pool/libgcrypt
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory
pool:devel
rpm:factory
rpm:devel
..
compare: rpm:devel
Branches Tags
rpm:factory
rpm:devel
pool:factory
pool:devel

No commits in common. "factory" and "devel" have entirely different histories.
factory ... devel

9 changed files with 2727 additions and 31 deletions
Show Stats Expand all files Collapse all files

BIN
libgcrypt-1.10.3.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
libgcrypt-1.10.3.tar.bz2.sig Normal file
View File

Binary file not shown.

1993
libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch Normal file
View File

File diff suppressed because it is too large Load Diff

618
libgcrypt-jitterentropy-3.4.0.patch Normal file
View File

@ -0,0 +1,618 @@
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
@@ -42,7 +42,7 @@
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 3 /* API compatible, ABI may change, functional
+#define MINVERSION 4 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
@@ -200,29 +200,38 @@ ssize_t jent_read_entropy(struct rand_da
tocopy = (DATA_SIZE_BITS / 8);
else
tocopy = len;
- memcpy(p, &ec->data, tocopy);
+
+ jent_read_random_block(ec, p, tocopy);
len -= tocopy;
p += tocopy;
}
/*
- * To be on the safe side, we generate one more round of entropy
- * which we do not give out to the caller. That round shall ensure
- * that in case the calling application crashes, memory dumps, pages
- * out, or due to the CPU Jitter RNG lingering in memory for long
- * time without being moved and an attacker cracks the application,
- * all he reads in the entropy pool is a value that is NEVER EVER
- * being used for anything. Thus, he does NOT see the previous value
- * that was returned to the caller for cryptographic purposes.
+ * Enhanced backtracking support: At this point, the hash state
+ * contains the digest of the previous Jitter RNG collection round
+ * which is inserted there by jent_read_random_block with the SHA
+ * update operation. At the current code location we completed
+ * one request for a caller and we do not know how long it will
+ * take until a new request is sent to us. To guarantee enhanced
+ * backtracking resistance at this point (i.e. ensure that an attacker
+ * cannot obtain information about prior random numbers we generated),
+ * but still stirring the hash state with old data the Jitter RNG
+ * obtains a new message digest from its state and re-inserts it.
+ * After this operation, the Jitter RNG state is still stirred with
+ * the old data, but an attacker who gets access to the memory after
+ * this point cannot deduce the random numbers produced by the
+ * Jitter RNG prior to this point.
*/
/*
- * If we use secured memory, do not use that precaution as the secure
- * memory protects the entropy pool. Moreover, note that using this
- * call reduces the speed of the RNG by up to half
+ * If we use secured memory, where backtracking support may not be
+ * needed because the state is protected in a different method,
+ * it is permissible to drop this support. But strongly weigh the
+ * pros and cons considering that the SHA3 operation is not that
+ * expensive.
*/
#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
- jent_random_data(ec);
+ jent_read_random_block(ec, NULL, 0);
#endif
err:
@@ -379,6 +388,7 @@ static struct rand_data
*jent_entropy_collector_alloc_internal(unsigned int osr, unsigned int flags)
{
struct rand_data *entropy_collector;
+ uint32_t memsize = 0;
/*
* Requesting disabling and forcing of internal timer
@@ -405,7 +415,7 @@ static struct rand_data
return NULL;
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
- uint32_t memsize = jent_memsize(flags);
+ memsize = jent_memsize(flags);
entropy_collector->mem = _gcry_calloc (1, memsize);
@@ -431,13 +441,19 @@ static struct rand_data
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
}
+ if (sha3_alloc(&entropy_collector->hash_state))
+ goto err;
+
+ /* Initialize the hash state */
+ sha3_256_init(entropy_collector->hash_state);
+
/* verify and set the oversampling rate */
if (osr < JENT_MIN_OSR)
osr = JENT_MIN_OSR;
entropy_collector->osr = osr;
entropy_collector->flags = flags;
- if (jent_fips_enabled() || (flags & JENT_FORCE_FIPS))
+ if ((flags & JENT_FORCE_FIPS) || jent_fips_enabled())
entropy_collector->fips_enabled = 1;
/* Initialize the APT */
@@ -469,7 +485,7 @@ static struct rand_data
err:
if (entropy_collector->mem != NULL)
- jent_zfree(entropy_collector->mem, JENT_MEMORY_SIZE);
+ jent_zfree(entropy_collector->mem, memsize);
jent_zfree(entropy_collector, sizeof(struct rand_data));
return NULL;
}
@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
void jent_entropy_collector_free(struct rand_data *entropy_collector)
{
if (entropy_collector != NULL) {
+ sha3_dealloc(entropy_collector->hash_state);
jent_notime_disable(entropy_collector);
if (entropy_collector->mem != NULL) {
jent_zfree(entropy_collector->mem,
@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
int ret;
jent_notime_block_switch();
+ jent_health_cb_block_switch();
if (sha3_tester())
return EHASH;
@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
if (ret)
return ret;
+ ret = ENOTIME;
+
/* Test without internal timer unless caller does not want it */
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
ret = jent_time_entropy_init(osr,
@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
return jent_notime_switch(new_thread);
}
#endif
+
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
+{
+ return jent_set_fips_failure_callback_internal(cb);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
goto out;
}
- /*
- * Ensure that we have variations in the time stamp below 100 for at
- * least 10% of all checks -- on some platforms, the counter increments
- * in multiples of 100, but not always
- */
- if (running_gcd >= 100) {
+ /* Set a sensible maximum value. */
+ if (running_gcd >= UINT32_MAX / 2) {
ret = ECOARSETIME;
goto out;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
@@ -19,9 +19,24 @@
* DAMAGE.
*/
-#include "jitterentropy.h"
#include "jitterentropy-health.h"
+static jent_fips_failure_cb fips_cb = NULL;
+static int jent_health_cb_switch_blocked = 0;
+
+void jent_health_cb_block_switch(void)
+{
+ jent_health_cb_switch_blocked = 1;
+}
+
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb)
+{
+ if (jent_health_cb_switch_blocked)
+ return -EAGAIN;
+ fips_cb = cb;
+ return 0;
+}
+
/***************************************************************************
* Lag Predictor Test
*
@@ -434,5 +449,9 @@ unsigned int jent_health_failure(struct
if (!ec->fips_enabled)
return 0;
+ if (fips_cb && ec->health_failure) {
+ fips_cb(ec, ec->health_failure);
+ }
+
return ec->health_failure;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
@@ -20,11 +20,16 @@
#ifndef JITTERENTROPY_HEALTH_H
#define JITTERENTROPY_HEALTH_H
+#include "jitterentropy.h"
+
#ifdef __cplusplus
extern "C"
{
#endif
+void jent_health_cb_block_switch(void);
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb);
+
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
{
return (next - prev);
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
@@ -33,7 +33,7 @@
* Update of the loop count used for the next round of
* an entropy collection.
*
- * @ec [in] entropy collector struct -- may be NULL
+ * @ec [in] entropy collector struct
* @bits [in] is the number of low bits of the timer to consider
* @min [in] is the number of bits we shift the timer value to the right at
* the end to make sure we have a guaranteed minimum value
@@ -61,16 +61,13 @@ static uint64_t jent_loop_shuffle(struct
* Mix the current state of the random number into the shuffle
* calculation to balance that shuffle a bit more.
*/
- if (ec) {
- jent_get_nstime_internal(ec, &time);
- time ^= ec->data[0];
- }
+ jent_get_nstime_internal(ec, &time);
/*
* We fold the time value as much as possible to ensure that as many
* bits of the time stamp are included as possible.
*/
- for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
+ for (i = 0; (((sizeof(time) << 3) + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -91,11 +88,11 @@ static uint64_t jent_loop_shuffle(struct
* This function injects the individual bits of the time value into the
* entropy pool using a hash.
*
- * @ec [in] entropy collector struct -- may be NULL
- * @time [in] time stamp to be injected
+ * @ec [in] entropy collector struct
+ * @time [in] time delta to be injected
* @loop_cnt [in] if a value not equal to 0 is set, use the given value as
* number of loops to perform the hash operation
- * @stuck [in] Is the time stamp identified as stuck?
+ * @stuck [in] Is the time delta identified as stuck?
*
* Output:
* updated hash context
@@ -104,17 +101,19 @@ static void jent_hash_time(struct rand_d
uint64_t loop_cnt, unsigned int stuck)
{
HASH_CTX_ON_STACK(ctx);
- uint8_t itermediary[SHA3_256_SIZE_DIGEST];
+ uint8_t intermediary[SHA3_256_SIZE_DIGEST];
uint64_t j = 0;
- uint64_t hash_loop_cnt;
#define MAX_HASH_LOOP 3
#define MIN_HASH_LOOP 0
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_HASH_LOOP + MIN_HASH_LOOP) > 63);
- hash_loop_cnt =
+ uint64_t hash_loop_cnt =
jent_loop_shuffle(ec, MAX_HASH_LOOP, MIN_HASH_LOOP);
+ /* Use the memset to shut up valgrind */
+ memset(intermediary, 0, sizeof(intermediary));
+
sha3_256_init(&ctx);
/*
@@ -125,35 +124,54 @@ static void jent_hash_time(struct rand_d
hash_loop_cnt = loop_cnt;
/*
- * This loop basically slows down the SHA-3 operation depending
- * on the hash_loop_cnt. Each iteration of the loop generates the
- * same result.
+ * This loop fills a buffer which is injected into the entropy pool.
+ * The main reason for this loop is to execute something over which we
+ * can perform a timing measurement. The injection of the resulting
+ * data into the pool is performed to ensure the result is used and
+ * the compiler cannot optimize the loop away in case the result is not
+ * used at all. Yet that data is considered "additional information"
+ * considering the terminology from SP800-90A without any entropy.
+ *
+ * Note, it does not matter which or how much data you inject, we are
+ * interested in one Keccack1600 compression operation performed with
+ * the sha3_final.
*/
for (j = 0; j < hash_loop_cnt; j++) {
- sha3_update(&ctx, ec->data, SHA3_256_SIZE_DIGEST);
- sha3_update(&ctx, (uint8_t *)&time, sizeof(uint64_t));
+ sha3_update(&ctx, intermediary, sizeof(intermediary));
+ sha3_update(&ctx, (uint8_t *)&ec->rct_count,
+ sizeof(ec->rct_count));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_cutoff,
+ sizeof(ec->apt_cutoff));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_observations,
+ sizeof(ec->apt_observations));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_count,
+ sizeof(ec->apt_count));
+ sha3_update(&ctx,(uint8_t *) &ec->apt_base,
+ sizeof(ec->apt_base));
sha3_update(&ctx, (uint8_t *)&j, sizeof(uint64_t));
+ sha3_final(&ctx, intermediary);
+ }
- /*
- * If the time stamp is stuck, do not finally insert the value
- * into the entropy pool. Although this operation should not do
- * any harm even when the time stamp has no entropy, SP800-90B
- * requires that any conditioning operation to have an identical
- * amount of input data according to section 3.1.5.
- */
+ /*
+ * Inject the data from the previous loop into the pool. This data is
+ * not considered to contain any entropy, but it stirs the pool a bit.
+ */
+ sha3_update(ec->hash_state, intermediary, sizeof(intermediary));
- /*
- * The sha3_final operations re-initialize the context for the
- * next loop iteration.
- */
- if (stuck || (j < hash_loop_cnt - 1))
- sha3_final(&ctx, itermediary);
- else
- sha3_final(&ctx, ec->data);
- }
+ /*
+ * Insert the time stamp into the hash context representing the pool.
+ *
+ * If the time stamp is stuck, do not finally insert the value into the
+ * entropy pool. Although this operation should not do any harm even
+ * when the time stamp has no entropy, SP800-90B requires that any
+ * conditioning operation to have an identical amount of input data
+ * according to section 3.1.5.
+ */
+ if (!stuck)
+ sha3_update(ec->hash_state, (uint8_t *)&time, sizeof(uint64_t));
jent_memset_secure(&ctx, SHA_MAX_CTX_SIZE);
- jent_memset_secure(itermediary, sizeof(itermediary));
+ jent_memset_secure(intermediary, sizeof(intermediary));
}
#define MAX_ACC_LOOP_BIT 7
@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
- uint64_t i = 0;
+ uint64_t i = 0, time = 0;
union {
uint32_t u[4];
uint8_t b[sizeof(uint32_t) * 4];
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
uint32_t addressMask;
- uint64_t acc_loop_cnt;
if (NULL == ec || NULL == ec->mem)
return;
@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
- acc_loop_cnt =
+ uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
/*
@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
* "per-update: timing, it gets you mostly independent "per-update"
* timing, so we can now benefit from the Central Limit Theorem!
*/
- for (i = 0; i < sizeof(prngState); i++)
- prngState.b[i] ^= ec->data[i];
+ for (i = 0; i < sizeof(prngState); i++) {
+ jent_get_nstime_internal(ec, &time);
+ prngState.b[i] ^= (uint8_t)(time & 0xff);
+ }
/*
* testing purposes -- allow test app to set the counter, not
@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
/**
* Generator of one 256 bit random number
- * Function fills rand_data->data
+ * Function fills rand_data->hash_state
*
* @ec [in] Reference to entropy collector
*/
void jent_random_data(struct rand_data *ec)
{
- unsigned int k = 0, safety_factor = ENTROPY_SAFETY_FACTOR;
+ unsigned int k = 0, safety_factor = 0;
- if (!ec->fips_enabled)
- safety_factor = 0;
+ if (ec->fips_enabled)
+ safety_factor = ENTROPY_SAFETY_FACTOR;
/* priming of the ->prev_time value */
jent_measure_jitter(ec, 0, NULL);
- while (1) {
+ while (!jent_health_failure(ec)) {
/* If a stuck measurement is received, repeat measurement */
if (jent_measure_jitter(ec, 0, NULL))
continue;
@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
break;
}
}
+
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len)
+{
+ uint8_t jent_block[SHA3_256_SIZE_DIGEST];
+
+ BUILD_BUG_ON(SHA3_256_SIZE_DIGEST != (DATA_SIZE_BITS / 8));
+
+ /* The final operation automatically re-initializes the ->hash_state */
+ sha3_final(ec->hash_state, jent_block);
+ if (dst_len)
+ memcpy(dst, jent_block, dst_len);
+
+ /*
+ * Stir the new state with the data from the old state - the digest
+ * of the old data is not considered to have entropy.
+ */
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
+ jent_memset_secure(jent_block, sizeof(jent_block));
+}
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
uint64_t loop_cnt,
uint64_t *ret_current_delta);
void jent_random_data(struct rand_data *ec);
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len);
#ifdef __cplusplus
}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
@@ -19,6 +19,7 @@
*/
#include "jitterentropy-sha3.h"
+#include "jitterentropy.h"
/***************************************************************************
* Message Digest Implementation
@@ -380,3 +381,23 @@ int sha3_tester(void)
return 0;
}
+
+int sha3_alloc(void **hash_state)
+{
+ struct sha_ctx *tmp;
+
+ tmp = jent_zalloc(SHA_MAX_CTX_SIZE);
+ if (!tmp)
+ return 1;
+
+ *hash_state = tmp;
+
+ return 0;
+}
+
+void sha3_dealloc(void *hash_state)
+{
+ struct sha_ctx *ctx = (struct sha_ctx *)hash_state;
+
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
@@ -47,6 +47,8 @@ struct sha_ctx {
void sha3_256_init(struct sha_ctx *ctx);
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
void sha3_final(struct sha_ctx *ctx, uint8_t *digest);
+int sha3_alloc(void **hash_state);
+void sha3_dealloc(void *hash_state);
int sha3_tester(void);
#ifdef __cplusplus
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
/* Self test not run yet */
if (!jent_force_internal_timer &&
- jent_time_entropy_init(flags | JENT_FORCE_INTERNAL_TIMER,
- ec->osr))
+ jent_time_entropy_init(ec->osr,
+ flags | JENT_FORCE_INTERNAL_TIMER))
return EHEALTH;
ec->enable_notime = 1;
Index: libgcrypt-1.10.0/random/jitterentropy.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
+++ libgcrypt-1.10.0/random/jitterentropy.h
@@ -49,7 +49,7 @@
***************************************************************************/
/*
- * Enable timer-less timer support
+ * Enable timer-less timer support with JENT_CONF_ENABLE_INTERNAL_TIMER
*
* In case the hardware is identified to not provide a high-resolution time
* stamp, this option enables a built-in high-resolution time stamp mechanism.
@@ -166,7 +166,7 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint8_t data[SHA3_256_SIZE_DIGEST]; /* SENSITIVE Actual random number */
+ void *hash_state; /* SENSITIVE hash state entropy pool */
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
+/*
+ * Set a callback to run on health failure in FIPS mode.
+ * This function will take an action determined by the caller.
+ */
+typedef void (*jent_fips_failure_cb)(struct rand_data *ec,
+ unsigned int health_failure);
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb);
+
/* return version number of core library */
JENT_PRIVATE_STATIC
unsigned int jent_version(void);
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
/* Set a different thread handling logic for the notimer support */
JENT_PRIVATE_STATIC
int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread);
-#endif
/* -- END of Main interface functions -- */
/* -- BEGIN timer-less threading support functions to prevent code dupes -- */
-struct jent_notime_ctx {
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
+
+struct jent_notime_ctx {
pthread_attr_t notime_pthread_attr; /* pthreads library */
pthread_t notime_thread_id; /* pthreads thread ID */
-#endif
};
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
ext = strstr(buf, "K");
if (ext) {
shift = 10;
- ext = '\0';
+ *ext = '\0';
} else {
ext = strstr(buf, "M");
if (ext) {
shift = 20;
- ext = '\0';
+ *ext = '\0';
}
}

35
libgcrypt-no-deprecated-grep-alias.patch Normal file
View File

@ -0,0 +1,35 @@
--- libgcrypt-1.10.3.orig/acinclude.m4
+++ libgcrypt-1.10.3/acinclude.m4
@@ -130,10 +130,10 @@ EOF
ac_nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \| cut -d \' \' -f 2 \> $ac_nlist) && test -s "$ac_nlist"; then
# See whether the symbols have a leading underscore.
- if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
+ if grep -E '^_nm_test_func' "$ac_nlist" >/dev/null; then
ac_cv_sys_symbol_underscore=yes
else
- if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
+ if grep -E '^nm_test_func ' "$ac_nlist" >/dev/null; then
:
else
echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
--- libgcrypt-1.10.3.orig/src/libgcrypt-config.in
+++ libgcrypt-1.10.3/src/libgcrypt-config.in
@@ -154,7 +154,7 @@ if test "$echo_cflags" = "yes"; then
tmp=""
for i in $includes $cflags_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done
@@ -175,7 +175,7 @@ if test "$echo_libs" = "yes"; then
tmp=""
for i in $libdirs $libs_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done

76
libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch Normal file
View File

@ -0,0 +1,76 @@
commit 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14
Author: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun Jun 12 21:51:34 2022 +0300
ppc enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch 3.00
* cipher/chacha20.c (chacha20_do_setkey) [USE_PPC_VEC]: Enable
P10 assembly for HWF_PPC_ARCH_3_00 if ENABLE_FORCE_SOFT_HWFEATURES is
defined.
* cipher/poly1305.c (poly1305_init) [POLY1305_USE_PPC_VEC]: Likewise.
* cipher/rijndael.c (do_setkey) [USE_PPC_CRYPTO_WITH_PPC9LE]: Likewise.
---
This change allows testing P10 implementations with P9 and with QEMU-PPC.
GnuPG-bug-id: 6006
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Index: libgcrypt-1.10.2/cipher/chacha20.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/chacha20.c
+++ libgcrypt-1.10.2/cipher/chacha20.c
@@ -484,6 +484,11 @@ chacha20_do_setkey (CHACHA20_context_t *
ctx->use_ppc = (features & HWF_PPC_ARCH_2_07) != 0;
# ifndef WORDS_BIGENDIAN
ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
# endif
#endif
#ifdef USE_S390X_VX
Index: libgcrypt-1.10.2/cipher/poly1305.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/poly1305.c
+++ libgcrypt-1.10.2/cipher/poly1305.c
@@ -90,11 +90,19 @@ static void poly1305_init (poly1305_cont
const byte key[POLY1305_KEYLEN])
{
POLY1305_STATE *st = &ctx->state;
+ unsigned int features = _gcry_get_hw_features ();
#ifdef POLY1305_USE_PPC_VEC
- ctx->use_p10 = (_gcry_get_hw_features () & HWF_PPC_ARCH_3_10) != 0;
+ ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
#endif
+ (void)features;
+
ctx->leftover = 0;
st->h[0] = 0;
Index: libgcrypt-1.10.2/cipher/rijndael.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/rijndael.c
+++ libgcrypt-1.10.2/cipher/rijndael.c
@@ -605,6 +605,12 @@ do_setkey (RIJNDAEL_context *ctx, const
bulk_ops->xts_crypt = _gcry_aes_ppc9le_xts_crypt;
if (hwfeatures & HWF_PPC_ARCH_3_10) /* for P10 */
bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ if (hwfeatures & HWF_PPC_ARCH_3_00)
+ bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# endif
}
#endif
#ifdef USE_PPC_CRYPTO

16
libgcrypt-rol64-redefinition.patch
View File

@ -1,16 +0,0 @@
Index: libgcrypt-1.11.0/cipher/bithelp.h
===================================================================
--- libgcrypt-1.11.0.orig/cipher/bithelp.h
+++ libgcrypt-1.11.0/cipher/bithelp.h
@@ -35,11 +35,6 @@ static inline u32 ror(u32 x, int n)
return ( (x >> (n&(32-1))) | (x << ((32-n)&(32-1))) );
}
-static inline u64 rol64(u64 x, int n)
-{
- return ( (x << (n&(64-1))) | (x >> ((64-n)&(64-1))) );
-}
-
/* Byte swap for 32-bit and 64-bit integers. If available, use compiler
provided helpers. */
#ifdef HAVE_BUILTIN_BSWAP32

12
libgcrypt.changes
View File

@ -1,15 +1,3 @@
-------------------------------------------------------------------
Tue Jan 7 09:28:25 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
- Fix redefinition error of 'rol64'. Remove not used rol64()
definition after removing the built-in jitter rng.
* Add libgcrypt-rol64-redefinition.patch
-------------------------------------------------------------------
Mon Dec 2 10:11:10 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Remove unrecognized option: --enable-m-guard
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 20 08:11:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com> Thu Jun 20 08:11:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

5
libgcrypt.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libgcrypt # spec file for package libgcrypt
# #
# Copyright (c) 2025 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -52,8 +52,6 @@ Patch105: libgcrypt-FIPS-jitter-standalone.patch
Patch106: libgcrypt-FIPS-jitter-errorcodes.patch Patch106: libgcrypt-FIPS-jitter-errorcodes.patch
#PATCH-FIX-SUSE bsc#1220893 FIPS: Use Jitter RNG for the whole length entropy buffer #PATCH-FIX-SUSE bsc#1220893 FIPS: Use Jitter RNG for the whole length entropy buffer
Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
#PATCH-FIX-SUSE Remove not used rol64() definition after removing the built-in jitter rng
Patch108: libgcrypt-rol64-redefinition.patch
BuildRequires: automake >= 1.14 BuildRequires: automake >= 1.14
BuildRequires: libgpg-error-devel >= 1.49 BuildRequires: libgpg-error-devel >= 1.49
BuildRequires: libtool BuildRequires: libtool
@ -126,6 +124,7 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
--enable-kdfs="$KDFS" \ --enable-kdfs="$KDFS" \
--enable-noexecstack \ --enable-noexecstack \
--disable-static \ --disable-static \
--enable-m-guard \
%ifarch %{sparc} %ifarch %{sparc}
--disable-asm \ --disable-asm \
%endif %endif