import libgcrypt-1.9.3-5.el9

2021-12-07 14:12:28 -05:00 · 2021-12-07 14:12:28 -05:00 · e4c1129733
commit e4c1129733
parent ee5bb0246b
2 changed files with 21 additions and 1 deletions
--- a/SOURCES/libgcrypt-1.9.3-fips-hwfeatures.patch
+++ b/SOURCES/libgcrypt-1.9.3-fips-hwfeatures.patch
@ -0,0 +1,13 @@
+diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
+--- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips   2021-06-25 11:55:55.843819137 +0200
+++ libgcrypt-1.8.5/src/hwfeatures.c   2021-06-25 11:56:00.925895390 +0200
+@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
+ {
+   hw_features = 0;
+ 
+-  if (fips_mode ())
+-    return; /* Hardware support is not to be evaluated.  */
+-
+   parse_hwf_deny_file ();
+ 
+ #if defined (HAVE_CPU_ARCH_X86)
--- a/SPECS/libgcrypt.spec
+++ b/SPECS/libgcrypt.spec
@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.9.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: https://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@ -50,6 +50,9 @@ Patch28: libgcrypt-1.8.5-intel-cet.patch
 Patch30: libgcrypt-1.8.5-fips-module.patch
 # Fix for CVE-2021-33560
 Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch
+# We can use HW optimizations in FIPS (#1990059)
+Patch32: libgcrypt-1.9.3-fips-hwfeatures.patch
+

 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@ -100,6 +103,7 @@ applications using libgcrypt.
 %patch28 -p1 -b .intel-cet
 %patch30 -p1 -b .fips-module
 %patch31 -p1 -b .CVE-2021-33560
+%patch32 -p1 -b .hw-fips

 cp %{SOURCE4} cipher/
 cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/
@ -209,6 +213,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
 %license COPYING

 %changelog
+* Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5
+- Allow HW optimizations in FIPS mode (#1990059)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688