![](https://seccdn.libravatar.org/avatar/af22e20b6884acbc89be6d7736c43e92.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2019-09-07 11:28:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old) and /work/SRC/openSUSE:Factory/.libgcrypt.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libgcrypt" Sat Sep 7 11:28:42 2019 rev:78 rq:727334 version:1.8.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2019-06-30 10:18:39.451355118 +0200 +++ /work/SRC/openSUSE:Factory/.libgcrypt.new.7948/libgcrypt.changes 2019-09-07 11:28:47.222469056 +0200 @@ -1,0 +2,8 @@ +Fri Aug 30 14:17:48 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> + +- libgcrypt 1.8.5: + * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987) + * Improve ECDSA unblinding + * Provide a pkg-config file + +------------------------------------------------------------------- Old: ---- libgcrypt-1.8.4.tar.bz2 libgcrypt-1.8.4.tar.bz2.sig New: ---- libgcrypt-1.8.5.tar.bz2 libgcrypt-1.8.5.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgcrypt.spec ++++++ --- /var/tmp/diff_new_pack.zwTeui/_old 2019-09-07 11:28:47.990468959 +0200 +++ /var/tmp/diff_new_pack.zwTeui/_new 2019-09-07 11:28:47.994468959 +0200 @@ -21,12 +21,12 @@ %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.8.4 +Version: 1.8.5 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later Group: Development/Libraries/C and C++ -URL: http://directory.fsf.org/wiki/Libgcrypt +URL: https://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig Source2: baselibs.conf @@ -70,6 +70,7 @@ BuildRequires: fipscheck BuildRequires: libgpg-error-devel >= 1.25 BuildRequires: libtool +BuildRequires: pkgconfig %description Libgcrypt is a general purpose library of cryptographic building @@ -222,6 +223,7 @@ %{_libdir}/%{name}.so %{_includedir}/gcrypt*.h %{_datadir}/aclocal/%{name}.m4 +%{_libdir}/pkgconfig/libgcrypt.pc %if 0%{?separate_hmac256_binary} %files hmac256 ++++++ libgcrypt-1.8.4.tar.bz2 -> libgcrypt-1.8.5.tar.bz2 ++++++ ++++ 2246 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/AUTHORS new/libgcrypt-1.8.5/AUTHORS --- old/libgcrypt-1.8.4/AUTHORS 2018-06-13 09:18:30.000000000 +0200 +++ new/libgcrypt-1.8.5/AUTHORS 2019-08-29 15:03:40.000000000 +0200 @@ -21,7 +21,7 @@ List of Copyright holders ========================= - Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. + Copyright (C) 1989,1991-2019 Free Software Foundation, Inc. Copyright (C) 1994 X Consortium Copyright (C) 1996 L. Peter Deutsch Copyright (C) 1997 Werner Koch @@ -30,7 +30,7 @@ Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett Copyright (C) 2003 Nikos Mavroyanopoulos Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) - Copyright (C) 2012-2018 g10 Code GmbH + Copyright (C) 2012-2019 g10 Code GmbH Copyright (C) 2012 Simon Josefsson, Niels Möller Copyright (c) 2012 Intel Corporation Copyright (C) 2013 Christian Grothoff diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/ChangeLog new/libgcrypt-1.8.5/ChangeLog --- old/libgcrypt-1.8.4/ChangeLog 2018-10-26 19:32:29.000000000 +0200 +++ new/libgcrypt-1.8.5/ChangeLog 2019-08-29 15:12:08.000000000 +0200 @@ -1,3 +1,82 @@ +2019-08-29 Werner Koch <wk@gnupg.org> + + Release 1.8.5. + + commit 56606331bc2a80536db9fc11ad53695126007298 + + +2019-08-16 NIIBE Yutaka <gniibe@fsij.org> + + ecdsa: Fix unblinding too early. + + commit 1862f402d363dce946c3169d4f4f48c5eee052f1 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until + the last step. + +2019-08-09 NIIBE Yutaka <gniibe@fsij.org> + + dsa,ecdsa: Fix use of nonce, use larger one. + + commit db4e9976cc31b314aafad6626b2894e86ee44d60 + * cipher/dsa-common.c (_gcry_dsa_modify_k): New. + * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New. + * cipher/dsa.c (sign): Use _gcry_dsa_modify_k. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. + * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. + +2019-08-07 NIIBE Yutaka <gniibe@fsij.org> + Ján JanÄár <johny@neuromancer.sk> + + ecc: Add mitigation against timing attack. + + commit d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K. + * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger. + +2019-08-07 NIIBE Yutaka <gniibe@fsij.org> + + dsa,ecdsa: Allocate secure memory for RFC6979 generation. + + commit 5ad654a330859b140ffb69502c99e269f2cca9f3 + * cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory + just like _gcry_dsa_gen_k does. + +2019-07-15 NIIBE Yutaka <gniibe@fsij.org> + + tests: t-mpi-point: Remove implementation dependent checks. + + commit 0147a5e69e497fa0433e61faef77aa6ddf071aea + * tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y, + only comparison of Z is relevant, mathematically. + Remove useless check, where different values in equivalence class + exist. + (basic_ec_math_simplified): Likewise. + +2018-11-19 Andreas Metzler <ametzler@bebt.de> + + doc: Fix library initialization examples. + + commit 6faeca72b455541ed6da45c5e71c8eb7b10b8c0b + + +2018-11-14 Werner Koch <wk@gnupg.org> + + random: Initialize variable as requested by valgrind. + + commit 35e002d4b842f25e3fcb6036c21bdafc5214317e + random/jitterentropy-base.c: Init. + +2018-11-13 NIIBE Yutaka <gniibe@fsij.org> + + libgcrypt.m4: Update from master. + + commit 4141caabe76ad092f3487b4516ee481fba837adb + * src/libgcrypt.m4: Update from master. + +2018-10-30 NIIBE Yutaka <gniibe@fsij.org> + + libgcrypt.m4: Update from master. + + commit 0216418ab23a690662764098a17002754202a2c2 + * src/libgcrypt.m4: Update. + + libgrypt.pc: Provide pkg-config file. + + commit 813b002eaf3052586f25b36d0b72668cfad3e0ee + * configure.ac: Generate src/libgcrypt.pc. + * src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New. + (EXTRA_DIST): Add libgcrypt.pc.in. + * src/libgcrypt.pc.in: New. + 2018-10-26 Werner Koch <wk@gnupg.org> Release 1.8.4. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/Makefile.am new/libgcrypt-1.8.5/Makefile.am --- old/libgcrypt-1.8.4/Makefile.am 2018-10-24 12:30:31.000000000 +0200 +++ new/libgcrypt-1.8.5/Makefile.am 2018-10-26 19:52:23.000000000 +0200 @@ -21,7 +21,7 @@ # internal archive and before uploading this to the public server, # manual tests should be run and the git release tagged and pushed. # Adjust as needed. -RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgpg-error/ +RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgcrypt/v1.8/ # The key used to sign the released sources. Adjust as needed. RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/NEWS new/libgcrypt-1.8.5/NEWS --- old/libgcrypt-1.8.4/NEWS 2018-10-26 19:22:49.000000000 +0200 +++ new/libgcrypt-1.8.5/NEWS 2019-08-29 14:59:30.000000000 +0200 @@ -1,3 +1,20 @@ +Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5] +------------------------------------------------ + + * Bug fixes: + + - Add mitigation against an ECDSA timing attack. + [#4626,CVE-2019-13627] + + - Improve ECDSA unblinding. + + * Other features: + + - Provide a pkg-config file for libgcrypt. + + Release-info: https://dev.gnupg.org/T4683 + + Noteworthy changes in version 1.8.4 (2018-10-26) [C22/A2/R4] ------------------------------------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/README new/libgcrypt-1.8.5/README --- old/libgcrypt-1.8.4/README 2018-10-26 19:23:34.000000000 +0200 +++ new/libgcrypt-1.8.5/README 2018-10-26 20:09:25.000000000 +0200 @@ -189,7 +189,7 @@ Build Problems -------------- - If you have a problem with a a certain release, please first check + If you have a problem with a certain release, please first check the Release-info URL given in the NEWS file. We can't check all assembler files, so if you have problems diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/VERSION new/libgcrypt-1.8.5/VERSION --- old/libgcrypt-1.8.4/VERSION 2018-10-26 19:32:30.000000000 +0200 +++ new/libgcrypt-1.8.5/VERSION 2019-08-29 15:12:09.000000000 +0200 @@ -1 +1 @@ -1.8.4 +1.8.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/dsa-common.c new/libgcrypt-1.8.5/cipher/dsa-common.c --- old/libgcrypt-1.8.4/cipher/dsa-common.c 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/cipher/dsa-common.c 2019-08-19 10:07:08.000000000 +0200 @@ -30,6 +30,30 @@ /* + * Modify K, so that computation time difference can be small, + * by making K large enough. + * + * Originally, (EC)DSA computation requires k where 0 < k < q. Here, + * we add q (the order), to keep k in a range: q < k < 2*q (or, + * addming more q, to keep k in a range: 2*q < k < 3*q), so that + * timing difference of the EC multiply (or exponentiation) operation + * can be small. The result of (EC)DSA computation is same. + */ +void +_gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits) +{ + gcry_mpi_t k1 = mpi_new (qbits+2); + + mpi_resize (k, (qbits+2+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB); + k->nlimbs = k->alloced; + mpi_add (k, k, q); + mpi_add (k1, k, q); + mpi_set_cond (k, k1, !mpi_test_bit (k, qbits)); + + mpi_free (k1); +} + +/* * Generate a random secret exponent K less than Q. * Note that ECDSA uses this code also to generate D. */ @@ -265,7 +289,7 @@ memcpy (V, _gcry_md_read (hd, 0), hlen); /* Step h. */ - t = xtrymalloc ((qbits+7)/8+hlen); + t = xtrymalloc_secure ((qbits+7)/8+hlen); if (!t) { rc = gpg_err_code_from_syserror (); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/dsa.c new/libgcrypt-1.8.5/cipher/dsa.c --- old/libgcrypt-1.8.4/cipher/dsa.c 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/cipher/dsa.c 2019-08-19 10:07:08.000000000 +0200 @@ -635,6 +635,8 @@ k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM); } + _gcry_dsa_modify_k (k, skey->q, qbits); + /* r = (a^k mod p) mod q */ mpi_powm( r, skey->g, k, skey->p ); mpi_fdiv_r( r, r, skey->q ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/ecc-ecdsa.c new/libgcrypt-1.8.5/cipher/ecc-ecdsa.c --- old/libgcrypt-1.8.4/cipher/ecc-ecdsa.c 2018-06-13 09:15:46.000000000 +0200 +++ new/libgcrypt-1.8.5/cipher/ecc-ecdsa.c 2019-08-19 10:07:08.000000000 +0200 @@ -114,6 +114,8 @@ else k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { @@ -126,13 +128,15 @@ } while (!mpi_cmp_ui (r, 0)); + /* Computation of dr, sum, and s are blinded with b. */ mpi_mulm (dr, b, skey->d, skey->E.n); - mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */ + mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */ mpi_mulm (sum, b, hash, skey->E.n); - mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */ - mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */ + mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */ + /* Undo blinding by b^-1 */ + mpi_mulm (s, bi, s, skey->E.n); } while (!mpi_cmp_ui (s, 0)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/ecc-gost.c new/libgcrypt-1.8.5/cipher/ecc-gost.c --- old/libgcrypt-1.8.4/cipher/ecc-gost.c 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/cipher/ecc-gost.c 2019-08-19 10:07:08.000000000 +0200 @@ -94,6 +94,8 @@ mpi_free (k); k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/pubkey-internal.h new/libgcrypt-1.8.5/cipher/pubkey-internal.h --- old/libgcrypt-1.8.4/cipher/pubkey-internal.h 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/cipher/pubkey-internal.h 2019-08-19 10:07:08.000000000 +0200 @@ -84,6 +84,7 @@ /*-- dsa-common.c --*/ +void _gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits); gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level); gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, gcry_mpi_t dsa_q, gcry_mpi_t dsa_x, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/compat/compat.c new/libgcrypt-1.8.5/compat/compat.c --- old/libgcrypt-1.8.4/compat/compat.c 2018-06-13 09:17:49.000000000 +0200 +++ new/libgcrypt-1.8.5/compat/compat.c 2019-08-29 15:05:04.000000000 +0200 @@ -30,8 +30,8 @@ static const char blurb[] = "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" - "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2018 g10 Code GmbH\n" + "Copyright (C) 2000-2019 Free Software Foundation, Inc.\n" + "Copyright (C) 2012-2019 g10 Code GmbH\n" "Copyright (C) 2013-2018 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/configure.ac new/libgcrypt-1.8.5/configure.ac --- old/libgcrypt-1.8.4/configure.ac 2018-06-13 10:01:04.000000000 +0200 +++ new/libgcrypt-1.8.5/configure.ac 2019-08-29 15:00:08.000000000 +0200 @@ -30,7 +30,7 @@ # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [8]) -m4_define(mym4_version_micro, [4]) +m4_define(mym4_version_micro, [5]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -50,13 +50,13 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) -# LT Version numbers, remember to change them just *before* a release. +# LT Version numbers: In this branch we only change the revision. # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=22 LIBGCRYPT_LT_AGE=2 -LIBGCRYPT_LT_REVISION=4 +LIBGCRYPT_LT_REVISION=5 # If the API is changed in an incompatible way: increment the next counter. @@ -2613,6 +2613,7 @@ src/Makefile src/gcrypt.h src/libgcrypt-config +src/libgcrypt.pc src/versioninfo.rc tests/Makefile ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/fips-fsm.eps new/libgcrypt-1.8.5/doc/fips-fsm.eps --- old/libgcrypt-1.8.4/doc/fips-fsm.eps 2018-10-26 19:32:26.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/fips-fsm.eps 2019-08-29 15:12:05.000000000 +0200 @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 %%Title: /home/wk/s/libgcrypt-1.8/doc/fips-fsm.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Fri Oct 26 19:32:26 2018 +%%CreationDate: Thu Aug 29 15:12:05 2019 %%BoundingBox: 0 0 497 579 %Magnification: 1.0000 %%EndComments Binary files old/libgcrypt-1.8.4/doc/fips-fsm.pdf and new/libgcrypt-1.8.5/doc/fips-fsm.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.info new/libgcrypt-1.8.5/doc/gcrypt.info --- old/libgcrypt-1.8.4/doc/gcrypt.info 2018-10-26 19:32:29.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/gcrypt.info 2019-08-29 15:12:07.000000000 +0200 @@ -1,6 +1,6 @@ -This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi. +This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi. -This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -20,114 +20,114 @@ Indirect: -gcrypt.info-1: 838 -gcrypt.info-2: 300899 +gcrypt.info-1: 839 +gcrypt.info-2: 301225 Tag Table: (Indirect) -Node: Top838 -Node: Introduction3367 -Node: Getting Started3739 -Node: Features4619 -Node: Overview5403 -Node: Preparation6026 -Node: Header6949 -Node: Building sources8020 -Node: Building sources using Automake9937 -Node: Initializing the library11865 -Ref: sample-use-suspend-secmem14933 -Ref: sample-use-resume-secmem15776 -Node: Multi-Threading16679 -Ref: Multi-Threading-Footnote-117858 -Node: Enabling FIPS mode18267 -Ref: enabling fips mode18448 -Node: Hardware features20260 -Ref: hardware features20427 -Ref: Hardware features-Footnote-121508 -Node: Generalities21669 -Node: Controlling the library21928 -Node: Error Handling40099 -Node: Error Values42638 -Node: Error Sources47578 -Node: Error Codes49846 -Node: Error Strings53322 -Node: Handler Functions54506 -Node: Progress handler55065 -Node: Allocation handler57214 -Node: Error handler58760 -Node: Logging handler60326 -Node: Symmetric cryptography60918 -Node: Available ciphers61658 -Node: Available cipher modes64339 -Node: Working with cipher handles68192 -Node: General cipher functions79696 -Node: Public Key cryptography83222 -Node: Available algorithms83988 -Node: Used S-expressions84337 -Node: RSA key parameters85454 -Node: DSA key parameters86729 -Node: ECC key parameters87383 -Ref: ecc_keyparam87534 -Node: Cryptographic Functions89405 -Node: General public-key related Functions101252 -Node: Hashing114921 -Node: Available hash algorithms115654 -Node: Working with hash algorithms121617 -Node: Message Authentication Codes135749 -Node: Available MAC algorithms136417 -Node: Working with MAC algorithms141579 -Node: Key Derivation147567 -Node: Random Numbers149969 -Node: Quality of random numbers150252 -Node: Retrieving random numbers150935 -Node: S-expressions152424 -Node: Data types for S-expressions153069 -Node: Working with S-expressions153395 -Node: MPI library167105 -Node: Data types168127 -Node: Basic functions168436 -Node: MPI formats170900 -Node: Calculations174424 -Node: Comparisons176693 -Node: Bit manipulations177696 -Node: EC functions179018 -Ref: gcry_mpi_ec_new181967 -Node: Miscellaneous187526 -Node: Prime numbers191670 -Node: Generation191940 -Node: Checking193227 -Node: Utilities193637 -Node: Memory allocation194014 -Node: Context management195370 -Ref: gcry_ctx_release195808 -Node: Buffer description195969 -Node: Config reporting196756 -Node: Tools197706 -Node: hmac256197873 -Node: Configuration198879 -Node: Architecture201932 -Ref: fig:subsystems203456 -Ref: Architecture-Footnote-1204542 -Ref: Architecture-Footnote-2204604 -Node: Public-Key Subsystem Architecture204688 -Node: Symmetric Encryption Subsystem Architecture206966 -Node: Hashing and MACing Subsystem Architecture208412 -Node: Multi-Precision-Integer Subsystem Architecture210335 -Node: Prime-Number-Generator Subsystem Architecture211773 -Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1213704 -Node: Random-Number Subsystem Architecture213996 -Node: CSPRNG Description216945 -Ref: CSPRNG Description-Footnote-1218501 -Node: FIPS PRNG Description218624 -Node: Self-Tests220758 -Node: FIPS Mode232217 -Ref: fig:fips-fsm236043 -Ref: tbl:fips-states236146 -Ref: tbl:fips-state-transitions237398 -Node: Library Copying241019 -Node: Copying269125 -Node: Figures and Tables288301 -Node: Concept Index288726 -Node: Function and Data Index300899 +Node: Top839 +Node: Introduction3369 +Node: Getting Started3741 +Node: Features4621 +Node: Overview5405 +Node: Preparation6028 +Node: Header6951 +Node: Building sources8022 +Node: Building sources using Automake9939 +Node: Initializing the library11867 +Ref: sample-use-suspend-secmem15259 +Ref: sample-use-resume-secmem16102 +Node: Multi-Threading17005 +Ref: Multi-Threading-Footnote-118184 +Node: Enabling FIPS mode18593 +Ref: enabling fips mode18774 +Node: Hardware features20586 +Ref: hardware features20753 +Ref: Hardware features-Footnote-121834 +Node: Generalities21995 +Node: Controlling the library22254 +Node: Error Handling40425 +Node: Error Values42964 +Node: Error Sources47904 +Node: Error Codes50172 +Node: Error Strings53648 +Node: Handler Functions54832 +Node: Progress handler55391 +Node: Allocation handler57540 +Node: Error handler59086 +Node: Logging handler60652 +Node: Symmetric cryptography61244 +Node: Available ciphers61984 +Node: Available cipher modes64665 +Node: Working with cipher handles68518 +Node: General cipher functions80022 +Node: Public Key cryptography83548 +Node: Available algorithms84314 +Node: Used S-expressions84663 +Node: RSA key parameters85780 +Node: DSA key parameters87055 +Node: ECC key parameters87709 +Ref: ecc_keyparam87860 +Node: Cryptographic Functions89731 +Node: General public-key related Functions101578 +Node: Hashing115247 +Node: Available hash algorithms115980 +Node: Working with hash algorithms121943 +Node: Message Authentication Codes136075 +Node: Available MAC algorithms136743 +Node: Working with MAC algorithms141905 +Node: Key Derivation147893 +Node: Random Numbers150295 +Node: Quality of random numbers150578 +Node: Retrieving random numbers151261 +Node: S-expressions152750 +Node: Data types for S-expressions153395 +Node: Working with S-expressions153721 +Node: MPI library167431 +Node: Data types168453 +Node: Basic functions168762 +Node: MPI formats171226 +Node: Calculations174750 +Node: Comparisons177019 +Node: Bit manipulations178022 +Node: EC functions179344 +Ref: gcry_mpi_ec_new182293 +Node: Miscellaneous187852 +Node: Prime numbers191996 +Node: Generation192266 +Node: Checking193553 +Node: Utilities193963 +Node: Memory allocation194340 +Node: Context management195696 +Ref: gcry_ctx_release196134 +Node: Buffer description196295 +Node: Config reporting197082 +Node: Tools198032 +Node: hmac256198199 +Node: Configuration199205 +Node: Architecture202258 +Ref: fig:subsystems203782 +Ref: Architecture-Footnote-1204868 +Ref: Architecture-Footnote-2204930 +Node: Public-Key Subsystem Architecture205014 +Node: Symmetric Encryption Subsystem Architecture207292 +Node: Hashing and MACing Subsystem Architecture208738 +Node: Multi-Precision-Integer Subsystem Architecture210661 +Node: Prime-Number-Generator Subsystem Architecture212099 +Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1214030 +Node: Random-Number Subsystem Architecture214321 +Node: CSPRNG Description217270 +Ref: CSPRNG Description-Footnote-1218826 +Node: FIPS PRNG Description218949 +Node: Self-Tests221083 +Node: FIPS Mode232542 +Ref: fig:fips-fsm236368 +Ref: tbl:fips-states236471 +Ref: tbl:fips-state-transitions237723 +Node: Library Copying241344 +Node: Copying269450 +Node: Figures and Tables288626 +Node: Concept Index289051 +Node: Function and Data Index301225 End Tag Table diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.info-1 new/libgcrypt-1.8.5/doc/gcrypt.info-1 --- old/libgcrypt-1.8.4/doc/gcrypt.info-1 2018-10-26 19:32:29.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/gcrypt.info-1 2019-08-29 15:12:07.000000000 +0200 @@ -1,6 +1,6 @@ -This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi. +This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi. -This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -24,7 +24,7 @@ The Libgcrypt Library ********************* -This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -320,10 +320,12 @@ memory is not a problem, you should initialize Libgcrypt this way: /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) { - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); } @@ -340,10 +342,12 @@ of used and freed memory, you need to initialize Libgcrypt this way: /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) { - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); } @@ -5241,9 +5245,9 @@ (1) Chae Hoon Lim and Pil Joong Lee. A key recovery attack on discrete log-based schemes using a prime order subgroup. In Burton S. -Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages 249Â-263, -Berlin / Heidelberg / New York, 1997. Springer-Verlag. Described on -page 260. +Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages +249Â-263, Berlin / Heidelberg / New York, 1997. Springer-Verlag. +Described on page 260. File: gcrypt.info, Node: Random-Number Subsystem Architecture, Prev: Prime-Number-Generator Subsystem Architecture, Up: Architecture Binary files old/libgcrypt-1.8.4/doc/gcrypt.info-2 and new/libgcrypt-1.8.5/doc/gcrypt.info-2 differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.texi new/libgcrypt-1.8.5/doc/gcrypt.texi --- old/libgcrypt-1.8.4/doc/gcrypt.texi 2018-10-24 11:59:58.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/gcrypt.texi 2018-11-19 09:02:29.000000000 +0100 @@ -382,10 +382,12 @@ @example /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) @{ - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); @} @@ -405,10 +407,12 @@ @example /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) @{ - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); @} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/libgcrypt-modules.eps new/libgcrypt-1.8.5/doc/libgcrypt-modules.eps --- old/libgcrypt-1.8.4/doc/libgcrypt-modules.eps 2018-10-26 19:32:26.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/libgcrypt-modules.eps 2019-08-29 15:12:05.000000000 +0200 @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 %%Title: /home/wk/s/libgcrypt-1.8/doc/libgcrypt-modules.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Fri Oct 26 19:32:26 2018 +%%CreationDate: Thu Aug 29 15:12:05 2019 %%BoundingBox: 0 0 488 300 %Magnification: 1.0000 %%EndComments Binary files old/libgcrypt-1.8.4/doc/libgcrypt-modules.pdf and new/libgcrypt-1.8.5/doc/libgcrypt-modules.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/stamp-vti new/libgcrypt-1.8.5/doc/stamp-vti --- old/libgcrypt-1.8.4/doc/stamp-vti 2018-10-26 19:32:26.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/stamp-vti 2019-08-29 15:12:05.000000000 +0200 @@ -1,4 +1,4 @@ -@set UPDATED 24 October 2018 -@set UPDATED-MONTH October 2018 -@set EDITION 1.8.4 -@set VERSION 1.8.4 +@set UPDATED 19 November 2018 +@set UPDATED-MONTH November 2018 +@set EDITION 1.8.5 +@set VERSION 1.8.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/version.texi new/libgcrypt-1.8.5/doc/version.texi --- old/libgcrypt-1.8.4/doc/version.texi 2018-10-26 19:32:26.000000000 +0200 +++ new/libgcrypt-1.8.5/doc/version.texi 2019-08-29 15:12:05.000000000 +0200 @@ -1,4 +1,4 @@ -@set UPDATED 24 October 2018 -@set UPDATED-MONTH October 2018 -@set EDITION 1.8.4 -@set VERSION 1.8.4 +@set UPDATED 19 November 2018 +@set UPDATED-MONTH November 2018 +@set EDITION 1.8.5 +@set VERSION 1.8.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/mpi/ec.c new/libgcrypt-1.8.5/mpi/ec.c --- old/libgcrypt-1.8.4/mpi/ec.c 2018-06-11 18:46:24.000000000 +0200 +++ new/libgcrypt-1.8.5/mpi/ec.c 2019-08-19 10:07:08.000000000 +0200 @@ -1309,7 +1309,11 @@ unsigned int nbits; int j; - nbits = mpi_get_nbits (scalar); + if (mpi_cmp (scalar, ctx->p) >= 0) + nbits = mpi_get_nbits (scalar); + else + nbits = mpi_get_nbits (ctx->p); + if (ctx->model == MPI_EC_WEIERSTRASS) { mpi_set_ui (result->x, 1); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/random/jitterentropy-base.c new/libgcrypt-1.8.5/random/jitterentropy-base.c --- old/libgcrypt-1.8.4/random/jitterentropy-base.c 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/random/jitterentropy-base.c 2018-11-14 14:17:30.000000000 +0100 @@ -642,6 +642,8 @@ int count_stuck = 0; struct rand_data ec; + memset(&ec, 0, sizeof(ec)); + /* We could perform statistical tests here, but the problem is * that we only have a few loop counts to do testing. These * loop counts may show some slight skew and we produce diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/Makefile.am new/libgcrypt-1.8.5/src/Makefile.am --- old/libgcrypt-1.8.4/src/Makefile.am 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/src/Makefile.am 2018-11-14 14:16:40.000000000 +0100 @@ -20,8 +20,11 @@ ## Process this file with automake to produce Makefile.in +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libgcrypt.pc + EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ - gcrypt.h.in libgcrypt.def + gcrypt.h.in libgcrypt.def libgcrypt.pc.in bin_SCRIPTS = libgcrypt-config m4datadir = $(datadir)/aclocal diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/libgcrypt.m4 new/libgcrypt-1.8.5/src/libgcrypt.m4 --- old/libgcrypt-1.8.4/src/libgcrypt.m4 2017-11-23 19:16:58.000000000 +0100 +++ new/libgcrypt-1.8.5/src/libgcrypt.m4 2018-11-14 14:16:40.000000000 +0100 @@ -1,5 +1,5 @@ # libgcrypt.m4 - Autoconf macros to detect libgcrypt -# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -9,7 +9,7 @@ # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # -# Last-changed: 2014-10-02 +# Last-changed: 2018-11-13 dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, @@ -36,8 +36,20 @@ if test x"${LIBGCRYPT_CONFIG}" = x ; then if test x"${libgcrypt_config_prefix}" != x ; then LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" - else - case "${SYSROOT}" in + fi + fi + + use_gpgrt_config="" + if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then + if $GPGRT_CONFIG libgcrypt --exists; then + LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" + AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config]) + use_gpgrt_config=yes + fi + fi + if test -z "$use_gpgrt_config"; then + if test x"${LIBGCRYPT_CONFIG}" = x ; then + case "${SYSROOT}" in /*) if test -x "${SYSROOT}/bin/libgcrypt-config" ; then LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" @@ -48,11 +60,11 @@ *) AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) ;; - esac - fi + esac + fi + AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) fi - AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` @@ -71,7 +83,11 @@ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` req_micro=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + else + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` + fi major=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` minor=`echo $libgcrypt_config_version | \ @@ -103,7 +119,11 @@ # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + if test -z "$use_gpgrt_config"; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + else + tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` + fi if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([LIBGCRYPT API version]) if test "$req_libgcrypt_api" -eq "$tmp" ; then @@ -119,12 +139,16 @@ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) - libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi if test x"$libgcrypt_config_host" != xnone ; then if test x"$libgcrypt_config_host" != x"$host" ; then AC_MSG_WARN([[ *** -*** The config script $LIBGCRYPT_CONFIG was +*** The config script "$LIBGCRYPT_CONFIG" was *** built for $libgcrypt_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-libgcrypt-prefix diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/libgcrypt.pc.in new/libgcrypt-1.8.5/src/libgcrypt.pc.in --- old/libgcrypt-1.8.4/src/libgcrypt.pc.in 1970-01-01 01:00:00.000000000 +0100 +++ new/libgcrypt-1.8.5/src/libgcrypt.pc.in 2018-11-14 14:16:40.000000000 +0100 @@ -0,0 +1,17 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +includedir=@includedir@ +libdir=@libdir@ +host=@LIBGCRYPT_CONFIG_HOST@ +api_version=@LIBGCRYPT_CONFIG_API_VERSION@ +symmetric_ciphers="@LIBGCRYPT_CIPHERS@" +asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@" +digests="@LIBGCRYPT_DIGESTS@" + +Name: libgcrypt +Description: General purpose cryptographic library +Requires: gpg-error +Version: @PACKAGE_VERSION@ +Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ +Libs: @LIBGCRYPT_CONFIG_LIBS@ +URL: https://www.gnupg.org/software/libgcrypt/index.html diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/versioninfo.rc.in new/libgcrypt-1.8.5/src/versioninfo.rc.in --- old/libgcrypt-1.8.4/src/versioninfo.rc.in 2018-06-13 09:17:09.000000000 +0200 +++ new/libgcrypt-1.8.5/src/versioninfo.rc.in 2019-08-29 15:03:26.000000000 +0200 @@ -39,7 +39,7 @@ VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright © 2018 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright © 2019 Free Software Foundation, Inc.\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/tests/t-mpi-point.c new/libgcrypt-1.8.5/tests/t-mpi-point.c --- old/libgcrypt-1.8.4/tests/t-mpi-point.c 2018-06-11 18:46:23.000000000 +0200 +++ new/libgcrypt-1.8.5/tests/t-mpi-point.c 2019-08-19 10:07:08.000000000 +0200 @@ -748,23 +748,11 @@ gcry_mpi_ec_mul (Q, tmp, G, ctx); gcry_mpi_release (tmp); gcry_mpi_point_get (x, y, z, Q); - if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 0) - || gcry_mpi_cmp_ui (z, 0)) + if (gcry_mpi_cmp_ui (z, 0)) fail ("multiply a point by zero failed\n"); } gcry_mpi_ec_mul (Q, d, G, ctx); - gcry_mpi_point_get (x, y, z, Q); - if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66") - || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8") - || cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F")) - fail ("computed public key does not match\n"); - if (debug) - { - print_mpi ("Q.x", x); - print_mpi ("Q.y", y); - print_mpi ("Q.z", z); - } if (gcry_mpi_ec_get_affine (x, y, Q, ctx)) fail ("failed to get affine coordinates\n"); @@ -818,17 +806,6 @@ x = gcry_mpi_new (0); y = gcry_mpi_new (0); z = gcry_mpi_new (0); - gcry_mpi_point_get (x, y, z, Q); - if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66") - || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8") - || cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F")) - fail ("computed public key does not match\n"); - if (debug) - { - print_mpi ("Q.x", x); - print_mpi ("Q.y", y); - print_mpi ("Q.z", z); - } if (gcry_mpi_ec_get_affine (x, y, Q, ctx)) fail ("failed to get affine coordinates\n");