import CS libgcrypt-1.10.0-11.el9

.gitignore

@@ -1 +1,2 @@
 SOURCES/libgcrypt-1.10.0.tar.bz2
+SOURCES/libgcrypt-1.10.0.tar.bz2.sig

.libgcrypt.metadata

@@ -1 +1,2 @@
 363feb8187f6c59b6b10721af6a94558db8ec3af SOURCES/libgcrypt-1.10.0.tar.bz2
+061e31906b3f2647ddd30fb60777d66165b70205 SOURCES/libgcrypt-1.10.0.tar.bz2.sig

SOURCES/libgcrypt-1.10.0-fips-drbg.patch

@@ -0,0 +1,85 @@
+From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 1 Mar 2023 15:39:15 +0100
+Subject: [PATCH] random: Remove unused SHA384 DRBGs.
+
+* random/random-drbg.c (global): Remove unused SHA384-based defines.
+(drbg_cores): Remove SHA384 configurations.
+(drbg_sec_strength): Remove unused SHA384.
+--
+
+These are no longer allowed by FIPS and it looks like they were never
+usable as they do not have any conversion from the string flags.
+
+GnuPG-bug-id: 6393
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ random/random-drbg.c | 13 ++-----------
+ 1 file changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/random/random-drbg.c b/random/random-drbg.c
+index f1cfe286..af49a5a5 100644
+--- a/random/random-drbg.c
++++ b/random/random-drbg.c
+@@ -188,11 +188,9 @@
+ #define DRBG_HASHSHA1		((u32)1<<4)
+ #define DRBG_HASHSHA224		((u32)1<<5)
+ #define DRBG_HASHSHA256		((u32)1<<6)
+-#define DRBG_HASHSHA384		((u32)1<<7)
+ #define DRBG_HASHSHA512		((u32)1<<8)
+ #define DRBG_HASH_MASK		(DRBG_HASHSHA1 | DRBG_HASHSHA224 \
+-				 | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
+-				 | DRBG_HASHSHA512)
++				 | DRBG_HASHSHA256 | DRBG_HASHSHA512)
+ /* type modifiers (A.3)*/
+ #define DRBG_HMAC		((u32)1<<12)
+ #define DRBG_SYM128		((u32)1<<13)
+@@ -211,23 +209,18 @@
+ #define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
+ #define DRBG_PR_HASHSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
+ #define DRBG_PR_HASHSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
+-#define DRBG_PR_HASHSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
+ #define DRBG_PR_HASHSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
+ #define DRBG_NOPR_HASHSHA1   (DRBG_HASHSHA1)
+ #define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
+-#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
+ #define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
+ #define DRBG_PR_HMACSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
+                               | DRBG_HMAC)
+ #define DRBG_PR_HMACSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
+                               | DRBG_HMAC)
+-#define DRBG_PR_HMACSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
+-                              | DRBG_HMAC)
+ #define DRBG_PR_HMACSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
+                               | DRBG_HMAC)
+ #define DRBG_NOPR_HMACSHA1   (DRBG_HASHSHA1 | DRBG_HMAC)
+ #define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
+-#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
+ #define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
+ 
+ 
+@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {
+   /* Hash DRBGs */
+   {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
+   {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
+-  {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
+   {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
+   /* HMAC DRBGs */
+   {DRBG_HASHSHA1   | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
+   {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
+-  {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
+   {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
+   /* block ciphers */
+   {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
+@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)
+   else if (flags & DRBG_SYM192)
+     return 24;
+   else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
+-	   (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
++	   (flags & DRBG_HASHSHA512))
+     return 32;
+   else
+     return 32;
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-indicator-md-hmac.patch

@@ -0,0 +1,277 @@
+From fd832687f36c1885d2388c55f7e8569184ba2593 Mon Sep 17 00:00:00 2001
+From: Tobias Heider <tobias.heider@canonical.com>
+Date: Thu, 16 Feb 2023 03:20:48 +0100
+Subject: [PATCH] fips: Add explicit indicators for md and mac algorithms
+
+* src/fips.c (_gcry_fips_indicator_mac): New function indicating
+  non-approved mac algorithms
+  (_gcry_fips_indicator_md): new functions indicating non-approved
+  message digest algorithms
+* src/g10lib.h (_gcry_fips_indicator_mac): new function
+  (_gcry_fips_indicator_md): ditto
+* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols
+  GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
+  GCRYCTL_FIPS_SERVICE_INDICATOR_MD
+* src/global.c (_gcry_vcontrol): Handle new FIPS indicators.
+* doc/gcrypt.texi: Document the new option.
+--
+
+Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
+---
+ doc/gcrypt.texi | 13 +++++++++++++
+ src/fips.c      | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
+ src/g10lib.h    |  2 ++
+ src/gcrypt.h.in |  4 +++-
+ src/global.c    | 14 ++++++++++++++
+ 5 files changed, 83 insertions(+), 1 deletion(-)
+
+diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
+index e44c2f2e..462c5931 100644
+--- a/doc/gcrypt.texi
++++ b/doc/gcrypt.texi
+@@ -992,6 +992,19 @@ certification. If the function is approved, this function returns
+ @code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
+ Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+ 
++@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos
++
++Check if the given MAC is approved under the current FIPS 140-3
++certification. If the MAC is approved, this function returns
++@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
++is returned.
++
++@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
++
++Check if the given message digest algorithm is approved under the current
++FIPS 140-3 certification. If the algorithm is approved, this function returns
++@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
++
+ @end table
+ 
+ @end deftypefun
+diff --git a/src/fips.c b/src/fips.c
+index 272aabae..8b3b3f04 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -377,6 +377,57 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
+     }
+ }
+ 
++int
++_gcry_fips_indicator_mac (va_list arg_ptr)
++{
++  enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
++
++  switch (alg)
++    {
++    case GCRY_MAC_CMAC_AES:
++    case GCRY_MAC_HMAC_SHA1:
++    case GCRY_MAC_HMAC_SHA224:
++    case GCRY_MAC_HMAC_SHA256:
++    case GCRY_MAC_HMAC_SHA384:
++    case GCRY_MAC_HMAC_SHA512:
++    case GCRY_MAC_HMAC_SHA512_224:
++    case GCRY_MAC_HMAC_SHA512_256:
++    case GCRY_MAC_HMAC_SHA3_224:
++    case GCRY_MAC_HMAC_SHA3_256:
++    case GCRY_MAC_HMAC_SHA3_384:
++    case GCRY_MAC_HMAC_SHA3_512:
++      return GPG_ERR_NO_ERROR;
++    default:
++      return GPG_ERR_NOT_SUPPORTED;
++    }
++}
++
++int
++_gcry_fips_indicator_md (va_list arg_ptr)
++{
++  enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
++
++  switch (alg)
++    {
++    case GCRY_MD_SHA1:
++    case GCRY_MD_SHA224:
++    case GCRY_MD_SHA256:
++    case GCRY_MD_SHA384:
++    case GCRY_MD_SHA512:
++    case GCRY_MD_SHA512_224:
++    case GCRY_MD_SHA512_256:
++    case GCRY_MD_SHA3_224:
++    case GCRY_MD_SHA3_256:
++    case GCRY_MD_SHA3_384:
++    case GCRY_MD_SHA3_512:
++    case GCRY_MD_SHAKE128:
++    case GCRY_MD_SHAKE256:
++      return GPG_ERR_NO_ERROR;
++    default:
++      return GPG_ERR_NOT_SUPPORTED;
++    }
++}
++
+ int
+ _gcry_fips_indicator_kdf (va_list arg_ptr)
+ {
+diff --git a/src/g10lib.h b/src/g10lib.h
+index 6be0ab21..86337eed 100644
+--- a/src/g10lib.h
++++ b/src/g10lib.h
+@@ -467,6 +467,8 @@ void _gcry_fips_signal_error (const char *srcfile,
+ #endif
+ 
+ int _gcry_fips_indicator_cipher (va_list arg_ptr);
++int _gcry_fips_indicator_mac (va_list arg_ptr);
++int _gcry_fips_indicator_md (va_list arg_ptr);
+ int _gcry_fips_indicator_kdf (va_list arg_ptr);
+ int _gcry_fips_indicator_function (va_list arg_ptr);
+ 
+diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
+index aba22bfc..54080d46 100644
+--- a/src/gcrypt.h.in
++++ b/src/gcrypt.h.in
+@@ -330,7 +330,9 @@ enum gcry_ctl_cmds
+     GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
+     GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
+     GCRYCTL_NO_FIPS_MODE = 83,
+-    GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84
++    GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
++    GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
++    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
+   };
+ 
+ /* Perform various operations defined by CMD. */
+diff --git a/src/global.c b/src/global.c
+index debf6194..d16d3709 100644
+--- a/src/global.c
++++ b/src/global.c
+@@ -791,6 +791,20 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
+       rc = _gcry_fips_indicator_cipher (arg_ptr);
+       break;
+ 
++    case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
++      /* Get FIPS Service Indicator for a given message authentication code.
++       * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
++       * GPG_ERR_NOT_SUPPORTED otherwise */
++      rc = _gcry_fips_indicator_mac (arg_ptr);
++      break;
++
++    case GCRYCTL_FIPS_SERVICE_INDICATOR_MD:
++      /* Get FIPS Service Indicator for a given message digest. Returns
++       * GPG_ERR_NO_ERROR if algorithm is allowed or GPG_ERR_NOT_SUPPORTED
++       * otherwise */
++      rc = _gcry_fips_indicator_md (arg_ptr);
++      break;
++
+     case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
+       /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
+        * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
+-- 
+2.39.2
+
+From 2d193a955d05b4b9caed2895cf25600add3484da Mon Sep 17 00:00:00 2001
+From: Tobias Heider <tobias.heider@canonical.com>
+Date: Thu, 16 Feb 2023 03:21:26 +0100
+Subject: [PATCH] fips: Unblock MD5 in fips mode but mark non-approved in
+ indicator.
+
+* cipher/mac-hmac.c (_gcry_mac_type_spec_hmac_md5): allow in fips mode
+* cipher/md5.c (_gcry_digest_spec_md5): allow in fips mode
+--
+
+Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
+---
+ cipher/mac-hmac.c | 2 +-
+ cipher/md5.c      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c
+index f1ab568b..9fac77dc 100644
+--- a/cipher/mac-hmac.c
++++ b/cipher/mac-hmac.c
+@@ -1413,7 +1413,7 @@ const gcry_mac_spec_t _gcry_mac_type_spec_hmac_tiger1 = {
+ #endif
+ #if USE_MD5
+ const gcry_mac_spec_t _gcry_mac_type_spec_hmac_md5 = {
+-  GCRY_MAC_HMAC_MD5, {0, 0}, "HMAC_MD5",
++  GCRY_MAC_HMAC_MD5, {0, 1}, "HMAC_MD5",
+   &hmac_ops
+ };
+ #endif
+diff --git a/cipher/md5.c b/cipher/md5.c
+index 5457fc38..744a2cc1 100644
+--- a/cipher/md5.c
++++ b/cipher/md5.c
+@@ -314,7 +314,7 @@ static const gcry_md_oid_spec_t oid_spec_md5[] =
+ 
+ const gcry_md_spec_t _gcry_digest_spec_md5 =
+   {
+-    GCRY_MD_MD5, {0, 0},
++    GCRY_MD_MD5, {0, 1},
+     "MD5", asn, DIM (asn), oid_spec_md5, 16,
+     md5_init, _gcry_md_block_write, md5_final, md5_read, NULL,
+     NULL,
+-- 
+2.39.2
+
+From f52f33389da3302f51b6b00451cf9fc7e7a7e277 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 6 Mar 2023 17:26:17 +0100
+Subject: [PATCH] tests: Improve test coverage for FIPS service indicators
+
+* tests/basic.c (check_digests): Check the FIPS indicators
+  (check_mac): Ditto.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/basic.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/tests/basic.c b/tests/basic.c
+index 095bdc97..5d5ceac9 100644
+--- a/tests/basic.c
++++ b/tests/basic.c
+@@ -14086,6 +14086,7 @@ check_mac (void)
+ 	"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
+       {	0 },
+     };
++  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -15370,6 +15370,12 @@ check_digests (void)
+         {
+           if (in_fips_mode)
+             {
++              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, algos[i].md);
++              if (err == GPG_ERR_NO_ERROR)
++                {
++                  fail ("algo %d, gcry_md_test_algo failed while it should"
++                        " have worked in FIPS mode\n", algos[i].md);
++                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].md);
+@@ -16948,6 +16954,7 @@ check_mac (void)
+ #endif /* USE_GOST28147 */
+       { 0 },
+     };
++  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -16961,6 +16968,12 @@ check_mac (void)
+         {
+           if (in_fips_mode)
+             {
++              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MAC, algos[i].algo);
++              if (err == GPG_ERR_NO_ERROR)
++                {
++                  fail ("algo %d, gcry_mac_test_algo failed while it should"
++                        " have worked in FIPS mode\n", algos[i].algo);
++                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].algo);
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-indicator-pk-flags.patch

@@ -0,0 +1,277 @@
+From 0c0268177666f6ce53c0a61e86c1c5bd2c53c0b0 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 6 Mar 2023 15:57:40 +0100
+Subject: [PATCH] fips: Explicitly allow only some PK flags
+
+* src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit
+  FIPS indicator for public key algorithm flags
+* src/g10lib.h (_gcry_fips_indicator_pk_flags): New.
+* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New.
+* src/global.c (_gcry_vcontrol): Handle the new option.
+* doc/gcrypt.texi: Document new options.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ doc/gcrypt.texi |  6 ++++++
+ src/fips.c      | 15 +++++++++++++++
+ src/g10lib.h    |  1 +
+ src/gcrypt.h.in |  3 ++-
+ src/global.c    |  7 +++++++
+ 5 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
+index 462c5931..750b6718 100644
+--- a/doc/gcrypt.texi
++++ b/doc/gcrypt.texi
+@@ -1005,6 +1005,12 @@ Check if the given message digest algorithm is approved under the current
+ FIPS 140-3 certification. If the algorithm is approved, this function returns
+ @code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+ 
++@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
++
++Check if the given public key operation flag is approved under the current
++FIPS 140-3 certification. If the flag is approved, this function returns
++@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
++
+ @end table
+ 
+ @end deftypefun
+diff --git a/src/fips.c b/src/fips.c
+index 974ed833..cb547aa2 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -457,6 +457,21 @@ _gcry_fips_indicator_function (va_list arg_ptr)
+ }
+ 
+ 
++int
++_gcry_fips_indicator_pk_flags (va_list arg_ptr)
++{
++  const char *flag = va_arg (arg_ptr, const char *);
++
++  if (strcmp (flag, "param") == 0 ||
++      strcmp (flag, "raw") == 0 ||
++      strcmp (flag, "no-blinding") == 0 ||
++      strcmp (flag, "pss") == 0)
++    return GPG_ERR_NO_ERROR;
++
++  return GPG_ERR_NOT_SUPPORTED;
++}
++
++
+ /* This is a test on whether the library is in the error or
+    operational state. */
+ int
+diff --git a/src/g10lib.h b/src/g10lib.h
+index 86337eed..acff2d6b 100644
+--- a/src/g10lib.h
++++ b/src/g10lib.h
+@@ -471,6 +471,7 @@ int _gcry_fips_indicator_mac (va_list arg_ptr);
+ int _gcry_fips_indicator_md (va_list arg_ptr);
+ int _gcry_fips_indicator_kdf (va_list arg_ptr);
+ int _gcry_fips_indicator_function (va_list arg_ptr);
++int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
+ 
+ int _gcry_fips_is_operational (void);
+ 
+diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
+index 54080d46..121a2061 100644
+--- a/src/gcrypt.h.in
++++ b/src/gcrypt.h.in
+@@ -332,7 +332,8 @@ enum gcry_ctl_cmds
+     GCRYCTL_NO_FIPS_MODE = 83,
+     GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
+     GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
+-    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
++    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
++    GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
+   };
+ 
+ /* Perform various operations defined by CMD. */
+diff --git a/src/global.c b/src/global.c
+index d16d3709..f39df422 100644
+--- a/src/global.c
++++ b/src/global.c
+@@ -818,6 +818,13 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
+       rc = _gcry_fips_indicator_function (arg_ptr);
+       break;
+ 
++    case GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS:
++      /* Get FIPS Service Indicator for a public key operation flags.
++       * Returns GPG_ERR_NO_ERROR if the flag is allowed to be used or
++       * GPG_ERR_NOT_SUPPORTED otherwise */
++      rc = _gcry_fips_indicator_pk_flags (arg_ptr);
++      break;
++
+     case PRIV_CTL_INIT_EXTRNG_TEST:  /* Init external random test.  */
+       rc = GPG_ERR_NOT_SUPPORTED;
+       break;
+-- 
+2.39.2
+
+From 22a40df4c0210a671b331932a434f70b50354873 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 6 Mar 2023 16:05:07 +0100
+Subject: [PATCH] fips: Explicitly disable overriding random in FIPS mode
+
+* src/fips.c: (_gcry_fips_indicator_function): Mark using random
+  override non-approved in FIPS mode.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/fips.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/fips.c b/src/fips.c
+index cb547aa2..a7342030 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -450,7 +450,8 @@ _gcry_fips_indicator_function (va_list arg_ptr)
+   if (strcmp (function, "gcry_pk_sign") == 0 ||
+       strcmp (function, "gcry_pk_verify") == 0 ||
+       strcmp (function, "gcry_pk_encrypt") == 0 ||
+-      strcmp (function, "gcry_pk_decrypt") == 0)
++      strcmp (function, "gcry_pk_decrypt") == 0 ||
++      strcmp (function, "gcry_pk_random_override_new") == 0)
+     return GPG_ERR_NOT_SUPPORTED;
+ 
+   return GPG_ERR_NO_ERROR;
+-- 
+2.39.2
+
+From 1c916b8c99ea0e30f1d81d606fd63b0c45657186 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 24 Mar 2023 13:12:56 +0900
+Subject: [PATCH] fips: More elaborate way of getting FIPS pk flags indicators.
+
+* src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string
+in the S-expression.
+* doc/gcrypt.texi: Add document for the FIPS service indicator
+GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example.
+
+--
+
+GnuPG-bug-id: 6417
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ doc/gcrypt.texi | 42 +++++++++++++++++++++++++++++++++++++++---
+ src/fips.c      | 41 +++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 76 insertions(+), 7 deletions(-)
+
+diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
+index 750b6718..752f64d6 100644
+--- a/doc/gcrypt.texi
++++ b/doc/gcrypt.texi
+@@ -1007,9 +1007,45 @@ FIPS 140-3 certification. If the algorithm is approved, this function returns
+ 
+ @item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
+ 
+-Check if the given public key operation flag is approved under the current
+-FIPS 140-3 certification. If the flag is approved, this function returns
+-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
++Check if the given public key operation flag or s-expression object name is
++approved under the current FIPS 140-3 certification.  If the flag is
++approved, this function returns @code{GPG_ERR_NO_ERROR}.
++
++Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
++
++For compound s-expression objects, if the object name is allowed, the user
++is responsible to check also the internal members.  For example:
++
++@example
++  gcry_sexp_t s_sig = NULL;
++  gcry_md_hd_t hd = NULL;
++  gcry_sexp_t s_sk = NULL;
++  const char *data_tmpl = "(data(flags pss)(hash %s %b)(salt-length 1:0))";
++
++  if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_md_open") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, GCRY_MD_SHA512) &&
++      err = gcry_md_open (&hd, GCRY_MD_SHA512, 0))
++    @{
++      printf ("gcry_md_open failed: %s", gpg_strerror (err));
++      return;
++    @}
++  gcry_md_write (hd, buffer, buflen);
++
++  /* initialize the key in s_sk */
++
++  if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_pk_hash_sign") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "data") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "flags") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "pss") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "hash") &&
++      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "salt-length")
++      err = gcry_pk_hash_sign (&s_sig, data_tmpl, s_sk, hd, NULL))
++    @{
++      printf ("gcry_pk_hash_sign failed: %s", gpg_strerror (err));
++      return;
++    @}
++  /* ok */
++@end example
+ 
+ @end table
+ 
+diff --git a/src/fips.c b/src/fips.c
+index a7342030..669cfd0e 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -457,16 +457,49 @@ _gcry_fips_indicator_function (va_list arg_ptr)
+   return GPG_ERR_NO_ERROR;
+ }
+ 
++/* Note: the array should be sorted.  */
++static const char *valid_string_in_sexp[] = {
++  "curve",
++  "d",
++  "data",
++  "e",
++  "ecdsa",
++  "flags",
++  "genkey",
++  "hash",
++  "n",
++  "nbits",
++  "pkcs1",
++  "private-key",
++  "pss",
++  "public-key",
++  "q",
++  "r",
++  "raw",
++  "rsa",
++  "rsa-use-e",
++  "s",
++  "salt-length",
++  "sig-val",
++  "value"
++};
++
++static int
++compare_string (const void *v1, const void *v2)
++{
++  const char * const *p_str1 = v1;
++  const char * const *p_str2 = v2;
++
++  return strcmp (*p_str1, *p_str2);
++}
+ 
+ int
+ _gcry_fips_indicator_pk_flags (va_list arg_ptr)
+ {
+   const char *flag = va_arg (arg_ptr, const char *);
+ 
+-  if (strcmp (flag, "param") == 0 ||
+-      strcmp (flag, "raw") == 0 ||
+-      strcmp (flag, "no-blinding") == 0 ||
+-      strcmp (flag, "pss") == 0)
++  if (bsearch (&flag, valid_string_in_sexp, DIM (valid_string_in_sexp),
++               sizeof (char *), compare_string))
+     return GPG_ERR_NO_ERROR;
+ 
+   return GPG_ERR_NOT_SUPPORTED;
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-integrity2.patch

@@ -156,3 +156,35 @@ index 878d7095..50071bf5 100755
 2.39.1
 
 
+From 3fd3bb31597f80c76a94ea62e42d58d796beabf1 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 20 Feb 2023 16:16:01 +0100
+Subject: [PATCH] fips: Check return value from ftell
+
+* src/fips.c (get_file_offset): Check return value of ftell to be able
+  to detect errors.
+--
+
+Originally reported by coverity.
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/fips.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/fips.c b/src/fips.c
+index 272aabae..0d89b6da 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -681,6 +681,8 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
+         return gpg_error_from_syserror ();
+ 
+       off = ftell (fp);
++      if (off < 0)
++        return gpg_error_from_syserror ();
+       if (shdr.sh_type == SHT_NOTE && shdr.sh_flags == 0 && shdr.sh_size == 48)
+         {
+           const char header_of_the_note[] = {
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-kdf.patch

@@ -127,3 +127,61 @@ index d22584da..823c744e 100644
 -- 
 2.39.0
 
+From f5fe94810f3099c9ccc2ca3a5891502922ab0576 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 28 Feb 2023 12:53:28 +0100
+Subject: [PATCH] kdf: Update tests in regards to the allowed parameters in
+ FIPS mode.
+
+* cipher/kdf.c (check_one): run selftests for more approved parameters
+and check that wrong parameters correctly fail in FIPS mode.
+
+--
+
+Fixes-commit: 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
+GnuPG-bug-id: 5512
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/kdf.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/cipher/kdf.c b/cipher/kdf.c
+index 823c744e..12beec56 100644
+--- a/cipher/kdf.c
++++ b/cipher/kdf.c
+@@ -2059,17 +2059,25 @@ check_one (int algo, int hash_algo,
+ {
+   unsigned char key[512]; /* hardcoded to avoid allocation */
+   size_t keysize = expectlen;
+-
+-  /* Skip test with shoter passphrase in FIPS mode.  */
+-  if (fips_mode () && passphraselen < 14)
+-    return NULL;
++  int rv;
+ 
+   if (keysize > sizeof(key))
+     return "invalid tests data";
+ 
+-  if (_gcry_kdf_derive (passphrase, passphraselen, algo,
+-                        hash_algo, salt, saltlen, iterations,
+-                        keysize, key))
++  rv = _gcry_kdf_derive (passphrase, passphraselen, algo,
++                         hash_algo, salt, saltlen, iterations,
++                         keysize, key);
++  /* In fips mode we have special requirements for the input and
++   * output parameters */
++  if (fips_mode ())
++    {
++      if (rv && (passphraselen < 8 || saltlen < 16 ||
++                 iterations < 1000 || expectlen < 14))
++        return NULL;
++      else if (rv)
++        return "gcry_kdf_derive unexpectedly failed in FIPS Mode";
++    }
++  else if (rv)
+     return "gcry_kdf_derive failed";
+ 
+   if (memcmp (key, expect, expectlen))
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-pct.patch

@@ -0,0 +1,145 @@
+From 2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 1 Mar 2023 15:42:29 +0100
+Subject: [PATCH] ecc: Do not allow skipping tests in FIPS Mode.
+
+* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests
+in FIPS mode.
+
+--
+
+The new FIPS specification requires to run the PCT without any
+exceptions.
+
+GnuPG-bug-id: 6394
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/ecc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/ecc.c b/cipher/ecc.c
+index 1e80200e..797f2368 100644
+--- a/cipher/ecc.c
++++ b/cipher/ecc.c
+@@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
+         log_debug ("ecgen result  using Ed25519+EdDSA\n");
+     }
+ 
+-  if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ())
++  if (fips_mode ())
+     test_keys_fips (*r_skey);
+ 
+  leave:
+-- 
+2.39.2
+
+From 23a2d1285e35b2eb91bb422609eb1c965c8a9bf6 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 2 Mar 2023 09:43:44 +0100
+Subject: [PATCH] ecc: Make the PCT recoverable in FIPS mode and consistent
+ with RSA.
+
+* cipher/ecc.c (test_keys_fips): Replace calls to log_fatal with
+return code on error.
+(ecc_generate): Signal error when PCT fails in FIPS mode.
+
+--
+
+GnuPG-bug-id: 6397
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/ecc.c | 36 ++++++++++++++++++++++++++++--------
+ 1 file changed, 28 insertions(+), 8 deletions(-)
+
+diff --git a/cipher/ecc.c b/cipher/ecc.c
+index 797f2368..19520db3 100644
+--- a/cipher/ecc.c
++++ b/cipher/ecc.c
+@@ -101,7 +101,7 @@ static void *progress_cb_data;
+ 
+ /* Local prototypes. */
+ static void test_keys (mpi_ec_t ec, unsigned int nbits);
+-static void test_keys_fips (gcry_sexp_t skey);
++static int test_keys_fips (gcry_sexp_t skey);
+ static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
+ static unsigned int ecc_get_nbits (gcry_sexp_t parms);
+ 
+@@ -308,9 +308,10 @@ test_keys (mpi_ec_t ec, unsigned int nbits)
+ /* We should get here only with the NIST curves as they are the only ones
+  * having the fips bit set in ecc_domain_parms_t struct so this is slightly
+  * simpler than the whole ecc_generate function */
+-static void
++static int
+ test_keys_fips (gcry_sexp_t skey)
+ {
++  int result = -1; /* Default to failure */
+   gcry_md_hd_t hd = NULL;
+   const char *data_tmpl = "(data (flags rfc6979) (hash %s %b))";
+   gcry_sexp_t sig = NULL;
+@@ -323,18 +324,27 @@ test_keys_fips (gcry_sexp_t skey)
+   /* Open MD context and feed the random data in */
+   rc = _gcry_md_open (&hd, GCRY_MD_SHA256, 0);
+   if (rc)
+-    log_fatal ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
++    {
++      log_error ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
++      goto leave;
++    }
+   _gcry_md_write (hd, plaintext, sizeof(plaintext));
+ 
+   /* Sign the data */
+   rc = _gcry_pk_sign_md (&sig, data_tmpl, hd, skey, NULL);
+   if (rc)
+-    log_fatal ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
++    {
++      log_error ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
++      goto leave;
++    }
+ 
+   /* Verify this signature.  */
+   rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
+   if (rc)
+-    log_fatal ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
++    {
++      log_error ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
++      goto leave;
++    }
+ 
+   /* Modify the data and check that the signing fails.  */
+   _gcry_md_reset(hd);
+@@ -342,10 +352,16 @@ test_keys_fips (gcry_sexp_t skey)
+   _gcry_md_write (hd, plaintext, sizeof(plaintext));
+   rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
+   if (rc != GPG_ERR_BAD_SIGNATURE)
+-    log_fatal ("ECDSA operation: signature verification worked on modified data\n");
++    {
++      log_error ("ECDSA operation: signature verification worked on modified data\n");
++      goto leave;
++    }
+ 
++  result = 0;
++leave:
+   _gcry_md_close (hd);
+   sexp_release (sig);
++  return result;
+ }
+ 
+ 
+@@ -677,8 +693,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
+         log_debug ("ecgen result  using Ed25519+EdDSA\n");
+     }
+ 
+-  if (fips_mode ())
+-    test_keys_fips (*r_skey);
++  if (fips_mode () && test_keys_fips (*r_skey))
++    {
++      sexp_release (*r_skey); r_skey = NULL;
++      fips_signal_error ("self-test after key generation failed");
++      rc = GPG_ERR_SELFTEST_FAILED;
++    }
+ 
+  leave:
+   mpi_free (public);
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-fips-status-sign-verify.patch

@@ -0,0 +1,46 @@
+From 654d0dfa04993ebe28c0536d42f4bc6d87c28369 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 1 Mar 2023 17:14:00 +0100
+Subject: [PATCH] visibility: Check FIPS operational status for MD+Sign
+ operation.
+
+* src/visibility.c (gcry_pk_hash_sign): Check fips status before
+calling the operation itself.
+(gcry_pk_hash_verify): Ditto.
+
+--
+
+GnuPG-bug-id: 6396
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/visibility.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/visibility.c b/src/visibility.c
+index 73db3dea..1f17e147 100644
+--- a/src/visibility.c
++++ b/src/visibility.c
+@@ -1050,6 +1050,11 @@ gcry_error_t
+ gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey,
+                    gcry_md_hd_t hd, gcry_ctx_t ctx)
+ {
++  if (!fips_is_operational ())
++    {
++      *result = NULL;
++      return gpg_error (fips_not_operational ());
++    }
+   return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx));
+ }
+ 
+@@ -1065,6 +1070,8 @@ gcry_error_t
+ gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey,
+                      gcry_md_hd_t hd, gcry_ctx_t ctx)
+ {
++  if (!fips_is_operational ())
++    return gpg_error (fips_not_operational ());
+   return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx));
+ }
+ 
+-- 
+2.39.2
+

SOURCES/libgcrypt-1.10.0-marvin2.patch

@@ -0,0 +1,156 @@
+From f490ffd739f713fcf0be35b7fbbb8502dea40a0c Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sat, 3 Jun 2023 13:20:07 +0300
+Subject: [PATCH] addm/subm/mulm: fix case when destination is same MPI as
+ divider
+
+* mpi/mpi-add.c (_gcry_mpi_addm, _gcry_mpi_subm): Take copy of M when
+W and M are the same MPI.
+* mpi/mpi-mul.c (_gcry_mpi_mulm): Likewise.
+* tests/mpitests.c (test_addm_subm_mulm): New.
+(main): Run addm/subm/mulm test.
+--
+
+Reported-by: Guido Vranken <guidovranken@gmail.com>
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ mpi/mpi-add.c    | 22 ++++++++++++++++++++
+ mpi/mpi-mul.c    | 11 ++++++++++
+ tests/mpitests.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 86 insertions(+)
+
+diff --git a/mpi/mpi-add.c b/mpi/mpi-add.c
+index 41dc3900..51dc71b7 100644
+--- a/mpi/mpi-add.c
++++ b/mpi/mpi-add.c
+@@ -227,13 +227,35 @@ _gcry_mpi_sub(gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+ void
+ _gcry_mpi_addm( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+ {
++  gcry_mpi_t temp_m = NULL;
++
++  if (w == m)
++    {
++      temp_m = mpi_copy (m);
++      m = temp_m;
++    }
++
+   mpi_add (w, u, v);
+   mpi_mod (w, w, m);
++
++  if (temp_m)
++    mpi_free(temp_m);
+ }
+ 
+ void
+ _gcry_mpi_subm( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+ {
++  gcry_mpi_t temp_m = NULL;
++
++  if (w == m)
++    {
++      temp_m = mpi_copy (m);
++      m = temp_m;
++    }
++
+   mpi_sub (w, u, v);
+   mpi_mod (w, w, m);
++
++  if (temp_m)
++    mpi_free(temp_m);
+ }
+diff --git a/mpi/mpi-mul.c b/mpi/mpi-mul.c
+index 60f1ca48..e8e57475 100644
+--- a/mpi/mpi-mul.c
++++ b/mpi/mpi-mul.c
+@@ -207,6 +207,17 @@ _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+ void
+ _gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+ {
++  gcry_mpi_t temp_m = NULL;
++
++  if (w == m)
++    {
++      temp_m = mpi_copy (m);
++      m = temp_m;
++    }
++
+   mpi_mul (w, u, v);
+   _gcry_mpi_tdiv_r (w, w, m);
++
++  if (temp_m)
++    mpi_free(temp_m);
+ }
+diff --git a/tests/mpitests.c b/tests/mpitests.c
+index 48ea18b2..2ee08bd3 100644
+--- a/tests/mpitests.c
++++ b/tests/mpitests.c
+@@ -687,6 +687,58 @@ test_powm (void)
+ }
+ 
+ 
++/* What we test here is that using the same mpi for divider and result
++   works.  */
++static int
++test_addm_subm_mulm (void)
++{
++  int i;
++
++  for (i = 0; i < 3; i++)
++    {
++      unsigned int expect;
++      const char *func;
++      gcry_mpi_t A;
++      gcry_mpi_t B;
++      gcry_mpi_t C;
++
++      A = gcry_mpi_set_ui (NULL, 2);
++      B = gcry_mpi_set_ui (NULL, 4);
++      C = gcry_mpi_set_ui (NULL, 7);
++
++      if (i == 0)
++	{
++	  func = "mpi_addm";
++	  expect = 6;
++	  gcry_mpi_addm(C, A, B, C);
++	}
++      else if (i == 1)
++	{
++	  func = "mpi_subm";
++	  expect = 5;
++	  gcry_mpi_subm(C, A, B, C);
++	}
++      else if (i == 2)
++	{
++	  func = "mpi_mulm";
++	  expect = 1;
++	  gcry_mpi_mulm(C, A, B, C);
++	}
++
++      if (gcry_mpi_is_neg (C) || gcry_mpi_cmp_ui (C, expect))
++	{
++	  die ("test_addm_subm_mulm failed for %s at %d\n", func, __LINE__);
++	}
++
++      gcry_mpi_release(A);
++      gcry_mpi_release(B);
++      gcry_mpi_release(C);
++    }
++
++  return 1;
++}
++
++
+ int
+ main (int argc, char* argv[])
+ {
+@@ -710,6 +762,7 @@ main (int argc, char* argv[])
+   test_sub ();
+   test_mul ();
+   test_powm ();
++  test_addm_subm_mulm ();
+ 
+   return !!error_count;
+ }
+-- 
+2.44.0

SPECS/libgcrypt.spec

@@ -16,7 +16,7 @@ print(string.sub(hash, 0, 16))
 
 Name: libgcrypt
 Version: 1.10.0
-Release: 9%{?dist}
+Release: 11%{?dist}
 URL: https://www.gnupg.org/
 Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
 Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
@@ -46,11 +46,48 @@ Patch12: libgcrypt-1.10.0-fips-indicator.patch
 Patch13: libgcrypt-1.10.0-fips-integrity.patch
 # 3c8b6c4a9cad59c5e1db5706f6774a3141b60210
 # 052c5ef4cea56772b7015e36f231fa0bcbf91410
+# 3fd3bb31597f80c76a94ea62e42d58d796beabf1
 Patch14: libgcrypt-1.10.0-fips-integrity2.patch
 # 06ea5b5332ffdb44a0a394d766be8989bcb6a95c
 Patch15: libgcrypt-1.10.0-fips-x931.patch
 # bf1e62e59200b2046680d1d3d1599facc88cfe63
 Patch16: libgcrypt-1.10.0-fips-rsa-pss.patch
+# https://dev.gnupg.org/T6376
+Patch17: libgcrypt-1.10.0-fips-indicator-md-hmac.patch
+# https://dev.gnupg.org/T6394
+# https://dev.gnupg.org/T6397
+Patch18: libgcrypt-1.10.0-fips-pct.patch
+# https://dev.gnupg.org/T6396
+Patch19: libgcrypt-1.10.0-fips-status-sign-verify.patch
+# https://dev.gnupg.org/T6393
+Patch20: libgcrypt-1.10.0-fips-drbg.patch
+# https://dev.gnupg.org/T6417
+Patch21: libgcrypt-1.10.0-fips-indicator-pk-flags.patch
+# a611e3a25d61505698e2bb38ec2db38bc6a74820
+# 34c20427926010d6fa95b1666e4b1b60f60a8742
+# c848459e512615c1865a23cf24debb3ad4a1e85b
+# c31b70b2660c3d24bd54ee08c255c36d867fdea7
+# bd08357436a9559766cd458d25781ee4f94012a2
+# 58b62be844549ad3d57c507d834027f1e2756567
+# 6d1d50ba3aad1850975f717adbedb4cb8b236fa7
+# 1e9ddbd65c4627235611d75c3198c4ec197c9a05
+# 137e35ad47ee8734d0f3ffb6af1d1669c4621e0b
+# 84f934c09afac18b3f4351646c0fe6f93aede277
+# 0c6ec6bbe788b8c4a6982b2128d442b51323c898
+# 22dde5150ee2be01651410ed9756601ba6a29c93
+# 4d3e0e30b98b2acb90acb2792b8327c26824a66f
+# 179df341162c74da312f76363a0ff1f2f303aa78
+# d4aee9ace9a904446b987dddc2999119c4d62dae
+# aab6a42d5f44724b73a02598546a5e7d8b33298e
+# 5c5ba1ec2b505726ee1311339ac9e8b5c62cac4a
+# cf757cf90e9ae966b95dcebfd2f31b9212697f0c
+# c419a04d529af7b5fb43732ec2b4304166c2579a
+# 39d5364a9557d6f423de117601cb1e6414814f47
+Patch22: libgcrypt-1.10.0-marvin.patch
+# f490ffd739f713fcf0be35b7fbbb8502dea40a0c
+Patch23: libgcrypt-1.10.0-marvin2.patch
+# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19/
+Patch24: libgcrypt-1.10.0-marvin3.patch
 
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@@ -100,6 +137,14 @@ applications using libgcrypt.
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
 
 %build
 # This package has a configure test which uses ASMs, but does not link the
@@ -129,6 +174,7 @@ autoreconf -f
      --disable-jent-support \
      --enable-digests="$DIGESTS" \
      --enable-ciphers="$CIPHERS" \
+     --enable-marvin-workaround \
      --with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
 sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
 %make_build
@@ -219,6 +265,15 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
 %license COPYING
 
 %changelog
+* Thu Aug 01 2024 Jakub Jelen <jjelen@redhat.com> - 1.10.0-11
+- Fix CVE-2024-2236 (RHEL-34579)
+
+* Mon Mar 20 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-10
+- Provide FIPS indicators for MD and HMACs
+- Improve PCT tests for ECDSA and always run them after key is generated
+- Add missing guards for FIPS status in md_sign/verify function
+- Provider FIPS indicators for public key operation flags
+
 * Tue Jan 24 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-9
 - Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode
 - Do not allow large salt lengths with RSA-PSS padding