rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10-beta
rpms:c9s
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c8s
rpms:c8-beta
rpms:imports/c10-beta/libgcrypt-1.11.0-3.el10
rpms:imports/c9/libgcrypt-1.10.0-11.el9
rpms:imports/c10s/libgcrypt-1.11.0-5.el10
rpms:imports/c10s/libgcrypt-1.11.0-4.el10
rpms:imports/c9-beta/libgcrypt-1.10.0-11.el9
rpms:imports/c10s/libgcrypt-1.11.0-3.el10
rpms:imports/c10s/libgcrypt-1.11.0-1.el10
rpms:imports/c9/libgcrypt-1.10.0-10.el9_2
rpms:imports/c9/libgcrypt-1.10.0-10.el9_1
rpms:imports/c9-beta/libgcrypt-1.10.0-9.el9_1
rpms:imports/c9/libgcrypt-1.10.0-7.el9_0
rpms:imports/c9/libgcrypt-1.10.0-8.el9_0
rpms:imports/c9-beta/libgcrypt-1.10.0-5.el9_0
rpms:imports/c8-beta/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9/libgcrypt-1.10.0-5.el9_0
rpms:imports/c9/libgcrypt-1.10.0-4.el9_0
rpms:imports/c8/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9/libgcrypt-1.10.0-2.el9
rpms:imports/c8s/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9-beta/libgcrypt-1.10.0-2.el9
rpms:imports/c9-beta/libgcrypt-1.9.3-5.el9
rpms:imports/c9-beta/libgcrypt-1.9.3-4.el9
rpms:imports/c8/libgcrypt-1.8.5-6.el8
rpms:imports/c8-beta/libgcrypt-1.8.5-6.el8
rpms:imports/c8-beta/libgcrypt-1.8.5-4.el8
rpms:imports/c8-beta/libgcrypt-1.8.3-4.el8
rpms:imports/c8-beta/libgcrypt-1.8.3-3.el8
rpms:imports/c8s/libgcrypt-1.8.5-6.el8
rpms:imports/c8s/libgcrypt-1.8.5-5.el8
rpms:imports/c8s/libgcrypt-1.8.5-4.el8
rpms:imports/c8s/libgcrypt-1.8.5-3.el8
rpms:imports/c8/libgcrypt-1.8.5-4.el8
rpms:imports/c8/libgcrypt-1.8.3-4.el8
rpms:imports/c8/libgcrypt-1.8.3-2.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c10-beta
rpms:c9s
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c8s
rpms:c8-beta
rpms:c8
rpms:imports/c10-beta/libgcrypt-1.11.0-3.el10
rpms:imports/c9/libgcrypt-1.10.0-11.el9
rpms:imports/c10s/libgcrypt-1.11.0-5.el10
rpms:imports/c10s/libgcrypt-1.11.0-4.el10
rpms:imports/c9-beta/libgcrypt-1.10.0-11.el9
rpms:imports/c10s/libgcrypt-1.11.0-3.el10
rpms:imports/c10s/libgcrypt-1.11.0-1.el10
rpms:imports/c9/libgcrypt-1.10.0-10.el9_2
rpms:imports/c9/libgcrypt-1.10.0-10.el9_1
rpms:imports/c9-beta/libgcrypt-1.10.0-9.el9_1
rpms:imports/c9/libgcrypt-1.10.0-7.el9_0
rpms:imports/c9/libgcrypt-1.10.0-8.el9_0
rpms:imports/c9-beta/libgcrypt-1.10.0-5.el9_0
rpms:imports/c8-beta/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9/libgcrypt-1.10.0-5.el9_0
rpms:imports/c9/libgcrypt-1.10.0-4.el9_0
rpms:imports/c8/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9/libgcrypt-1.10.0-2.el9
rpms:imports/c8s/libgcrypt-1.8.5-7.el8_6
rpms:imports/c9-beta/libgcrypt-1.10.0-2.el9
rpms:imports/c9-beta/libgcrypt-1.9.3-5.el9
rpms:imports/c9-beta/libgcrypt-1.9.3-4.el9
rpms:imports/c8/libgcrypt-1.8.5-6.el8
rpms:imports/c8-beta/libgcrypt-1.8.5-6.el8
rpms:imports/c8-beta/libgcrypt-1.8.5-4.el8
rpms:imports/c8-beta/libgcrypt-1.8.3-4.el8
rpms:imports/c8-beta/libgcrypt-1.8.3-3.el8
rpms:imports/c8s/libgcrypt-1.8.5-6.el8
rpms:imports/c8s/libgcrypt-1.8.5-5.el8
rpms:imports/c8s/libgcrypt-1.8.5-4.el8
rpms:imports/c8s/libgcrypt-1.8.5-3.el8
rpms:imports/c8/libgcrypt-1.8.5-4.el8
rpms:imports/c8/libgcrypt-1.8.3-4.el8
rpms:imports/c8/libgcrypt-1.8.3-2.el8

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

47 changed files with 3256 additions and 24596 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

41
.gitignore vendored
View File

@ -1 +1,40 @@
SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
libgcrypt-1.4.5-hobbled.tar.bz2
/libgcrypt-1.4.6-hobbled.tar.bz2
/libgcrypt-1.5.0-hobbled.tar.bz2
/libgcrypt-1.5.1-hobbled.tar.xz
/libgcrypt-1.5.2-hobbled.tar.xz
/libgcrypt-1.5.3-hobbled.tar.xz
/libgcrypt-1.6.1-hobbled.tar.xz
/libgcrypt-1.6.2-hobbled.tar.xz
/libgcrypt-1.6.3-hobbled.tar.xz
/libgcrypt-1.6.4-hobbled.tar.xz
/libgcrypt-1.6.5-hobbled.tar.xz
/libgcrypt-1.6.6-hobbled.tar.xz
/libgcrypt-1.7.3-hobbled.tar.xz
/libgcrypt-1.7.5-hobbled.tar.xz
/libgcrypt-1.7.6-hobbled.tar.xz
/libgcrypt-1.7.7-hobbled.tar.xz
/libgcrypt-1.7.8-hobbled.tar.xz
/libgcrypt-1.8.0-hobbled.tar.xz
/libgcrypt-1.8.1-hobbled.tar.xz
/libgcrypt-1.8.2-hobbled.tar.xz
/libgcrypt-1.8.3-hobbled.tar.xz
/libgcrypt-1.8.4-hobbled.tar.xz
/libgcrypt-1.8.5-hobbled.tar.xz
/libgcrypt-1.8.6-hobbled.tar.xz
/libgcrypt-1.8.7-hobbled.tar.xz
/libgcrypt-1.9.0-hobbled.tar.xz
/libgcrypt-1.9.1-hobbled.tar.xz
/libgcrypt-1.9.2-hobbled.tar.xz
/libgcrypt-1.9.3-hobbled.tar.xz
/libgcrypt-1.9.4-hobbled.tar.xz
/libgcrypt-1.10.0.tar.bz2
/libgcrypt-1.10.0.tar.bz2.sig
/libgcrypt-1.10.1.tar.bz2
/libgcrypt-1.10.1.tar.bz2.sig
/libgcrypt-1.10.2.tar.bz2
/libgcrypt-1.10.2.tar.bz2.sig
/libgcrypt-1.10.3.tar.bz2
/libgcrypt-1.10.3.tar.bz2.sig
/libgcrypt-1.11.0.tar.bz2
/libgcrypt-1.11.0.tar.bz2.sig

1
.libgcrypt.metadata
View File

@ -1 +0,0 @@
1edcc623a15ed87ff832e021b4cb77fd94eb66c9 SOURCES/libgcrypt-1.8.5-hobbled.tar.xz

144
SOURCES/curves.c
View File

@ -1,144 +0,0 @@
/* curves.c - ECC curves regression tests
* Copyright (C) 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include "../src/gcrypt-int.h"
#define PGM "curves"
#include "t-common.h"
/* Number of curves defined in ../cipger/ecc.c */
#define N_CURVES 14
/* A real world sample public key. */
static char const sample_key_1[] =
"(public-key\n"
" (ecdsa\n"
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)\n"
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)\n"
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)\n"
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
" ))";
static char const sample_key_1_curve[] = "NIST P-256";
static unsigned int sample_key_1_nbits = 256;
static void
list_curves (void)
{
int idx;
const char *name;
unsigned int nbits;
for (idx=0; (name = gcry_pk_get_curve (NULL, idx, &nbits)); idx++)
{
if (verbose)
printf ("%s - %u bits\n", name, nbits);
}
if (idx != N_CURVES)
fail ("expected %d curves but got %d\n", N_CURVES, idx);
if (gcry_pk_get_curve (NULL, -1, NULL))
fail ("curve iteration failed\n");
}
static void
check_matching (void)
{
gpg_error_t err;
gcry_sexp_t key;
const char *name;
unsigned int nbits;
err = gcry_sexp_new (&key, sample_key_1, 0, 1);
if (err)
die ("parsing s-expression string failed: %s\n", gpg_strerror (err));
name = gcry_pk_get_curve (key, 0, &nbits);
if (!name)
fail ("curve name not found for sample_key_1\n");
else if (strcmp (name, sample_key_1_curve))
fail ("expected curve name %s but got %s for sample_key_1\n",
sample_key_1_curve, name);
else if (nbits != sample_key_1_nbits)
fail ("expected curve size %u but got %u for sample_key_1\n",
sample_key_1_nbits, nbits);
gcry_sexp_release (key);
}
static void
check_get_params (void)
{
gcry_sexp_t param;
const char *name;
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_1_curve);
if (!param)
fail ("error gerring parameters for `%s'\n", sample_key_1_curve);
name = gcry_pk_get_curve (param, 0, NULL);
if (!name)
fail ("get_param: curve name not found for sample_key_1\n");
else if (strcmp (name, sample_key_1_curve))
fail ("get_param: expected curve name %s but got %s for sample_key_1\n",
sample_key_1_curve, name);
gcry_sexp_release (param);
}
int
main (int argc, char **argv)
{
if (argc > 1 && !strcmp (argv[1], "--verbose"))
verbose = 1;
else if (argc > 1 && !strcmp (argv[1], "--debug"))
verbose = debug = 1;
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
xgcry_control (GCRYCTL_DISABLE_SECMEM, 0);
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
if (debug)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
list_curves ();
check_matching ();
check_get_params ();
return error_count ? 1 : 0;
}

1207
SOURCES/ecc-curves.c
View File

File diff suppressed because it is too large Load Diff

11
SOURCES/hobble-libgcrypt
View File

@ -1,11 +0,0 @@
#!/bin/sh
# Quit out if anything fails.
set -e -x
# Clean out patent-or-otherwise-encumbered code.
# EC: ????????? ??/??/2015
rm -f cipher/ecc-curves.c
rm -f tests/curves.c
rm -f tests/t-mpi-point.c

104
SOURCES/libgcrypt-1.6.1-mpicoder-gccopt.patch
View File

@ -1,104 +0,0 @@
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra = 1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- xfree (tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ xfree (tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (extra == 1)
*s++ = 0;
else if (extra)
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
-
- if (buffer && n > len)
- return GPG_ERR_TOO_SHORT;
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return GPG_ERR_TOO_SHORT;
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
if (!tmp)
return gpg_err_code_from_syserror ();
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (negative)
return GPG_ERR_INV_ARG;
- if (buffer && n+2 > len)
- return GPG_ERR_TOO_SHORT;
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return GPG_ERR_TOO_SHORT;
+
s[0] = nbits >> 8;
s[1] = nbits;
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra=1;
}
- if (buffer && n+4 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + negative + 1 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + negative + 1 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (negative)
*s++ = '-';
if (extra)

122
SOURCES/libgcrypt-1.7.3-ecc-test-fix.patch
View File

@ -1,122 +0,0 @@
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
@@ -1412,7 +1412,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
"gost256", "gost512" };
int testno;
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
"ECDSA, 224 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

1311
SOURCES/libgcrypt-1.7.3-fips-cavs.patch
View File

File diff suppressed because it is too large Load Diff

35
SOURCES/libgcrypt-1.7.3-fips-reqs.patch
View File

@ -1,35 +0,0 @@
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations,
keysize, keybuffer));
@@ -1343,6 +1345,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
factors, cb_func, cb_arg,
random_level, flags));

322
SOURCES/libgcrypt-1.8.3-cmac-selftest.patch
View File

@ -1,322 +0,0 @@
diff -up libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest libgcrypt-1.8.3/cipher/cipher-cmac.c
--- libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/cipher/cipher-cmac.c 2019-05-31 17:33:35.594407152 +0200
@@ -251,3 +251,246 @@ _gcry_cipher_cmac_set_subkeys (gcry_ciph
return GPG_ERR_NO_ERROR;
}
+
+/* CMAC selftests.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2019 Red Hat, Inc.
+ */
+
+
+
+/* Check one MAC with MAC ALGO using the regular MAC
+ * API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key
+ * and (EXPECT,EXPECTLEN) the expected result. If TRUNC is set, the
+ * EXPECTLEN may be less than the digest length. Returns NULL on
+ * success or a string describing the failure. */
+static const char *
+check_one (int algo,
+ const void *data, size_t datalen,
+ const void *key, size_t keylen,
+ const void *expect, size_t expectlen)
+{
+ gcry_mac_hd_t hd;
+ unsigned char mac[512]; /* hardcoded to avoid allocation */
+ size_t macoutlen = expectlen;
+
+/* printf ("MAC algo %d\n", algo); */
+ if (_gcry_mac_get_algo_maclen (algo) != expectlen ||
+ expectlen > sizeof (mac))
+ return "invalid tests data";
+ if (_gcry_mac_open (&hd, algo, 0, NULL))
+ return "gcry_mac_open failed";
+ if (_gcry_mac_setkey (hd, key, keylen))
+ {
+ _gcry_mac_close (hd);
+ return "gcry_md_setkey failed";
+ }
+ if (_gcry_mac_write (hd, data, datalen))
+ {
+ _gcry_mac_close (hd);
+ return "gcry_mac_write failed";
+ }
+ if (_gcry_mac_read (hd, mac, &macoutlen))
+ {
+ _gcry_mac_close (hd);
+ return "gcry_mac_read failed";
+ }
+ _gcry_mac_close (hd);
+ if (macoutlen != expectlen || memcmp (mac, expect, expectlen))
+ {
+/* int i; */
+
+/* fputs (" {", stdout); */
+/* for (i=0; i < expectlen-1; i++) */
+/* { */
+/* if (i && !(i % 8)) */
+/* fputs ("\n ", stdout); */
+/* printf (" 0x%02x,", mac[i]); */
+/* } */
+/* printf (" 0x%02x } },\n", mac[i]); */
+
+ return "does not match";
+ }
+ return NULL;
+}
+
+
+static gpg_err_code_t
+selftests_cmac_tdes (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "Basic TDES";
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57", 20,
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
+ "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed", 8);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "Extended TDES #1";
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
+ "", 0,
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
+ "\xb7\xa6\x88\xe1\x22\xff\xaf\x95", 8);
+ if (errtxt)
+ goto failed;
+
+ what = "Extended TDES #2";
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", 8,
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
+ "\x8e\x8f\x29\x31\x36\x28\x37\x97", 8);
+ if (errtxt)
+ goto failed;
+
+ what = "Extended TDES #3";
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 32,
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
+ "\x33\xe6\xb1\x09\x24\x00\xea\xe5", 8);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cmac", GCRY_MAC_CMAC_3DES, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+
+static gpg_err_code_t
+selftests_cmac_aes (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "Basic AES128";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
+ "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27", 16);
+ if (errtxt)
+ goto failed;
+
+ what = "Basic AES192";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
+ "\x8a\x1d\xe5\xbe\x2e\xb3\x1a\xad\x08\x9a\x82\xe6\xee\x90\x8b\x0e", 16);
+ if (errtxt)
+ goto failed;
+
+ what = "Basic AES256";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
+ "\xaa\xf3\xd8\xf1\xde\x56\x40\xc2\x32\xf5\xb1\x69\xb9\xc9\x11\xe6", 16);
+ if (errtxt)
+ goto failed;
+ if (extended)
+ {
+ what = "Extended AES #1";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "", 0,
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
+ "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46", 16);
+ if (errtxt)
+ goto failed;
+
+ what = "Extended AES #2";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 16,
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
+ "\x9e\x99\xa7\xbf\x31\xe7\x10\x90\x06\x62\xf6\x5e\x61\x7c\x51\x84", 16);
+ if (errtxt)
+ goto failed;
+
+ what = "Extended AES #3";
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 64,
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
+ "\xe1\x99\x21\x90\x54\x9f\x6e\xd5\x69\x6a\x2c\x05\x6c\x31\x54\x10", 16 );
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cmac", GCRY_MAC_CMAC_AES, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_cmac_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MAC_CMAC_3DES:
+ ec = selftests_cmac_tdes (extended, report);
+ break;
+ case GCRY_MAC_CMAC_AES:
+ ec = selftests_cmac_aes (extended, report);
+ break;
+
+ default:
+ ec = GPG_ERR_MAC_ALGO;
+ break;
+ }
+ return ec;
+}
+
+
+
+
+/* Run the selftests for CMAC with CMAC algorithm ALGO with optional
+ reporting function REPORT. */
+gpg_error_t
+_gcry_cmac_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_err_code_t ec = 0;
+
+ if (!_gcry_mac_algo_info( algo, GCRYCTL_TEST_ALGO, NULL, NULL ))
+ {
+ ec = run_cmac_selftests (algo, extended, report);
+ }
+ else
+ {
+ ec = GPG_ERR_MAC_ALGO;
+ if (report)
+ report ("mac", algo, "module", "algorithm not available");
+ }
+ return gpg_error (ec);
+}
diff -up libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest libgcrypt-1.8.3/src/cipher-proto.h
--- libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/src/cipher-proto.h 2019-05-31 17:29:34.574588234 +0200
@@ -256,6 +256,8 @@ gcry_error_t _gcry_pk_selftest (int algo
selftest_report_func_t report);
gcry_error_t _gcry_hmac_selftest (int algo, int extended,
selftest_report_func_t report);
+gcry_error_t _gcry_cmac_selftest (int algo, int extended,
+ selftest_report_func_t report);
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
diff -up libgcrypt-1.8.3/src/fips.c.cmac-selftest libgcrypt-1.8.3/src/fips.c
--- libgcrypt-1.8.3/src/fips.c.cmac-selftest 2018-11-01 15:40:36.051865535 +0100
+++ libgcrypt-1.8.3/src/fips.c 2019-05-31 17:31:20.157756640 +0200
@@ -521,29 +521,32 @@ run_digest_selftests (int extended)
/* Run self-tests for all HMAC algorithms. Return 0 on success. */
static int
-run_hmac_selftests (int extended)
+run_mac_selftests (int extended)
{
- static int algos[] =
+ static int algos[][2] =
{
- GCRY_MD_SHA1,
- GCRY_MD_SHA224,
- GCRY_MD_SHA256,
- GCRY_MD_SHA384,
- GCRY_MD_SHA512,
- GCRY_MD_SHA3_224,
- GCRY_MD_SHA3_256,
- GCRY_MD_SHA3_384,
- GCRY_MD_SHA3_512,
- 0
+ { GCRY_MD_SHA1, 0 },
+ { GCRY_MD_SHA224, 0 },
+ { GCRY_MD_SHA256, 0 },
+ { GCRY_MD_SHA384, 0 },
+ { GCRY_MD_SHA512, 0 },
+ { GCRY_MD_SHA3_224, 0 },
+ { GCRY_MD_SHA3_256, 0 },
+ { GCRY_MD_SHA3_384, 0 },
+ { GCRY_MD_SHA3_512, 0 },
+ { GCRY_MAC_CMAC_3DES, 1 },
+ { GCRY_MAC_CMAC_AES, 1 },
+ { 0, 0 }
};
int idx;
gpg_error_t err;
int anyerr = 0;
- for (idx=0; algos[idx]; idx++)
+ for (idx=0; algos[idx][0]; idx++)
{
- err = _gcry_hmac_selftest (algos[idx], extended, reporter);
- reporter ("hmac", algos[idx], NULL,
+ err = algos[idx][1] ? _gcry_cmac_selftest (algos[idx][0], extended, reporter) :
+ _gcry_hmac_selftest (algos[idx][0], extended, reporter);
+ reporter (algos[idx][1] ? "cmac" : "hmac", algos[idx][0], NULL,
err? gpg_strerror (err):NULL);
if (err)
anyerr = 1;
@@ -747,7 +750,7 @@ _gcry_fips_run_selftests (int extended)
if (run_digest_selftests (extended))
goto leave;
- if (run_hmac_selftests (extended))
+ if (run_mac_selftests (extended))
goto leave;
/* Run random tests before the pubkey tests because the latter

60
SOURCES/libgcrypt-1.8.3-fips-ctor.patch
View File

@ -1,60 +0,0 @@
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
@@ -141,6 +141,34 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ int no_secmem_save;
+
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ /* force selftests */
+ global_init();
+ _gcry_fips_run_selftests (0);
+ if (!fips_mode())
+ _gcry_random_close_fds ();
+ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!any_init_done)
+ if (fips_mode ())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}

113
SOURCES/libgcrypt-1.8.3-fips-enttest.patch
View File

@ -1,113 +0,0 @@
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
@@ -317,6 +317,7 @@ struct drbg_state_s
unsigned char *ctr_null; /* CTR mode zero buffer */
int seeded:1; /* DRBG fully seeded? */
int pr:1; /* Prediction resistance enabled? */
+ int ent_primed:1; /* Previous entropy data primed? */
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
* process which did the initialization so that we can detect a fork.
* The volatile modifier is required so that the compiler does not
@@ -324,6 +325,7 @@ struct drbg_state_s
pid_t seed_init_pid;
const struct drbg_state_ops_s *d_ops;
const struct drbg_core_s *core;
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
struct drbg_test_data_s *test_data;
};
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
size_t len)
{
int rc = 0;
+ unsigned char newhash[64];
/* Perform testing as defined in 11.3.2 */
if (drbg->test_data && drbg->test_data->fail_seed_source)
return -1;
+redo:
read_cb_buffer = buffer;
read_cb_size = len;
read_cb_len = 0;
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
#else
rc = -1;
#endif
+
+ /* to avoid storing the actual entropy obtained for indefinite
+ time, we just store the SHA-512 hash of the entropy gathered
+ */
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
+
+ if (!drbg->ent_primed)
+ {
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+ drbg->ent_primed = 1;
+ goto redo;
+ }
+
+ if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
+ {
+ fips_signal_error ("Entropy source failed the continuous test");
+ return -1; /* continuous entropy test failed */
+ }
+
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+
return rc;
}
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
}
else
{
+ int nonce = 0;
/* Gather entropy equal to the security strength of the DRBG.
* With a derivation function, a nonce is required in addition
* to the entropy. A nonce must be at least 1/2 of the security
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
* of the strength. The consideration of a nonce is only
- * applicable during initial seeding. */
+ * applicable during initial seeding.
+ * To avoid pulling different length of data from entropy
+ * source, we use 2 * strength for initial seeding. */
entropylen = drbg_sec_strength (drbg->core->flags);
if (!entropylen)
return GPG_ERR_GENERAL;
if (0 == reseed)
- /* make sure we round up strength/2 in
- * case it is not divisible by 2 */
- entropylen = ((entropylen + 1) / 2) * 3;
+ {
+ nonce = 1;
+ }
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
- entropy = xcalloc_secure (1, entropylen);
+ entropy = xcalloc_secure (nonce + 1, entropylen);
if (!entropy)
return GPG_ERR_ENOMEM;
ret = drbg_get_entropy (drbg, entropy, entropylen);
if (ret)
goto out;
+ if (nonce)
+ {
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
+ if (ret)
+ goto out;
+ /* make sure we round up strength/2 in
+ * case it is not divisible by 2 */
+ entropylen = 2 * entropylen;
+ }
drbg_string_fill (&data1, entropy, entropylen);
}
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
drbg->core = &drbg_cores[coreref];
drbg->pr = pr;
drbg->seeded = 0;
+ drbg->ent_primed = 0;
if (drbg->core->flags & DRBG_HMAC)
drbg->d_ops = &drbg_hmac_ops;
else if (drbg->core->flags & DRBG_HASH_MASK)

18
SOURCES/libgcrypt-1.8.3-md-fips-enforce.patch
View File

@ -1,18 +0,0 @@
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
}
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
+ if (!err && !spec->flags.fips && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}

65
SOURCES/libgcrypt-1.8.4-fips-keygen.patch
View File

@ -1,65 +0,0 @@
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ else if (!domain->p || !domain->q)
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits < 2048)
return GPG_ERR_INV_VALUE;
/* The random quality depends on the transient_key flag. */
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */

184
SOURCES/libgcrypt-1.8.4-tests-fipsmode.patch
View File

@ -1,184 +0,0 @@
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
@@ -6964,7 +6964,7 @@ check_ciphers (void)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
check_cfb_cipher ();
check_ofb_cipher ();
check_ccm_cipher ();
- check_gcm_cipher ();
- check_poly1305_cipher ();
- check_ocb_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gcm_cipher ();
+ check_poly1305_cipher ();
+ check_ocb_cipher ();
+ }
check_xts_cipher ();
- check_gost28147_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gost28147_cipher ();
+ }
check_stream_cipher ();
check_stream_cipher_large_block ();
@@ -10001,7 +10007,7 @@ check_mac (void)
show_mac_not_available (algos[i].algo);
continue;
}
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
/* If we are in fips mode do some more tests. */
gcry_md_hd_t md;
- /* First trigger a self-test. */
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("not in operational state after self-test\n");
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
gcry_md_close (md);
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("expected error state but still in operational state\n");
- else
- {
- /* Now run a self-test and to get back into
- operational state. */
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
- fail ("did not reach operational after error "
- "and self-test\n");
- }
}
}
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|| (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
continue;
- if (modes[modeidx].req_blocksize > 0
- && blklen != modes[modeidx].req_blocksize)
+ if ((modes[modeidx].req_blocksize > 0
+ && blklen != modes[modeidx].req_blocksize)
+ || (in_fips_mode
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
{
printf (" %7s %7s", "-", "-" );
continue;
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
return;
/* GCM has restrictions for block-size */
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
return;
/* XTS has restrictions for block-size */
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
rc = gcry_sexp_new
(&key_spec,
"(genkey (dsa (transient-key)(domain"
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+ " 2c8d7469db02e24d592394a7dba069e9#)"
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+ " 7441a0a5#)"
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
@@ -560,6 +560,9 @@ main (int argc, char **argv)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ /* Curve25519 isn't supported in fips mode */
+ if (gcry_fips_mode_active())
+ return 77;
start_timer ();
check_cv25519 ();
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
@@ -174,7 +174,8 @@ main (int argc, char **argv)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
- gcry_set_outofcore_handler (outofcore_handler, NULL);
+ if (!gcry_fips_mode_active ())
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
/* Libgcrypt prints a warning when the first overflow is allocated;
@@ -184,7 +185,8 @@ main (int argc, char **argv)
test_secmem ();
- test_secmem_overflow ();
+ if (!gcry_fips_mode_active ())
+ test_secmem_overflow ();
/* FIXME: We need to improve the tests, for example by registering
* our own log handler and comparing the output of
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */

77
SOURCES/libgcrypt-1.8.4-use-poll.patch
View File

@ -1,77 +0,0 @@
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include <sys/syscall.h>
#endif
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
/* If we have a modern Linux kernel, we first try to use the new
* getrandom syscall. That call guarantees that the kernel's
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
any_need_entropy = 1;
}
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ _gcry_pre_syscall ();
+ rc = poll(&pfd, 1, delay);
+ _gcry_post_syscall ();
+ if (!rc)
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- _gcry_pre_syscall ();
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
- _gcry_post_syscall ();
- if (!rc)
- {
- any_need_entropy = 1;
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
- {
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
- we have ever blocked. */
- continue;
- }
+ any_need_entropy = 1;
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
+ we have ever blocked. */
+ continue;
}
do

8156
SOURCES/libgcrypt-1.8.5-aes-perf.patch
View File

File diff suppressed because it is too large Load Diff

14
SOURCES/libgcrypt-1.8.5-build.patch
View File

@ -1,14 +0,0 @@
diff -up libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S
--- libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S 2020-01-30 17:26:12.026404286 +0100
@@ -87,9 +87,8 @@ _gcry_poly1305_armv7_neon_init_ext:
.Lpoly1305_init_ext_neon_local:
stmfd sp!, {r4-r11, lr}
sub sp, sp, #32
- mov r14, r2
+ mov r14, #-1
and r2, r2, r2
- moveq r14, #-1
UNALIGNED_LDMIA4(r1, r2, r3, r4, r5)
GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8)
mov r6, r2

67
SOURCES/libgcrypt-1.8.5-elgamal-blinding.patch
View File

@ -1,67 +0,0 @@
commit e8b7f10be275bcedb5fc05ed4837a89bfd605c61
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue Apr 13 10:00:00 2021 +0900
cipher: Hardening ElGamal by introducing exponent blinding too.
* cipher/elgamal.c (do_encrypt): Also do exponent blinding.
--
Base blinding had been introduced with USE_BLINDING. This patch add
exponent blinding as well to mitigate side-channel attack on mpi_powm.
GnuPG-bug-id: 5328
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 4eb52d62..9835122f 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
static void
decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
{
- gcry_mpi_t t1, t2, r;
+ gcry_mpi_t t1, t2, r, r1, h;
unsigned int nbits = mpi_get_nbits (skey->p);
+ gcry_mpi_t x_blind;
mpi_normalize (a);
mpi_normalize (b);
@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
t2 = mpi_snew (nbits);
r = mpi_new (nbits);
+ r1 = mpi_new (nbits);
+ h = mpi_new (nbits);
+ x_blind = mpi_snew (nbits);
/* We need a random number of about the prime size. The random
number merely needs to be unpredictable; thus we use level 0. */
_gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
+ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
+ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
+ mpi_set_highbit (r1, nbits - 1);
+ mpi_sub_ui (h, skey->p, 1);
+ mpi_mul (x_blind, h, r1);
+ mpi_add (x_blind, skey->x, x_blind);
+
/* t1 = r^x mod p */
- mpi_powm (t1, r, skey->x, skey->p);
+ mpi_powm (t1, r, x_blind, skey->p);
/* t2 = (a * r)^-x mod p */
mpi_mulm (t2, a, r, skey->p);
- mpi_powm (t2, t2, skey->x, skey->p);
+ mpi_powm (t2, t2, x_blind, skey->p);
mpi_invm (t2, t2, skey->p);
/* t1 = (t1 * t2) mod p*/
mpi_mulm (t1, t1, t2, skey->p);
+ mpi_free (x_blind);
+ mpi_free (h);
+ mpi_free (r1);
mpi_free (r);
mpi_free (t2);

13
SOURCES/libgcrypt-1.8.5-fips-hwfeatures.patch
View File

@ -1,13 +0,0 @@
diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
--- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips 2021-06-25 11:55:55.843819137 +0200
+++ libgcrypt-1.8.5/src/hwfeatures.c 2021-06-25 11:56:00.925895390 +0200
@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
{
hw_features = 0;
- if (fips_mode ())
- return; /* Hardware support is not to be evaluated. */
-
parse_hwf_deny_file ();
#if defined (HAVE_CPU_ARCH_X86)

139
SOURCES/libgcrypt-1.8.5-fips-module.patch
View File

@ -1,139 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
@@ -35,10 +35,6 @@
#include "hmac256.h"
-/* The name of the file used to force libgcrypt into fips mode. */
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
-
-
/* The states of the finite state machine used in fips mode. */
enum module_states
{
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
- /* For testing the system it is useful to override the system
- provided detection of the FIPS mode and force FIPS mode using a
- file. The filename is hardwired so that there won't be any
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
- actually used. The file itself may be empty. */
- if ( !access (FIPS_FORCE_FILE, F_OK) )
- {
- gcry_assert (!no_fips_mode_required);
- goto leave;
- }
-
- /* Checking based on /proc file properties. */
- {
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
- FILE *fp;
- int saved_errno;
-
- fp = fopen (procfname, "r");
- if (fp)
- {
- char line[256];
-
- if (fgets (line, sizeof line, fp) && atoi (line))
- {
- /* System is in fips mode. */
- fclose (fp);
- gcry_assert (!no_fips_mode_required);
- goto leave;
- }
- fclose (fp);
- }
- else if ((saved_errno = errno) != ENOENT
- && saved_errno != EACCES
- && !access ("/proc/version", F_OK) )
- {
- /* Problem reading the fips file despite that we have the proc
- file system. We better stop right away. */
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
- procfname, strerror (saved_errno));
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
- "reading `%s' failed: %s - abort",
- procfname, strerror (saved_errno));
-#endif /*HAVE_SYSLOG*/
- abort ();
- }
- }
-
/* Fips not not requested, set flag. */
no_fips_mode_required = 1;
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
/*-- fips.c --*/
+/* The name of the file used to force libgcrypt into fips mode. */
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
+
void _gcry_initialize_fips_mode (int force);
int _gcry_fips_mode (void);
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
+
+ /* For testing the system it is useful to override the system
+ provided detection of the FIPS mode and force FIPS mode using a
+ file. The filename is hardwired so that there won't be any
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
+ actually used. The file itself may be empty. */
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
+ {
+ rv = 0;
+ force_fips_mode = 1;
+ }
+
+ /* Checking based on /proc file properties. */
+ {
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
+ FILE *fp;
+ int saved_errno;
+
+ fp = fopen (procfname, "r");
+ if (fp)
+ {
+ char line[256];
+
+ if (fgets (line, sizeof line, fp) && atoi (line))
+ {
+ /* System is in fips mode. */
+ rv = 0;
+ force_fips_mode = 1;
+ }
+ fclose (fp);
+ }
+ else if ((saved_errno = errno) != ENOENT
+ && saved_errno != EACCES
+ && !access ("/proc/version", F_OK) )
+ {
+ /* Problem reading the fips file despite that we have the proc
+ file system. We better stop right away. */
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
+ procfname, strerror (saved_errno));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "reading `%s' failed: %s - abort",
+ procfname, strerror (saved_errno));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+ }
if (!rv)
{

285
SOURCES/libgcrypt-1.8.5-getrandom.patch
View File

@ -1,285 +0,0 @@
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
/*-- random-csprng.c --*/
void _gcry_rngcsprng_initialize (int full);
+void _gcry_rngcsprng_deinit (void);
void _gcry_rngcsprng_close_fds (void);
void _gcry_rngcsprng_dump_stats (void);
void _gcry_rngcsprng_secure_alloc (void);
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
/*-- random-drbg.c --*/
void _gcry_rngdrbg_inititialize (int full);
+void _gcry_rngdrbg_deinit (void);
void _gcry_rngdrbg_close_fds (void);
void _gcry_rngdrbg_dump_stats (void);
int _gcry_rngdrbg_is_faked (void);
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
}
+/* Deinitialize this random subsystem. */
+void
+_gcry_random_deinit (void)
+{
+ if (fips_mode ())
+ _gcry_rngdrbg_deinit ();
+ else if (rng_types.standard)
+ _gcry_rngcsprng_deinit ();
+ else if (rng_types.fips)
+ _gcry_rngdrbg_deinit ();
+ else
+ _gcry_rngcsprng_deinit ();
+ /* not needed for system */
+}
+
+
/* If possible close file descriptors used by the RNG. */
void
_gcry_random_close_fds (void)
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
}
+void
+_gcry_rngcsprng_deinit (void)
+{
+ lock_pool();
+ pool_writepos = 0;
+ pool_readpos = 0;
+ pool_filled = 0;
+ pool_filled_counter = 0;
+ did_initial_extra_seeding = 0;
+ pool_balance = 0;
+ just_mixed = 0;
+ unlock_pool();
+}
+
+
/* Try to close the FDs of the random gather module. This is
currently only implemented for rndlinux. */
void
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
}
/*
+ * Deinitialize the DRBG invoked by the libgcrypt API
+ * It will be automatically re-initialized on next call
+ */
+void
+_gcry_rngdrbg_deinit (void)
+{
+ drbg_lock ();
+ if (drbg_state)
+ {
+ drbg_uninstantiate (drbg_state);
+ drbg_state = NULL;
+ }
+ drbg_unlock ();
+}
+
+/*
* Backend handler function for GCRYCTL_DRBG_REINIT
*
* Select a different DRBG type and initialize it.
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
void _gcry_set_preferred_rng_type (int type);
void _gcry_random_initialize (int full);
+void _gcry_random_deinit (void);
void _gcry_random_close_fds (void);
int _gcry_get_rng_type (int ignore_fips_mode);
void _gcry_random_dump_stats(void);
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
@@ -35,6 +35,7 @@
#include <poll.h>
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include <sys/syscall.h>
+# include <linux/random.h>
#endif
#include "types.h"
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
if (!add)
{
/* Special mode to close the descriptors. */
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
apid = getpid ();
if (my_pid != apid)
{
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
+ {
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ {
+ fd_urandom = -2;
+ fd_random = -2;
+ }
+ }
+#endif
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
{
if (fd_random == -1)
{
@@ -255,6 +272,7 @@ _gcry_rndlinux_gather_random (void (*add
* syscall and not a new device and thus we are not able to use
* select(2) to have a timeout. */
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ if (fd == -2)
{
long ret;
size_t nbytes;
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* The syscall is not supported - fallback to pulling from fd. */
- else
+ if (1)
{ /* The syscall is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getrandom: %s\n",
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
-
+int _gcry_in_constructor (void);
#endif /* G10LIB_H */
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
@@ -145,10 +145,18 @@ global_init (void)
#define FIPS_MODULE_PATH "/etc/system-fips"
#endif
+static int in_constructor = 0;
+
+int _gcry_in_constructor(void)
+{
+ return in_constructor;
+}
+
void __attribute__ ((constructor)) _gcry_global_constructor (void)
{
int rv;
+ in_constructor = 1;
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
/* force selftests */
global_init();
_gcry_fips_run_selftests (0);
- if (!fips_mode())
- _gcry_random_close_fds ();
+ _gcry_random_close_fds ();
+ _gcry_random_deinit ();
no_secure_memory = no_secmem_save;
}
+
+ in_constructor = 0;
}
/* This function is called by the macro fips_is_operational and makes

348
SOURCES/libgcrypt-1.8.5-intel-cet.patch
View File

@ -1,348 +0,0 @@
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S 2020-01-23 15:36:44.148972045 +0100
@@ -18,8 +18,9 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifdef __x86_64
#include <config.h>
+
+#ifdef __x86_64
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S 2020-01-23 15:36:44.145972088 +0100
@@ -18,8 +18,9 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifdef __x86_64
#include <config.h>
+
+#ifdef __x86_64
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
diff -up libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S
--- libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S 2020-01-23 15:36:16.780250066 +0100
@@ -48,6 +48,9 @@
.globl _gcry_chacha20_amd64_avx2_blocks
ELF(.type _gcry_chacha20_amd64_avx2_blocks,@function;)
_gcry_chacha20_amd64_avx2_blocks:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lchacha_blocks_avx2_local:
vzeroupper
pushq %rbx
diff -up libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S
--- libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S 2020-01-23 15:36:16.783250095 +0100
@@ -41,6 +41,9 @@
.globl _gcry_chacha20_amd64_sse2_blocks
ELF(.type _gcry_chacha20_amd64_sse2_blocks,@function;)
_gcry_chacha20_amd64_sse2_blocks:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lchacha_blocks_sse2_local:
pushq %rbx
pushq %rbp
diff -up libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S
--- libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S 2020-01-23 15:36:16.784250105 +0100
@@ -43,6 +43,9 @@
.globl _gcry_poly1305_amd64_avx2_init_ext
ELF(.type _gcry_poly1305_amd64_avx2_init_ext,@function;)
_gcry_poly1305_amd64_avx2_init_ext:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_init_ext_avx2_local:
xor %edx, %edx
vzeroupper
@@ -406,6 +409,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_init
.globl _gcry_poly1305_amd64_avx2_blocks
ELF(.type _gcry_poly1305_amd64_avx2_blocks,@function;)
_gcry_poly1305_amd64_avx2_blocks:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_blocks_avx2_local:
vzeroupper
pushq %rbp
@@ -732,6 +738,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_bloc
.globl _gcry_poly1305_amd64_avx2_finish_ext
ELF(.type _gcry_poly1305_amd64_avx2_finish_ext,@function;)
_gcry_poly1305_amd64_avx2_finish_ext:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_finish_ext_avx2_local:
vzeroupper
pushq %rbp
diff -up libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S
--- libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S 2020-01-23 15:36:16.787250134 +0100
@@ -42,6 +42,9 @@
.globl _gcry_poly1305_amd64_sse2_init_ext
ELF(.type _gcry_poly1305_amd64_sse2_init_ext,@function;)
_gcry_poly1305_amd64_sse2_init_ext:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_init_ext_x86_local:
xor %edx, %edx
pushq %r12
@@ -288,6 +291,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_init
.globl _gcry_poly1305_amd64_sse2_finish_ext
ELF(.type _gcry_poly1305_amd64_sse2_finish_ext,@function;)
_gcry_poly1305_amd64_sse2_finish_ext:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_finish_ext_x86_local:
pushq %rbp
movq %rsp, %rbp
@@ -439,6 +445,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_fini
.globl _gcry_poly1305_amd64_sse2_blocks
ELF(.type _gcry_poly1305_amd64_sse2_blocks,@function;)
_gcry_poly1305_amd64_sse2_blocks:
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
.Lpoly1305_blocks_x86_local:
pushq %rbp
movq %rsp, %rbp
diff -up libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S
--- libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S 2020-01-23 15:36:44.151972003 +0100
@@ -18,8 +18,9 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifdef __x86_64
#include <config.h>
+
+#ifdef __x86_64
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) && \
defined(ENABLE_AVX2_SUPPORT)
diff -up libgcrypt-1.8.5/configure.ac.intel-cet libgcrypt-1.8.5/configure.ac
--- libgcrypt-1.8.5/configure.ac.intel-cet 2019-08-29 15:00:08.000000000 +0200
+++ libgcrypt-1.8.5/configure.ac 2020-01-23 15:35:28.147774463 +0100
@@ -95,6 +95,12 @@ AH_TOP([
AH_BOTTOM([
#define _GCRYPT_IN_LIBGCRYPT 1
+/* Add .note.gnu.property section for Intel CET in assembler sources
+ when CET is enabled. */
+#if defined(__ASSEMBLER__) && defined(__CET__)
+# include <cet.h>
+#endif
+
/* If the configure check for endianness has been disabled, get it from
OS macros. This is intended for making fat binary builds on OS X. */
#ifdef DISABLED_ENDIAN_CHECK
diff -up libgcrypt-1.8.5/mpi/config.links.intel-cet libgcrypt-1.8.5/mpi/config.links
--- libgcrypt-1.8.5/mpi/config.links.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/mpi/config.links 2020-01-23 15:35:46.398952954 +0100
@@ -382,6 +382,16 @@ if test x"$mpi_cpu_arch" = x ; then
mpi_cpu_arch="unknown"
fi
+# Add .note.gnu.property section for Intel CET in assembler sources
+# when CET is enabled. */
+if test x"$mpi_cpu_arch" = xx86 ; then
+ cat <<EOF >> ./mpi/asm-syntax.h
+
+#if defined(__ASSEMBLER__) && defined(__CET__)
+# include <cet.h>
+#endif
+EOF
+fi
# Make sysdep.h
echo '/* created by config.links - do not edit */' >./mpi/sysdep.h
diff -up libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-add1.S
--- libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/mpi/i386/mpih-add1.S 2020-01-23 15:37:40.470175379 +0100
@@ -52,6 +52,10 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
movl 20(%esp),%edx /* s2_ptr */
movl 24(%esp),%ecx /* size */
+#if defined __CET__ && (__CET__ & 1) != 0
+ pushl %ebx
+#endif
+
movl %ecx,%eax
shrl $3,%ecx /* compute count for unrolled loop */
negl %eax
@@ -63,6 +67,9 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
subl %eax,%esi /* ... by a constant when we ... */
subl %eax,%edx /* ... enter the loop */
shrl $2,%eax /* restore previous value */
+#if defined __CET__ && (__CET__ & 1) != 0
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
+#endif
#ifdef PIC
/* Calculate start address in loop for PIC. Due to limitations in some
assemblers, Loop-L0-3 cannot be put into the leal */
@@ -75,29 +82,53 @@ L0: leal (%eax,%eax,8),%eax
/* Calculate start address in loop for non-PIC. */
leal (Loop - 3)(%eax,%eax,8),%eax
#endif
+#if defined __CET__ && (__CET__ & 1) != 0
+ addl %ebx,%eax /* Adjust for endbr32 */
+#endif
jmp *%eax /* jump into loop */
ALIGN (3)
Loop: movl (%esi),%eax
adcl (%edx),%eax
movl %eax,(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 4(%esi),%eax
adcl 4(%edx),%eax
movl %eax,4(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 8(%esi),%eax
adcl 8(%edx),%eax
movl %eax,8(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 12(%esi),%eax
adcl 12(%edx),%eax
movl %eax,12(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 16(%esi),%eax
adcl 16(%edx),%eax
movl %eax,16(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 20(%esi),%eax
adcl 20(%edx),%eax
movl %eax,20(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 24(%esi),%eax
adcl 24(%edx),%eax
movl %eax,24(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 28(%esi),%eax
adcl 28(%edx),%eax
movl %eax,28(%edi)
@@ -110,6 +141,10 @@ Loop: movl (%esi),%eax
sbbl %eax,%eax
negl %eax
+#if defined __CET__ && (__CET__ & 1) != 0
+ popl %ebx
+#endif
+
popl %esi
popl %edi
ret
diff -up libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-sub1.S
--- libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/mpi/i386/mpih-sub1.S 2020-01-23 15:37:40.472175351 +0100
@@ -53,6 +53,10 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
movl 20(%esp),%edx /* s2_ptr */
movl 24(%esp),%ecx /* size */
+#if defined __CET__ && (__CET__ & 1) != 0
+ pushl %ebx
+#endif
+
movl %ecx,%eax
shrl $3,%ecx /* compute count for unrolled loop */
negl %eax
@@ -64,6 +68,9 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
subl %eax,%esi /* ... by a constant when we ... */
subl %eax,%edx /* ... enter the loop */
shrl $2,%eax /* restore previous value */
+#if defined __CET__ && (__CET__ & 1) != 0
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
+#endif
#ifdef PIC
/* Calculate start address in loop for PIC. Due to limitations in some
assemblers, Loop-L0-3 cannot be put into the leal */
@@ -76,29 +83,53 @@ L0: leal (%eax,%eax,8),%eax
/* Calculate start address in loop for non-PIC. */
leal (Loop - 3)(%eax,%eax,8),%eax
#endif
+#if defined __CET__ && (__CET__ & 1) != 0
+ addl %ebx,%eax /* Adjust for endbr32 */
+#endif
jmp *%eax /* jump into loop */
ALIGN (3)
Loop: movl (%esi),%eax
sbbl (%edx),%eax
movl %eax,(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 4(%esi),%eax
sbbl 4(%edx),%eax
movl %eax,4(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 8(%esi),%eax
sbbl 8(%edx),%eax
movl %eax,8(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 12(%esi),%eax
sbbl 12(%edx),%eax
movl %eax,12(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 16(%esi),%eax
sbbl 16(%edx),%eax
movl %eax,16(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 20(%esi),%eax
sbbl 20(%edx),%eax
movl %eax,20(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 24(%esi),%eax
sbbl 24(%edx),%eax
movl %eax,24(%edi)
+#ifdef _CET_ENDBR
+ _CET_ENDBR
+#endif
movl 28(%esi),%eax
sbbl 28(%edx),%eax
movl %eax,28(%edi)
@@ -111,6 +142,10 @@ Loop: movl (%esi),%eax
sbbl %eax,%eax
negl %eax
+#if defined __CET__ && (__CET__ & 1) != 0
+ popl %ebx
+#endif
+
popl %esi
popl %edi
ret

158
SOURCES/libgcrypt-1.8.5-kdf-selftest.patch
View File

@ -1,158 +0,0 @@
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/kdf.c 2020-06-15 18:14:26.494995669 +0200
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
leave:
return ec;
}
+
+
+/* PBKDF2 selftests.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
+ */
+
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
+ * API. (passphrase,passphraselen) is the password to be derived,
+ * (salt,saltlen) the salt for the key derivation,
+ * iterations is the number of the kdf iterations,
+ * and (expect,expectlen) the expected result. Returns NULL on
+ * success or a string describing the failure. */
+
+static const char *
+check_one (int algo,
+ const void *passphrase, size_t passphraselen,
+ const void *salt, size_t saltlen,
+ unsigned long iterations,
+ const void *expect, size_t expectlen)
+{
+ unsigned char key[512]; /* hardcoded to avoid allocation */
+ size_t keysize = expectlen;
+
+ if (keysize > sizeof(key))
+ return "invalid tests data";
+
+ if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
+ algo, salt, saltlen, iterations,
+ keysize, key))
+ return "gcry_kdf_derive failed";
+
+ if (memcmp (key, expect, expectlen))
+ return "does not match";
+
+ return NULL;
+}
+
+static gpg_err_code_t
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "Basic PBKDF2 SHA256";
+ errtxt = check_one (GCRY_MD_SHA256,
+ "password", 8,
+ "salt", 4,
+ 2,
+ "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
+ "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "Extended PBKDF2 SHA256";
+ errtxt = check_one (GCRY_MD_SHA256,
+ "passwordPASSWORDpassword", 24,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ 4096,
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
+ "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
+ "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
+ reporting function REPORT. */
+gpg_error_t
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_err_code_t ec = 0;
+
+ if (algo == GCRY_KDF_PBKDF2)
+ {
+ ec = run_pbkdf2_selftest (extended, report);
+ }
+ else
+ {
+ ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
+ if (report)
+ report ("kdf", algo, "module", "algorithm not available");
+ }
+ return gpg_error (ec);
+}
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest 2020-06-15 18:03:25.785353036 +0200
+++ libgcrypt-1.8.5/src/cipher-proto.h 2020-06-15 18:03:25.788353061 +0200
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
selftest_report_func_t report);
gcry_error_t _gcry_cmac_selftest (int algo, int extended,
selftest_report_func_t report);
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
+ selftest_report_func_t report);
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest 2020-06-15 18:03:25.777352968 +0200
+++ libgcrypt-1.8.5/src/fips.c 2020-06-15 18:08:40.651028096 +0200
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
return anyerr;
}
+/* Run self-tests for all KDF algorithms. Return 0 on success. */
+static int
+run_kdf_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_KDF_PBKDF2,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_kdf_selftest (algos[idx], extended, reporter);
+ reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
/* Run self-tests for all required public key algorithms. Return 0 on
success. */
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
if (run_mac_selftests (extended))
goto leave;
+ if (run_kdf_selftests (extended))
+ goto leave;
+
/* Run random tests before the pubkey tests because the latter
require random. */
if (run_random_selftests ())

1333
SOURCES/libgcrypt-1.8.5-ppc-aes-gcm.patch
View File

File diff suppressed because it is too large Load Diff

274
SOURCES/libgcrypt-1.8.5-ppc-bugfix.patch
View File

@ -1,274 +0,0 @@
diff --git a/cipher/crc-ppc.c b/cipher/crc-ppc.c
index 4d7f0add..b9a40130 100644
--- a/cipher/crc-ppc.c
+++ b/cipher/crc-ppc.c
@@ -154,26 +154,63 @@ static const vector16x_u8 bswap_const ALIGNED_64 =
#ifdef WORDS_BIGENDIAN
# define CRC_VEC_U64_DEF(lo, hi) { (hi), (lo) }
# define CRC_VEC_U64_LOAD(offs, ptr) \
- asm_swap_u64(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
+ asm_swap_u64(asm_vec_u64_load(offs, ptr))
# define CRC_VEC_U64_LOAD_LE(offs, ptr) \
- CRC_VEC_SWAP(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
+ CRC_VEC_SWAP(asm_vec_u64_load(offs, ptr))
# define CRC_VEC_U64_LOAD_BE(offs, ptr) \
- vec_vsx_ld((offs), (const unsigned long long *)(ptr))
+ asm_vec_u64_load(offs, ptr)
# define CRC_VEC_SWAP_TO_LE(v) CRC_VEC_SWAP(v)
# define CRC_VEC_SWAP_TO_BE(v) (v)
# define VEC_U64_LO 1
# define VEC_U64_HI 0
+
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+asm_vec_u64_load(unsigned long offset, const void *ptr)
+{
+ vector2x_u64 vecu64;
+#if __GNUC__ >= 4
+ if (__builtin_constant_p (offset) && offset == 0)
+ __asm__ volatile ("lxvd2x %x0,0,%1\n\t"
+ : "=wa" (vecu64)
+ : "r" ((uintptr_t)ptr)
+ : "memory");
+ else
+#endif
+ __asm__ volatile ("lxvd2x %x0,%1,%2\n\t"
+ : "=wa" (vecu64)
+ : "r" (offset), "r" ((uintptr_t)ptr)
+ : "memory", "r0");
+ return vecu64;
+}
#else
# define CRC_VEC_U64_DEF(lo, hi) { (lo), (hi) }
-# define CRC_VEC_U64_LOAD(offs, ptr) \
- vec_vsx_ld((offs), (const unsigned long long *)(ptr))
-# define CRC_VEC_U64_LOAD_LE(offs, ptr) CRC_VEC_U64_LOAD((offs), (ptr))
+# define CRC_VEC_U64_LOAD(offs, ptr) asm_vec_u64_load_le(offs, ptr)
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) asm_vec_u64_load_le(offs, ptr)
# define CRC_VEC_U64_LOAD_BE(offs, ptr) asm_vec_u64_load_be(offs, ptr)
# define CRC_VEC_SWAP_TO_LE(v) (v)
# define CRC_VEC_SWAP_TO_BE(v) CRC_VEC_SWAP(v)
# define VEC_U64_LO 0
# define VEC_U64_HI 1
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+asm_vec_u64_load_le(unsigned long offset, const void *ptr)
+{
+ vector2x_u64 vecu64;
+#if __GNUC__ >= 4
+ if (__builtin_constant_p (offset) && offset == 0)
+ __asm__ volatile ("lxvd2x %x0,0,%1\n\t"
+ : "=wa" (vecu64)
+ : "r" ((uintptr_t)ptr)
+ : "memory");
+ else
+#endif
+ __asm__ volatile ("lxvd2x %x0,%1,%2\n\t"
+ : "=wa" (vecu64)
+ : "r" (offset), "r" ((uintptr_t)ptr)
+ : "memory", "r0");
+ return asm_swap_u64(vecu64);
+}
+
static ASM_FUNC_ATTR_INLINE vector2x_u64
asm_vec_u64_load_be(unsigned int offset, const void *ptr)
{
diff --git a/cipher/sha512-ppc.c b/cipher/sha512-ppc.c
index a758e1ea..31ea25bf 100644
--- a/cipher/sha512-ppc.c
+++ b/cipher/sha512-ppc.c
@@ -115,14 +115,62 @@ vec_merge_idx0_elems(vector2x_u64 v0, vector2x_u64 v1)
static ASM_FUNC_ATTR_INLINE vector2x_u64
vec_vshasigma_u64(vector2x_u64 v, unsigned int a, unsigned int b)
{
- asm ("vshasigmad %0,%1,%2,%3"
- : "=v" (v)
- : "v" (v), "g" (a), "g" (b)
- : "memory");
+ __asm__ ("vshasigmad %0,%1,%2,%3"
+ : "=v" (v)
+ : "v" (v), "g" (a), "g" (b)
+ : "memory");
return v;
}
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+vec_u64_load(unsigned long offset, const void *ptr)
+{
+ vector2x_u64 vecu64;
+#if __GNUC__ >= 4
+ if (__builtin_constant_p (offset) && offset == 0)
+ __asm__ ("lxvd2x %x0,0,%1\n\t"
+ : "=wa" (vecu64)
+ : "r" ((uintptr_t)ptr)
+ : "memory");
+ else
+#endif
+ __asm__ ("lxvd2x %x0,%1,%2\n\t"
+ : "=wa" (vecu64)
+ : "r" (offset), "r" ((uintptr_t)ptr)
+ : "memory", "r0");
+#ifndef WORDS_BIGENDIAN
+ __asm__ ("xxswapd %x0, %x1"
+ : "=wa" (vecu64)
+ : "wa" (vecu64));
+#endif
+ return vecu64;
+}
+
+
+static ASM_FUNC_ATTR_INLINE void
+vec_u64_store(vector2x_u64 vecu64, unsigned long offset, void *ptr)
+{
+#ifndef WORDS_BIGENDIAN
+ __asm__ ("xxswapd %x0, %x1"
+ : "=wa" (vecu64)
+ : "wa" (vecu64));
+#endif
+#if __GNUC__ >= 4
+ if (__builtin_constant_p (offset) && offset == 0)
+ __asm__ ("stxvd2x %x0,0,%1\n\t"
+ :
+ : "wa" (vecu64), "r" ((uintptr_t)ptr)
+ : "memory");
+ else
+#endif
+ __asm__ ("stxvd2x %x0,%1,%2\n\t"
+ :
+ : "wa" (vecu64), "r" (offset), "r" ((uintptr_t)ptr)
+ : "memory", "r0");
+}
+
+
/* SHA2 round in vector registers */
#define R(a,b,c,d,e,f,g,h,k,w) do \
{ \
@@ -168,13 +216,13 @@ _gcry_sha512_transform_ppc8(u64 state[8],
vector2x_u64 a, b, c, d, e, f, g, h, t1, t2;
u64 w[16];
- h0 = vec_vsx_ld (8 * 0, (unsigned long long *)state);
+ h0 = vec_u64_load (8 * 0, (unsigned long long *)state);
h1 = vec_rol_elems (h0, 1);
- h2 = vec_vsx_ld (8 * 2, (unsigned long long *)state);
+ h2 = vec_u64_load (8 * 2, (unsigned long long *)state);
h3 = vec_rol_elems (h2, 1);
- h4 = vec_vsx_ld (8 * 4, (unsigned long long *)state);
+ h4 = vec_u64_load (8 * 4, (unsigned long long *)state);
h5 = vec_rol_elems (h4, 1);
- h6 = vec_vsx_ld (8 * 6, (unsigned long long *)state);
+ h6 = vec_u64_load (8 * 6, (unsigned long long *)state);
h7 = vec_rol_elems (h6, 1);
while (nblks >= 2)
@@ -514,10 +562,10 @@ _gcry_sha512_transform_ppc8(u64 state[8],
h2 = vec_merge_idx0_elems (h2, h3);
h4 = vec_merge_idx0_elems (h4, h5);
h6 = vec_merge_idx0_elems (h6, h7);
- vec_vsx_st (h0, 8 * 0, (unsigned long long *)state);
- vec_vsx_st (h2, 8 * 2, (unsigned long long *)state);
- vec_vsx_st (h4, 8 * 4, (unsigned long long *)state);
- vec_vsx_st (h6, 8 * 6, (unsigned long long *)state);
+ vec_u64_store (h0, 8 * 0, (unsigned long long *)state);
+ vec_u64_store (h2, 8 * 2, (unsigned long long *)state);
+ vec_u64_store (h4, 8 * 4, (unsigned long long *)state);
+ vec_u64_store (h6, 8 * 6, (unsigned long long *)state);
return sizeof(w);
}
diff --git a/configure.ac b/configure.ac
index b6b6455a..be35ce42 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1745,10 +1745,12 @@ AC_CACHE_CHECK([whether compiler supports PowerPC AltiVec/VSX intrinsics],
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
[[#include <altivec.h>
typedef vector unsigned char block;
+ typedef vector unsigned int vecu32;
block fn(block in)
{
block t = vec_perm (in, in, vec_vsx_ld (0, (unsigned char*)0));
- return vec_cipher_be (t, in);
+ vecu32 y = vec_vsx_ld (0, (unsigned int*)0);
+ return vec_cipher_be (t, in) ^ (block)y;
}
]])],
[gcry_cv_cc_ppc_altivec=yes])
@@ -1769,10 +1771,12 @@ if test "$gcry_cv_cc_ppc_altivec" = "no" &&
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
[[#include <altivec.h>
typedef vector unsigned char block;
+ typedef vector unsigned int vecu32;
block fn(block in)
{
block t = vec_perm (in, in, vec_vsx_ld (0, (unsigned char*)0));
- return vec_cipher_be (t, in);
+ vecu32 y = vec_vsx_ld (0, (unsigned int*)0);
+ return vec_cipher_be (t, in) ^ (block)y;
}]])],
[gcry_cv_cc_ppc_altivec_cflags=yes])])
if test "$gcry_cv_cc_ppc_altivec_cflags" = "yes" ; then
diff --git a/configure.ac b/configure.ac
index 202ac888..fd447906 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2562,13 +2562,13 @@ if test "$found" = "1" ; then
GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-intel-pclmul.lo"
;;
powerpc64le-*-*)
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
;;
powerpc64-*-*)
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
;;
powerpc-*-*)
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
;;
esac
fi
@@ -2635,17 +2635,17 @@ if test "$found" = "1" ; then
;;
powerpc64le-*-*)
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
;;
powerpc64-*-*)
# Big-Endian.
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
;;
powerpc-*-*)
# Big-Endian.
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
esac
fi
@@ -2667,17 +2667,17 @@ if test "$found" = "1" ; then
;;
powerpc64le-*-*)
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
;;
powerpc64-*-*)
# Big-Endian.
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
;;
powerpc-*-*)
# Big-Endian.
# Build with the crypto extension implementation
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
esac
if test x"$neonsupport" = xyes ; then

3521
SOURCES/libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
View File

File diff suppressed because it is too large Load Diff

794
SOURCES/libgcrypt-1.8.5-ppc-crc32.patch
View File

@ -1,794 +0,0 @@
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index cb41c251..1728e9f9 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -67,7 +67,7 @@ cast5.c cast5-amd64.S cast5-arm.S \
chacha20.c chacha20-sse2-amd64.S chacha20-ssse3-amd64.S chacha20-avx2-amd64.S \
chacha20-armv7-neon.S \
crc.c \
- crc-intel-pclmul.c \
+ crc-intel-pclmul.c crc-ppc.c \
des.c des-amd64.S \
dsa.c \
elgamal.c \
@@ -159,3 +159,9 @@ sha512-ppc.o: $(srcdir)/sha512-ppc.c Makefile
sha512-ppc.lo: $(srcdir)/sha512-ppc.c Makefile
`echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< `
+
+crc-ppc.o: $(srcdir)/crc-ppc.c Makefile
+ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< `
+
+crc-ppc.lo: $(srcdir)/crc-ppc.c Makefile
+ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< `
diff --git a/cipher/crc-ppc.c b/cipher/crc-ppc.c
new file mode 100644
index 00000000..4d7f0add
--- /dev/null
+++ b/cipher/crc-ppc.c
@@ -0,0 +1,619 @@
+/* crc-ppc.c - POWER8 vpmsum accelerated CRC implementation
+ * Copyright (C) 2019-2020 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+
+#include "bithelp.h"
+#include "bufhelp.h"
+
+
+#if defined(ENABLE_PPC_CRYPTO_SUPPORT) && \
+ defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \
+ defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC) && \
+ __GNUC__ >= 4
+
+#include <altivec.h>
+#include "bufhelp.h"
+
+
+#define ALWAYS_INLINE inline __attribute__((always_inline))
+#define NO_INLINE __attribute__((noinline))
+#define NO_INSTRUMENT_FUNCTION __attribute__((no_instrument_function))
+
+#define ASM_FUNC_ATTR NO_INSTRUMENT_FUNCTION
+#define ASM_FUNC_ATTR_INLINE ASM_FUNC_ATTR ALWAYS_INLINE
+#define ASM_FUNC_ATTR_NOINLINE ASM_FUNC_ATTR NO_INLINE
+
+#define ALIGNED_64 __attribute__ ((aligned (64)))
+
+
+typedef vector unsigned char vector16x_u8;
+typedef vector unsigned int vector4x_u32;
+typedef vector unsigned long long vector2x_u64;
+
+
+/* Constants structure for generic reflected/non-reflected CRC32 PMULL
+ * functions. */
+struct crc32_consts_s
+{
+ /* k: { x^(32*17), x^(32*15), x^(32*5), x^(32*3), x^(32*2), 0 } mod P(x) */
+ unsigned long long k[6];
+ /* my_p: { floor(x^64 / P(x)), P(x) } */
+ unsigned long long my_p[2];
+};
+
+/* PMULL constants for CRC32 and CRC32RFC1510. */
+static const struct crc32_consts_s crc32_consts ALIGNED_64 =
+{
+ { /* k[6] = reverse_33bits( x^(32*y) mod P(x) ) */
+ U64_C(0x154442bd4), U64_C(0x1c6e41596), /* y = { 17, 15 } */
+ U64_C(0x1751997d0), U64_C(0x0ccaa009e), /* y = { 5, 3 } */
+ U64_C(0x163cd6124), 0 /* y = 2 */
+ },
+ { /* my_p[2] = reverse_33bits ( { floor(x^64 / P(x)), P(x) } ) */
+ U64_C(0x1f7011641), U64_C(0x1db710641)
+ }
+};
+
+/* PMULL constants for CRC24RFC2440 (polynomial multiplied with x⁸). */
+static const struct crc32_consts_s crc24rfc2440_consts ALIGNED_64 =
+{
+ { /* k[6] = x^(32*y) mod P(x) << 32*/
+ U64_C(0x08289a00) << 32, U64_C(0x74b44a00) << 32, /* y = { 17, 15 } */
+ U64_C(0xc4b14d00) << 32, U64_C(0xfd7e0c00) << 32, /* y = { 5, 3 } */
+ U64_C(0xd9fe8c00) << 32, 0 /* y = 2 */
+ },
+ { /* my_p[2] = { floor(x^64 / P(x)), P(x) } */
+ U64_C(0x1f845fe24), U64_C(0x1864cfb00)
+ }
+};
+
+
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+asm_vpmsumd(vector2x_u64 a, vector2x_u64 b)
+{
+ __asm__("vpmsumd %0, %1, %2"
+ : "=v" (a)
+ : "v" (a), "v" (b));
+ return a;
+}
+
+
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+asm_swap_u64(vector2x_u64 a)
+{
+ __asm__("xxswapd %x0, %x1"
+ : "=wa" (a)
+ : "wa" (a));
+ return a;
+}
+
+
+static ASM_FUNC_ATTR_INLINE vector4x_u32
+vec_sld_u32(vector4x_u32 a, vector4x_u32 b, unsigned int idx)
+{
+ return vec_sld (a, b, (4 * idx) & 15);
+}
+
+
+static const byte crc32_partial_fold_input_mask[16 + 16] ALIGNED_64 =
+ {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ };
+static const byte crc32_shuf_shift[3 * 16] ALIGNED_64 =
+ {
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ };
+static const byte crc32_refl_shuf_shift[3 * 16] ALIGNED_64 =
+ {
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
+ };
+static const vector16x_u8 bswap_const ALIGNED_64 =
+ { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+
+
+#define CRC_VEC_SWAP(v) ({ vector2x_u64 __vecu64 = (v); \
+ vec_perm(__vecu64, __vecu64, bswap_const); })
+
+#ifdef WORDS_BIGENDIAN
+# define CRC_VEC_U64_DEF(lo, hi) { (hi), (lo) }
+# define CRC_VEC_U64_LOAD(offs, ptr) \
+ asm_swap_u64(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) \
+ CRC_VEC_SWAP(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
+# define CRC_VEC_U64_LOAD_BE(offs, ptr) \
+ vec_vsx_ld((offs), (const unsigned long long *)(ptr))
+# define CRC_VEC_SWAP_TO_LE(v) CRC_VEC_SWAP(v)
+# define CRC_VEC_SWAP_TO_BE(v) (v)
+# define VEC_U64_LO 1
+# define VEC_U64_HI 0
+#else
+# define CRC_VEC_U64_DEF(lo, hi) { (lo), (hi) }
+# define CRC_VEC_U64_LOAD(offs, ptr) \
+ vec_vsx_ld((offs), (const unsigned long long *)(ptr))
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) CRC_VEC_U64_LOAD((offs), (ptr))
+# define CRC_VEC_U64_LOAD_BE(offs, ptr) asm_vec_u64_load_be(offs, ptr)
+# define CRC_VEC_SWAP_TO_LE(v) (v)
+# define CRC_VEC_SWAP_TO_BE(v) CRC_VEC_SWAP(v)
+# define VEC_U64_LO 0
+# define VEC_U64_HI 1
+
+static ASM_FUNC_ATTR_INLINE vector2x_u64
+asm_vec_u64_load_be(unsigned int offset, const void *ptr)
+{
+ static const vector16x_u8 vec_load_le_const =
+ { ~7, ~6, ~5, ~4, ~3, ~2, ~1, ~0, ~15, ~14, ~13, ~12, ~11, ~10, ~9, ~8 };
+ vector2x_u64 vecu64;
+
+#if __GNUC__ >= 4
+ if (__builtin_constant_p (offset) && offset == 0)
+ __asm__ ("lxvd2x %%vs32,0,%1\n\t"
+ "vperm %0,%%v0,%%v0,%2\n\t"
+ : "=v" (vecu64)
+ : "r" ((uintptr_t)(ptr)), "v" (vec_load_le_const)
+ : "memory", "v0");
+#endif
+ else
+ __asm__ ("lxvd2x %%vs32,%1,%2\n\t"
+ "vperm %0,%%v0,%%v0,%3\n\t"
+ : "=v" (vecu64)
+ : "r" (offset), "r" ((uintptr_t)(ptr)),
+ "v" (vec_load_le_const)
+ : "memory", "r0", "v0");
+
+ return vecu64;
+}
+#endif
+
+
+static ASM_FUNC_ATTR_INLINE void
+crc32r_ppc8_ce_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
+ const struct crc32_consts_s *consts)
+{
+ vector4x_u32 zero = { 0, 0, 0, 0 };
+ vector2x_u64 low_64bit_mask = CRC_VEC_U64_DEF((u64)-1, 0);
+ vector2x_u64 low_32bit_mask = CRC_VEC_U64_DEF((u32)-1, 0);
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
+ vector2x_u64 k1k2 = CRC_VEC_U64_LOAD(0, &consts->k[1 - 1]);
+ vector2x_u64 k3k4 = CRC_VEC_U64_LOAD(0, &consts->k[3 - 1]);
+ vector2x_u64 k4lo = CRC_VEC_U64_DEF(k3k4[VEC_U64_HI], 0);
+ vector2x_u64 k5lo = CRC_VEC_U64_LOAD(0, &consts->k[5 - 1]);
+ vector2x_u64 crc = CRC_VEC_U64_DEF(*pcrc, 0);
+ vector2x_u64 crc0, crc1, crc2, crc3;
+ vector2x_u64 v0;
+
+ if (inlen >= 8 * 16)
+ {
+ crc0 = CRC_VEC_U64_LOAD_LE(0 * 16, inbuf);
+ crc0 ^= crc;
+ crc1 = CRC_VEC_U64_LOAD_LE(1 * 16, inbuf);
+ crc2 = CRC_VEC_U64_LOAD_LE(2 * 16, inbuf);
+ crc3 = CRC_VEC_U64_LOAD_LE(3 * 16, inbuf);
+
+ inbuf += 4 * 16;
+ inlen -= 4 * 16;
+
+ /* Fold by 4. */
+ while (inlen >= 4 * 16)
+ {
+ v0 = CRC_VEC_U64_LOAD_LE(0 * 16, inbuf);
+ crc0 = asm_vpmsumd(crc0, k1k2) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_LE(1 * 16, inbuf);
+ crc1 = asm_vpmsumd(crc1, k1k2) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_LE(2 * 16, inbuf);
+ crc2 = asm_vpmsumd(crc2, k1k2) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_LE(3 * 16, inbuf);
+ crc3 = asm_vpmsumd(crc3, k1k2) ^ v0;
+
+ inbuf += 4 * 16;
+ inlen -= 4 * 16;
+ }
+
+ /* Fold 4 to 1. */
+ crc1 ^= asm_vpmsumd(crc0, k3k4);
+ crc2 ^= asm_vpmsumd(crc1, k3k4);
+ crc3 ^= asm_vpmsumd(crc2, k3k4);
+ crc = crc3;
+ }
+ else
+ {
+ v0 = CRC_VEC_U64_LOAD_LE(0, inbuf);
+ crc ^= v0;
+
+ inbuf += 16;
+ inlen -= 16;
+ }
+
+ /* Fold by 1. */
+ while (inlen >= 16)
+ {
+ v0 = CRC_VEC_U64_LOAD_LE(0, inbuf);
+ crc = asm_vpmsumd(k3k4, crc);
+ crc ^= v0;
+
+ inbuf += 16;
+ inlen -= 16;
+ }
+
+ /* Partial fold. */
+ if (inlen)
+ {
+ /* Load last input and add padding zeros. */
+ vector2x_u64 mask = CRC_VEC_U64_LOAD_LE(inlen, crc32_partial_fold_input_mask);
+ vector2x_u64 shl_shuf = CRC_VEC_U64_LOAD_LE(inlen, crc32_refl_shuf_shift);
+ vector2x_u64 shr_shuf = CRC_VEC_U64_LOAD_LE(inlen + 16, crc32_refl_shuf_shift);
+
+ v0 = CRC_VEC_U64_LOAD_LE(inlen - 16, inbuf);
+ v0 &= mask;
+
+ crc = CRC_VEC_SWAP_TO_LE(crc);
+ v0 |= (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
+ (vector16x_u8)shr_shuf);
+ crc = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
+ (vector16x_u8)shl_shuf);
+ crc = asm_vpmsumd(k3k4, crc);
+ crc ^= v0;
+
+ inbuf += inlen;
+ inlen -= inlen;
+ }
+
+ /* Final fold. */
+
+ /* reduce 128-bits to 96-bits */
+ v0 = asm_swap_u64(crc);
+ v0 &= low_64bit_mask;
+ crc = asm_vpmsumd(k4lo, crc);
+ crc ^= v0;
+
+ /* reduce 96-bits to 64-bits */
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
+ (vector4x_u32)crc, 3); /* [x0][x3][x2][x1] */
+ v0 &= low_64bit_mask; /* [00][00][x2][x1] */
+ crc = crc & low_32bit_mask; /* [00][00][00][x0] */
+ crc = v0 ^ asm_vpmsumd(k5lo, crc); /* [00][00][xx][xx] */
+
+ /* barrett reduction */
+ v0 = crc << 32; /* [00][00][x0][00] */
+ v0 = asm_vpmsumd(my_p, v0);
+ v0 = asm_swap_u64(v0);
+ v0 = asm_vpmsumd(my_p, v0);
+ crc = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
+ zero, 1); /* [00][x1][x0][00] */
+ crc ^= v0;
+
+ *pcrc = (u32)crc[VEC_U64_HI];
+}
+
+
+static ASM_FUNC_ATTR_INLINE u32
+crc32r_ppc8_ce_reduction_4 (u32 data, u32 crc,
+ const struct crc32_consts_s *consts)
+{
+ vector4x_u32 zero = { 0, 0, 0, 0 };
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
+ vector2x_u64 v0 = CRC_VEC_U64_DEF((u64)data, 0);
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)v0,
+ zero, 3); /* [x0][00][00][00] */
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)v0,
+ (vector4x_u32)v0, 3); /* [00][x0][00][00] */
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
+ return (v0[VEC_U64_LO] >> 32) ^ crc;
+}
+
+
+static ASM_FUNC_ATTR_INLINE void
+crc32r_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
+ const struct crc32_consts_s *consts)
+{
+ u32 crc = *pcrc;
+ u32 data;
+
+ while (inlen >= 4)
+ {
+ data = buf_get_le32(inbuf);
+ data ^= crc;
+
+ inlen -= 4;
+ inbuf += 4;
+
+ crc = crc32r_ppc8_ce_reduction_4 (data, 0, consts);
+ }
+
+ switch (inlen)
+ {
+ case 0:
+ break;
+ case 1:
+ data = inbuf[0];
+ data ^= crc;
+ data <<= 24;
+ crc >>= 8;
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ case 2:
+ data = inbuf[0] << 0;
+ data |= inbuf[1] << 8;
+ data ^= crc;
+ data <<= 16;
+ crc >>= 16;
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ case 3:
+ data = inbuf[0] << 0;
+ data |= inbuf[1] << 8;
+ data |= inbuf[2] << 16;
+ data ^= crc;
+ data <<= 8;
+ crc >>= 24;
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ }
+
+ *pcrc = crc;
+}
+
+
+static ASM_FUNC_ATTR_INLINE void
+crc32_ppc8_ce_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
+ const struct crc32_consts_s *consts)
+{
+ vector4x_u32 zero = { 0, 0, 0, 0 };
+ vector2x_u64 low_96bit_mask = CRC_VEC_U64_DEF(~0, ~((u64)(u32)-1 << 32));
+ vector2x_u64 p_my = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->my_p[0]));
+ vector2x_u64 p_my_lo, p_my_hi;
+ vector2x_u64 k2k1 = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->k[1 - 1]));
+ vector2x_u64 k4k3 = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->k[3 - 1]));
+ vector2x_u64 k4hi = CRC_VEC_U64_DEF(0, consts->k[4 - 1]);
+ vector2x_u64 k5hi = CRC_VEC_U64_DEF(0, consts->k[5 - 1]);
+ vector2x_u64 crc = CRC_VEC_U64_DEF(0, _gcry_bswap64(*pcrc));
+ vector2x_u64 crc0, crc1, crc2, crc3;
+ vector2x_u64 v0;
+
+ if (inlen >= 8 * 16)
+ {
+ crc0 = CRC_VEC_U64_LOAD_BE(0 * 16, inbuf);
+ crc0 ^= crc;
+ crc1 = CRC_VEC_U64_LOAD_BE(1 * 16, inbuf);
+ crc2 = CRC_VEC_U64_LOAD_BE(2 * 16, inbuf);
+ crc3 = CRC_VEC_U64_LOAD_BE(3 * 16, inbuf);
+
+ inbuf += 4 * 16;
+ inlen -= 4 * 16;
+
+ /* Fold by 4. */
+ while (inlen >= 4 * 16)
+ {
+ v0 = CRC_VEC_U64_LOAD_BE(0 * 16, inbuf);
+ crc0 = asm_vpmsumd(crc0, k2k1) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_BE(1 * 16, inbuf);
+ crc1 = asm_vpmsumd(crc1, k2k1) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_BE(2 * 16, inbuf);
+ crc2 = asm_vpmsumd(crc2, k2k1) ^ v0;
+
+ v0 = CRC_VEC_U64_LOAD_BE(3 * 16, inbuf);
+ crc3 = asm_vpmsumd(crc3, k2k1) ^ v0;
+
+ inbuf += 4 * 16;
+ inlen -= 4 * 16;
+ }
+
+ /* Fold 4 to 1. */
+ crc1 ^= asm_vpmsumd(crc0, k4k3);
+ crc2 ^= asm_vpmsumd(crc1, k4k3);
+ crc3 ^= asm_vpmsumd(crc2, k4k3);
+ crc = crc3;
+ }
+ else
+ {
+ v0 = CRC_VEC_U64_LOAD_BE(0, inbuf);
+ crc ^= v0;
+
+ inbuf += 16;
+ inlen -= 16;
+ }
+
+ /* Fold by 1. */
+ while (inlen >= 16)
+ {
+ v0 = CRC_VEC_U64_LOAD_BE(0, inbuf);
+ crc = asm_vpmsumd(k4k3, crc);
+ crc ^= v0;
+
+ inbuf += 16;
+ inlen -= 16;
+ }
+
+ /* Partial fold. */
+ if (inlen)
+ {
+ /* Load last input and add padding zeros. */
+ vector2x_u64 mask = CRC_VEC_U64_LOAD_LE(inlen, crc32_partial_fold_input_mask);
+ vector2x_u64 shl_shuf = CRC_VEC_U64_LOAD_LE(32 - inlen, crc32_refl_shuf_shift);
+ vector2x_u64 shr_shuf = CRC_VEC_U64_LOAD_LE(inlen + 16, crc32_shuf_shift);
+
+ v0 = CRC_VEC_U64_LOAD_LE(inlen - 16, inbuf);
+ v0 &= mask;
+
+ crc = CRC_VEC_SWAP_TO_LE(crc);
+ crc2 = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
+ (vector16x_u8)shr_shuf);
+ v0 |= crc2;
+ v0 = CRC_VEC_SWAP(v0);
+ crc = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
+ (vector16x_u8)shl_shuf);
+ crc = asm_vpmsumd(k4k3, crc);
+ crc ^= v0;
+
+ inbuf += inlen;
+ inlen -= inlen;
+ }
+
+ /* Final fold. */
+
+ /* reduce 128-bits to 96-bits */
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
+ (vector4x_u32)zero, 2);
+ crc = asm_vpmsumd(k4hi, crc);
+ crc ^= v0; /* bottom 32-bit are zero */
+
+ /* reduce 96-bits to 64-bits */
+ v0 = crc & low_96bit_mask; /* [00][x2][x1][00] */
+ crc >>= 32; /* [00][x3][00][x0] */
+ crc = asm_vpmsumd(k5hi, crc); /* [00][xx][xx][00] */
+ crc ^= v0; /* top and bottom 32-bit are zero */
+
+ /* barrett reduction */
+ p_my_hi = p_my;
+ p_my_lo = p_my;
+ p_my_hi[VEC_U64_LO] = 0;
+ p_my_lo[VEC_U64_HI] = 0;
+ v0 = crc >> 32; /* [00][00][00][x1] */
+ crc = asm_vpmsumd(p_my_hi, crc); /* [00][xx][xx][xx] */
+ crc = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
+ (vector4x_u32)crc, 3); /* [x0][00][x2][x1] */
+ crc = asm_vpmsumd(p_my_lo, crc); /* [00][xx][xx][xx] */
+ crc ^= v0;
+
+ *pcrc = _gcry_bswap32(crc[VEC_U64_LO]);
+}
+
+
+static ASM_FUNC_ATTR_INLINE u32
+crc32_ppc8_ce_reduction_4 (u32 data, u32 crc,
+ const struct crc32_consts_s *consts)
+{
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
+ vector2x_u64 v0 = CRC_VEC_U64_DEF((u64)data << 32, 0);
+ v0 = asm_vpmsumd(v0, my_p); /* [00][x1][x0][00] */
+ v0[VEC_U64_LO] = 0; /* [00][x1][00][00] */
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
+ return _gcry_bswap32(v0[VEC_U64_LO]) ^ crc;
+}
+
+
+static ASM_FUNC_ATTR_INLINE void
+crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
+ const struct crc32_consts_s *consts)
+{
+ u32 crc = *pcrc;
+ u32 data;
+
+ while (inlen >= 4)
+ {
+ data = buf_get_le32(inbuf);
+ data ^= crc;
+ data = _gcry_bswap32(data);
+
+ inlen -= 4;
+ inbuf += 4;
+
+ crc = crc32_ppc8_ce_reduction_4 (data, 0, consts);
+ }
+
+ switch (inlen)
+ {
+ case 0:
+ break;
+ case 1:
+ data = inbuf[0];
+ data ^= crc;
+ data = data & 0xffU;
+ crc = crc >> 8;
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ case 2:
+ data = inbuf[0] << 0;
+ data |= inbuf[1] << 8;
+ data ^= crc;
+ data = _gcry_bswap32(data << 16);
+ crc = crc >> 16;
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ case 3:
+ data = inbuf[0] << 0;
+ data |= inbuf[1] << 8;
+ data |= inbuf[2] << 16;
+ data ^= crc;
+ data = _gcry_bswap32(data << 8);
+ crc = crc >> 24;
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
+ break;
+ }
+
+ *pcrc = crc;
+}
+
+void ASM_FUNC_ATTR
+_gcry_crc32_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen)
+{
+ const struct crc32_consts_s *consts = &crc32_consts;
+
+ if (!inlen)
+ return;
+
+ if (inlen >= 16)
+ crc32r_ppc8_ce_bulk (pcrc, inbuf, inlen, consts);
+ else
+ crc32r_less_than_16 (pcrc, inbuf, inlen, consts);
+}
+
+void ASM_FUNC_ATTR
+_gcry_crc24rfc2440_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen)
+{
+ const struct crc32_consts_s *consts = &crc24rfc2440_consts;
+
+ if (!inlen)
+ return;
+
+ /* Note: *pcrc in input endian. */
+
+ if (inlen >= 16)
+ crc32_ppc8_ce_bulk (pcrc, inbuf, inlen, consts);
+ else
+ crc32_less_than_16 (pcrc, inbuf, inlen, consts);
+}
+
+#endif
diff --git a/cipher/crc.c b/cipher/crc.c
index a1ce50b6..bbb159ce 100644
--- a/cipher/crc.c
+++ b/cipher/crc.c
@@ -43,11 +43,27 @@
#endif /* USE_INTEL_PCLMUL */
+/* USE_PPC_VPMSUM indicates whether to enable PowerPC vector
+ * accelerated code. */
+#undef USE_PPC_VPMSUM
+#ifdef ENABLE_PPC_CRYPTO_SUPPORT
+# if defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \
+ defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC)
+# if __GNUC__ >= 4
+# define USE_PPC_VPMSUM 1
+# endif
+# endif
+#endif /* USE_PPC_VPMSUM */
+
+
typedef struct
{
u32 CRC;
#ifdef USE_INTEL_PCLMUL
unsigned int use_pclmul:1; /* Intel PCLMUL shall be used. */
+#endif
+#ifdef USE_PPC_VPMSUM
+ unsigned int use_vpmsum:1; /* POWER vpmsum shall be used. */
#endif
byte buf[4];
}
@@ -61,6 +77,20 @@ void _gcry_crc24rfc2440_intel_pclmul (u32 *pcrc, const byte *inbuf,
size_t inlen);
#endif
+#ifdef USE_ARM_PMULL
+/*-- crc-armv8-ce.c --*/
+void _gcry_crc32_armv8_ce_pmull (u32 *pcrc, const byte *inbuf, size_t inlen);
+void _gcry_crc24rfc2440_armv8_ce_pmull (u32 *pcrc, const byte *inbuf,
+ size_t inlen);
+#endif
+
+#ifdef USE_PPC_VPMSUM
+/*-- crc-ppc.c --*/
+void _gcry_crc32_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen);
+void _gcry_crc24rfc2440_ppc8_vpmsum (u32 *pcrc, const byte *inbuf,
+ size_t inlen);
+#endif
+
/*
* Code generated by universal_crc by Danjel McGougan
@@ -361,11 +391,13 @@ static void
crc32_init (void *context, unsigned int flags)
{
CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
-#ifdef USE_INTEL_PCLMUL
u32 hwf = _gcry_get_hw_features ();
-
+#ifdef USE_INTEL_PCLMUL
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
#endif
+#ifdef USE_PPC_VPMSUM
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
+#endif
(void)flags;
@@ -386,6 +418,13 @@ crc32_write (void *context, const void *inbuf_arg, size_t inlen)
return;
}
#endif
+#ifdef USE_PPC_VPMSUM
+ if (ctx->use_vpmsum)
+ {
+ _gcry_crc32_ppc8_vpmsum(&ctx->CRC, inbuf, inlen);
+ return;
+ }
+#endif
if (!inbuf || !inlen)
return;
@@ -444,6 +483,10 @@ crc32rfc1510_init (void *context, unsigned int flags)
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
#endif
+#ifdef USE_PPC_VPMSUM
+ u32 hwf = _gcry_get_hw_features ();
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
+#endif
(void)flags;
@@ -774,6 +817,10 @@ crc24rfc2440_init (void *context, unsigned int flags)
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
#endif
+#ifdef USE_PPC_VPMSUM
+ u32 hwf = _gcry_get_hw_features ();
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
+#endif
(void)flags;
@@ -794,6 +841,13 @@ crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen)
return;
}
#endif
+#ifdef USE_PPC_VPMSUM
+ if (ctx->use_vpmsum)
+ {
+ _gcry_crc24rfc2440_ppc8_vpmsum(&ctx->CRC, inbuf, inlen);
+ return;
+ }
+#endif
if (!inbuf || !inlen)
return;
diff --git a/configure.ac b/configure.ac
index 953a20e9..b6b6455a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1916,6 +1916,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports PowerPC AltiVec/VSX/crypto
"vadduwm %v0, %v1, %v22;\n"
"vshasigmaw %v0, %v1, 0, 15;\n"
"vshasigmad %v0, %v1, 0, 15;\n"
+ "vpmsumd %v11, %v11, %v11;\n"
);
]])],
[gcry_cv_gcc_inline_asm_ppc_altivec=yes])
@@ -2556,6 +2557,15 @@ if test "$found" = "1" ; then
# Build with the assembly implementation
GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-intel-pclmul.lo"
;;
+ powerpc64le-*-*)
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ ;;
+ powerpc64-*-*)
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ ;;
+ powerpc-*-*)
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
+ ;;
esac
fi

2138
SOURCES/libgcrypt-1.8.5-ppc-sha2.patch
View File

File diff suppressed because it is too large Load Diff

89
SOURCES/libgcrypt-1.8.5-use-fipscheck.patch
View File

@ -1,89 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
@@ -581,23 +581,50 @@ run_random_selftests (void)
return !!err;
}
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -605,7 +632,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -614,7 +641,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;
diff -up libgcrypt-1.8.5/src/Makefile.am.use-fipscheck libgcrypt-1.8.5/src/Makefile.am
--- libgcrypt-1.8.5/src/Makefile.am.use-fipscheck 2020-04-23 10:18:36.237764702 +0200
+++ libgcrypt-1.8.5/src/Makefile.am 2020-04-23 10:19:03.186247455 +0200
@@ -125,7 +125,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \
../random/librandom.la \
../mpi/libmpi.la \
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
dumpsexp_SOURCES = dumpsexp.c

100
SOURCES/libgcrypt-1.9.3-CVE-2021-40528.patch
View File

@ -1,100 +0,0 @@
commit 3462280f2e23e16adf3ed5176e0f2413d8861320
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri May 21 11:15:07 2021 +0900
cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.
--
Cherry-pick master commit of:
632d80ef30e13de6926d503aa697f92b5dbfbc5e
This change basically reverts encryption changes in two commits:
74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065
Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).
For detail, please see:
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
"On the (in)security of ElGamal in OpenPGP";
in the proceedings of CCS'2021.
CVE-id: CVE-2021-33560
GnuPG-bug-id: 5328
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 9835122f..eead4502 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -66,7 +66,7 @@ static const char *elg_names[] =
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static gcry_mpi_t gen_k (gcry_mpi_t p);
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
gcry_mpi_t **factors);
static int check_secret_key (ELG_secret_key *sk);
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
/****************
* Generate a random secret exponent k from prime p, so that k is
- * relatively prime to p-1. With SMALL_K set, k will be selected for
- * better encryption performance - this must never be used signing!
+ * relatively prime to p-1.
*/
static gcry_mpi_t
-gen_k( gcry_mpi_t p, int small_k )
+gen_k( gcry_mpi_t p )
{
gcry_mpi_t k = mpi_alloc_secure( 0 );
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
unsigned int nbits, nbytes;
char *rndbuf = NULL;
- if (small_k)
- {
- /* Using a k much lesser than p is sufficient for encryption and
- * it greatly improves the encryption performance. We use
- * Wiener's table and add a large safety margin. */
- nbits = wiener_map( orig_nbits ) * 3 / 2;
- if( nbits >= orig_nbits )
- BUG();
- }
- else
- nbits = orig_nbits;
-
+ nbits = orig_nbits;
nbytes = (nbits+7)/8;
if( DBG_CIPHER )
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
* error code.
*/
- k = gen_k( pkey->p, 1 );
+ k = gen_k( pkey->p );
mpi_powm (a, pkey->g, k, pkey->p);
/* b = (y^k * input) mod p
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
*
*/
mpi_sub_ui(p_1, p_1, 1);
- k = gen_k( skey->p, 0 /* no small K ! */ );
+ k = gen_k( skey->p );
mpi_powm( a, skey->g, k, skey->p );
mpi_mul(t, skey->x, a );
mpi_subm(t, input, t, p_1 );

4
SOURCES/random.conf
View File

@ -1,4 +0,0 @@
# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/
only-urandom
# Keep jitter entropy generator enabled (should do no harm)
#disable-jent

1225
SOURCES/t-mpi-point.c
View File

File diff suppressed because it is too large Load Diff

2007
SOURCES/wk@g10code.com
View File

File diff suppressed because it is too large Load Diff

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}

22
libgcrypt-1.10.1-annobin.patch Normal file
View File

@ -0,0 +1,22 @@
diff -rup libgcrypt.orig/src/Makefile.am libgcrypt-1.8.3/src/Makefile.am
--- libgcrypt.orig/src/Makefile.am 2021-10-18 16:36:20.914025497 +0100
+++ libgcrypt-1.8.3/src/Makefile.am 2021-10-19 12:23:08.652960618 +0100
@@ -108,6 +108,7 @@ endif !HAVE_W32_SYSTEM
libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ -Wc,-fplugin=annobin \
$(libgcrypt_version_script_cmd) -version-info \
@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
libgcrypt_la_DEPENDENCIES = \
Only in libgcrypt-1.8.3/src: Makefile.am.annobin
diff -rup libgcrypt.orig/src/Makefile.in libgcrypt-1.8.3/src/Makefile.in
--- libgcrypt.orig/src/Makefile.in 2021-10-18 16:36:20.914025497 +0100
+++ libgcrypt-1.8.3/src/Makefile.in 2021-10-19 12:23:37.791875325 +0100
@@ -483,6 +483,7 @@ gcrypt_hwf_modules = @GCRYPT_HWF_MODULES
@HAVE_W32_SYSTEM_TRUE@gcrypt_deps = $(gcrypt_res) libgcrypt.def
@HAVE_W32_SYSTEM_FALSE@gcrypt_res_ldflag =
libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ -Wc,-fplugin=annobin \
$(libgcrypt_version_script_cmd) -version-info \
@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@

63
libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch Normal file
View File

@ -0,0 +1,63 @@
From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Thu, 20 Jun 2024 20:10:09 +0300
Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE
* cipher/keccak.c (keccak_final_s390x): Add assert check for
expected SHAKE suffix.
(_gcry_cshake_customize, cshake_hash_buffers): Disable s390x
acceleration when selecting CSHAKE suffix.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/keccak.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/cipher/keccak.c b/cipher/keccak.c
index aaf83a62..44cc9f71 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -745,6 +745,8 @@ keccak_final_s390x (void *context)
}
else
{
+ gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX);
+
klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf,
ctx->count);
ctx->count = 0;
@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p)
/* No customization */
return 0;
+ ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+ /* CSHAKE suffix is not supported by s390x/kimd. */
+ ctx->kimd_func = 0;
+#endif
+
len_written = cshake_input_n (ctx, p->n, p->n_len);
cshake_input_s (ctx, p->s, p->s_len, len_written);
- ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
return 0;
}
@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes,
size_t s_len = iov[1].len;
size_t len;
+ ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+ /* CSHAKE suffix is not supported by s390x/kimd. */
+ ctx.kimd_func = 0;
+#endif
+
len = cshake_input_n (&ctx, n, n_len);
cshake_input_s (&ctx, s, s_len, len);
- ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
}
iovcnt -= 2;
iov += 2;
--
2.43.0

328
libgcrypt-1.11.0-cf-protection.patch Normal file
View File

@ -0,0 +1,328 @@
From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:00:30 +0300
Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
model code
* cipher/asm-common-amd64.h [__code_model_large__]
(GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-amd64.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
index 870fef9a..3fa065e8 100644
--- a/cipher/asm-common-amd64.h
+++ b/cipher/asm-common-amd64.h
@@ -59,14 +59,18 @@
# ifdef __code_model_large__
# define GET_EXTERN_POINTER(name, reg) \
pushq %r15; \
+ CFI_PUSH(%r15); \
pushq %r14; \
+ CFI_PUSH(%r14); \
1: leaq 1b(%rip), reg; \
movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
movabsq $name@GOT, %r15; \
addq %r14, reg; \
popq %r14; \
+ CFI_POP(%r14); \
movq (reg, %r15), reg; \
- popq %r15;
+ popq %r15; \
+ CFI_POP(%r15);
# else
# define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
# endif
--
2.45.2
From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:16:56 +0300
Subject: [PATCH] Do not build i386 assembly on x86-64
* configure.ac: Enable building i386 "rijndael-vaes" only
on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index d3dffb4b..1e182552 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3025,6 +3025,11 @@ if test "$found" = "1" ; then
AC_DEFINE(USE_AES, 1, [Defined if this module should be included])
case "${host}" in
+ i?86-*-*)
+ # Build with the VAES/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
+ ;;
x86_64-*-*)
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-amd64.lo"
@@ -3089,10 +3094,6 @@ if test "$found" = "1" ; then
# Build with the Padlock implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-padlock.lo"
-
- # Build with the VAES/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
;;
esac
fi
--
2.45.2
From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:50:57 +0300
Subject: [PATCH] Do not build amd64 assembly on i386
* configure.ac: Build "serpent-avx2-amd64" and
"camellia-*-amd64" only on x86-64.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1e182552..191aa38d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
x86_64-*-*)
# Build with the SSE2 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
+
+ if test x"$avx2support" = xyes ; then
+ # Build with the AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
+ fi
;;
esac
- if test x"$avx2support" = xyes ; then
- # Build with the AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
- fi
-
if test x"$avx512support" = xyes ; then
# Build with the AVX512 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
;;
esac
- if test x"$avxsupport" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
- fi
- fi
+ case "${host}" in
+ x86_64-*-*)
+ if test x"$avxsupport" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
+ fi
+ fi
- if test x"$avx2support" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
+ if test x"$avx2support" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
- # Build with the VAES/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
+ # Build with the VAES/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
- # Build with the GFNI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
+ # Build with the GFNI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
- # Build with the GFNI/AVX512 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
- fi
- fi
+ # Build with the GFNI/AVX512 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
+ fi
+ fi
+ ;;
+ esac
fi
LIST_MEMBER(idea, $enabled_ciphers)
--
2.45.2
From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 10:59:12 +0300
Subject: [PATCH] Add CET support for x86-64 assembly
* cipher/asm-common-amd64.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
index 3fa065e8..465ef62b 100644
--- a/cipher/asm-common-amd64.h
+++ b/cipher/asm-common-amd64.h
@@ -76,9 +76,15 @@
# endif
#endif
+#ifdef __CET__
+#define ENDBRANCH endbr64
+#else
+#define ENDBRANCH /*_*/
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; ENDBRANCH
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -146,7 +152,7 @@
DW_SLEB128_28BIT(rsp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() ENDBRANCH
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -214,4 +220,24 @@
vpopcntb xmm16, xmm16; /* Supported only by newer AVX512 CPUs. */ \
vpxord ymm16, ymm16, ymm16;
+#ifdef __CET__
+/* Generate CET property for all assembly files including this header. */
+ELF(.section .note.gnu.property,"a")
+ELF(.align 8)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.align 8)
+ELF(.long 0xc0000002)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long 0x3)
+ELF(3:)
+ELF(.align 8)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AMD64_H */
--
2.45.2
From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:09:37 +0300
Subject: [PATCH] Add CET support for i386 assembly
* cipher/asm-common-i386.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-i386.h b/cipher/asm-common-i386.h
index d746ebc4..346a8ff2 100644
--- a/cipher/asm-common-i386.h
+++ b/cipher/asm-common-i386.h
@@ -59,9 +59,15 @@
movl name##@GOT(%reg), %reg;
#endif
+#ifdef __CET__
+#define ENDBRANCH endbr32
+#else
+#define ENDBRANCH /*_*/
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; ENDBRANCH
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -121,7 +127,7 @@
DW_SLEB128_28BIT(esp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() ENDBRANCH
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -158,4 +164,24 @@
vpopcntb xmm7, xmm7; /* Supported only by newer AVX512 CPUs. */ \
vpxord ymm7, ymm7, ymm7;
+#ifdef __CET__
+/* Generate CET property for all assembly files including this header. */
+ELF(.section .note.gnu.property,"a")
+ELF(.align 4)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.align 4)
+ELF(.long 0xc0000002)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long 0x3)
+ELF(3:)
+ELF(.align 4)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AMD64_H */
--
2.45.2

109
libgcrypt-1.11.0-covscan.patch Normal file
View File

@ -0,0 +1,109 @@
From 03a0535661186ba1cf853a6b43ff2b2a5e42a3ea Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 25 Jul 2024 14:21:04 +0200
Subject: [PATCH 2/3] sexp: Avoid memory leaks on invalid input
* src/sexp.c (_gcry_hex2buffer): Free buffer on error.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/sexp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/sexp.c b/src/sexp.c
index b15cb486..60ddcbc3 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -2715,7 +2715,10 @@ _gcry_hex2buffer (const char *string, size_t *r_length)
for (s=string; *s; s +=2 )
{
if (!hexdigitp (s) || !hexdigitp (s+1))
- return NULL; /* Invalid hex digits. */
+ {
+ xfree(buffer);
+ return NULL; /* Invalid hex digits. */
+ }
((unsigned char*)buffer)[length++] = xtoi_2 (s);
}
*r_length = length;
--
GitLab
From 45d77a0ed6dcacbfaf6e72f6402705f4635e5cf8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 25 Jul 2024 14:32:19 +0200
Subject: [PATCH 3/3] ecdh: Avoid memory leaks
* cipher/ecc-ecdh.c (_gcry_ecc_curve_keypair): Free buffer on exit path.
(_gcry_ecc_curve_mul_point): Free buffer on all exit paths.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/ecc-ecdh.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
index 8be57b72..c690d221 100644
--- a/cipher/ecc-ecdh.c
+++ b/cipher/ecc-ecdh.c
@@ -153,6 +153,7 @@ _gcry_ecc_curve_keypair (const char *curve,
buf = _gcry_mpi_get_buffer (mpi_k, 0, &len, NULL);
memset (seckey, 0, nbytes - len);
memcpy (seckey + nbytes - len, buf, len);
+ xfree (buf);
}
else /* p - y >= p */
mpi_free (negative);
@@ -168,15 +169,14 @@ _gcry_ecc_curve_keypair (const char *curve,
if (len != 1 + 2*nbytes)
{
err = GPG_ERR_INV_ARG;
- mpi_free (y);
}
else
{
/* (x,y) in SEC1 point encoding. */
memcpy (pubkey, buf, len);
- xfree (buf);
- mpi_free (y);
}
+ xfree (buf);
+ mpi_free (y);
}
}
else /* MPI_EC_MONTGOMERY */
@@ -293,15 +293,14 @@ _gcry_ecc_curve_mul_point (const char *curve,
if (len != 1 + 2*nbytes)
{
err = GPG_ERR_INV_ARG;
- mpi_free (y);
}
else
{
/* (x,y) in SEC1 point encoding. */
memcpy (result, buf, len);
- xfree (buf);
- mpi_free (y);
}
+ xfree (buf);
+ mpi_free (y);
}
}
else /* MPI_EC_MONTGOMERY */
@@ -318,8 +317,8 @@ _gcry_ecc_curve_mul_point (const char *curve,
{
/* x in little endian. */
memcpy (result, buf, nbytes);
- xfree (buf);
}
+ xfree (buf);
}
}
mpi_free (x);
--
GitLab

2123
libgcrypt-1.11.0-marvin.patch Normal file
View File

File diff suppressed because it is too large Load Diff

229
libgcrypt-1.11.0-pac-bti-protection.patch Normal file
View File

@ -0,0 +1,229 @@
From afdd68b162103820edb72ad170f8ee26f206b396 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun, 4 Aug 2024 18:51:34 +0300
Subject: [PATCH] Add PAC/BTI support for AArch64 assembly
* cipher/asm-common-aarch64.h (AARCH64_BTI_PROPERTY_FLAG)
(AARCH64_HINT_BTI_C, AARCH64_PAC_PROPERTY_FLAG)
(note.gnu.property): New.
(CFI_STARTPROC): Add AARCH64_HINT_BTI_C.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-aarch64.h | 50 +++++++++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-aarch64.h b/cipher/asm-common-aarch64.h
index 3a72d7c4..ff65ea6a 100644
--- a/cipher/asm-common-aarch64.h
+++ b/cipher/asm-common-aarch64.h
@@ -45,9 +45,25 @@
add reg, reg, #:lo12:name ;
#endif
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+# define AARCH64_BTI_PROPERTY_FLAG (1 << 0)
+# define AARCH64_HINT_BTI_C \
+ hint #34
+#else
+# define AARCH64_BTI_PROPERTY_FLAG 0 /* No BTI */
+# define AARCH64_HINT_BTI_C /*_*/
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 3) != 0
+/* PAC enabled, signed with either A or B key. */
+# define AARCH64_PAC_PROPERTY_FLAG (1 << 1)
+#else
+# define AARCH64_PAC_PROPERTY_FLAG 0 /* No PAC */
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; AARCH64_HINT_BTI_C
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -89,7 +105,7 @@
DW_SLEB128_28BIT(rsp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() AARCH64_HINT_BTI_C
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -129,4 +145,34 @@
ldp d8, d9, [sp], #16; \
CFI_ADJUST_CFA_OFFSET(-16);
+#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG)
+/* Generate PAC/BTI property for all assembly files including this header.
+ *
+ * libgcrypt support these extensions:
+ * - Armv8.3-A Pointer Authentication (PAC):
+ * As currently all AArch64 assembly functions are leaf functions and do
+ * not store/load link register LR, we just mark PAC as supported.
+ *
+ * - Armv8.5-A Branch Target Identification (BTI):
+ * All AArch64 assembly functions get branch target instruction through
+ * CFI_STARTPROC macro.
+ */
+ELF(.section .note.gnu.property,"a")
+ELF(.balign 8)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.balign 8)
+ELF(.long 0xc0000000)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG))
+ELF(3:)
+ELF(.balign 8)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AARCH64_H */
--
2.43.0
From 07706d69f238f6a3bfc3f74145686a02decbee9c Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Mon, 5 Aug 2024 20:18:05 +0300
Subject: [PATCH] Do not build 32-bit ARM assembly on Aarch64
* configure.ac: Build "serpent-armv7-neon", "salsa20-armv7-neon",
"chacha20-armv7-neon", "sha512-armv7-neon" and "keccak-armv7-neon"
only on 32-bit ARM.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 54 ++++++++++++++++++++++++++++------------------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/configure.ac b/configure.ac
index 191aa38d..2b6ddb7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3139,17 +3139,18 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
fi
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
+ fi
+ ;;
esac
if test x"$avx512support" = xyes ; then
# Build with the AVX512 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
fi
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
- fi
fi
LIST_MEMBER(rfc2268, $enabled_ciphers)
@@ -3230,12 +3231,13 @@ if test "$found" = "1" ; then
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-amd64.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
+ fi
+ ;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
- fi
fi
LIST_MEMBER(gost28147, $enabled_ciphers)
@@ -3256,6 +3258,12 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx2.lo"
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx512.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
+ fi
+ ;;
aarch64-*-*)
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-aarch64.lo"
@@ -3282,11 +3290,6 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-s390x.lo"
;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
- fi
fi
LIST_MEMBER(sm4, $enabled_ciphers)
@@ -3491,6 +3494,11 @@ if test "$found" = "1" ; then
arm*-*-*)
# Build with the assembly implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-arm.lo"
+
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
+ fi
;;
aarch64-*-*)
# Build with the assembly implementation
@@ -3510,11 +3518,6 @@ if test "$found" = "1" ; then
# Build with the crypto extension implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-ppc.lo"
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
- fi
fi
LIST_MEMBER(sha3, $enabled_digests)
@@ -3527,12 +3530,13 @@ if test "$found" = "1" ; then
# Build with the assembly implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-amd64-avx512.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
+ fi
+ ;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
- fi
fi
LIST_MEMBER(tiger, $enabled_digests)
--
2.43.0

378
SPECS/libgcrypt.spec → libgcrypt.spec
View File

@ -1,96 +1,57 @@
# This is taken from gnutls.spec
%define srpmhash() %{lua:
local files = rpm.expand("%_specdir/libgcrypt.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
Name: libgcrypt
Version: 1.8.5
Release: 7%{?dist}
URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
# cipher support. We have to remove it in the tarball we ship with
# the hobble-libgcrypt script.
# (We replace it with RH approved ECC in Source4-5)
#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig
Source2: wk@g10code.com
Source3: hobble-libgcrypt
# Approved ECC support
Source4: ecc-curves.c
Source5: curves.c
Source6: t-mpi-point.c
Source7: random.conf
# make FIPS hmac compatible with fipscheck - non upstreamable
# update on soname bump
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
# modify FIPS RSA and DSA keygen to comply with requirements
Patch5: libgcrypt-1.8.4-fips-keygen.patch
# fix the tests to work correctly in the FIPS mode
Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
# update the CAVS tests
Patch7: libgcrypt-1.7.3-fips-cavs.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.8.4-use-poll.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
# fix tests to work with approved ECC
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.8.3-fips-ctor.patch
# Block some operations if in FIPS non-operational state
Patch22: libgcrypt-1.7.3-fips-reqs.patch
# Do not try to open /dev/urandom if getrandom() works
Patch24: libgcrypt-1.8.5-getrandom.patch
# CMAC selftest for FIPS POST
Patch25: libgcrypt-1.8.3-cmac-selftest.patch
# Continuous FIPS entropy test
Patch26: libgcrypt-1.8.3-fips-enttest.patch
# Disable non-approved FIPS hashes in the enforced FIPS mode
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
# Intel CET support, in upstream master
Patch28: libgcrypt-1.8.5-intel-cet.patch
# Fix build on ARMv7
Patch29: libgcrypt-1.8.5-build.patch
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
Patch30: libgcrypt-1.8.5-fips-module.patch
# Backported AES performance improvements
Patch31: libgcrypt-1.8.5-aes-perf.patch
# FIPS selftest for PBKDF2
Patch32: libgcrypt-1.8.5-kdf-selftest.patch
# ppc64 performance for SHA2 (#1855231)
Patch33: libgcrypt-1.8.5-ppc-sha2.patch
# ppc64 performance for CRC32 (#1855231)
Patch34: libgcrypt-1.8.5-ppc-crc32.patch
# ppc64 bugfixes (#1855231)
Patch35: libgcrypt-1.8.5-ppc-bugfix.patch
# ppc64 performance AES-GCM (#1855231)
Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch
# Fix elgamal cross-configuration (CVE-2021-40528)
Patch37: libgcrypt-1.9.3-CVE-2021-40528.patch
# We can use HW optimizations in FIPS (#1976137)
Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch
# ppc64 performance chacha20 and poly1305 (#1855231)
Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
# Fix CVE-2021-33560 (elgamal blinding)
Patch40: libgcrypt-1.8.5-elgamal-blinding.patch
Version: 1.11.0
Release: 5%{?dist}
URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: https://gnupg.org/signature_key.asc
# Pass the annobin flags to the libgcrypt.so (#2016349)
Patch1: libgcrypt-1.10.1-annobin.patch
# https://dev.gnupg.org/T7167
Patch2: libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/20
Patch3: libgcrypt-1.11.0-covscan.patch
# https://dev.gnupg.org/T7220
Patch4: libgcrypt-1.11.0-cf-protection.patch
Patch5: libgcrypt-1.11.0-pac-bti-protection.patch
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19/
Patch6: libgcrypt-1.11.0-marvin.patch
%define gcrylibdir %{_libdir}
%global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20
%global hmackey orboDeJITITejsirpADONivirpUkvarP
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
# Documentation and some utilities are GPLv2+ licensed. These files
# are in the devel subpackage.
License: LGPLv2+
License: BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-only) AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later AND MIT-Modern-Variant
Summary: A general-purpose cryptography library
BuildRequires: gcc
BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
BuildRequires: fipscheck
# This is needed only when patching the .texi doc.
BuildRequires: texinfo
BuildRequires: autoconf, automake, libtool
BuildRequires: make
BuildRequires: gnupg2
BuildRequires: annobin-annocheck binutils
%package devel
Summary: Development files for the %{name} package
License: LGPLv2+ and GPLv2+
Requires(pre): /sbin/install-info
Requires(post): /sbin/install-info
Requires: libgpg-error-devel
Requires: %{name} = %{version}-%{release}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description
Libgcrypt is a general purpose crypto library based on the code used
@ -102,65 +63,63 @@ in GNU Privacy Guard. This package contains files needed to develop
applications using libgcrypt.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%{SOURCE3}
%patch2 -p1 -b .use-fipscheck
%patch5 -p1 -b .fips-keygen
%patch6 -p1 -b .tests-fipsmode
%patch7 -p1 -b .cavs
%patch11 -p1 -b .use-poll
%patch13 -p1 -b .gccopt
%patch14 -p1 -b .eccfix
%patch18 -p1 -b .fips-ctor
%patch22 -p1 -b .fips-reqs
%patch24 -p1 -b .getrandom
%patch25 -p1 -b .cmac-selftest
%patch26 -p1 -b .fips-enttest
%patch27 -p1 -b .fips-enforce
%patch28 -p1 -b .intel-cet
%patch29 -p1 -b .build
%patch30 -p1 -b .fips-module
%patch31 -p1 -b .aes-perf
%patch32 -p1 -b .kdf-selftest
%patch33 -p1 -b .ppc-sha2
%patch34 -p1 -b .ppc-crc32
%patch35 -p1 -b .ppc-bugfix
%patch36 -p1 -b .ppc-aes-gcm
%patch37 -p1 -b .CVE-2021-40528
%patch38 -p1 -b .hw-fips
%patch39 -p1 -b .ppc-chacha
%patch40 -p1 -b .elgamal-blinding
cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} tests/
%patch 1 -p1
%patch 2 -p1
%patch 3 -p1
%patch 4 -p1
%patch 5 -p1
%patch 6 -p1
%build
# should be all algorithms except SM3 and SM4, aria
export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
autoreconf -f
%configure --disable-static \
%ifarch sparc64
--disable-asm \
%endif
--enable-noexecstack \
--enable-hmac-binary-check \
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
--disable-O-flag-munging
--enable-hmac-binary-check=%{hmackey} \
--disable-jent-support \
--disable-O-flag-munging \
--enable-digests="$DIGESTS" \
--enable-ciphers="$CIPHERS" \
--enable-marvin-workaround \
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
make %{?_smp_mflags}
%make_build
%check
fipshmac src/.libs/libgcrypt.so.??
make check
# try in faked FIPS mode too
LIBGCRYPT_FORCE_FIPS_MODE=1 make check
PROFILE=%{?dist} annocheck --ignore-unknown --verbose --profile=${PROFILE:1} $RPM_BUILD_ROOT%{gcrylibdir}/libgcrypt.so.20.5.0
# Add generation of HMAC checksums of the final stripped binaries
%define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac $RPM_BUILD_ROOT%{gcrylibdir}/*.so.?? \
cd src \
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac
%{nil}
%install
make install DESTDIR=$RPM_BUILD_ROOT
%make_install
# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
@ -201,32 +160,13 @@ popd
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
# that _someone_ owns it.
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
# Drop the pkgconfig as it would require an updated libgpg-error
rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libgcrypt.pc
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post devel
[ -f %{_infodir}/gcrypt.info.gz ] && \
/sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir
exit 0
%preun devel
if [ $1 = 0 -a -f %{_infodir}/gcrypt.info.gz ]; then
/sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir
fi
exit 0
%ldconfig_scriptlets
%files
%dir /etc/gcrypt
%config(noreplace) /etc/gcrypt/random.conf
%{gcrylibdir}/libgcrypt.so.*
%{gcrylibdir}/.libgcrypt.so.*.hmac
%{!?_licensedir:%global license %%doc}
%{gcrylibdir}/libgcrypt.so.*.*
%{gcrylibdir}/%{gcrysoname}
%license COPYING.LIB
%doc AUTHORS NEWS THANKS
@ -237,42 +177,168 @@ exit 0
%{_bindir}/mpicalc
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/libgcrypt.pc
%{_datadir}/aclocal/*
%{_mandir}/man1/*
%{_infodir}/gcrypt.info*
%{!?_licensedir:%global license %%doc}
%license COPYING
%changelog
* Tue Apr 05 2022 Jakub Jelen <jjelen@redhat.com> - 1.8.5-7
- Fix CVE-2021-33560 (#2018525)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.11.0-5
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-6
- Fix for CVE-2021-40528 (#1971421)
- Enable HW optimizations in FIPS (#1976137)
- Performance enchancements for ChaCha20 and Poly1305 (#1855231)
* Thu Oct 17 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-4
- Fix remaining protection flags on shared object for Aarch64
- Fix CVE-2024-2236 (RHEL-58736)
* Thu May 13 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-5
- Performance enchancements for AES-GCM, CRC32 and SHA2 (#1855231)
* Fri Jul 26 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-3
- Add CF protection on x86_64
* Mon Jun 15 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
- add PBKDF2 selftest for FIPS POST
* Thu Jul 25 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-2
- Clean up flags to pass rpminspect checks
- Fix memory leaks reported by static analysis
* Tue Apr 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
- new upstream version 1.8.5
* Wed Jul 03 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-1
- New upstream release (#2293064)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.10.3-4
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Nov 14 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.3-1
- New upstream release (#2249639)
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Apr 11 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.2-1
- New upstream release (#2185084)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Dec 3 2022 Florian Weimer <fweimer@redhat.com> - 1.10.1-6
- Port configure script to C99
* Tue Nov 08 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-5
- enable brainpool by default (#1413618)
- fix sporadic failures generating RSA keys in FIPS mode
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun May 29 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-3
- improve --disable-brainpool configure output
- use %%bcond_with to disable brainpool curves
* Fri Apr 08 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-2
- Adjust integrity check creation to match upstream (#2073018)
* Tue Mar 29 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-1
- Final release (#2069263)
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
- New upstream release (#2049322)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 23 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
- New upstream release (#1996467)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jun 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-3
- Fix for CVE-2021-33560 (#1970098)
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
- Restore the CET protection (#1954049)
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
- New upstream release (#1951325)
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3
- Fix issues reported by coverity
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2
- Fix OCB tag creation on s390x (failing gnupg2 tests)
* Wed Feb 17 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-1
- New upstream release (#1929630)
* Fri Jan 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
- New upstream release (#1922156, #1922097)
* Wed Jan 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
- New upstream release (#1917878)
* Tue Nov 24 2020 Jakub Jelen <jjelen@redhat.com> - 1.8.7-1
- new upstream release (#1891123)
* Fri Aug 21 2020 Jeff Law <law@redhat.com> - 1.8.6-4
- Re-enable LTO
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Tom Stellard <tstellar@redhat.com> - 1.8.6-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon Jul 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.6-1
- new upstream version 1.8.6
* Wed Jul 1 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-7
- use the hmac256 tool to calculate the library hmac
* Tue Jun 30 2020 Jeff Law <law@redhat.com>
- Disable LTO
* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-6
- Fix regression - missing -ldl linkage
* Wed Apr 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-5
- AES performance improvements backported from master branch
* Mon Apr 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
- FIPS selftest is run directly from the constructor
- FIPS module is implicit with kernel FIPS flag
- always run the FIPS selftests if FIPS module is installed
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
- improve the continuous FIPS entropy test
* Thu Jan 30 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
- fix the build on ARMv7
* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-3
* Thu Jan 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-2
- Intel CET support by H. J. Lu
* Tue Sep 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.5-1
- new upstream version 1.8.5
- add CMAC selftest for FIPS POST
- add continuous FIPS entropy test
- disable non-approved FIPS hashes in the enforced FIPS mode
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Feb 12 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.4-3
- fix the build tests to pass in the FIPS mode
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 20 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.4-1
- new upstream version 1.8.4
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jul 12 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.3-2
- make only_urandom a default in non-presence of configuration file
- run the full FIPS selftests only when the library is called from

23
plans/ci.fmf Normal file
View File

@ -0,0 +1,23 @@
/fips-disabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libgcrypt
name: /plans/ci/fips-disabled-buildroot-disabled
/fips-disabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libgcrypt
name: /plans/ci/fips-disabled-buildroot-enabled
/fips-enabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libgcrypt
name: /plans/ci/fips-enabled-buildroot-disabled
/fips-enabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libgcrypt
name: /plans/ci/fips-enabled-buildroot-enabled

86
signature_key.asc Normal file
View File

@ -0,0 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (libgcrypt-1.11.0.tar.bz2) = 8e093e69e3c45d30838625ca008e995556f0d5b272de1c003d44ef94633bcc0d0ef5d95e8725eb531bfafb4490ac273488633e0c801200d4666194f86c3e270e
SHA512 (libgcrypt-1.11.0.tar.bz2.sig) = 8c5ceb50d70ccdedcc1ff4b31a65a07198567b85f582e3e67699cc3e5d012bebf7b1d4903652d11905a9cd845976ad7d3642474804777d0bdc46c6847d92fe38