kdf.c
|
+++ libgcrypt-1.12.0/tests/t-kdf.c
|
||||||
@@ -1889,7 +1889,12 @@ check_fips_indicators (void)
|
@@ -1889,7 +1889,12 @@ check_fips_indicators (void)
|
||||||
for (i = 0; i < sizeof(kdf_algos) / sizeof(*kdf_algos); i++)
|
for (i = 0; i < sizeof(kdf_algos) / sizeof(*kdf_algos); i++)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
Index: libgcrypt-1.11.1/src/fips.c
|
Index: libgcrypt-1.12.0/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/fips.c
|
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||||
+++ libgcrypt-1.11.1/src/fips.c
|
+++ libgcrypt-1.12.0/src/fips.c
|
||||||
@@ -38,6 +38,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
|
|
||||||
#include "g10lib.h"
|
#include "g10lib.h"
|
||||||
#include "cipher-proto.h"
|
#include "cipher-proto.h"
|
||||||
@@ -10,7 +10,7 @@ Index: libgcrypt-1.11.1/src/fips.c
|
|||||||
#include "../random/random.h"
|
#include "../random/random.h"
|
||||||
|
|
||||||
/* The states of the finite state machine used in fips mode. */
|
/* The states of the finite state machine used in fips mode. */
|
||||||
@@ -420,6 +421,94 @@ _gcry_fips_indicator_cipher (va_list arg
|
@@ -446,6 +447,94 @@ _gcry_fips_indicator_cipher (va_list arg
|
||||||
default:
|
default:
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
@@ -105,11 +105,11 @@ Index: libgcrypt-1.11.1/src/fips.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
Index: libgcrypt-1.12.0/src/gcrypt.h.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
--- libgcrypt-1.12.0.orig/src/gcrypt.h.in
|
||||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
+++ libgcrypt-1.12.0/src/gcrypt.h.in
|
||||||
@@ -337,7 +337,8 @@ enum gcry_ctl_cmds
|
@@ -344,7 +344,8 @@ enum gcry_ctl_cmds
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
||||||
GCRYCTL_MD_CUSTOMIZE = 88,
|
GCRYCTL_MD_CUSTOMIZE = 88,
|
||||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
||||||
@@ -119,11 +119,11 @@ Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
|||||||
};
|
};
|
||||||
|
|
||||||
/* Perform various operations defined by CMD. */
|
/* Perform various operations defined by CMD. */
|
||||||
Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/doc/gcrypt.texi
|
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||||
+++ libgcrypt-1.11.1/doc/gcrypt.texi
|
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||||
@@ -1010,6 +1010,19 @@ Check if the given message digest algori
|
@@ -1019,6 +1019,19 @@ Check if the given message digest algori
|
||||||
FIPS 140-3 certification. If the algorithm is approved, this function returns
|
FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||||
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
|
||||||
@@ -143,11 +143,11 @@ Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
|||||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
||||||
|
|
||||||
Check if the given public key operation flag or s-expression object name is
|
Check if the given public key operation flag or s-expression object name is
|
||||||
Index: libgcrypt-1.11.1/src/g10lib.h
|
Index: libgcrypt-1.12.0/src/g10lib.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/g10lib.h
|
--- libgcrypt-1.12.0.orig/src/g10lib.h
|
||||||
+++ libgcrypt-1.11.1/src/g10lib.h
|
+++ libgcrypt-1.12.0/src/g10lib.h
|
||||||
@@ -482,6 +482,7 @@ int _gcry_fips_indicator_mac (va_list ar
|
@@ -489,6 +489,7 @@ int _gcry_fips_indicator_mac (va_list ar
|
||||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||||
int _gcry_fips_indicator_function (va_list arg_ptr);
|
int _gcry_fips_indicator_function (va_list arg_ptr);
|
||||||
@@ -155,10 +155,10 @@ Index: libgcrypt-1.11.1/src/g10lib.h
|
|||||||
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
|
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
|
||||||
|
|
||||||
int _gcry_fips_is_operational (void);
|
int _gcry_fips_is_operational (void);
|
||||||
Index: libgcrypt-1.11.1/src/global.c
|
Index: libgcrypt-1.12.0/src/global.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/src/global.c
|
--- libgcrypt-1.12.0.orig/src/global.c
|
||||||
+++ libgcrypt-1.11.1/src/global.c
|
+++ libgcrypt-1.12.0/src/global.c
|
||||||
@@ -842,6 +842,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
@@ -842,6 +842,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
|
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.11.1/random/Makefile.am
|
Index: libgcrypt-1.12.0/random/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/random/Makefile.am
|
--- libgcrypt-1.12.0.orig/random/Makefile.am
|
||||||
+++ libgcrypt-1.11.1/random/Makefile.am
|
+++ libgcrypt-1.12.0/random/Makefile.am
|
||||||
@@ -21,7 +21,7 @@
|
@@ -21,7 +21,7 @@
|
||||||
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
||||||
# a built header.
|
# a built header.
|
||||||
@@ -50,10 +50,10 @@ Index: libgcrypt-1.11.1/random/Makefile.am
|
|||||||
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
|
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
|
||||||
+rndjent.lo: $(srcdir)/rndjent.c
|
+rndjent.lo: $(srcdir)/rndjent.c
|
||||||
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
|
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
|
||||||
Index: libgcrypt-1.11.1/random/rndjent.c
|
Index: libgcrypt-1.12.0/random/rndjent.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/random/rndjent.c
|
--- libgcrypt-1.12.0.orig/random/rndjent.c
|
||||||
+++ libgcrypt-1.11.1/random/rndjent.c
|
+++ libgcrypt-1.12.0/random/rndjent.c
|
||||||
@@ -94,17 +94,12 @@
|
@@ -94,17 +94,12 @@
|
||||||
* jitterentropy-user-base.h file. */
|
* jitterentropy-user-base.h file. */
|
||||||
|
|
||||||
@@ -74,10 +74,10 @@ Index: libgcrypt-1.11.1/random/rndjent.c
|
|||||||
|
|
||||||
/* This is the lock we use to serialize access to this RNG. The extra
|
/* This is the lock we use to serialize access to this RNG. The extra
|
||||||
* integer variable is only used to check the locking state; that is,
|
* integer variable is only used to check the locking state; that is,
|
||||||
Index: libgcrypt-1.11.1/random/Makefile.in
|
Index: libgcrypt-1.12.0/random/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.11.1.orig/random/Makefile.in
|
--- libgcrypt-1.12.0.orig/random/Makefile.in
|
||||||
+++ libgcrypt-1.11.1/random/Makefile.in
|
+++ libgcrypt-1.12.0/random/Makefile.in
|
||||||
@@ -147,12 +147,7 @@ am__v_at_1 =
|
@@ -147,12 +147,7 @@ am__v_at_1 =
|
||||||
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
|
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
|
||||||
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
|
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
|
||||||
@@ -92,7 +92,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
./$(DEPDIR)/random-csprng.Plo ./$(DEPDIR)/random-drbg.Plo \
|
./$(DEPDIR)/random-csprng.Plo ./$(DEPDIR)/random-drbg.Plo \
|
||||||
./$(DEPDIR)/random-system.Plo ./$(DEPDIR)/random.Plo \
|
./$(DEPDIR)/random-system.Plo ./$(DEPDIR)/random.Plo \
|
||||||
./$(DEPDIR)/rndegd.Plo ./$(DEPDIR)/rndgetentropy.Plo \
|
./$(DEPDIR)/rndegd.Plo ./$(DEPDIR)/rndgetentropy.Plo \
|
||||||
@@ -375,7 +370,7 @@ top_srcdir = @top_srcdir@
|
@@ -379,7 +374,7 @@ top_srcdir = @top_srcdir@
|
||||||
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
||||||
# a built header.
|
# a built header.
|
||||||
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
||||||
@@ -101,7 +101,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
noinst_LTLIBRARIES = librandom.la
|
noinst_LTLIBRARIES = librandom.la
|
||||||
GCRYPT_MODULES = @GCRYPT_RANDOM@
|
GCRYPT_MODULES = @GCRYPT_RANDOM@
|
||||||
librandom_la_DEPENDENCIES = $(GCRYPT_MODULES)
|
librandom_la_DEPENDENCIES = $(GCRYPT_MODULES)
|
||||||
@@ -394,14 +389,7 @@ rndgetentropy.c \
|
@@ -398,14 +393,7 @@ rndgetentropy.c \
|
||||||
rndoldlinux.c \
|
rndoldlinux.c \
|
||||||
rndegd.c \
|
rndegd.c \
|
||||||
rndunix.c \
|
rndunix.c \
|
||||||
@@ -117,7 +117,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
|
|
||||||
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
|
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
|
||||||
|
|
||||||
@@ -461,12 +449,6 @@ mostlyclean-compile:
|
@@ -465,12 +453,6 @@ mostlyclean-compile:
|
||||||
distclean-compile:
|
distclean-compile:
|
||||||
-rm -f *.tab.c
|
-rm -f *.tab.c
|
||||||
|
|
||||||
@@ -130,7 +130,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-csprng.Plo@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-csprng.Plo@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-drbg.Plo@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-drbg.Plo@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-system.Plo@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-system.Plo@am__quote@ # am--include-marker
|
||||||
@@ -636,12 +618,6 @@ clean-am: clean-generic clean-libtool cl
|
@@ -640,12 +622,6 @@ clean-am: clean-generic clean-libtool cl
|
||||||
mostlyclean-am
|
mostlyclean-am
|
||||||
|
|
||||||
distclean: distclean-am
|
distclean: distclean-am
|
||||||
@@ -143,7 +143,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
||||||
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
||||||
-rm -f ./$(DEPDIR)/random-system.Plo
|
-rm -f ./$(DEPDIR)/random-system.Plo
|
||||||
@@ -698,12 +674,6 @@ install-ps-am:
|
@@ -702,12 +678,6 @@ install-ps-am:
|
||||||
installcheck-am:
|
installcheck-am:
|
||||||
|
|
||||||
maintainer-clean: maintainer-clean-am
|
maintainer-clean: maintainer-clean-am
|
||||||
@@ -156,7 +156,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
|||||||
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
||||||
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
||||||
-rm -f ./$(DEPDIR)/random-system.Plo
|
-rm -f ./$(DEPDIR)/random-system.Plo
|
||||||
@@ -752,22 +722,10 @@ uninstall-am:
|
@@ -756,22 +726,10 @@ uninstall-am:
|
||||||
.PRECIOUS: Makefile
|
.PRECIOUS: Makefile
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.10.0/random/rndoldlinux.c
|
Index: libgcrypt-1.12.0/random/rndoldlinux.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
|
--- libgcrypt-1.12.0.orig/random/rndoldlinux.c
|
||||||
+++ libgcrypt-1.10.0/random/rndoldlinux.c
|
+++ libgcrypt-1.12.0/random/rndoldlinux.c
|
||||||
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
|
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
|
||||||
volatile pid_t apid;
|
volatile pid_t apid;
|
||||||
int fd;
|
int fd;
|
||||||
@@ -80,35 +80,34 @@ Index: libgcrypt-1.10.0/random/rndoldlinux.c
|
|||||||
_gcry_pre_syscall ();
|
_gcry_pre_syscall ();
|
||||||
ret = getentropy (buffer, nbytes);
|
ret = getentropy (buffer, nbytes);
|
||||||
_gcry_post_syscall ();
|
_gcry_post_syscall ();
|
||||||
Index: libgcrypt-1.10.0/random/rndjent.c
|
Index: libgcrypt-1.12.0/random/rndjent.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.10.0.orig/random/rndjent.c
|
--- libgcrypt-1.12.0.orig/random/rndjent.c
|
||||||
+++ libgcrypt-1.10.0/random/rndjent.c
|
+++ libgcrypt-1.12.0/random/rndjent.c
|
||||||
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
|
@@ -294,15 +294,23 @@ _gcry_rndjent_poll (void (*add)(const vo
|
||||||
if (!jent_rng_is_initialized)
|
|
||||||
{
|
|
||||||
/* Auto-initialize. */
|
|
||||||
- jent_rng_is_initialized = 1;
|
|
||||||
jent_entropy_collector_free (jent_rng_collector);
|
|
||||||
jent_rng_collector = NULL;
|
jent_rng_collector = NULL;
|
||||||
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
|
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
|
||||||
{
|
{
|
||||||
- if (!jent_entropy_init ())
|
- if (!jent_entropy_init ())
|
||||||
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
+ if (!jent_entropy_init_ex (1, 0))
|
||||||
+ if (!jent_entropy_init_ex (1, 0))
|
{
|
||||||
+ {
|
jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
- if (jent_rng_collector != NULL)
|
||||||
|
- jent_rng_is_initialized = 1;
|
||||||
+ jent_rng_is_initialized = 1;
|
+ jent_rng_is_initialized = 1;
|
||||||
+ }
|
}
|
||||||
+ }
|
}
|
||||||
+ }
|
}
|
||||||
+
|
|
||||||
+ if (!jent_rng_collector)
|
+ if (!jent_rng_collector)
|
||||||
+ {
|
+ {
|
||||||
+ if (!jent_entropy_init_ex (1, 0))
|
+ if (!jent_entropy_init_ex (1, 0))
|
||||||
+ {
|
+ {
|
||||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||||
+ jent_rng_is_initialized = 1;
|
+ jent_rng_is_initialized = 1;
|
||||||
}
|
+ }
|
||||||
}
|
+ }
|
||||||
|
+
|
||||||
|
if (jent_rng_collector && add)
|
||||||
|
{
|
||||||
|
/* We have a working JENT and it has not been disabled. */
|
||||||
|
|||||||
@@ -1,17 +1,17 @@
|
|||||||
Index: libgcrypt-1.10.2/autogen.sh
|
Index: libgcrypt-1.12.0/autogen.sh
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.10.2.orig/autogen.sh
|
--- libgcrypt-1.12.0.orig/autogen.sh
|
||||||
+++ libgcrypt-1.10.2/autogen.sh
|
+++ libgcrypt-1.12.0/autogen.sh
|
||||||
@@ -249,7 +249,7 @@ if [ "$myhost" = "find-version" ]; then
|
@@ -259,7 +259,7 @@ if [ "$myhost" = "find-version" ]; then
|
||||||
fi
|
matchexcl="--exclude $package-*beta*"
|
||||||
|
|
||||||
beta=no
|
beta=no
|
||||||
- if [ -e .git ]; then
|
- if [ -e .git ]; then
|
||||||
+ if false; then
|
+ if false; then
|
||||||
ingit=yes
|
ingit=yes
|
||||||
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
|
tmp=$(git describe --match "${matchstr1}" $matchexcl --long 2>/dev/null)
|
||||||
tmp=$(echo "$tmp" | sed s/^"$package"//)
|
if [ -n "$tmp" ]; then
|
||||||
@@ -265,8 +265,8 @@ if [ "$myhost" = "find-version" ]; then
|
@@ -285,8 +285,8 @@ if [ "$myhost" = "find-version" ]; then
|
||||||
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
|
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
|
||||||
else
|
else
|
||||||
ingit=no
|
ingit=no
|
||||||
@@ -19,6 +19,6 @@ Index: libgcrypt-1.10.2/autogen.sh
|
|||||||
- tmp="-unknown"
|
- tmp="-unknown"
|
||||||
+ beta=no
|
+ beta=no
|
||||||
+ tmp=""
|
+ tmp=""
|
||||||
|
cid="0000000"
|
||||||
rev="0000000"
|
rev="0000000"
|
||||||
rvd="0"
|
rvd="0"
|
||||||
fi
|
|
||||||
|
|||||||
@@ -1,9 +1,44 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 5 13:23:03 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
Mon Feb 2 13:20:33 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.12.0 (jsc#PED-15059)
|
||||||
|
* New and extended interfaces:
|
||||||
|
- Allow access to the FIPS service indicator via the new
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR control code.
|
||||||
|
- Make SHA-1 non-FIPS internally for the 1.12 API
|
||||||
|
- Add Dilithium (ML-DSA) support
|
||||||
|
- Support optional random-override and support byte string data
|
||||||
|
* Bug fixes:
|
||||||
|
- Use secure MPI in _gcry_mpi_assign_limb_space.
|
||||||
|
- Use CSIDL_COMMON_APPDATA instead of /etc on Windows.
|
||||||
|
- Apply a Kyber patch from upstream.
|
||||||
|
- Fix an edge case in Jent initialization.
|
||||||
|
- mceliece6688128f: Fix stack overflow crash on win64/wine
|
||||||
|
* Performance:
|
||||||
|
- Many performance improvements, new AVX512 implementations for modern CPUs.
|
||||||
|
- Add RISC-V Zbb+Zbc implementation of CRC.
|
||||||
|
- Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
|
||||||
|
- Add AVX2 and AVX512 code paths to improve CRC.
|
||||||
|
For a full changelog, see:
|
||||||
|
https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0
|
||||||
|
* Dropped libgcrypt-1.11.1-public-SLI-API.patch - applied upstream
|
||||||
|
* Rebased libgcrypt-CVE-2024-2236.patch
|
||||||
|
* Rebased libgcrypt-FIPS-SLI-hash-mac.patch
|
||||||
|
* Rebased libgcrypt-FIPS-SLI-kdf-leylength.patch
|
||||||
|
* Rebased libgcrypt-FIPS-SLI-pk.patch
|
||||||
|
* Rebased libgcrypt-FIPS-jitter-standalone.patch
|
||||||
|
* Rebased libgcrypt-FIPS-rndjent_poll.patch
|
||||||
|
* Rebased libgcrypt-nobetasuffix.patch
|
||||||
|
* Rebased libgcrypt-rol64-redefinition.patch
|
||||||
|
* Added libgcrypt-1.12.0-ec_regression.patch
|
||||||
|
* libgcrypt 1.12.0: gcry_mpi_ec_curve_point corrupts point
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 9 11:20:28 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||||
|
|
||||||
- Security fix [bsc#1221107, CVE-2024-2236]
|
- Security fix [bsc#1221107, CVE-2024-2236]
|
||||||
* Add --enable-marvin-workaround to spec to enable workaround
|
* Add --enable-marvin-workaround to spec to enable workaround
|
||||||
* Fix timing based side-channel in RSA implementation ( Marvin attack )
|
* Fix timing based side-channel in RSA implementation ( Marvin attack )
|
||||||
* Add libgcrypt-CVE-2024-2236.patch
|
* Add libgcrypt-CVE-2024-2236.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
|
|||||||
@@ -20,7 +20,7 @@
|
|||||||
%define libsoname %{name}%{libsover}
|
%define libsoname %{name}%{libsover}
|
||||||
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
|
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
|
||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.11.1
|
Version: 1.12.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The GNU Crypto Library
|
Summary: The GNU Crypto Library
|
||||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||||
@@ -37,8 +37,6 @@ Source99: libgcrypt.changes
|
|||||||
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
|
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
|
||||||
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
|
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
|
||||||
Patch2: libgcrypt-nobetasuffix.patch
|
Patch2: libgcrypt-nobetasuffix.patch
|
||||||
#PATCH-FIX-SUSE: Make the revamped SLI api public
|
|
||||||
Patch3: libgcrypt-1.11.1-public-SLI-API.patch
|
|
||||||
# FIPS patches:
|
# FIPS patches:
|
||||||
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
|
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
|
||||||
Patch100: libgcrypt-FIPS-SLI-pk.patch
|
Patch100: libgcrypt-FIPS-SLI-pk.patch
|
||||||
@@ -58,9 +56,11 @@ Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
|
|||||||
Patch108: libgcrypt-rol64-redefinition.patch
|
Patch108: libgcrypt-rol64-redefinition.patch
|
||||||
#PATCH-FIX-CENTOS timing based side-channel in RSA implementation
|
#PATCH-FIX-CENTOS timing based side-channel in RSA implementation
|
||||||
Patch109: libgcrypt-CVE-2024-2236.patch
|
Patch109: libgcrypt-CVE-2024-2236.patch
|
||||||
|
# PATCH-FIX-UPSTREAM: gcry_mpi_ec_curve_point corrupts point in 1.12.0
|
||||||
|
Patch110: libgcrypt-1.12.0-ec_regression.patch
|
||||||
|
|
||||||
BuildRequires: automake >= 1.14
|
BuildRequires: automake >= 1.14
|
||||||
BuildRequires: libgpg-error-devel >= 1.49
|
BuildRequires: libgpg-error-devel >= 1.56
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: makeinfo
|
BuildRequires: makeinfo
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@@ -92,7 +92,7 @@ Group: Development/Libraries/C and C++
|
|||||||
Requires: %{libsoname} = %{version}
|
Requires: %{libsoname} = %{version}
|
||||||
Requires: glibc-devel
|
Requires: glibc-devel
|
||||||
Requires: jitterentropy-devel >= 3.4.0
|
Requires: jitterentropy-devel >= 3.4.0
|
||||||
Requires: libgpg-error-devel >= 1.49
|
Requires: libgpg-error-devel >= 1.56
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
Libgcrypt is a general purpose library of cryptographic building
|
Libgcrypt is a general purpose library of cryptographic building
|
||||||
@@ -113,7 +113,7 @@ sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile
|
|||||||
find . -type f -name "jitterentropy*" -print -delete
|
find . -type f -name "jitterentropy*" -print -delete
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export PUBKEYS="dsa elgamal rsa ecc"
|
export PUBKEYS="dsa elgamal rsa ecc dilithium"
|
||||||
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
|
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
|
||||||
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
|
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
|
||||||
export KDFS="s2k pkdf2 scrypt"
|
export KDFS="s2k pkdf2 scrypt"
|
||||||
@@ -129,8 +129,8 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
|||||||
--enable-pubkey-ciphers="$PUBKEYS" \
|
--enable-pubkey-ciphers="$PUBKEYS" \
|
||||||
--enable-digests="$DIGESTS" \
|
--enable-digests="$DIGESTS" \
|
||||||
--enable-kdfs="$KDFS" \
|
--enable-kdfs="$KDFS" \
|
||||||
|
--enable-marvin-workaround \
|
||||||
--enable-noexecstack \
|
--enable-noexecstack \
|
||||||
--enable-marvin-workaround \
|
|
||||||
--disable-static \
|
--disable-static \
|
||||||
%ifarch %{sparc}
|
%ifarch %{sparc}
|
||||||
--disable-asm \
|
--disable-asm \
|
||||||
|
|||||||
Reference in New Issue
Block a user