From 00b6c7a4084c6d20beb95ffff6dc1ad8161917cd25cb519224ac6945f445c1d3 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 24 Aug 2021 10:13:55 +0000
Subject: [PATCH] Accepting request 913968 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 1.9.4:
  * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
  * Other features:
    - Add GCM and CCM to OID mapping table for AES.
  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

- Remove not needed patch libgcrypt-sparcv9.diff

- libgcrypt 1.9.3:
    - Fix for Apple iOS getentropy peculiarity.
    - Add VPMSUMD acceleration for GCM mode on PPC.
  - Fix rare assertion failure in gcry_prime_check.

OBS-URL: https://build.opensuse.org/request/show/913968
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
---
 libgcrypt-1.9.3.tar.bz2                       |   3 -
 libgcrypt-1.9.3.tar.bz2.sig                   | Bin 119 -> 0 bytes
 libgcrypt-1.9.4.tar.bz2                       |   3 +
 libgcrypt-1.9.4.tar.bz2.sig                   | Bin 0 -> 119 bytes
 ...crypt-CVE-2021-33560-fix-ElGamal-enc.patch |  99 ------------------
 libgcrypt-sparcv9.diff                        |  23 ----
 libgcrypt.changes                             |  26 ++++-
 libgcrypt.spec                                |   5 +-
 8 files changed, 26 insertions(+), 133 deletions(-)
 delete mode 100644 libgcrypt-1.9.3.tar.bz2
 delete mode 100644 libgcrypt-1.9.3.tar.bz2.sig
 create mode 100644 libgcrypt-1.9.4.tar.bz2
 create mode 100644 libgcrypt-1.9.4.tar.bz2.sig
 delete mode 100644 libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
 delete mode 100644 libgcrypt-sparcv9.diff

diff --git a/libgcrypt-1.9.3.tar.bz2 b/libgcrypt-1.9.3.tar.bz2
deleted file mode 100644
index b81c975..0000000
--- a/libgcrypt-1.9.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd
-size 3219061
diff --git a/libgcrypt-1.9.3.tar.bz2.sig b/libgcrypt-1.9.3.tar.bz2.sig
deleted file mode 100644
index 183941743ab377cdc532d79a21a1da9cab369fe180be51d7088b35302da816a8..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 119
zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv03AJz17`QkEU?QS=4F7!u
zZj`DYj#FvXf1rBq*}h;QP9~|$^7n_rUwxe|x$oH&hJQA1-yghc@GHfqeUaVEay}*{
UMc0XCZvr3R*evY2Yi<z>0R7Z3v;Y7A

diff --git a/libgcrypt-1.9.4.tar.bz2 b/libgcrypt-1.9.4.tar.bz2
new file mode 100644
index 0000000..f9c5ce6
--- /dev/null
+++ b/libgcrypt-1.9.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7
+size 3239704
diff --git a/libgcrypt-1.9.4.tar.bz2.sig b/libgcrypt-1.9.4.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..a55e817dae0e0409ada92a4f0f42a1188592709a7396cb69c1690ae31484d44c
GIT binary patch
literal 119
zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0iAtqe3|yQ7Fp;_`4F5F0
zYnXlLa_N2BT40uS_TGwZTfNmH19bVbGBvi;eO~&6;h)yzRj)przRl5cN_O(<sXjhO
UKU_|={%ilrg!z4SK(-_g06DfY761SM

literal 0
HcmV?d00001

diff --git a/libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch b/libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
deleted file mode 100644
index bc435d0..0000000
--- a/libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 21 May 2021 02:15:07 +0000 (+0900)
-Subject: cipher: Fix ElGamal encryption for other implementations.
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=632d80ef30e13de6926d503aa697f92b5dbfbc5e
-
-cipher: Fix ElGamal encryption for other implementations.
-
-* cipher/elgamal.c (gen_k): Remove support of smaller K.
-(do_encrypt): Never use smaller K.
-(sign): Folllow the change of gen_k.
-
---
-
-This change basically reverts encryption changes in two commits:
-
-	74386120dad6b3da62db37f7044267c8ef34689b
-	78531373a342aeb847950f404343a05e36022065
-
-Use of smaller K for ephemeral key in ElGamal encryption is only good,
-when we can guarantee that recipient's key is generated by our
-implementation (or compatible).
-
-For detail, please see:
-
-    Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
-    "On the (in)security of ElGamal in OpenPGP";
-    in the proceedings of  CCS'2021.
-
-CVE-id: CVE-2021-33560
-GnuPG-bug-id: 5328
-Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
-
-diff --git a/cipher/elgamal.c b/cipher/elgamal.c
-index 9835122f..eead4502 100644
---- a/cipher/elgamal.c
-+++ b/cipher/elgamal.c
-@@ -66,7 +66,7 @@ static const char *elg_names[] =
- 
- 
- static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
--static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
-+static gcry_mpi_t gen_k (gcry_mpi_t p);
- static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
-                                  gcry_mpi_t **factors);
- static int  check_secret_key (ELG_secret_key *sk);
-@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
- 
- /****************
-  * Generate a random secret exponent k from prime p, so that k is
-- * relatively prime to p-1.  With SMALL_K set, k will be selected for
-- * better encryption performance - this must never be used signing!
-+ * relatively prime to p-1.
-  */
- static gcry_mpi_t
--gen_k( gcry_mpi_t p, int small_k )
-+gen_k( gcry_mpi_t p )
- {
-   gcry_mpi_t k = mpi_alloc_secure( 0 );
-   gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
-@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
-   unsigned int nbits, nbytes;
-   char *rndbuf = NULL;
- 
--  if (small_k)
--    {
--      /* Using a k much lesser than p is sufficient for encryption and
--       * it greatly improves the encryption performance.  We use
--       * Wiener's table and add a large safety margin. */
--      nbits = wiener_map( orig_nbits ) * 3 / 2;
--      if( nbits >= orig_nbits )
--        BUG();
--    }
--  else
--    nbits = orig_nbits;
--
-+  nbits = orig_nbits;
- 
-   nbytes = (nbits+7)/8;
-   if( DBG_CIPHER )
-@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
-    * error code.
-    */
- 
--  k = gen_k( pkey->p, 1 );
-+  k = gen_k( pkey->p );
-   mpi_powm (a, pkey->g, k, pkey->p);
- 
-   /* b = (y^k * input) mod p
-@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
-     *
-     */
-     mpi_sub_ui(p_1, p_1, 1);
--    k = gen_k( skey->p, 0 /* no small K ! */ );
-+    k = gen_k( skey->p );
-     mpi_powm( a, skey->g, k, skey->p );
-     mpi_mul(t, skey->x, a );
-     mpi_subm(t, input, t, p_1 );
diff --git a/libgcrypt-sparcv9.diff b/libgcrypt-sparcv9.diff
deleted file mode 100644
index 57771d6..0000000
--- a/libgcrypt-sparcv9.diff
+++ /dev/null
@@ -1,23 +0,0 @@
-Avoid link-time error
-
-../src/.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd'
-
-by choosing v8-like insns for 32-bit v9 mode too.
-
----
- mpi/longlong.h |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libgcrypt-1.7.2/mpi/longlong.h
-===================================================================
---- libgcrypt-1.7.2.orig/mpi/longlong.h
-+++ libgcrypt-1.7.2/mpi/longlong.h
-@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
- 	     "rJ" ((USItype)(al)),                                      \
- 	     "rI" ((USItype)(bl))                                       \
- 	   __CLOBBER_CC)
--# if defined (__sparc_v8__) || defined(__sparcv8)
-+# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
- /* Don't match immediate range because, 1) it is not often useful,
-    2) the 'I' flag thinks of the range as a 13 bit signed interval,
-    while we want to match a 13 bit interval, sign extended to 32 bits,
diff --git a/libgcrypt.changes b/libgcrypt.changes
index cf0c2b9..bca8446 100644
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Aug 23 12:08:24 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.9.4:
+  * Bug fixes:
+    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
+    - Fix alignment problem on macOS.
+    - Check the input length of the point in ECDH.
+    - Fix an abort in gcry_pk_get_param for "Curve25519".
+  * Other features:
+    - Add GCM and CCM to OID mapping table for AES.
+  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
+
+-------------------------------------------------------------------
+Mon Aug 23 10:11:55 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Remove not needed patch libgcrypt-sparcv9.diff
+
 -------------------------------------------------------------------
 Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
@@ -10,19 +28,19 @@ Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 -------------------------------------------------------------------
 Tue Apr 20 08:46:11 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
 
-- libgcrypt 1.9.3: 
+- libgcrypt 1.9.3:
   * Bug fixes:
     - Fix build problems on i386 using gcc-4.7.
     - Fix checksum calculation in OCB decryption for AES on s390.
     - Fix a regression in gcry_mpi_ec_add related to certain usages
       of curve 25519.
     - Fix a symbol not found problem on Apple M1.
-    - Fix for Apple iOS getentropy peculiarity.  
+    - Fix for Apple iOS getentropy peculiarity.
     - Make keygrip computation work for compressed points.
   * Performance:
     - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
     - Add x86_64 VAES/AVX2 accelerated implementation of AES.
-    - Add VPMSUMD acceleration for GCM mode on PPC. 
+    - Add VPMSUMD acceleration for GCM mode on PPC.
   * Internal changes.
     - Harden MPI conditional code against EM leakage.
     - Harden Elgamal by introducing exponent blinding.
@@ -411,7 +429,7 @@ Wed Jun 13 10:46:33 UTC 2018 - kbabioch@suse.com
   - Fix incorrect output of AES-keywrap mode for in-place encryption
     on some platforms.
   - Fix the gcry_mpi_ec_curve_point point validation function.
-  - Fix rare assertion failure in gcry_prime_check. 
+  - Fix rare assertion failure in gcry_prime_check.
 - Applied spec-cleaner
 
 -------------------------------------------------------------------
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 0f2c861..499a2d9 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -22,7 +22,7 @@
 %define libsoname %{name}%{libsover}
 %define cavs_dir %{_libexecdir}/%{name}/cavs
 Name:           libgcrypt
-Version:        1.9.3
+Version:        1.9.4
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -39,7 +39,6 @@ Source5:        cavs-test.sh
 Source6:        cavs_driver.pl
 Source99:       libgcrypt.changes
 Patch1:         libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
-Patch2:         libgcrypt-sparcv9.diff
 Patch3:         libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
 Patch4:         libgcrypt-1.6.1-use-fipscheck.patch
 Patch5:         libgcrypt-1.6.1-fips-cavs.patch
@@ -76,8 +75,6 @@ Patch26:        libgcrypt-PCT-RSA.patch
 Patch27:        libgcrypt-PCT-DSA.patch
 Patch28:        libgcrypt-PCT-ECC.patch
 Patch29:        libgcrypt-fips_selftest_trigger_file.patch
-#PATCH-FIX-UPSTREAM bsc#1187212 CVE-2021-33560 ElGamal encryption lacks exponent blinding
-Patch30:        libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.27