libgcrypt-1.10.1-1

This commit is contained in:
Jakub Jelen 2022-03-29 11:18:05 +02:00
parent 559b903aa2
commit 0b1d9d2b6d
4 changed files with 93 additions and 13 deletions

2
.gitignore vendored
View File

@ -30,3 +30,5 @@ libgcrypt-1.4.5-hobbled.tar.bz2
/libgcrypt-1.9.4-hobbled.tar.xz /libgcrypt-1.9.4-hobbled.tar.xz
/libgcrypt-1.10.0.tar.bz2 /libgcrypt-1.10.0.tar.bz2
/libgcrypt-1.10.0.tar.bz2.sig /libgcrypt-1.10.0.tar.bz2.sig
/libgcrypt-1.10.1.tar.bz2
/libgcrypt-1.10.1.tar.bz2.sig

View File

@ -1,4 +1,4 @@
From d651e25be0bc0c11f4d3d7c72be8cfbbe82b3874 Mon Sep 17 00:00:00 2001 From f778433dd29fe07aa1791a0137f6f14febcce607 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com> From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Sep 2021 18:39:00 +0200 Date: Fri, 10 Sep 2021 18:39:00 +0200
Subject: [PATCH] Allow building libgcrypt without Brainpool curves Subject: [PATCH] Allow building libgcrypt without Brainpool curves
@ -8,6 +8,7 @@ Subject: [PATCH] Allow building libgcrypt without Brainpool curves
* configure.ac: Implement possibility to build without brainpool curves * configure.ac: Implement possibility to build without brainpool curves
* tests/curves.c: Skip brainpool curves if they are not built-in * tests/curves.c: Skip brainpool curves if they are not built-in
* tests/keygrip.c: Skip brainpool curves if they are not built-in * tests/keygrip.c: Skip brainpool curves if they are not built-in
* tests/bench-slope.c: Skip brainpoll curves in they are not built-in
-- --
@ -16,15 +17,16 @@ Signed-off-by: Jakub Jelen <jjelen@redhat.com>
README | 3 +++ README | 3 +++
cipher/ecc-curves.c | 4 ++++ cipher/ecc-curves.c | 4 ++++
configure.ac | 13 +++++++++++++ configure.ac | 13 +++++++++++++
tests/bench-slope.c | 12 ++++++++++++
tests/curves.c | 46 ++++++++++++++++++++++++++++++--------------- tests/curves.c | 46 ++++++++++++++++++++++++++++++---------------
tests/keygrip.c | 2 ++ tests/keygrip.c | 2 ++
5 files changed, 53 insertions(+), 15 deletions(-) 6 files changed, 65 insertions(+), 15 deletions(-)
diff --git a/README b/README diff --git a/README b/README
index 436b6cd4..1044109c 100644 index 4d7697dd..b290d01e 100644
--- a/README --- a/README
+++ b/README +++ b/README
@@ -127,6 +127,9 @@ @@ -121,6 +121,9 @@
the list used with the current build the program the list used with the current build the program
tests/version may be used. tests/version may be used.
@ -71,10 +73,10 @@ index 7c86e12c..8fd95a9c 100644
"GOST2001-test", 256, 0, "GOST2001-test", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD, MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 6efbf139..f4ac1887 100644 index 0e67baf9..a63f7360 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -614,6 +614,14 @@ AC_ARG_WITH(fips-module-version, @@ -595,6 +595,14 @@ AC_ARG_WITH(fips-module-version,
AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version", AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
[Define FIPS module version for certification]) [Define FIPS module version for certification])
@ -89,7 +91,7 @@ index 6efbf139..f4ac1887 100644
# Implementation of the --disable-jent-support switch. # Implementation of the --disable-jent-support switch.
AC_MSG_CHECKING([whether jitter entropy support is requested]) AC_MSG_CHECKING([whether jitter entropy support is requested])
AC_ARG_ENABLE(jent-support, AC_ARG_ENABLE(jent-support,
@@ -2466,6 +2474,10 @@ if test x"$ppccryptosupport" = xyes ; then @@ -2459,6 +2467,10 @@ if test x"$ppccryptosupport" = xyes ; then
AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1, AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1,
[Enable support for POWER 8 (PowerISA 2.07) crypto extension.]) [Enable support for POWER 8 (PowerISA 2.07) crypto extension.])
fi fi
@ -100,7 +102,7 @@ index 6efbf139..f4ac1887 100644
if test x"$jentsupport" = xyes ; then if test x"$jentsupport" = xyes ; then
AC_DEFINE(ENABLE_JENT_SUPPORT, 1, AC_DEFINE(ENABLE_JENT_SUPPORT, 1,
[Enable support for the jitter entropy collector.]) [Enable support for the jitter entropy collector.])
@@ -3296,6 +3308,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests]) @@ -3294,6 +3306,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests])
GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs]) GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs])
GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers]) GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers])
GCRY_MSG_SHOW([Random number generator: ],[$random]) GCRY_MSG_SHOW([Random number generator: ],[$random])
@ -108,6 +110,79 @@ index 6efbf139..f4ac1887 100644
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport]) GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities]) GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version]) GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index 5c49ac25..1b5941af 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
@@ -2316,7 +2316,9 @@ enum bench_ecc_algo
ECC_ALGO_NIST_P384,
ECC_ALGO_NIST_P521,
ECC_ALGO_SECP256K1,
+#ifdef ENABLE_BRAINPOOL
ECC_ALGO_BRAINP256R1,
+#endif /* ENABLE_BRAINPOOL */
__MAX_ECC_ALGO
};
@@ -2366,7 +2368,9 @@ ecc_algo_fips_allowed (int algo)
case ECC_ALGO_NIST_P521:
return 1;
case ECC_ALGO_SECP256K1:
+#ifdef ENABLE_BRAINPOOL
case ECC_ALGO_BRAINP256R1:
+#endif /* ENABLE_BRAINPOOL */
case ECC_ALGO_ED25519:
case ECC_ALGO_ED448:
case ECC_ALGO_X25519:
@@ -2402,8 +2406,10 @@ ecc_algo_name (int algo)
return "NIST-P521";
case ECC_ALGO_SECP256K1:
return "secp256k1";
+#ifdef ENABLE_BRAINPOOL
case ECC_ALGO_BRAINP256R1:
return "brainpoolP256r1";
+#endif /* ENABLE_BRAINPOOL */
default:
return NULL;
}
@@ -2434,8 +2440,10 @@ ecc_algo_curve (int algo)
return "NIST P-521";
case ECC_ALGO_SECP256K1:
return "secp256k1";
+#ifdef ENABLE_BRAINPOOL
case ECC_ALGO_BRAINP256R1:
return "brainpoolP256r1";
+#endif /* ENABLE_BRAINPOOL */
default:
return NULL;
}
@@ -2466,8 +2474,10 @@ ecc_nbits (int algo)
return 521;
case ECC_ALGO_SECP256K1:
return 256;
+#ifdef ENABLE_BRAINPOOL
case ECC_ALGO_BRAINP256R1:
return 256;
+#endif /* ENABLE_BRAINPOOL */
default:
return 0;
}
@@ -2665,6 +2675,7 @@ bench_ecc_init (struct bench_obj *obj)
err = gcry_sexp_build (&hd->data, NULL,
"(data (flags raw) (value %m))", x);
break;
+#ifdef ENABLE_BRAINPOOL
case ECC_ALGO_BRAINP256R1:
err = gcry_sexp_build (&hd->key_spec, NULL,
"(genkey (ECDSA (curve brainpoolP256r1)))");
@@ -2673,6 +2684,7 @@ bench_ecc_init (struct bench_obj *obj)
err = gcry_sexp_build (&hd->data, NULL,
"(data (flags raw) (value %m))", x);
break;
+#endif /* ENABLE_BRAINPOOL */
}
gcry_mpi_release (x);
diff --git a/tests/curves.c b/tests/curves.c diff --git a/tests/curves.c b/tests/curves.c
index 3c738171..8eb79565 100644 index 3c738171..8eb79565 100644
--- a/tests/curves.c --- a/tests/curves.c

View File

@ -1,5 +1,5 @@
Name: libgcrypt Name: libgcrypt
Version: 1.10.0 Version: 1.10.1
Release: 1%{?dist} Release: 1%{?dist}
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
@ -90,9 +90,9 @@ LIBGCRYPT_FORCE_FIPS_MODE=1 make check
%{__arch_install_post} \ %{__arch_install_post} \
%{__os_install_post} \ %{__os_install_post} \
dd if=/dev/zero of=%{libpath}.hmac bs=32 count=1 \ dd if=/dev/zero of=%{libpath}.hmac bs=32 count=1 \
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath} %{libpath}.empty \ objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.empty \
src/hmac256 --binary %{hmackey} %{libpath}.empty > %{libpath}.hmac \ src/hmac256 --binary %{hmackey} %{libpath}.empty > %{libpath}.hmac \
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath}.empty %{libpath}.new \ objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath}.empty %{libpath}.new \
mv -f %{libpath}.new %{libpath} \ mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac %{libpath}.empty rm -f %{libpath}.hmac %{libpath}.empty
%{nil} %{nil}
@ -164,6 +164,9 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
%license COPYING %license COPYING
%changelog %changelog
* Tue Mar 29 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-1
- Final release (#2069263)
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1 * Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
- New upstream release (#2049322) - New upstream release (#2049322)

View File

@ -1,2 +1,2 @@
SHA512 (libgcrypt-1.10.0.tar.bz2) = 785c2e14272308956bb6adcea9567c4097edf103122e18cd3907fb42a110a48a5d59c0057f05a438acd7f221c70c7f7ff87e176bd6d7ed99d16e847f9d7be087 SHA512 (libgcrypt-1.10.1.tar.bz2) = e5ca7966624fff16c3013795836a2c4377f0193dbb4ac5ad2b79654b1fa8992e17d83816569a402212dc8367a7980d4141f5d6ac282bae6b9f02186365b61f13
SHA512 (libgcrypt-1.10.0.tar.bz2.sig) = 75201612225b206faaae284297e92d1b25dcaf0665bcf1f4c5cc9a3a750a803063d0f7bd0af556dbe419f1276c953ce047554fd18a144a90085a42a7ec885168 SHA512 (libgcrypt-1.10.1.tar.bz2.sig) = b156ae05079776698bc95ba5a9e48e95de8f716aa1760ef4b2e7cb8518ccec660337fc7823f865bde870461800d472fd8e458d03a7095b6bb614f6dd96f796d8