Compare commits
2 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| c43f006f6b | |||
| 643993cbfa |
@@ -1,37 +0,0 @@
|
||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
@@ -335,12 +335,9 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
||||
- GCRYCTL_MD_CUSTOMIZE = 88
|
||||
-#ifdef _GCRYPT_IN_LIBGCRYPT /* This is not yet part of the public API. */
|
||||
- ,
|
||||
+ GCRYCTL_MD_CUSTOMIZE = 88,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
||||
GCRYCTL_FIPS_REJECT_NON_FIPS = 90
|
||||
-#endif /*_GCRYPT_IN_LIBGCRYPT*/
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
@@ -1977,8 +1974,6 @@ void gcry_log_debugsxp (const char *text
|
||||
char *gcry_get_config (int mode, const char *what);
|
||||
|
||||
/* Convinience macro to access the FIPS service indicator. */
|
||||
-#ifdef _GCRYPT_IN_LIBGCRYPT /* This is not yet part of the public API. */
|
||||
-
|
||||
#define gcry_get_fips_service_indicator() \
|
||||
gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR)
|
||||
|
||||
@@ -2012,9 +2007,6 @@ char *gcry_get_config (int mode, const c
|
||||
#define GCRY_FIPS_FLAG_REJECT_DEFAULT \
|
||||
GCRY_FIPS_FLAG_REJECT_COMPAT110
|
||||
|
||||
-#endif /*_GCRYPT_IN_LIBGCRYPT*/
|
||||
-
|
||||
-
|
||||
/* Log levels used by the internal logging facility. */
|
||||
enum gcry_log_levels
|
||||
{
|
||||
BIN
libgcrypt-1.11.2.tar.bz2
LFS
BIN
libgcrypt-1.11.2.tar.bz2
LFS
Binary file not shown.
Binary file not shown.
33
libgcrypt-1.12.0-ec_regression.patch
Normal file
33
libgcrypt-1.12.0-ec_regression.patch
Normal file
@@ -0,0 +1,33 @@
|
||||
==========================
|
||||
diff --git a/mpi/ec.c b/mpi/ec.c
|
||||
index d7bad4a6..b0b6f427 100644
|
||||
--- a/mpi/ec.c
|
||||
+++ b/mpi/ec.c
|
||||
@@ -1220,18 +1220,20 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
|
||||
|
||||
if (x)
|
||||
{
|
||||
- mpi_resize (point->x, ctx->p->nlimbs);
|
||||
- point->x->nlimbs = ctx->p->nlimbs;
|
||||
- ec_mulm_lli (x, point->x, z2, ctx);
|
||||
+ mpi_set (x, point->x);
|
||||
+ mpi_resize (x, ctx->p->nlimbs);
|
||||
+ x->nlimbs = ctx->p->nlimbs;
|
||||
+ ec_mulm_lli (x, x, z2, ctx);
|
||||
}
|
||||
|
||||
if (y)
|
||||
{
|
||||
- mpi_resize (point->y, ctx->p->nlimbs);
|
||||
- point->y->nlimbs = ctx->p->nlimbs;
|
||||
+ mpi_set (y, point->y);
|
||||
+ mpi_resize (y, ctx->p->nlimbs);
|
||||
+ y->nlimbs = ctx->p->nlimbs;
|
||||
z3 = mpi_new (0);
|
||||
ec_mulm_lli (z3, z2, z1, ctx); /* z3 = z^(-3) mod p */
|
||||
- ec_mulm_lli (y, point->y, z3, ctx);
|
||||
+ ec_mulm_lli (y, y, z3, ctx);
|
||||
mpi_free (z3);
|
||||
}
|
||||
|
||||
--
|
||||
BIN
libgcrypt-1.12.0.tar.bz2
LFS
Normal file
BIN
libgcrypt-1.12.0.tar.bz2
LFS
Normal file
Binary file not shown.
BIN
libgcrypt-1.12.0.tar.bz2.sig
Normal file
BIN
libgcrypt-1.12.0.tar.bz2.sig
Normal file
Binary file not shown.
@@ -19,10 +19,10 @@ Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
src/const-time.h | 6 ++++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
Index: libgcrypt-1.11.1/cipher/rsa-common.c
|
||||
Index: libgcrypt-1.12.0/cipher/rsa-common.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/cipher/rsa-common.c
|
||||
+++ libgcrypt-1.11.1/cipher/rsa-common.c
|
||||
--- libgcrypt-1.12.0.orig/cipher/rsa-common.c
|
||||
+++ libgcrypt-1.12.0/cipher/rsa-common.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include "cipher.h"
|
||||
#include "pubkey-internal.h"
|
||||
@@ -344,10 +344,10 @@ Index: libgcrypt-1.11.1/cipher/rsa-common.c
|
||||
if (!seed)
|
||||
{
|
||||
rc = gpg_err_code_from_syserror ();
|
||||
Index: libgcrypt-1.11.1/src/const-time.h
|
||||
Index: libgcrypt-1.12.0/src/const-time.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/const-time.h
|
||||
+++ libgcrypt-1.11.1/src/const-time.h
|
||||
--- libgcrypt-1.12.0.orig/src/const-time.h
|
||||
+++ libgcrypt-1.12.0/src/const-time.h
|
||||
@@ -26,6 +26,7 @@
|
||||
#define ct_not_memequal _gcry_ct_not_memequal
|
||||
#define ct_memequal _gcry_ct_memequal
|
||||
@@ -377,45 +377,45 @@ Index: libgcrypt-1.11.1/src/const-time.h
|
||||
|
||||
/*
|
||||
* Return 0 if A is 0 and return 1 otherwise.
|
||||
@@ -114,7 +129,7 @@ unsigned int _gcry_ct_memequal (const vo
|
||||
DEFINE_CT_TYPE_GEN_MASK(uintptr, uintptr_t)
|
||||
@@ -115,7 +130,7 @@ DEFINE_CT_TYPE_GEN_MASK(uintptr, uintptr
|
||||
DEFINE_CT_TYPE_GEN_MASK(ulong, unsigned long)
|
||||
DEFINE_CT_TYPE_GEN_MASK(int16, int16_t)
|
||||
DEFINE_CT_TYPE_GEN_MASK(u64, u64)
|
||||
-
|
||||
+DEFINE_CT_TYPE_GEN_MASK(uchar, unsigned char)
|
||||
/*
|
||||
* Return all bits set if A is 0 and return 1 otherwise.
|
||||
*/
|
||||
@@ -139,7 +154,7 @@ DEFINE_CT_TYPE_GEN_MASK(int16, int16_t)
|
||||
DEFINE_CT_TYPE_GEN_INV_MASK(uintptr, uintptr_t)
|
||||
@@ -141,7 +156,7 @@ DEFINE_CT_TYPE_GEN_INV_MASK(uintptr, uin
|
||||
DEFINE_CT_TYPE_GEN_INV_MASK(ulong, unsigned long)
|
||||
DEFINE_CT_TYPE_GEN_INV_MASK(int16, int16_t)
|
||||
DEFINE_CT_TYPE_GEN_INV_MASK(u64, u64)
|
||||
-
|
||||
+DEFINE_CT_TYPE_GEN_INV_MASK(uchar, unsigned char)
|
||||
/*
|
||||
* Return A when OP_ENABLED=1
|
||||
* otherwise, return B
|
||||
@@ -155,7 +170,7 @@ DEFINE_CT_TYPE_GEN_INV_MASK(int16, int16
|
||||
DEFINE_CT_TYPE_SELECT_FUNC(uintptr, uintptr_t)
|
||||
@@ -158,7 +173,7 @@ DEFINE_CT_TYPE_SELECT_FUNC(uintptr, uint
|
||||
DEFINE_CT_TYPE_SELECT_FUNC(ulong, unsigned long)
|
||||
DEFINE_CT_TYPE_SELECT_FUNC(int16, int16_t)
|
||||
DEFINE_CT_TYPE_SELECT_FUNC(u64, u64)
|
||||
-
|
||||
+DEFINE_CT_TYPE_SELECT_FUNC(uchar, unsigned char)
|
||||
/*
|
||||
* Return NULL when OP_ENABLED=1
|
||||
* otherwise, return W
|
||||
@@ -174,5 +189,6 @@ sexp_null_cond (gcry_sexp_t w, unsigned
|
||||
@@ -177,5 +192,6 @@ sexp_null_cond (gcry_sexp_t w, unsigned
|
||||
*/
|
||||
void _gcry_ct_memmov_cond (void *dst, const void *src, size_t len,
|
||||
unsigned long op_enable);
|
||||
+void _gcry_ct_memcpy (void *dst, const void *src, size_t len, size_t buffer_len);
|
||||
|
||||
#endif /*GCRY_CONST_TIME_H*/
|
||||
Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
Index: libgcrypt-1.12.0/cipher/rsa.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/cipher/rsa.c
|
||||
+++ libgcrypt-1.11.1/cipher/rsa.c
|
||||
@@ -1197,7 +1197,11 @@ secret_blinded (gcry_mpi_t output, gcry_
|
||||
--- libgcrypt-1.12.0.orig/cipher/rsa.c
|
||||
+++ libgcrypt-1.12.0/cipher/rsa.c
|
||||
@@ -1198,7 +1198,11 @@ secret_blinded (gcry_mpi_t output, gcry_
|
||||
/* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x
|
||||
* is the blinded decrypted data, ri is the modular multiplicative
|
||||
* inverse of r and n is the RSA modulus. */
|
||||
@@ -427,7 +427,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
|
||||
_gcry_mpi_release (r);
|
||||
_gcry_mpi_release (ri);
|
||||
@@ -1432,6 +1436,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
|
||||
@@ -1433,6 +1437,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
|
||||
}
|
||||
|
||||
|
||||
@@ -435,7 +435,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
static gcry_err_code_t
|
||||
rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
||||
|
||||
@@ -1447,6 +1452,9 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
@@ -1448,6 +1453,9 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
unsigned int nbits = rsa_get_nbits (keyparms);
|
||||
gcry_sexp_t result = NULL;
|
||||
gcry_sexp_t dummy = NULL;
|
||||
@@ -445,7 +445,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
|
||||
rc = rsa_check_keysize (nbits);
|
||||
if (rc)
|
||||
@@ -1494,6 +1502,71 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
@@ -1495,6 +1503,71 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
mpi_normalize (data);
|
||||
mpi_fdiv_r (data, data, sk.n);
|
||||
|
||||
@@ -517,7 +517,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
/* Allocate MPI for the plaintext. */
|
||||
plain = mpi_snew (nbits);
|
||||
|
||||
@@ -1524,10 +1597,26 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
@@ -1525,10 +1598,26 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
switch (ctx.encoding)
|
||||
{
|
||||
case PUBKEY_ENC_PKCS1:
|
||||
@@ -544,7 +544,7 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
||||
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
||||
sexp_release (dummy);
|
||||
@@ -1541,7 +1630,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
@@ -1542,7 +1631,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
plain, ctx.label, ctx.labellen);
|
||||
mpi_free (plain);
|
||||
plain = NULL;
|
||||
@@ -556,11 +556,11 @@ Index: libgcrypt-1.11.1/cipher/rsa.c
|
||||
*r_plain = sexp_null_cond (result, ct_is_not_zero (rc));
|
||||
dummy = sexp_null_cond (result, ct_is_zero (rc));
|
||||
sexp_release (dummy);
|
||||
Index: libgcrypt-1.11.1/configure.ac
|
||||
Index: libgcrypt-1.12.0/configure.ac
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/configure.ac
|
||||
+++ libgcrypt-1.11.1/configure.ac
|
||||
@@ -582,6 +582,22 @@ AC_ARG_ENABLE(jent-support,
|
||||
--- libgcrypt-1.12.0.orig/configure.ac
|
||||
+++ libgcrypt-1.12.0/configure.ac
|
||||
@@ -602,6 +602,22 @@ AC_ARG_ENABLE(jent-support,
|
||||
jentsupport=$enableval,jentsupport=yes)
|
||||
AC_MSG_RESULT($jentsupport)
|
||||
|
||||
@@ -583,10 +583,10 @@ Index: libgcrypt-1.11.1/configure.ac
|
||||
# Implementation of the --disable-padlock-support switch.
|
||||
AC_MSG_CHECKING([whether padlock support is requested])
|
||||
AC_ARG_ENABLE(padlock-support,
|
||||
Index: libgcrypt-1.11.1/mpi/Makefile.am
|
||||
Index: libgcrypt-1.12.0/mpi/Makefile.am
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/mpi/Makefile.am
|
||||
+++ libgcrypt-1.11.1/mpi/Makefile.am
|
||||
--- libgcrypt-1.12.0.orig/mpi/Makefile.am
|
||||
+++ libgcrypt-1.12.0/mpi/Makefile.am
|
||||
@@ -181,3 +181,7 @@ EXTRA_libmpi_la_SOURCES = \
|
||||
asm-common-aarch64.h \
|
||||
asm-common-amd64.h \
|
||||
@@ -595,11 +595,11 @@ Index: libgcrypt-1.11.1/mpi/Makefile.am
|
||||
+if WITH_MARVIN_WORKAROUND
|
||||
+libmpi_la_SOURCES += mpi-mul-cs.c
|
||||
+endif
|
||||
Index: libgcrypt-1.11.1/mpi/mpi-internal.h
|
||||
Index: libgcrypt-1.12.0/mpi/mpi-internal.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/mpi/mpi-internal.h
|
||||
+++ libgcrypt-1.11.1/mpi/mpi-internal.h
|
||||
@@ -241,6 +241,12 @@ void _gcry_mpih_mul_karatsuba_case( mpi_
|
||||
--- libgcrypt-1.12.0.orig/mpi/mpi-internal.h
|
||||
+++ libgcrypt-1.12.0/mpi/mpi-internal.h
|
||||
@@ -238,6 +238,12 @@ void _gcry_mpih_mul_karatsuba_case( mpi_
|
||||
mpi_ptr_t vp, mpi_size_t vsize,
|
||||
struct karatsuba_ctx *ctx );
|
||||
|
||||
@@ -612,10 +612,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-internal.h
|
||||
|
||||
/*-- mpih-mul_1.c (or xxx/cpu/ *.S) --*/
|
||||
mpi_limb_t _gcry_mpih_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
|
||||
Index: libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
||||
Index: libgcrypt-1.12.0/mpi/mpi-mul-cs.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
||||
+++ libgcrypt-1.12.0/mpi/mpi-mul-cs.c
|
||||
@@ -0,0 +1,263 @@
|
||||
+/* Copyright (c) 2024, Hubert Kario, Red Hat
|
||||
+ * Released under BSD 2-Clause License, see LICENSE for details
|
||||
@@ -880,10 +880,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-mul-cs.c
|
||||
+
|
||||
+ memcpy (ret, &atmp[anum], sizeof(limb_t)*modnum);
|
||||
+}
|
||||
Index: libgcrypt-1.11.1/mpi/mpi-mul.c
|
||||
Index: libgcrypt-1.12.0/mpi/mpi-mul.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/mpi/mpi-mul.c
|
||||
+++ libgcrypt-1.11.1/mpi/mpi-mul.c
|
||||
--- libgcrypt-1.12.0.orig/mpi/mpi-mul.c
|
||||
+++ libgcrypt-1.12.0/mpi/mpi-mul.c
|
||||
@@ -203,6 +203,133 @@ _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t
|
||||
_gcry_mpi_free_limb_space (tmp_limb, tmp_limb_nlimbs);
|
||||
}
|
||||
@@ -1064,10 +1064,10 @@ Index: libgcrypt-1.11.1/mpi/mpi-mul.c
|
||||
+ _gcry_mpi_reverse_sec (m); /* -- this might be still used by the calling function */
|
||||
+}
|
||||
+#endif /* WITH_MARVIN_WORKAROUND */
|
||||
Index: libgcrypt-1.11.1/src/gcrypt-int.h
|
||||
Index: libgcrypt-1.12.0/src/gcrypt-int.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/gcrypt-int.h
|
||||
+++ libgcrypt-1.11.1/src/gcrypt-int.h
|
||||
--- libgcrypt-1.12.0.orig/src/gcrypt-int.h
|
||||
+++ libgcrypt-1.12.0/src/gcrypt-int.h
|
||||
@@ -470,6 +470,9 @@ void _gcry_mpi_subm (gcry_mpi_t w, gcry_
|
||||
void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
|
||||
void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
|
||||
@@ -1088,24 +1088,24 @@ Index: libgcrypt-1.11.1/src/gcrypt-int.h
|
||||
#define mpi_powm(w,b,e,m) _gcry_mpi_powm ( (w), (b), (e), (m) )
|
||||
#define mpi_tdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), 0)
|
||||
#define mpi_fdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), -1)
|
||||
Index: libgcrypt-1.11.1/src/const-time.c
|
||||
Index: libgcrypt-1.12.0/src/const-time.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/const-time.c
|
||||
+++ libgcrypt-1.11.1/src/const-time.c
|
||||
@@ -77,8 +77,8 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||
--- libgcrypt-1.12.0.orig/src/const-time.c
|
||||
+++ libgcrypt-1.12.0/src/const-time.c
|
||||
@@ -105,8 +105,8 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||
unsigned long op_enable)
|
||||
{
|
||||
/* Note: dual mask with AND/OR used for EM leakage mitigation */
|
||||
- unsigned char mask1 = ct_ulong_gen_mask(op_enable);
|
||||
- unsigned char mask2 = ct_ulong_gen_inv_mask(op_enable);
|
||||
+ volatile unsigned char mask1 = ct_ulong_gen_mask(op_enable);
|
||||
+ volatile unsigned char mask2 = ct_ulong_gen_inv_mask(op_enable);
|
||||
- u64 mask1 = ct_u64_gen_mask (op_enable);
|
||||
- u64 mask2 = ct_u64_gen_inv_mask (op_enable);
|
||||
+ volatile u64 mask1 = ct_u64_gen_mask (op_enable);
|
||||
+ volatile u64 mask2 = ct_u64_gen_inv_mask (op_enable);
|
||||
unsigned char *b_dst = dst;
|
||||
const unsigned char *b_src = src;
|
||||
size_t i;
|
||||
@@ -86,3 +86,27 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||
for (i = 0; i < len; i++)
|
||||
b_dst[i] = (b_dst[i] & mask2) | (b_src[i] & mask1);
|
||||
|
||||
@@ -130,3 +130,27 @@ _gcry_ct_memmov_cond (void *dst, const v
|
||||
len--;
|
||||
}
|
||||
}
|
||||
+
|
||||
+/*
|
||||
@@ -1131,10 +1131,10 @@ Index: libgcrypt-1.11.1/src/const-time.c
|
||||
+ b_dst[i] = (b_src[i] & mask_a) | (b_dst[i] & mask_b);
|
||||
+ }
|
||||
+}
|
||||
Index: libgcrypt-1.11.1/src/sexp.c
|
||||
Index: libgcrypt-1.12.0/src/sexp.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/sexp.c
|
||||
+++ libgcrypt-1.11.1/src/sexp.c
|
||||
--- libgcrypt-1.12.0.orig/src/sexp.c
|
||||
+++ libgcrypt-1.12.0/src/sexp.c
|
||||
@@ -31,6 +31,7 @@
|
||||
|
||||
#define GCRYPT_NO_MPI_MACROS 1
|
||||
@@ -1215,10 +1215,10 @@ Index: libgcrypt-1.11.1/src/sexp.c
|
||||
}
|
||||
else if (*p == 'd')
|
||||
{
|
||||
Index: libgcrypt-1.11.1/cipher/pubkey-internal.h
|
||||
Index: libgcrypt-1.12.0/cipher/pubkey-internal.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/cipher/pubkey-internal.h
|
||||
+++ libgcrypt-1.11.1/cipher/pubkey-internal.h
|
||||
--- libgcrypt-1.12.0.orig/cipher/pubkey-internal.h
|
||||
+++ libgcrypt-1.12.0/cipher/pubkey-internal.h
|
||||
@@ -55,6 +55,14 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi
|
||||
gpg_err_code_t
|
||||
_gcry_rsa_pkcs1_decode_for_enc (unsigned char **r_result, size_t *r_resultlen,
|
||||
@@ -1234,11 +1234,11 @@ Index: libgcrypt-1.11.1/cipher/pubkey-internal.h
|
||||
gpg_err_code_t
|
||||
_gcry_rsa_pkcs1_encode_raw_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
|
||||
const unsigned char *value, size_t valuelen);
|
||||
Index: libgcrypt-1.11.1/cipher/pubkey-util.c
|
||||
Index: libgcrypt-1.12.0/cipher/pubkey-util.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/cipher/pubkey-util.c
|
||||
+++ libgcrypt-1.11.1/cipher/pubkey-util.c
|
||||
@@ -193,6 +193,15 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_
|
||||
--- libgcrypt-1.12.0.orig/cipher/pubkey-util.c
|
||||
+++ libgcrypt-1.12.0/cipher/pubkey-util.c
|
||||
@@ -195,6 +195,15 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_
|
||||
rc = GPG_ERR_INV_FLAG;
|
||||
break;
|
||||
|
||||
@@ -1254,58 +1254,22 @@ Index: libgcrypt-1.11.1/cipher/pubkey-util.c
|
||||
default:
|
||||
if (!igninvflag)
|
||||
rc = GPG_ERR_INV_FLAG;
|
||||
Index: libgcrypt-1.11.1/src/cipher.h
|
||||
Index: libgcrypt-1.12.0/src/cipher.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/cipher.h
|
||||
+++ libgcrypt-1.11.1/src/cipher.h
|
||||
@@ -26,24 +26,25 @@
|
||||
|
||||
#include "../random/random.h"
|
||||
|
||||
-#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
|
||||
-#define PUBKEY_FLAG_RFC6979 (1 << 1)
|
||||
-#define PUBKEY_FLAG_FIXEDLEN (1 << 2)
|
||||
-#define PUBKEY_FLAG_LEGACYRESULT (1 << 3)
|
||||
-#define PUBKEY_FLAG_RAW_FLAG (1 << 4)
|
||||
-#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 5)
|
||||
-#define PUBKEY_FLAG_USE_X931 (1 << 6)
|
||||
-#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
|
||||
-#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
|
||||
-#define PUBKEY_FLAG_PARAM (1 << 9)
|
||||
-#define PUBKEY_FLAG_COMP (1 << 10)
|
||||
-#define PUBKEY_FLAG_NOCOMP (1 << 11)
|
||||
-#define PUBKEY_FLAG_EDDSA (1 << 12)
|
||||
-#define PUBKEY_FLAG_GOST (1 << 13)
|
||||
-#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
|
||||
-#define PUBKEY_FLAG_DJB_TWEAK (1 << 15)
|
||||
-#define PUBKEY_FLAG_SM2 (1 << 16)
|
||||
-#define PUBKEY_FLAG_PREHASH (1 << 17)
|
||||
+#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
|
||||
+#define PUBKEY_FLAG_RFC6979 (1 << 1)
|
||||
+#define PUBKEY_FLAG_FIXEDLEN (1 << 2)
|
||||
+#define PUBKEY_FLAG_LEGACYRESULT (1 << 3)
|
||||
+#define PUBKEY_FLAG_RAW_FLAG (1 << 4)
|
||||
+#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 5)
|
||||
+#define PUBKEY_FLAG_USE_X931 (1 << 6)
|
||||
+#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
|
||||
+#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
|
||||
+#define PUBKEY_FLAG_PARAM (1 << 9)
|
||||
+#define PUBKEY_FLAG_COMP (1 << 10)
|
||||
+#define PUBKEY_FLAG_NOCOMP (1 << 11)
|
||||
+#define PUBKEY_FLAG_EDDSA (1 << 12)
|
||||
+#define PUBKEY_FLAG_GOST (1 << 13)
|
||||
+#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
|
||||
+#define PUBKEY_FLAG_DJB_TWEAK (1 << 15)
|
||||
+#define PUBKEY_FLAG_SM2 (1 << 16)
|
||||
+#define PUBKEY_FLAG_PREHASH (1 << 17)
|
||||
+#define PUBKEY_FLAG_NO_IMPLICIT_REJECTION (1 << 18)
|
||||
|
||||
|
||||
enum pk_operation
|
||||
Index: libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
||||
--- libgcrypt-1.12.0.orig/src/cipher.h
|
||||
+++ libgcrypt-1.12.0/src/cipher.h
|
||||
@@ -46,6 +46,7 @@
|
||||
#define PUBKEY_FLAG_PREHASH (1 << 17)
|
||||
#define PUBKEY_FLAG_BYTE_STRING (1 << 18)
|
||||
#define PUBKEY_FLAG_NO_PREFIX (1 << 19)
|
||||
+#define PUBKEY_FLAG_NO_IMPLICIT_REJECTION (1 << 20)
|
||||
/*
|
||||
* The internal flag to select least leak implementation for ECC.
|
||||
* It needs to be a distinct value not covered by PUBKEY_* above.
|
||||
Index: libgcrypt-1.12.0/tests/pkcs1v2-v15c.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/tests/pkcs1v2-v15c.h
|
||||
+++ libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
||||
--- libgcrypt-1.12.0.orig/tests/pkcs1v2-v15c.h
|
||||
+++ libgcrypt-1.12.0/tests/pkcs1v2-v15c.h
|
||||
@@ -21,6 +21,7 @@
|
||||
const char *mesg;
|
||||
const char *seed;
|
||||
@@ -1623,10 +1587,10 @@ Index: libgcrypt-1.11.1/tests/pkcs1v2-v15c.h
|
||||
+ }
|
||||
}
|
||||
};
|
||||
Index: libgcrypt-1.11.1/tests/pkcs1v2.c
|
||||
Index: libgcrypt-1.12.0/tests/pkcs1v2.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/tests/pkcs1v2.c
|
||||
+++ libgcrypt-1.11.1/tests/pkcs1v2.c
|
||||
--- libgcrypt-1.12.0.orig/tests/pkcs1v2.c
|
||||
+++ libgcrypt-1.12.0/tests/pkcs1v2.c
|
||||
@@ -82,7 +82,7 @@ data_from_hex (const char *string, size_
|
||||
|
||||
static int
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
@@ -998,13 +998,21 @@ certification. If the function is approv
|
||||
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
@@ -1007,13 +1007,21 @@ certification. If the function is approv
|
||||
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
|
||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
@@ -28,11 +28,11 @@ Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
|
||||
|
||||
Check if the given message digest algorithm is approved under the current
|
||||
Index: libgcrypt-1.11.1/src/fips.c
|
||||
Index: libgcrypt-1.12.0/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/fips.c
|
||||
+++ libgcrypt-1.11.1/src/fips.c
|
||||
@@ -512,31 +512,6 @@ _gcry_fips_indicator_pk (va_list arg_ptr
|
||||
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.12.0/src/fips.c
|
||||
@@ -538,31 +538,6 @@ _gcry_fips_indicator_pk (va_list arg_ptr
|
||||
}
|
||||
|
||||
int
|
||||
@@ -64,7 +64,7 @@ Index: libgcrypt-1.11.1/src/fips.c
|
||||
_gcry_fips_indicator_md (va_list arg_ptr)
|
||||
{
|
||||
enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
|
||||
@@ -647,6 +622,62 @@ _gcry_fips_indicator_pk_flags (va_list a
|
||||
@@ -673,6 +648,62 @@ _gcry_fips_indicator_pk_flags (va_list a
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
@@ -127,11 +127,11 @@ Index: libgcrypt-1.11.1/src/fips.c
|
||||
|
||||
/* This is a test on whether the library is in the error or
|
||||
operational state. */
|
||||
Index: libgcrypt-1.11.1/src/g10lib.h
|
||||
Index: libgcrypt-1.12.0/src/g10lib.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.11.1/src/g10lib.h
|
||||
@@ -478,6 +478,7 @@ void _gcry_fips_signal_error (const char
|
||||
--- libgcrypt-1.12.0.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.12.0/src/g10lib.h
|
||||
@@ -485,6 +485,7 @@ void _gcry_fips_signal_error (const char
|
||||
gpg_err_code_t _gcry_fips_indicator (void);
|
||||
|
||||
int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
||||
@@ -139,11 +139,11 @@ Index: libgcrypt-1.11.1/src/g10lib.h
|
||||
int _gcry_fips_indicator_mac (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
Index: libgcrypt-1.12.0/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
@@ -338,7 +338,8 @@ enum gcry_ctl_cmds
|
||||
--- libgcrypt-1.12.0.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.12.0/src/gcrypt.h.in
|
||||
@@ -345,7 +345,8 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_MD_CUSTOMIZE = 88,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
||||
GCRYCTL_FIPS_REJECT_NON_FIPS = 90,
|
||||
@@ -153,10 +153,10 @@ Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
Index: libgcrypt-1.11.1/src/global.c
|
||||
Index: libgcrypt-1.12.0/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/global.c
|
||||
+++ libgcrypt-1.11.1/src/global.c
|
||||
--- libgcrypt-1.12.0.orig/src/global.c
|
||||
+++ libgcrypt-1.12.0/src/global.c
|
||||
@@ -808,6 +808,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
rc = _gcry_fips_indicator_cipher (arg_ptr);
|
||||
break;
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
Index: libgcrypt-1.11.0/src/fips.c
|
||||
Index: libgcrypt-1.12.0/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.11.0/src/fips.c
|
||||
@@ -523,10 +523,15 @@ int
|
||||
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.12.0/src/fips.c
|
||||
@@ -594,10 +594,15 @@ int
|
||||
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
||||
{
|
||||
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
||||
@@ -18,11 +18,11 @@ Index: libgcrypt-1.11.0/src/fips.c
|
||||
return GPG_ERR_NO_ERROR;
|
||||
default:
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
Index: libgcrypt-1.11.0/doc/gcrypt.texi
|
||||
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.11.0/doc/gcrypt.texi
|
||||
@@ -983,12 +983,13 @@ is approved under the current FIPS 140-3
|
||||
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
@@ -992,12 +992,13 @@ is approved under the current FIPS 140-3
|
||||
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
@@ -40,10 +40,10 @@ Index: libgcrypt-1.11.0/doc/gcrypt.texi
|
||||
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
|
||||
|
||||
Index: libgcrypt-1.11.0/tests/t-kdf.c
|
||||
Index: libgcrypt-1.12.0/tests/t-kdf.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.0.orig/tests/t-kdf.c
|
||||
+++ libgcrypt-1.11.0/tests/t-kdf.c
|
||||
--- libgcrypt-1.12.0.orig/tests/t-kdf.c
|
||||
+++ libgcrypt-1.12.0/tests/t-kdf.c
|
||||
@@ -1889,7 +1889,12 @@ check_fips_indicators (void)
|
||||
for (i = 0; i < sizeof(kdf_algos) / sizeof(*kdf_algos); i++)
|
||||
{
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
Index: libgcrypt-1.11.1/src/fips.c
|
||||
Index: libgcrypt-1.12.0/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/fips.c
|
||||
+++ libgcrypt-1.11.1/src/fips.c
|
||||
@@ -38,6 +38,7 @@
|
||||
--- libgcrypt-1.12.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.12.0/src/fips.c
|
||||
@@ -40,6 +40,7 @@
|
||||
|
||||
#include "g10lib.h"
|
||||
#include "cipher-proto.h"
|
||||
@@ -10,7 +10,7 @@ Index: libgcrypt-1.11.1/src/fips.c
|
||||
#include "../random/random.h"
|
||||
|
||||
/* The states of the finite state machine used in fips mode. */
|
||||
@@ -420,6 +421,94 @@ _gcry_fips_indicator_cipher (va_list arg
|
||||
@@ -446,6 +447,94 @@ _gcry_fips_indicator_cipher (va_list arg
|
||||
default:
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
}
|
||||
@@ -105,11 +105,11 @@ Index: libgcrypt-1.11.1/src/fips.c
|
||||
}
|
||||
|
||||
int
|
||||
Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
Index: libgcrypt-1.12.0/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
@@ -337,7 +337,8 @@ enum gcry_ctl_cmds
|
||||
--- libgcrypt-1.12.0.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.12.0/src/gcrypt.h.in
|
||||
@@ -344,7 +344,8 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
||||
GCRYCTL_MD_CUSTOMIZE = 88,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR = 89,
|
||||
@@ -119,11 +119,11 @@ Index: libgcrypt-1.11.1/src/gcrypt.h.in
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
Index: libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
@@ -1010,6 +1010,19 @@ Check if the given message digest algori
|
||||
--- libgcrypt-1.12.0.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.12.0/doc/gcrypt.texi
|
||||
@@ -1019,6 +1019,19 @@ Check if the given message digest algori
|
||||
FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
@@ -143,11 +143,11 @@ Index: libgcrypt-1.11.1/doc/gcrypt.texi
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
||||
|
||||
Check if the given public key operation flag or s-expression object name is
|
||||
Index: libgcrypt-1.11.1/src/g10lib.h
|
||||
Index: libgcrypt-1.12.0/src/g10lib.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.11.1/src/g10lib.h
|
||||
@@ -482,6 +482,7 @@ int _gcry_fips_indicator_mac (va_list ar
|
||||
--- libgcrypt-1.12.0.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.12.0/src/g10lib.h
|
||||
@@ -489,6 +489,7 @@ int _gcry_fips_indicator_mac (va_list ar
|
||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_function (va_list arg_ptr);
|
||||
@@ -155,10 +155,10 @@ Index: libgcrypt-1.11.1/src/g10lib.h
|
||||
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
|
||||
|
||||
int _gcry_fips_is_operational (void);
|
||||
Index: libgcrypt-1.11.1/src/global.c
|
||||
Index: libgcrypt-1.12.0/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/src/global.c
|
||||
+++ libgcrypt-1.11.1/src/global.c
|
||||
--- libgcrypt-1.12.0.orig/src/global.c
|
||||
+++ libgcrypt-1.12.0/src/global.c
|
||||
@@ -842,6 +842,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
|
||||
break;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: libgcrypt-1.11.1/random/Makefile.am
|
||||
Index: libgcrypt-1.12.0/random/Makefile.am
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/random/Makefile.am
|
||||
+++ libgcrypt-1.11.1/random/Makefile.am
|
||||
--- libgcrypt-1.12.0.orig/random/Makefile.am
|
||||
+++ libgcrypt-1.12.0/random/Makefile.am
|
||||
@@ -21,7 +21,7 @@
|
||||
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
||||
# a built header.
|
||||
@@ -50,10 +50,10 @@ Index: libgcrypt-1.11.1/random/Makefile.am
|
||||
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
|
||||
+rndjent.lo: $(srcdir)/rndjent.c
|
||||
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
|
||||
Index: libgcrypt-1.11.1/random/rndjent.c
|
||||
Index: libgcrypt-1.12.0/random/rndjent.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/random/rndjent.c
|
||||
+++ libgcrypt-1.11.1/random/rndjent.c
|
||||
--- libgcrypt-1.12.0.orig/random/rndjent.c
|
||||
+++ libgcrypt-1.12.0/random/rndjent.c
|
||||
@@ -94,17 +94,12 @@
|
||||
* jitterentropy-user-base.h file. */
|
||||
|
||||
@@ -74,10 +74,10 @@ Index: libgcrypt-1.11.1/random/rndjent.c
|
||||
|
||||
/* This is the lock we use to serialize access to this RNG. The extra
|
||||
* integer variable is only used to check the locking state; that is,
|
||||
Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
Index: libgcrypt-1.12.0/random/Makefile.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.11.1.orig/random/Makefile.in
|
||||
+++ libgcrypt-1.11.1/random/Makefile.in
|
||||
--- libgcrypt-1.12.0.orig/random/Makefile.in
|
||||
+++ libgcrypt-1.12.0/random/Makefile.in
|
||||
@@ -147,12 +147,7 @@ am__v_at_1 =
|
||||
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
|
||||
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
|
||||
@@ -92,7 +92,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
./$(DEPDIR)/random-csprng.Plo ./$(DEPDIR)/random-drbg.Plo \
|
||||
./$(DEPDIR)/random-system.Plo ./$(DEPDIR)/random.Plo \
|
||||
./$(DEPDIR)/rndegd.Plo ./$(DEPDIR)/rndgetentropy.Plo \
|
||||
@@ -375,7 +370,7 @@ top_srcdir = @top_srcdir@
|
||||
@@ -379,7 +374,7 @@ top_srcdir = @top_srcdir@
|
||||
# Need to include ../src in addition to top_srcdir because gcrypt.h is
|
||||
# a built header.
|
||||
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
||||
@@ -101,7 +101,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
noinst_LTLIBRARIES = librandom.la
|
||||
GCRYPT_MODULES = @GCRYPT_RANDOM@
|
||||
librandom_la_DEPENDENCIES = $(GCRYPT_MODULES)
|
||||
@@ -394,14 +389,7 @@ rndgetentropy.c \
|
||||
@@ -398,14 +393,7 @@ rndgetentropy.c \
|
||||
rndoldlinux.c \
|
||||
rndegd.c \
|
||||
rndunix.c \
|
||||
@@ -117,7 +117,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
|
||||
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
|
||||
|
||||
@@ -461,12 +449,6 @@ mostlyclean-compile:
|
||||
@@ -465,12 +453,6 @@ mostlyclean-compile:
|
||||
distclean-compile:
|
||||
-rm -f *.tab.c
|
||||
|
||||
@@ -130,7 +130,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-csprng.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-drbg.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-system.Plo@am__quote@ # am--include-marker
|
||||
@@ -636,12 +618,6 @@ clean-am: clean-generic clean-libtool cl
|
||||
@@ -640,12 +622,6 @@ clean-am: clean-generic clean-libtool cl
|
||||
mostlyclean-am
|
||||
|
||||
distclean: distclean-am
|
||||
@@ -143,7 +143,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
||||
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
||||
-rm -f ./$(DEPDIR)/random-system.Plo
|
||||
@@ -698,12 +674,6 @@ install-ps-am:
|
||||
@@ -702,12 +678,6 @@ install-ps-am:
|
||||
installcheck-am:
|
||||
|
||||
maintainer-clean: maintainer-clean-am
|
||||
@@ -156,7 +156,7 @@ Index: libgcrypt-1.11.1/random/Makefile.in
|
||||
-rm -f ./$(DEPDIR)/random-csprng.Plo
|
||||
-rm -f ./$(DEPDIR)/random-drbg.Plo
|
||||
-rm -f ./$(DEPDIR)/random-system.Plo
|
||||
@@ -752,22 +722,10 @@ uninstall-am:
|
||||
@@ -756,22 +726,10 @@ uninstall-am:
|
||||
.PRECIOUS: Makefile
|
||||
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: libgcrypt-1.10.0/random/rndoldlinux.c
|
||||
Index: libgcrypt-1.12.0/random/rndoldlinux.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
|
||||
+++ libgcrypt-1.10.0/random/rndoldlinux.c
|
||||
--- libgcrypt-1.12.0.orig/random/rndoldlinux.c
|
||||
+++ libgcrypt-1.12.0/random/rndoldlinux.c
|
||||
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
|
||||
volatile pid_t apid;
|
||||
int fd;
|
||||
@@ -80,35 +80,34 @@ Index: libgcrypt-1.10.0/random/rndoldlinux.c
|
||||
_gcry_pre_syscall ();
|
||||
ret = getentropy (buffer, nbytes);
|
||||
_gcry_post_syscall ();
|
||||
Index: libgcrypt-1.10.0/random/rndjent.c
|
||||
Index: libgcrypt-1.12.0/random/rndjent.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/rndjent.c
|
||||
+++ libgcrypt-1.10.0/random/rndjent.c
|
||||
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
|
||||
if (!jent_rng_is_initialized)
|
||||
{
|
||||
/* Auto-initialize. */
|
||||
- jent_rng_is_initialized = 1;
|
||||
jent_entropy_collector_free (jent_rng_collector);
|
||||
--- libgcrypt-1.12.0.orig/random/rndjent.c
|
||||
+++ libgcrypt-1.12.0/random/rndjent.c
|
||||
@@ -294,15 +294,23 @@ _gcry_rndjent_poll (void (*add)(const vo
|
||||
jent_rng_collector = NULL;
|
||||
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
|
||||
{
|
||||
- if (!jent_entropy_init ())
|
||||
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ if (!jent_entropy_init_ex (1, 0))
|
||||
+ {
|
||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ if (!jent_entropy_init_ex (1, 0))
|
||||
{
|
||||
jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
- if (jent_rng_collector != NULL)
|
||||
- jent_rng_is_initialized = 1;
|
||||
+ jent_rng_is_initialized = 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!jent_rng_collector)
|
||||
+ {
|
||||
+ if (!jent_entropy_init_ex (1, 0))
|
||||
+ {
|
||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ jent_rng_is_initialized = 1;
|
||||
}
|
||||
}
|
||||
|
||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ jent_rng_is_initialized = 1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (jent_rng_collector && add)
|
||||
{
|
||||
/* We have a working JENT and it has not been disabled. */
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
Index: libgcrypt-1.10.2/autogen.sh
|
||||
Index: libgcrypt-1.12.0/autogen.sh
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/autogen.sh
|
||||
+++ libgcrypt-1.10.2/autogen.sh
|
||||
@@ -249,7 +249,7 @@ if [ "$myhost" = "find-version" ]; then
|
||||
fi
|
||||
--- libgcrypt-1.12.0.orig/autogen.sh
|
||||
+++ libgcrypt-1.12.0/autogen.sh
|
||||
@@ -259,7 +259,7 @@ if [ "$myhost" = "find-version" ]; then
|
||||
matchexcl="--exclude $package-*beta*"
|
||||
|
||||
beta=no
|
||||
- if [ -e .git ]; then
|
||||
+ if false; then
|
||||
ingit=yes
|
||||
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
|
||||
tmp=$(echo "$tmp" | sed s/^"$package"//)
|
||||
@@ -265,8 +265,8 @@ if [ "$myhost" = "find-version" ]; then
|
||||
tmp=$(git describe --match "${matchstr1}" $matchexcl --long 2>/dev/null)
|
||||
if [ -n "$tmp" ]; then
|
||||
@@ -285,8 +285,8 @@ if [ "$myhost" = "find-version" ]; then
|
||||
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
|
||||
else
|
||||
ingit=no
|
||||
@@ -19,6 +19,6 @@ Index: libgcrypt-1.10.2/autogen.sh
|
||||
- tmp="-unknown"
|
||||
+ beta=no
|
||||
+ tmp=""
|
||||
cid="0000000"
|
||||
rev="0000000"
|
||||
rvd="0"
|
||||
fi
|
||||
|
||||
@@ -1,24 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 7 19:47:57 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
Mon Feb 2 13:20:33 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
|
||||
|
||||
- enable the Kyber PQ KEM (boo#1256108)
|
||||
- Update to 1.12.0 (jsc#PED-15059)
|
||||
* New and extended interfaces:
|
||||
- Allow access to the FIPS service indicator via the new
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR control code.
|
||||
- Make SHA-1 non-FIPS internally for the 1.12 API
|
||||
- Add Dilithium (ML-DSA) support
|
||||
- Support optional random-override and support byte string data
|
||||
* Bug fixes:
|
||||
- Use secure MPI in _gcry_mpi_assign_limb_space.
|
||||
- Use CSIDL_COMMON_APPDATA instead of /etc on Windows.
|
||||
- Apply a Kyber patch from upstream.
|
||||
- Fix an edge case in Jent initialization.
|
||||
- mceliece6688128f: Fix stack overflow crash on win64/wine
|
||||
* Performance:
|
||||
- Many performance improvements, new AVX512 implementations for modern CPUs.
|
||||
- Add RISC-V Zbb+Zbc implementation of CRC.
|
||||
- Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
|
||||
- Add AVX2 and AVX512 code paths to improve CRC.
|
||||
For a full changelog, see:
|
||||
https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0
|
||||
* Dropped libgcrypt-1.11.1-public-SLI-API.patch - applied upstream
|
||||
* Rebased libgcrypt-CVE-2024-2236.patch
|
||||
* Rebased libgcrypt-FIPS-SLI-hash-mac.patch
|
||||
* Rebased libgcrypt-FIPS-SLI-kdf-leylength.patch
|
||||
* Rebased libgcrypt-FIPS-SLI-pk.patch
|
||||
* Rebased libgcrypt-FIPS-jitter-standalone.patch
|
||||
* Rebased libgcrypt-FIPS-rndjent_poll.patch
|
||||
* Rebased libgcrypt-nobetasuffix.patch
|
||||
* Rebased libgcrypt-rol64-redefinition.patch
|
||||
* Added libgcrypt-1.12.0-ec_regression.patch
|
||||
* libgcrypt 1.12.0: gcry_mpi_ec_curve_point corrupts point
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 8 20:05:34 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
|
||||
- Update to 1.11.2:
|
||||
* portability fixes
|
||||
* Support secp256k1 by KEM API. GnuPG has recently switched to
|
||||
use the KEM interface and a few folks are using this curve
|
||||
* Fix a missing initialization in RSA's generate_fips.
|
||||
* Use '.rodata' section for read-only data of poly1305-p10le
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 5 13:23:03 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
Mon Jun 9 11:20:28 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
|
||||
- Security fix [bsc#1221107, CVE-2024-2236]
|
||||
* Add --enable-marvin-workaround to spec to enable workaround
|
||||
* Fix timing based side-channel in RSA implementation ( Marvin attack )
|
||||
* Fix timing based side-channel in RSA implementation ( Marvin attack )
|
||||
* Add libgcrypt-CVE-2024-2236.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
@@ -1,82 +1,86 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mDMEX0PliRYJKwYBBAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6W
|
||||
MBAmNpe0H1dlcm5lciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYh
|
||||
BG2qbmSnbShAVxtJAlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYV
|
||||
CgkICwIEFgIDAQIeBwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJL
|
||||
s4bnaZaPIk9ARrU0EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5C
|
||||
jgaIbQQQEQsAHRYhBIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthawe
|
||||
QrNnIZkA3jG6LcZvV/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gb
|
||||
lvjFIPJPAhDBAU37c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0K
|
||||
BQJfQ/IlAAoJEGMROuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+ze
|
||||
ymp/UvlPAQDErCLZl0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgA
|
||||
HRYhBNhpISPEBl3qXg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9
|
||||
if66ph6FJrgr+A/WHNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544
|
||||
xGbIU/aCTJsWw9ziUE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJ
|
||||
nnDm29QjYEGd2Hi87npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+m
|
||||
sjBzCD5VKJgr0CR8wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1y
|
||||
L4L8oRH0950hQljPC7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQV
|
||||
ZMBMIkNC0tXOu10VbdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJf
|
||||
Q/P8AAoJEOP9/yGORbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4z
|
||||
IwC9AQCy0nnazVNtVQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsG
|
||||
AQQB2kcPAQEHQJmdfwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWli
|
||||
ZSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H
|
||||
+pkI6Y6bLRnGyL0FAmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMB
|
||||
Ah4HAheAAAoJEOmOmy0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9V
|
||||
HEsEwdgmAQD2BtiX7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAd
|
||||
FiEEJJyzdxdQdF1c3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1
|
||||
UVdQTGHMyvHwZocSQjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+R
|
||||
bkeCtmQJ/c8v5ieFvW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4F
|
||||
AmFAQ7cACgkQALRevUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT
|
||||
9Nx1yb4WJKY7ElPMYkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6
|
||||
ciIOryssRx2G4kCZt+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+p
|
||||
hxyR8KyYCpkwKRxYeK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGH
|
||||
Ca2ul8sD6vA9C4mM4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUzt
|
||||
r7eD4bCRdG+QlSh+7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/Ih1BBAWCgAdFiEE
|
||||
bapuZKdtKEBXG0kCUoiXuCZAOtoFAmX776IACgkQUoiXuCZAOtpu9gEAxLOR8r83
|
||||
/CPPyTfFn4J/ILemaQOnvwqGxY8ipflN9IMBAM2ro+IsivaAqTzBHS8xgV/IwNyF
|
||||
Ir5iYGFbJBMO2mQOmQGNBGgeCBYBDACI80UNEv8tIsfuKA9GeTwDuEhg031dSzTD
|
||||
NFqkBPp8+srko6gSJ48fx2Agy7hPrT5Vls67WH5gJMPNubgPnVZkh9wXL27JNqFA
|
||||
nVF3cVfIKyQ6ZGD2JchXAHbyx6xIHNVtqMaaaRhAvflqt3BQAU3kyhc49TEAkLBU
|
||||
GyXT+plJFBO/u8uJoJ5+wRRSO/gp9O/L+60vJ6dZOabf6jJpnWyfjvcUm0jfK29g
|
||||
7S407kDjN6X8s4gSa53lCIiaANDKC/sfn7iEg78Ef3ZyM6aALyH9dAq7tsKdXPkO
|
||||
N5wU6kvcQi+diybd+GmshrthssCI4Zo/42TqwxkBX+n/dVL4xSbiL+DOZzLa5UcK
|
||||
z7wkey1OlnTeb/6IaNox/CXCJmNUozDH3Tr+dabWmTalpItv6CAutDh8f34cs5d1
|
||||
CK/IUTcj35XmUkot0X+xAydK6urAu0/ufuO7yDP/WBnGimBA9U5LUk6MN6jRXLm/
|
||||
deCNcthcxoxAui1CBvYXDLxLOxsI2dcAEQEAAYkBzgQfAQgAOBYhBDt2GuTmO/NR
|
||||
nOfWO+y2ZMvhMy7vBQJoHg0nFwyAEwLzjf9zH/l8sDmh2lSeaV6QW6IIAgcAAAoJ
|
||||
EOy2ZMvhMy7vXHIL/jRKRLz5rygny0P9ni6dfuL6trqUZEby2HFwRIRJLfyrbJyU
|
||||
Ayo6Uvu7r9pIgePNimQ0RCpVgimNKEuNAXoOgKt36K7rb81VjKSmLqE2K7v2QEJX
|
||||
1KY1ptwrR/zWKPD6QcBx1xL8yuuEX5ajdLXiG6k9AOJl0BP3s+TGbshGmiiT+92s
|
||||
PIyEcjoaP06R3vU3QzH1w9FImig9O4sRJ/iRlaY/qweqhRryQoRZib+xEHAgcgeM
|
||||
gpzufaQwCa9EBQtfa8Qp+OkKIFlE6P+MNmyXQhiHgGK3c1qLl+nhGFrRofEE4I7P
|
||||
M5QBWwmgmrsrZwVUQtwXBNHPz/vPR30yUEIH+MqUHwnIct7cRSkSYDkbFWmmcRU9
|
||||
xdasknnOvV4+l2H6ctSYxIFnpYmZIxInglRTC27XqCyZyoZ6r3n9t3Mzu5mkdSlm
|
||||
e0DIN997lolrkj2pLVuX+Q0dWbtS3EZ+7G+1cIdoKaDWrzMXieTFPkYZhofNynh0
|
||||
vvIZOfhFz4c/1VUherQoQWxleGFuZGVyIEt1bGJhcnRzY2ggKEdudVBHIFJlbGVh
|
||||
c2UgS2V5KYkB1wQTAQgAQRYhBDt2GuTmO/NRnOfWO+y2ZMvhMy7vBQJoHgohAhsD
|
||||
BQkOs1FeBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEOy2ZMvhMy7vwmkL
|
||||
/RSsoJk/kPL++onjhuCg7YTtTFVoqUjSOP5m68eORg4XsbSuvQrHhaJwhc8gPyCt
|
||||
M3KKlHbrUNdpnrx9dJtgEleLB5UsrVkv02gvKTZfwXSWXHqQhCpril3TI0kziLTY
|
||||
Vrhtj7hEBTbXuOAVHZ5jsa+yVy1bjRobmaoIPbb0MRhXj4Z+FAYmdTDA4/bpVSPA
|
||||
tCYLkA8UDcPr3tCpcAcoUJ+pWuuEvIn9mjrQrwYp9EQX4Vkj/Bc1yfZttoXOqjJw
|
||||
76Rn9Xn7Zz+kmhr5OK81LNPZx1Du+M3z9nYfOnmk5eisdMiyiraFqREkwwOzzExJ
|
||||
eOe3eFDj9Oh3O1YRrErWz9prOiLdAmdCoCTodRG6JzvQmZoFbMW23npw3xNGr4lK
|
||||
V4+9t4gxuXuEVIVQN0c1w+BM9BEFOoTbs8BIyaLjfdXnh3ZPLpJEj7E2FLKnuaPx
|
||||
KdYretbGQwo+vXLXfWk9QKHXwF2IdkUSnL/IyFje/thujBW2UJZMTO3vD830px2G
|
||||
k4h1BBATCAAdFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmgeDcYACgkQVJ5pXpBb
|
||||
ogis0wD9H38UP4TH3Y19d7mnkSifeHkldKc4iUP/Ok3w/+Di5qkA/iA7xLTtiuhW
|
||||
jhnuwb68kTxh8Beg023EiqsJb9qWnY8umFMEYWlKoxMJKyQDAwIIAQEHAgMEXpcP
|
||||
02ZRAOCLJg1uGzUMwnXiYjDzXbBjUdXH/hBZhaIG6eGu9IXFVvOyMPv9a/6/duYw
|
||||
+sv4zYMvIWJJ7A2ZxLQkR251UEcuY29tIChSZWxlYXNlIFNpZ25pbmcgS2V5IDIw
|
||||
MjEpiJoEExMIAEIWIQQC843/cx/5fLA5odpUnmlekFuiCAUCYWlKowIbAwUJD3HX
|
||||
igULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQVJ5pXpBboghOSgD9FhqN
|
||||
pOXV4QFT8Z2bXajeOsjnk3nFkrZdOpLHblyVXKMA/RfAxb86Dn40PWuLdsCoANVa
|
||||
UENSzDPzBjGxvQLiRgGSiHUEEBYKAB0WIQRtqm5kp20oQFcbSQJSiJe4JkA62gUC
|
||||
YWlO8QAKCRBSiJe4JkA62slAAQCHtjLKSMDL9CzXILeOLyIF8hWc9e9uWsjHdJFH
|
||||
IPBELwEAq1lsS4pO0+WCQtSAyV5Nxkn+8SEkT4a99D2jmBYKoQWIdQQQFgoAHRYh
|
||||
BMHTS2khnkruwLocIeP9/yGORbcrBQJhaU9aAAoJEOP9/yGORbcrHh4BAOnpoZI3
|
||||
99TjEuXxFK9BRWNUD5oJOsxBHeFHCrDyWIXbAQDc7cQLHPp7X4Ogi1igkEEsovB6
|
||||
IiewZn/6HldiuldOAA==
|
||||
=gHNs
|
||||
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
|
||||
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
|
||||
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
|
||||
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
|
||||
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
|
||||
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
|
||||
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
|
||||
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
|
||||
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
|
||||
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
|
||||
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
|
||||
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
|
||||
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
|
||||
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
|
||||
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
|
||||
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
|
||||
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
|
||||
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
|
||||
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
|
||||
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
|
||||
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
|
||||
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
|
||||
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
|
||||
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
|
||||
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
|
||||
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
|
||||
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
|
||||
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
|
||||
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
|
||||
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
|
||||
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
|
||||
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
|
||||
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
|
||||
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
|
||||
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
|
||||
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
|
||||
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
|
||||
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
|
||||
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
|
||||
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
|
||||
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
|
||||
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
|
||||
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
|
||||
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
|
||||
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
|
||||
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
|
||||
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
|
||||
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
|
||||
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
|
||||
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
|
||||
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
|
||||
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
|
||||
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
|
||||
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
|
||||
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
|
||||
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
|
||||
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
|
||||
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
|
||||
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
|
||||
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
|
||||
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
|
||||
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
|
||||
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
|
||||
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
|
||||
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
|
||||
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
|
||||
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
|
||||
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
|
||||
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
|
||||
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
|
||||
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
|
||||
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
|
||||
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
|
||||
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
|
||||
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
|
||||
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
|
||||
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
|
||||
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
|
||||
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
|
||||
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
|
||||
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
|
||||
eiInsGZ/+h5XYrpXTgA=
|
||||
=4+Sn
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
# spec file for package libgcrypt
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2026 Andreas Stieger <Andreas.Stieger@gmx.de>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -21,7 +20,7 @@
|
||||
%define libsoname %{name}%{libsover}
|
||||
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
|
||||
Name: libgcrypt
|
||||
Version: 1.11.2
|
||||
Version: 1.12.0
|
||||
Release: 0
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||
@@ -38,8 +37,6 @@ Source99: libgcrypt.changes
|
||||
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
|
||||
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
|
||||
Patch2: libgcrypt-nobetasuffix.patch
|
||||
#PATCH-FIX-SUSE: Make the revamped SLI api public
|
||||
Patch3: libgcrypt-1.11.1-public-SLI-API.patch
|
||||
# FIPS patches:
|
||||
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
|
||||
Patch100: libgcrypt-FIPS-SLI-pk.patch
|
||||
@@ -59,9 +56,11 @@ Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
|
||||
Patch108: libgcrypt-rol64-redefinition.patch
|
||||
#PATCH-FIX-CENTOS timing based side-channel in RSA implementation
|
||||
Patch109: libgcrypt-CVE-2024-2236.patch
|
||||
# PATCH-FIX-UPSTREAM: gcry_mpi_ec_curve_point corrupts point in 1.12.0
|
||||
Patch110: libgcrypt-1.12.0-ec_regression.patch
|
||||
|
||||
BuildRequires: automake >= 1.14
|
||||
BuildRequires: pkgconfig(gpg-error) >= 1.49
|
||||
BuildRequires: libgpg-error-devel >= 1.56
|
||||
BuildRequires: libtool
|
||||
BuildRequires: makeinfo
|
||||
BuildRequires: pkgconfig
|
||||
@@ -93,7 +92,7 @@ Group: Development/Libraries/C and C++
|
||||
Requires: %{libsoname} = %{version}
|
||||
Requires: glibc-devel
|
||||
Requires: jitterentropy-devel >= 3.4.0
|
||||
Requires: libgpg-error-devel >= 1.49
|
||||
Requires: libgpg-error-devel >= 1.56
|
||||
|
||||
%description devel
|
||||
Libgcrypt is a general purpose library of cryptographic building
|
||||
@@ -114,7 +113,7 @@ sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile
|
||||
find . -type f -name "jitterentropy*" -print -delete
|
||||
|
||||
%build
|
||||
export PUBKEYS="dsa elgamal rsa ecc kyber"
|
||||
export PUBKEYS="dsa elgamal rsa ecc dilithium"
|
||||
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
|
||||
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
|
||||
export KDFS="s2k pkdf2 scrypt"
|
||||
@@ -130,8 +129,8 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
--enable-pubkey-ciphers="$PUBKEYS" \
|
||||
--enable-digests="$DIGESTS" \
|
||||
--enable-kdfs="$KDFS" \
|
||||
--enable-marvin-workaround \
|
||||
--enable-noexecstack \
|
||||
--enable-marvin-workaround \
|
||||
--disable-static \
|
||||
%ifarch %{sparc}
|
||||
--disable-asm \
|
||||
@@ -143,9 +142,9 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
%make_build
|
||||
|
||||
%check
|
||||
%make_build check
|
||||
make -k check
|
||||
# run the regression tests also in FIPS mode
|
||||
LIBGCRYPT_FORCE_FIPS_MODE=1 %make_build check
|
||||
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check
|
||||
|
||||
%install
|
||||
%make_install
|
||||
@@ -174,7 +173,8 @@ mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
|
||||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
|
||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
|
||||
|
||||
%ldconfig_scriptlets -n %{libsoname}
|
||||
%post -n %{libsoname} -p /sbin/ldconfig
|
||||
%postun -n %{libsoname} -p /sbin/ldconfig
|
||||
|
||||
%files -n %{libsoname}
|
||||
%license COPYING COPYING.LIB LICENSES
|
||||
|
||||
Reference in New Issue
Block a user