Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libgcrypt.git#93ba00ab6ffe91bb52a03bc4a9ddfdf6756afacf
This commit is contained in:
parent
570c9025e0
commit
e8971f3db3
1
.gitignore
vendored
1
.gitignore
vendored
@ -24,3 +24,4 @@ libgcrypt-1.4.5-hobbled.tar.bz2
|
|||||||
/libgcrypt-1.8.6-hobbled.tar.xz
|
/libgcrypt-1.8.6-hobbled.tar.xz
|
||||||
/libgcrypt-1.8.7-hobbled.tar.xz
|
/libgcrypt-1.8.7-hobbled.tar.xz
|
||||||
/libgcrypt-1.9.0-hobbled.tar.xz
|
/libgcrypt-1.9.0-hobbled.tar.xz
|
||||||
|
/libgcrypt-1.9.1-hobbled.tar.xz
|
||||||
|
24
ecc-curves.c
24
ecc-curves.c
@ -1064,13 +1064,18 @@ mpi_ec_setup_elliptic_curve (mpi_ec_t ec, int flags,
|
|||||||
|
|
||||||
if ((n+7)/8 != len)
|
if ((n+7)/8 != len)
|
||||||
{
|
{
|
||||||
if ((n+7)/8 < len && ec->dialect == ECC_DIALECT_ED25519)
|
if (ec->dialect == ECC_DIALECT_ED25519)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* GnuPG (<= 2.2) or OpenPGP implementations with no
|
* GnuPG (<= 2.2) or OpenPGP implementations with no
|
||||||
* SOS support may remove zeros at the beginning.
|
* SOS support may remove zeros at the beginning.
|
||||||
* Recover those zeros.
|
* Recover those zeros.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Also, GnuPG (<= 2.2) may add additional zero at
|
||||||
|
* the beginning, when private key is moved from
|
||||||
|
* OpenPGP to gpg-agent. Remove such a zero-prefix.
|
||||||
|
*/
|
||||||
const unsigned char *buf;
|
const unsigned char *buf;
|
||||||
unsigned char *value;
|
unsigned char *value;
|
||||||
|
|
||||||
@ -1078,13 +1083,26 @@ mpi_ec_setup_elliptic_curve (mpi_ec_t ec, int flags,
|
|||||||
if (!buf)
|
if (!buf)
|
||||||
return GPG_ERR_INV_OBJ;
|
return GPG_ERR_INV_OBJ;
|
||||||
|
|
||||||
value = xtrycalloc_secure (1, len);
|
value = xtrymalloc_secure (len);
|
||||||
if (!value)
|
if (!value)
|
||||||
return gpg_err_code_from_syserror ();
|
return gpg_err_code_from_syserror ();
|
||||||
|
|
||||||
|
if ((n+7)/8 < len)
|
||||||
|
/* Recover zeros. */
|
||||||
|
{
|
||||||
memset (value, 0, len - (n+7)/8);
|
memset (value, 0, len - (n+7)/8);
|
||||||
memcpy (value + len - (n+7)/8, buf, (n+7)/8);
|
memcpy (value + len - (n+7)/8, buf, (n+7)/8);
|
||||||
mpi_set_opaque (ec->d, value, len);
|
}
|
||||||
|
else if ((n+7)/8 == len + 1)
|
||||||
|
/* Remove a zero. */
|
||||||
|
memcpy (value, buf+1, len);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
xfree (value);
|
||||||
|
return GPG_ERR_INV_OBJ;
|
||||||
|
}
|
||||||
|
|
||||||
|
mpi_set_opaque (ec->d, value, len*8);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
|
|
||||||
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
|
|
||||||
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
|
|
||||||
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
|
|
||||||
unsigned long iterations,
|
|
||||||
size_t keysize, void *keybuffer)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ return gpg_error (fips_not_operational ());
|
|
||||||
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
|
|
||||||
salt, saltlen, iterations,
|
|
||||||
keysize, keybuffer));
|
|
||||||
@@ -1343,6 +1345,13 @@ void
|
|
||||||
gcry_mpi_randomize (gcry_mpi_t w,
|
|
||||||
unsigned int nbits, enum gcry_random_level level)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ {
|
|
||||||
+ (void)fips_not_operational ();
|
|
||||||
+ fips_signal_fatal_error ("called in non-operational state");
|
|
||||||
+ fips_noreturn ();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
_gcry_mpi_randomize (w, nbits, level);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
|
|
||||||
gcry_random_level_t random_level,
|
|
||||||
unsigned int flags)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ return gpg_error (fips_not_operational ());
|
|
||||||
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
|
|
||||||
factors, cb_func, cb_arg,
|
|
||||||
random_level, flags));
|
|
@ -1,16 +1,15 @@
|
|||||||
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
||||||
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||||
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
||||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||||
&prime_q, &prime_p,
|
&prime_q, &prime_p,
|
||||||
r_counter,
|
r_counter,
|
||||||
r_seed, r_seedlen);
|
r_seed, r_seedlen);
|
||||||
- else
|
- else
|
||||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|
||||||
+ else if (!domain->p || !domain->q)
|
+ else if (!domain->p || !domain->q)
|
||||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||||
+ initial_seed.seed,
|
initial_seed.seed,
|
||||||
+ initial_seed.seedlen,
|
initial_seed.seedlen,
|
||||||
&prime_q, &prime_p,
|
&prime_q, &prime_p,
|
||||||
r_counter,
|
r_counter,
|
||||||
r_seed, r_seedlen, NULL);
|
r_seed, r_seedlen, NULL);
|
||||||
|
@ -142,7 +142,7 @@ diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pub
|
|||||||
" (use-fips186)"
|
" (use-fips186)"
|
||||||
" (transient-key)"
|
" (transient-key)"
|
||||||
" (derive-parms"
|
" (derive-parms"
|
||||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
- " (seed #f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
|
||||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||||
0, 1);
|
0, 1);
|
||||||
if (rc)
|
if (rc)
|
||||||
|
@ -6,9 +6,9 @@ diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndli
|
|||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
+#include <poll.h>
|
+#include <poll.h>
|
||||||
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
|
#if defined(__APPLE__) && defined(__MACH__)
|
||||||
#ifdef HAVE_SYSCALL
|
extern int getentropy (void *buf, size_t buflen) __attribute__ ((weak_import));
|
||||||
# include <sys/syscall.h>
|
#define HAVE_GETENTROPY
|
||||||
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
return with something we will actually use 100ms. */
|
return with something we will actually use 100ms. */
|
||||||
while (length)
|
while (length)
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
Date: Tue, 19 Jan 2021 18:04:30 +0000 (+0200)
|
|
||||||
Subject: kdf: add missing null-terminator for self-test test-vector array
|
|
||||||
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=c6425a5537294dfe2beaafc9105f7af4ceac677f
|
|
||||||
|
|
||||||
kdf: add missing null-terminator for self-test test-vector array
|
|
||||||
|
|
||||||
* cipher/kdf.c (selftest_pbkdf2): Add null-terminator to TV array.
|
|
||||||
--
|
|
||||||
|
|
||||||
This was causing kdf self-test to fail on s390x builds.
|
|
||||||
|
|
||||||
GnuPG-bug-id: 5254
|
|
||||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
---
|
|
||||||
|
|
||||||
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
|
||||||
index 3d707bd0..b916a3f8 100644
|
|
||||||
--- a/cipher/kdf.c
|
|
||||||
+++ b/cipher/kdf.c
|
|
||||||
@@ -452,7 +452,8 @@ selftest_pbkdf2 (int extended, selftest_report_func_t report)
|
|
||||||
"\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
|
|
||||||
"\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
|
|
||||||
"\xc6\x35\x51\x8c\x7d\xac\x47\xe9"
|
|
||||||
- }
|
|
||||||
+ },
|
|
||||||
+ { NULL }
|
|
||||||
};
|
|
||||||
const char *what;
|
|
||||||
const char *errtxt;
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.9.0
|
Version: 1.9.1
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: https://www.gnupg.org/
|
URL: https://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||||
@ -36,8 +36,6 @@ Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
|||||||
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
|
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
|
||||||
# Run the FIPS mode initialization in the shared library constructor
|
# Run the FIPS mode initialization in the shared library constructor
|
||||||
Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
||||||
# Block some operations if in FIPS non-operational state
|
|
||||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
|
||||||
# Do not try to open /dev/urandom if getrandom() works
|
# Do not try to open /dev/urandom if getrandom() works
|
||||||
Patch24: libgcrypt-1.8.5-getrandom.patch
|
Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||||
# Continuous FIPS entropy test
|
# Continuous FIPS entropy test
|
||||||
@ -46,8 +44,6 @@ Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
|||||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||||
# Missing terminator in the kdf vectors causing s390x builds failing
|
|
||||||
Patch31: libgcrypt-1.9.0-kdf-missing-terminator.patch
|
|
||||||
|
|
||||||
%global gcrylibdir %{_libdir}
|
%global gcrylibdir %{_libdir}
|
||||||
%global gcrysoname libgcrypt.so.20
|
%global gcrysoname libgcrypt.so.20
|
||||||
@ -92,12 +88,10 @@ applications using libgcrypt.
|
|||||||
%patch13 -p1 -b .gccopt
|
%patch13 -p1 -b .gccopt
|
||||||
%patch14 -p1 -b .eccfix
|
%patch14 -p1 -b .eccfix
|
||||||
%patch18 -p1 -b .fips-ctor
|
%patch18 -p1 -b .fips-ctor
|
||||||
%patch22 -p1 -b .fips-reqs
|
|
||||||
%patch24 -p1 -b .getrandom
|
%patch24 -p1 -b .getrandom
|
||||||
%patch26 -p1 -b .fips-enttest
|
%patch26 -p1 -b .fips-enttest
|
||||||
%patch27 -p1 -b .fips-enforce
|
%patch27 -p1 -b .fips-enforce
|
||||||
%patch30 -p1 -b .fips-module
|
%patch30 -p1 -b .fips-module
|
||||||
%patch31 -p1 -b .kdf-terminator
|
|
||||||
|
|
||||||
cp %{SOURCE4} cipher/
|
cp %{SOURCE4} cipher/
|
||||||
cp %{SOURCE5} %{SOURCE6} tests/
|
cp %{SOURCE5} %{SOURCE6} tests/
|
||||||
@ -207,6 +201,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
|
||||||
|
- New upstream release (#1922156, #1922097)
|
||||||
|
|
||||||
* Wed Jan 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
|
* Wed Jan 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
|
||||||
- New upstream release (#1917878)
|
- New upstream release (#1917878)
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (libgcrypt-1.9.0-hobbled.tar.xz) = d4ea9a1b732b05f605f0c99dd2b1e9747539bf2b6a8ff2fad7ab5350888f68b7f0b94bdd9253356ec9c8e6d3b87b5c76bc8dc4fbb3950acd8354b691f1f2ad3e
|
SHA512 (libgcrypt-1.9.1-hobbled.tar.xz) = 87c474c7b5054d7d6c75ca0d2458b2be197d7b8131b1e0a2017f391287a9e7bca666a9ac743c24210df869839518294c0091858245c96d10c5856f2473f35943
|
||||||
|
Loading…
Reference in New Issue
Block a user