From 617e4c5f4c3a78155f0619b6dc1e4f761ac2e52c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 6 Aug 2024 11:49:48 +0200
Subject: [PATCH] Use upstream patches for CF protection fixes

Related: RHEL-58736
---
 libgcrypt-1.11.0-cf-protection.patch | 155 +++++++++++++++++++++++++--
 1 file changed, 146 insertions(+), 9 deletions(-)

diff --git a/libgcrypt-1.11.0-cf-protection.patch b/libgcrypt-1.11.0-cf-protection.patch
index e7ead95..ece660e 100644
--- a/libgcrypt-1.11.0-cf-protection.patch
+++ b/libgcrypt-1.11.0-cf-protection.patch
@@ -1,12 +1,55 @@
-From de3a04203b33c2248400392b535d2ab133bcd752 Mon Sep 17 00:00:00 2001
+From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 26 Jul 2024 11:00:30 +0300
+Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
+ model code
+
+* cipher/asm-common-amd64.h [__code_model_large__]
+(GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/asm-common-amd64.h | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
+index 870fef9a..3fa065e8 100644
+--- a/cipher/asm-common-amd64.h
++++ b/cipher/asm-common-amd64.h
+@@ -59,14 +59,18 @@
+ #  ifdef __code_model_large__
+ #    define GET_EXTERN_POINTER(name, reg) \
+ 	       pushq %r15; \
++	       CFI_PUSH(%r15); \
+ 	       pushq %r14; \
++	       CFI_PUSH(%r14); \
+ 	    1: leaq 1b(%rip), reg; \
+ 	       movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
+ 	       movabsq $name@GOT, %r15; \
+ 	       addq %r14, reg; \
+ 	       popq %r14; \
++	       CFI_POP(%r14); \
+ 	       movq (reg, %r15), reg; \
+-	       popq %r15;
++	       popq %r15; \
++	       CFI_POP(%r15);
+ #  else
+ #    define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
+ #  endif
+-- 
+2.45.2
+
+From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Sat, 27 Jul 2024 08:16:56 +0300
-Subject: [PATCH] Do not build rijndael-vaes-avx2-i386 on x86-64
+Subject: [PATCH] Do not build i386 assembly on x86-64
 
 * configure.ac: Enable building i386 "rijndael-vaes" only
 on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
 --
 
+GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
  configure.ac | 9 +++++----
@@ -40,19 +83,112 @@ index d3dffb4b..1e182552 100644
     esac
  fi
 -- 
-2.43.0
+2.45.2
 
+From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sat, 27 Jul 2024 08:50:57 +0300
+Subject: [PATCH] Do not build amd64 assembly on i386
 
-From 9178af96038acd295d02a4c405c19435dce92ad8 Mon Sep 17 00:00:00 2001
+* configure.ac: Build "serpent-avx2-amd64" and
+"camellia-*-amd64" only on x86-64.
+--
+
+GnuPG-bug-id: 7220
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ configure.ac | 50 +++++++++++++++++++++++++++-----------------------
+ 1 file changed, 27 insertions(+), 23 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1e182552..191aa38d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
+       x86_64-*-*)
+          # Build with the SSE2 implementation
+          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
++
++         if test x"$avx2support" = xyes ; then
++            # Build with the AVX2 implementation
++            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
++         fi
+       ;;
+    esac
+ 
+-   if test x"$avx2support" = xyes ; then
+-      # Build with the AVX2 implementation
+-      GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
+-   fi
+-
+    if test x"$avx512support" = xyes ; then
+       # Build with the AVX512 implementation
+       GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
+@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
+       ;;
+    esac
+ 
+-   if test x"$avxsupport" = xyes ; then
+-      if test x"$aesnisupport" = xyes ; then
+-        # Build with the AES-NI/AVX implementation
+-        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
+-      fi
+-   fi
++   case "${host}" in
++      x86_64-*-*)
++         if test x"$avxsupport" = xyes ; then
++            if test x"$aesnisupport" = xyes ; then
++              # Build with the AES-NI/AVX implementation
++              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
++            fi
++         fi
+ 
+-   if test x"$avx2support" = xyes ; then
+-      if test x"$aesnisupport" = xyes ; then
+-        # Build with the AES-NI/AVX2 implementation
+-        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
++         if test x"$avx2support" = xyes ; then
++            if test x"$aesnisupport" = xyes ; then
++              # Build with the AES-NI/AVX2 implementation
++              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
+ 
+-        # Build with the VAES/AVX2 implementation
+-        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
++              # Build with the VAES/AVX2 implementation
++              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
+ 
+-        # Build with the GFNI/AVX2 implementation
+-        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
++              # Build with the GFNI/AVX2 implementation
++              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
+ 
+-        # Build with the GFNI/AVX512 implementation
+-        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
+-      fi
+-   fi
++              # Build with the GFNI/AVX512 implementation
++              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
++            fi
++         fi
++      ;;
++   esac
+ fi
+ 
+ LIST_MEMBER(idea, $enabled_ciphers)
+-- 
+2.45.2
+
+From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 26 Jul 2024 10:59:12 +0300
-Subject: [PATCH 1/2] Add CET support for x86-64 assembly
+Subject: [PATCH] Add CET support for x86-64 assembly
 
 * cipher/asm-common-amd64.h (ENDBRANCH): New.
 (CFI_STARTPROC): Add ENDBRANCH.
 [__CET__] (note.gnu.property): Add CET property section.
 --
 
+GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
  cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
@@ -114,18 +250,19 @@ index 3fa065e8..465ef62b 100644
 +
  #endif /* GCRY_ASM_COMMON_AMD64_H */
 -- 
-2.43.0
+2.45.2
 
-From e7c81e64b1a81455ce72c54607ce6ab35c24f407 Mon Sep 17 00:00:00 2001
+From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 26 Jul 2024 11:09:37 +0300
-Subject: [PATCH 2/2] Add CET support for i386 assembly
+Subject: [PATCH] Add CET support for i386 assembly
 
 * cipher/asm-common-i386.h (ENDBRANCH): New.
 (CFI_STARTPROC): Add ENDBRANCH.
 [__CET__] (note.gnu.property): Add CET property section.
 --
 
+GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
  cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
@@ -187,5 +324,5 @@ index d746ebc4..346a8ff2 100644
 +
  #endif /* GCRY_ASM_COMMON_AMD64_H */
 -- 
-2.43.0
+2.45.2