new upstream version 1.8.6

.gitignore

@@ -21,3 +21,4 @@ libgcrypt-1.4.5-hobbled.tar.bz2
 /libgcrypt-1.8.3-hobbled.tar.xz
 /libgcrypt-1.8.4-hobbled.tar.xz
 /libgcrypt-1.8.5-hobbled.tar.xz
+/libgcrypt-1.8.6-hobbled.tar.xz

ecc-curves.c

@@ -40,8 +40,12 @@ static const struct
   const char *other; /* Other name. */
 } curve_aliases[] =
   {
-    { "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },
-    { "Ed25519",    "1.3.6.1.4.1.11591.15.1" },
+    { "Curve25519", "1.3.6.1.4.1.3029.1.5.1" }, /* OpenPGP */
+    { "Curve25519", "1.3.101.110" },         /* rfc8410 */
+    { "Curve25519", "X25519" },              /* rfc8410 */
+
+    { "Ed25519",    "1.3.6.1.4.1.11591.15.1" },/* OpenPGP */
+    { "Ed25519",    "1.3.101.112" },         /* rfc8410 */
 
     { "NIST P-224", "secp224r1" },
     { "NIST P-224", "1.3.132.0.33" },        /* SECP OID.  */

libgcrypt-1.8.5-build.patch

@@ -1,14 +0,0 @@
-diff -up libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S
---- libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build	2017-11-23 19:16:58.000000000 +0100
-+++ libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S	2020-01-30 17:26:12.026404286 +0100
-@@ -87,9 +87,8 @@ _gcry_poly1305_armv7_neon_init_ext:
- .Lpoly1305_init_ext_neon_local:
- 	stmfd sp!, {r4-r11, lr}
- 	sub sp, sp, #32
--	mov r14, r2
-+	mov r14, #-1
- 	and r2, r2, r2
--	moveq r14, #-1
- 	UNALIGNED_LDMIA4(r1, r2, r3, r4, r5)
- 	GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8)
- 	mov r6, r2

libgcrypt.spec

@@ -1,6 +1,6 @@
 Name: libgcrypt
-Version: 1.8.5
-Release: 7%{?dist}
+Version: 1.8.6
+Release: 1%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@@ -45,8 +45,6 @@ Patch26: libgcrypt-1.8.3-fips-enttest.patch
 Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
 # Intel CET support, in upstream master
 Patch28: libgcrypt-1.8.5-intel-cet.patch
-# Fix build on ARMv7
-Patch29: libgcrypt-1.8.5-build.patch
 # FIPS module is redefined a little bit (implicit by kernel FIPS mode)
 Patch30: libgcrypt-1.8.5-fips-module.patch
 # Backported AES performance improvements
@@ -100,7 +98,6 @@ applications using libgcrypt.
 %patch26 -p1 -b .fips-enttest
 %patch27 -p1 -b .fips-enforce
 %patch28 -p1 -b .intel-cet
-%patch29 -p1 -b .build
 %patch30 -p1 -b .fips-module
 %patch31 -p1 -b .aes-perf
 
@@ -211,6 +208,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
 %license COPYING
 
 %changelog
+* Mon Jul 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.6-1
+- new upstream version 1.8.6
+
 * Wed Jul  1 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-7
 - use the hmac256 tool to calculate the library hmac
 

sources

@@ -1 +1 @@
-SHA512 (libgcrypt-1.8.5-hobbled.tar.xz) = 63391cdb4b2366dfc7869a45a9e5facbb05e4d28ada2646941cadfa2de93517ff5fb2a28aa7f486b79a1449cf701c8c36a6e99052d7c499b240dff606dd921a0
+SHA512 (libgcrypt-1.8.6-hobbled.tar.xz) = b59a3c6544e989033acb1f75a526487075b12aac65f18e38264aa9921fe89306485bfee5f4b0dd75d9ed4a35f23851d302359983c75d6f5a0d6f74007a553743

t-mpi-point.c

@@ -737,23 +737,11 @@ basic_ec_math (void)
     gcry_mpi_ec_mul (Q, tmp, G, ctx);
     gcry_mpi_release (tmp);
     gcry_mpi_point_get (x, y, z, Q);
-    if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 0)
-        || gcry_mpi_cmp_ui (z, 0))
+    if (gcry_mpi_cmp_ui (z, 0))
       fail ("multiply a point by zero failed\n");
   }
 
   gcry_mpi_ec_mul (Q, d, G, ctx);
-  gcry_mpi_point_get (x, y, z, Q);
-  if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66")
-      || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8")
-      || cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F"))
-    fail ("computed public key does not match\n");
-  if (debug)
-    {
-      print_mpi ("Q.x", x);
-      print_mpi ("Q.y", y);
-      print_mpi ("Q.z", z);
-    }
 
   if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
     fail ("failed to get affine coordinates\n");