Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2019-09-07 11:28:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Sat Sep 7 11:28:42 2019 rev:78 rq:727334 version:1.8.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2019-06-30 10:18:39.451355118 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new.7948/libgcrypt.changes 2019-09-07 11:28:47.222469056 +0200
@@ -1,0 +2,8 @@
+Fri Aug 30 14:17:48 UTC 2019 - Andreas Stieger
+
+- libgcrypt 1.8.5:
+ * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
+ * Improve ECDSA unblinding
+ * Provide a pkg-config file
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.8.4.tar.bz2
libgcrypt-1.8.4.tar.bz2.sig
New:
----
libgcrypt-1.8.5.tar.bz2
libgcrypt-1.8.5.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.zwTeui/_old 2019-09-07 11:28:47.990468959 +0200
+++ /var/tmp/diff_new_pack.zwTeui/_new 2019-09-07 11:28:47.994468959 +0200
@@ -21,12 +21,12 @@
%define libsoname %{name}20
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.8.4
+Version: 1.8.5
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
Group: Development/Libraries/C and C++
-URL: http://directory.fsf.org/wiki/Libgcrypt
+URL: https://directory.fsf.org/wiki/Libgcrypt
Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
@@ -70,6 +70,7 @@
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.25
BuildRequires: libtool
+BuildRequires: pkgconfig
%description
Libgcrypt is a general purpose library of cryptographic building
@@ -222,6 +223,7 @@
%{_libdir}/%{name}.so
%{_includedir}/gcrypt*.h
%{_datadir}/aclocal/%{name}.m4
+%{_libdir}/pkgconfig/libgcrypt.pc
%if 0%{?separate_hmac256_binary}
%files hmac256
++++++ libgcrypt-1.8.4.tar.bz2 -> libgcrypt-1.8.5.tar.bz2 ++++++
++++ 2246 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/AUTHORS new/libgcrypt-1.8.5/AUTHORS
--- old/libgcrypt-1.8.4/AUTHORS 2018-06-13 09:18:30.000000000 +0200
+++ new/libgcrypt-1.8.5/AUTHORS 2019-08-29 15:03:40.000000000 +0200
@@ -21,7 +21,7 @@
List of Copyright holders
=========================
- Copyright (C) 1989,1991-2018 Free Software Foundation, Inc.
+ Copyright (C) 1989,1991-2019 Free Software Foundation, Inc.
Copyright (C) 1994 X Consortium
Copyright (C) 1996 L. Peter Deutsch
Copyright (C) 1997 Werner Koch
@@ -30,7 +30,7 @@
Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett
Copyright (C) 2003 Nikos Mavroyanopoulos
Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation)
- Copyright (C) 2012-2018 g10 Code GmbH
+ Copyright (C) 2012-2019 g10 Code GmbH
Copyright (C) 2012 Simon Josefsson, Niels Möller
Copyright (c) 2012 Intel Corporation
Copyright (C) 2013 Christian Grothoff
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/ChangeLog new/libgcrypt-1.8.5/ChangeLog
--- old/libgcrypt-1.8.4/ChangeLog 2018-10-26 19:32:29.000000000 +0200
+++ new/libgcrypt-1.8.5/ChangeLog 2019-08-29 15:12:08.000000000 +0200
@@ -1,3 +1,82 @@
+2019-08-29 Werner Koch
+
+ Release 1.8.5.
+ + commit 56606331bc2a80536db9fc11ad53695126007298
+
+
+2019-08-16 NIIBE Yutaka
+
+ ecdsa: Fix unblinding too early.
+ + commit 1862f402d363dce946c3169d4f4f48c5eee052f1
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until
+ the last step.
+
+2019-08-09 NIIBE Yutaka
+
+ dsa,ecdsa: Fix use of nonce, use larger one.
+ + commit db4e9976cc31b314aafad6626b2894e86ee44d60
+ * cipher/dsa-common.c (_gcry_dsa_modify_k): New.
+ * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New.
+ * cipher/dsa.c (sign): Use _gcry_dsa_modify_k.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
+ * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise.
+
+2019-08-07 NIIBE Yutaka
+ Ján JanÄár
+
+ ecc: Add mitigation against timing attack.
+ + commit d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K.
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger.
+
+2019-08-07 NIIBE Yutaka
+
+ dsa,ecdsa: Allocate secure memory for RFC6979 generation.
+ + commit 5ad654a330859b140ffb69502c99e269f2cca9f3
+ * cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory
+ just like _gcry_dsa_gen_k does.
+
+2019-07-15 NIIBE Yutaka
+
+ tests: t-mpi-point: Remove implementation dependent checks.
+ + commit 0147a5e69e497fa0433e61faef77aa6ddf071aea
+ * tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y,
+ only comparison of Z is relevant, mathematically.
+ Remove useless check, where different values in equivalence class
+ exist.
+ (basic_ec_math_simplified): Likewise.
+
+2018-11-19 Andreas Metzler
+
+ doc: Fix library initialization examples.
+ + commit 6faeca72b455541ed6da45c5e71c8eb7b10b8c0b
+
+
+2018-11-14 Werner Koch
+
+ random: Initialize variable as requested by valgrind.
+ + commit 35e002d4b842f25e3fcb6036c21bdafc5214317e
+ random/jitterentropy-base.c: Init.
+
+2018-11-13 NIIBE Yutaka
+
+ libgcrypt.m4: Update from master.
+ + commit 4141caabe76ad092f3487b4516ee481fba837adb
+ * src/libgcrypt.m4: Update from master.
+
+2018-10-30 NIIBE Yutaka
+
+ libgcrypt.m4: Update from master.
+ + commit 0216418ab23a690662764098a17002754202a2c2
+ * src/libgcrypt.m4: Update.
+
+ libgrypt.pc: Provide pkg-config file.
+ + commit 813b002eaf3052586f25b36d0b72668cfad3e0ee
+ * configure.ac: Generate src/libgcrypt.pc.
+ * src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
+ (EXTRA_DIST): Add libgcrypt.pc.in.
+ * src/libgcrypt.pc.in: New.
+
2018-10-26 Werner Koch
Release 1.8.4.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/Makefile.am new/libgcrypt-1.8.5/Makefile.am
--- old/libgcrypt-1.8.4/Makefile.am 2018-10-24 12:30:31.000000000 +0200
+++ new/libgcrypt-1.8.5/Makefile.am 2018-10-26 19:52:23.000000000 +0200
@@ -21,7 +21,7 @@
# internal archive and before uploading this to the public server,
# manual tests should be run and the git release tagged and pushed.
# Adjust as needed.
-RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgpg-error/
+RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgcrypt/v1.8/
# The key used to sign the released sources. Adjust as needed.
RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/NEWS new/libgcrypt-1.8.5/NEWS
--- old/libgcrypt-1.8.4/NEWS 2018-10-26 19:22:49.000000000 +0200
+++ new/libgcrypt-1.8.5/NEWS 2019-08-29 14:59:30.000000000 +0200
@@ -1,3 +1,20 @@
+Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5]
+------------------------------------------------
+
+ * Bug fixes:
+
+ - Add mitigation against an ECDSA timing attack.
+ [#4626,CVE-2019-13627]
+
+ - Improve ECDSA unblinding.
+
+ * Other features:
+
+ - Provide a pkg-config file for libgcrypt.
+
+ Release-info: https://dev.gnupg.org/T4683
+
+
Noteworthy changes in version 1.8.4 (2018-10-26) [C22/A2/R4]
------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/README new/libgcrypt-1.8.5/README
--- old/libgcrypt-1.8.4/README 2018-10-26 19:23:34.000000000 +0200
+++ new/libgcrypt-1.8.5/README 2018-10-26 20:09:25.000000000 +0200
@@ -189,7 +189,7 @@
Build Problems
--------------
- If you have a problem with a a certain release, please first check
+ If you have a problem with a certain release, please first check
the Release-info URL given in the NEWS file.
We can't check all assembler files, so if you have problems
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/VERSION new/libgcrypt-1.8.5/VERSION
--- old/libgcrypt-1.8.4/VERSION 2018-10-26 19:32:30.000000000 +0200
+++ new/libgcrypt-1.8.5/VERSION 2019-08-29 15:12:09.000000000 +0200
@@ -1 +1 @@
-1.8.4
+1.8.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/dsa-common.c new/libgcrypt-1.8.5/cipher/dsa-common.c
--- old/libgcrypt-1.8.4/cipher/dsa-common.c 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/cipher/dsa-common.c 2019-08-19 10:07:08.000000000 +0200
@@ -30,6 +30,30 @@
/*
+ * Modify K, so that computation time difference can be small,
+ * by making K large enough.
+ *
+ * Originally, (EC)DSA computation requires k where 0 < k < q. Here,
+ * we add q (the order), to keep k in a range: q < k < 2*q (or,
+ * addming more q, to keep k in a range: 2*q < k < 3*q), so that
+ * timing difference of the EC multiply (or exponentiation) operation
+ * can be small. The result of (EC)DSA computation is same.
+ */
+void
+_gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits)
+{
+ gcry_mpi_t k1 = mpi_new (qbits+2);
+
+ mpi_resize (k, (qbits+2+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB);
+ k->nlimbs = k->alloced;
+ mpi_add (k, k, q);
+ mpi_add (k1, k, q);
+ mpi_set_cond (k, k1, !mpi_test_bit (k, qbits));
+
+ mpi_free (k1);
+}
+
+/*
* Generate a random secret exponent K less than Q.
* Note that ECDSA uses this code also to generate D.
*/
@@ -265,7 +289,7 @@
memcpy (V, _gcry_md_read (hd, 0), hlen);
/* Step h. */
- t = xtrymalloc ((qbits+7)/8+hlen);
+ t = xtrymalloc_secure ((qbits+7)/8+hlen);
if (!t)
{
rc = gpg_err_code_from_syserror ();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/dsa.c new/libgcrypt-1.8.5/cipher/dsa.c
--- old/libgcrypt-1.8.4/cipher/dsa.c 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/cipher/dsa.c 2019-08-19 10:07:08.000000000 +0200
@@ -635,6 +635,8 @@
k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM);
}
+ _gcry_dsa_modify_k (k, skey->q, qbits);
+
/* r = (a^k mod p) mod q */
mpi_powm( r, skey->g, k, skey->p );
mpi_fdiv_r( r, r, skey->q );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/ecc-ecdsa.c new/libgcrypt-1.8.5/cipher/ecc-ecdsa.c
--- old/libgcrypt-1.8.4/cipher/ecc-ecdsa.c 2018-06-13 09:15:46.000000000 +0200
+++ new/libgcrypt-1.8.5/cipher/ecc-ecdsa.c 2019-08-19 10:07:08.000000000 +0200
@@ -114,6 +114,8 @@
else
k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+ _gcry_dsa_modify_k (k, skey->E.n, qbits);
+
_gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
{
@@ -126,13 +128,15 @@
}
while (!mpi_cmp_ui (r, 0));
+ /* Computation of dr, sum, and s are blinded with b. */
mpi_mulm (dr, b, skey->d, skey->E.n);
- mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */
+ mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */
mpi_mulm (sum, b, hash, skey->E.n);
- mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */
- mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */
+ mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */
mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */
mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
+ /* Undo blinding by b^-1 */
+ mpi_mulm (s, bi, s, skey->E.n);
}
while (!mpi_cmp_ui (s, 0));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/ecc-gost.c new/libgcrypt-1.8.5/cipher/ecc-gost.c
--- old/libgcrypt-1.8.4/cipher/ecc-gost.c 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/cipher/ecc-gost.c 2019-08-19 10:07:08.000000000 +0200
@@ -94,6 +94,8 @@
mpi_free (k);
k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+ _gcry_dsa_modify_k (k, skey->E.n, qbits);
+
_gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/cipher/pubkey-internal.h new/libgcrypt-1.8.5/cipher/pubkey-internal.h
--- old/libgcrypt-1.8.4/cipher/pubkey-internal.h 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/cipher/pubkey-internal.h 2019-08-19 10:07:08.000000000 +0200
@@ -84,6 +84,7 @@
/*-- dsa-common.c --*/
+void _gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits);
gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level);
gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
gcry_mpi_t dsa_q, gcry_mpi_t dsa_x,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/compat/compat.c new/libgcrypt-1.8.5/compat/compat.c
--- old/libgcrypt-1.8.4/compat/compat.c 2018-06-13 09:17:49.000000000 +0200
+++ new/libgcrypt-1.8.5/compat/compat.c 2019-08-29 15:05:04.000000000 +0200
@@ -30,8 +30,8 @@
static const char blurb[] =
"\n\n"
"This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n"
- "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n"
- "Copyright (C) 2012-2018 g10 Code GmbH\n"
+ "Copyright (C) 2000-2019 Free Software Foundation, Inc.\n"
+ "Copyright (C) 2012-2019 g10 Code GmbH\n"
"Copyright (C) 2013-2018 Jussi Kivilinna\n"
"\n"
"(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/configure.ac new/libgcrypt-1.8.5/configure.ac
--- old/libgcrypt-1.8.4/configure.ac 2018-06-13 10:01:04.000000000 +0200
+++ new/libgcrypt-1.8.5/configure.ac 2019-08-29 15:00:08.000000000 +0200
@@ -30,7 +30,7 @@
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [4])
+m4_define(mym4_version_micro, [5])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
@@ -50,13 +50,13 @@
AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
-# LT Version numbers, remember to change them just *before* a release.
+# LT Version numbers: In this branch we only change the revision.
# (Interfaces removed: CURRENT++, AGE=0, REVISION=0)
# (Interfaces added: CURRENT++, AGE++, REVISION=0)
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=4
+LIBGCRYPT_LT_REVISION=5
# If the API is changed in an incompatible way: increment the next counter.
@@ -2613,6 +2613,7 @@
src/Makefile
src/gcrypt.h
src/libgcrypt-config
+src/libgcrypt.pc
src/versioninfo.rc
tests/Makefile
])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/fips-fsm.eps new/libgcrypt-1.8.5/doc/fips-fsm.eps
--- old/libgcrypt-1.8.4/doc/fips-fsm.eps 2018-10-26 19:32:26.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/fips-fsm.eps 2019-08-29 15:12:05.000000000 +0200
@@ -1,7 +1,7 @@
%!PS-Adobe-3.0 EPSF-3.0
%%Title: /home/wk/s/libgcrypt-1.8/doc/fips-fsm.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Fri Oct 26 19:32:26 2018
+%%CreationDate: Thu Aug 29 15:12:05 2019
%%BoundingBox: 0 0 497 579
%Magnification: 1.0000
%%EndComments
Binary files old/libgcrypt-1.8.4/doc/fips-fsm.pdf and new/libgcrypt-1.8.5/doc/fips-fsm.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.info new/libgcrypt-1.8.5/doc/gcrypt.info
--- old/libgcrypt-1.8.4/doc/gcrypt.info 2018-10-26 19:32:29.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/gcrypt.info 2019-08-29 15:12:07.000000000 +0200
@@ -1,6 +1,6 @@
-This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
+This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
+This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -20,114 +20,114 @@
Indirect:
-gcrypt.info-1: 838
-gcrypt.info-2: 300899
+gcrypt.info-1: 839
+gcrypt.info-2: 301225
Tag Table:
(Indirect)
-Node: Top838
-Node: Introduction3367
-Node: Getting Started3739
-Node: Features4619
-Node: Overview5403
-Node: Preparation6026
-Node: Header6949
-Node: Building sources8020
-Node: Building sources using Automake9937
-Node: Initializing the library11865
-Ref: sample-use-suspend-secmem14933
-Ref: sample-use-resume-secmem15776
-Node: Multi-Threading16679
-Ref: Multi-Threading-Footnote-117858
-Node: Enabling FIPS mode18267
-Ref: enabling fips mode18448
-Node: Hardware features20260
-Ref: hardware features20427
-Ref: Hardware features-Footnote-121508
-Node: Generalities21669
-Node: Controlling the library21928
-Node: Error Handling40099
-Node: Error Values42638
-Node: Error Sources47578
-Node: Error Codes49846
-Node: Error Strings53322
-Node: Handler Functions54506
-Node: Progress handler55065
-Node: Allocation handler57214
-Node: Error handler58760
-Node: Logging handler60326
-Node: Symmetric cryptography60918
-Node: Available ciphers61658
-Node: Available cipher modes64339
-Node: Working with cipher handles68192
-Node: General cipher functions79696
-Node: Public Key cryptography83222
-Node: Available algorithms83988
-Node: Used S-expressions84337
-Node: RSA key parameters85454
-Node: DSA key parameters86729
-Node: ECC key parameters87383
-Ref: ecc_keyparam87534
-Node: Cryptographic Functions89405
-Node: General public-key related Functions101252
-Node: Hashing114921
-Node: Available hash algorithms115654
-Node: Working with hash algorithms121617
-Node: Message Authentication Codes135749
-Node: Available MAC algorithms136417
-Node: Working with MAC algorithms141579
-Node: Key Derivation147567
-Node: Random Numbers149969
-Node: Quality of random numbers150252
-Node: Retrieving random numbers150935
-Node: S-expressions152424
-Node: Data types for S-expressions153069
-Node: Working with S-expressions153395
-Node: MPI library167105
-Node: Data types168127
-Node: Basic functions168436
-Node: MPI formats170900
-Node: Calculations174424
-Node: Comparisons176693
-Node: Bit manipulations177696
-Node: EC functions179018
-Ref: gcry_mpi_ec_new181967
-Node: Miscellaneous187526
-Node: Prime numbers191670
-Node: Generation191940
-Node: Checking193227
-Node: Utilities193637
-Node: Memory allocation194014
-Node: Context management195370
-Ref: gcry_ctx_release195808
-Node: Buffer description195969
-Node: Config reporting196756
-Node: Tools197706
-Node: hmac256197873
-Node: Configuration198879
-Node: Architecture201932
-Ref: fig:subsystems203456
-Ref: Architecture-Footnote-1204542
-Ref: Architecture-Footnote-2204604
-Node: Public-Key Subsystem Architecture204688
-Node: Symmetric Encryption Subsystem Architecture206966
-Node: Hashing and MACing Subsystem Architecture208412
-Node: Multi-Precision-Integer Subsystem Architecture210335
-Node: Prime-Number-Generator Subsystem Architecture211773
-Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1213704
-Node: Random-Number Subsystem Architecture213996
-Node: CSPRNG Description216945
-Ref: CSPRNG Description-Footnote-1218501
-Node: FIPS PRNG Description218624
-Node: Self-Tests220758
-Node: FIPS Mode232217
-Ref: fig:fips-fsm236043
-Ref: tbl:fips-states236146
-Ref: tbl:fips-state-transitions237398
-Node: Library Copying241019
-Node: Copying269125
-Node: Figures and Tables288301
-Node: Concept Index288726
-Node: Function and Data Index300899
+Node: Top839
+Node: Introduction3369
+Node: Getting Started3741
+Node: Features4621
+Node: Overview5405
+Node: Preparation6028
+Node: Header6951
+Node: Building sources8022
+Node: Building sources using Automake9939
+Node: Initializing the library11867
+Ref: sample-use-suspend-secmem15259
+Ref: sample-use-resume-secmem16102
+Node: Multi-Threading17005
+Ref: Multi-Threading-Footnote-118184
+Node: Enabling FIPS mode18593
+Ref: enabling fips mode18774
+Node: Hardware features20586
+Ref: hardware features20753
+Ref: Hardware features-Footnote-121834
+Node: Generalities21995
+Node: Controlling the library22254
+Node: Error Handling40425
+Node: Error Values42964
+Node: Error Sources47904
+Node: Error Codes50172
+Node: Error Strings53648
+Node: Handler Functions54832
+Node: Progress handler55391
+Node: Allocation handler57540
+Node: Error handler59086
+Node: Logging handler60652
+Node: Symmetric cryptography61244
+Node: Available ciphers61984
+Node: Available cipher modes64665
+Node: Working with cipher handles68518
+Node: General cipher functions80022
+Node: Public Key cryptography83548
+Node: Available algorithms84314
+Node: Used S-expressions84663
+Node: RSA key parameters85780
+Node: DSA key parameters87055
+Node: ECC key parameters87709
+Ref: ecc_keyparam87860
+Node: Cryptographic Functions89731
+Node: General public-key related Functions101578
+Node: Hashing115247
+Node: Available hash algorithms115980
+Node: Working with hash algorithms121943
+Node: Message Authentication Codes136075
+Node: Available MAC algorithms136743
+Node: Working with MAC algorithms141905
+Node: Key Derivation147893
+Node: Random Numbers150295
+Node: Quality of random numbers150578
+Node: Retrieving random numbers151261
+Node: S-expressions152750
+Node: Data types for S-expressions153395
+Node: Working with S-expressions153721
+Node: MPI library167431
+Node: Data types168453
+Node: Basic functions168762
+Node: MPI formats171226
+Node: Calculations174750
+Node: Comparisons177019
+Node: Bit manipulations178022
+Node: EC functions179344
+Ref: gcry_mpi_ec_new182293
+Node: Miscellaneous187852
+Node: Prime numbers191996
+Node: Generation192266
+Node: Checking193553
+Node: Utilities193963
+Node: Memory allocation194340
+Node: Context management195696
+Ref: gcry_ctx_release196134
+Node: Buffer description196295
+Node: Config reporting197082
+Node: Tools198032
+Node: hmac256198199
+Node: Configuration199205
+Node: Architecture202258
+Ref: fig:subsystems203782
+Ref: Architecture-Footnote-1204868
+Ref: Architecture-Footnote-2204930
+Node: Public-Key Subsystem Architecture205014
+Node: Symmetric Encryption Subsystem Architecture207292
+Node: Hashing and MACing Subsystem Architecture208738
+Node: Multi-Precision-Integer Subsystem Architecture210661
+Node: Prime-Number-Generator Subsystem Architecture212099
+Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1214030
+Node: Random-Number Subsystem Architecture214321
+Node: CSPRNG Description217270
+Ref: CSPRNG Description-Footnote-1218826
+Node: FIPS PRNG Description218949
+Node: Self-Tests221083
+Node: FIPS Mode232542
+Ref: fig:fips-fsm236368
+Ref: tbl:fips-states236471
+Ref: tbl:fips-state-transitions237723
+Node: Library Copying241344
+Node: Copying269450
+Node: Figures and Tables288626
+Node: Concept Index289051
+Node: Function and Data Index301225
End Tag Table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.info-1 new/libgcrypt-1.8.5/doc/gcrypt.info-1
--- old/libgcrypt-1.8.4/doc/gcrypt.info-1 2018-10-26 19:32:29.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/gcrypt.info-1 2019-08-29 15:12:07.000000000 +0200
@@ -1,6 +1,6 @@
-This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
+This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
+This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -24,7 +24,7 @@
The Libgcrypt Library
*********************
-This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
+This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -320,10 +320,12 @@
memory is not a problem, you should initialize Libgcrypt this way:
/* Version check should be the very first call because it
- makes sure that important subsystems are initialized. */
- if (!gcry_check_version (GCRYPT_VERSION))
+ makes sure that important subsystems are initialized.
+ #define NEED_LIBGCRYPT_VERSION to the minimum required version. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
{
- fputs ("libgcrypt version mismatch\n", stderr);
+ fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL));
exit (2);
}
@@ -340,10 +342,12 @@
of used and freed memory, you need to initialize Libgcrypt this way:
/* Version check should be the very first call because it
- makes sure that important subsystems are initialized. */
- if (!gcry_check_version (GCRYPT_VERSION))
+ makes sure that important subsystems are initialized.
+ #define NEED_LIBGCRYPT_VERSION to the minimum required version. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
{
- fputs ("libgcrypt version mismatch\n", stderr);
+ fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL));
exit (2);
}
@@ -5241,9 +5245,9 @@
(1) Chae Hoon Lim and Pil Joong Lee. A key recovery attack on
discrete log-based schemes using a prime order subgroup. In Burton S.
-Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages 249Â-263,
-Berlin / Heidelberg / New York, 1997. Springer-Verlag. Described on
-page 260.
+Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages
+249Â-263, Berlin / Heidelberg / New York, 1997. Springer-Verlag.
+Described on page 260.
File: gcrypt.info, Node: Random-Number Subsystem Architecture, Prev: Prime-Number-Generator Subsystem Architecture, Up: Architecture
Binary files old/libgcrypt-1.8.4/doc/gcrypt.info-2 and new/libgcrypt-1.8.5/doc/gcrypt.info-2 differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/gcrypt.texi new/libgcrypt-1.8.5/doc/gcrypt.texi
--- old/libgcrypt-1.8.4/doc/gcrypt.texi 2018-10-24 11:59:58.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/gcrypt.texi 2018-11-19 09:02:29.000000000 +0100
@@ -382,10 +382,12 @@
@example
/* Version check should be the very first call because it
- makes sure that important subsystems are initialized. */
- if (!gcry_check_version (GCRYPT_VERSION))
+ makes sure that important subsystems are initialized.
+ #define NEED_LIBGCRYPT_VERSION to the minimum required version. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
@{
- fputs ("libgcrypt version mismatch\n", stderr);
+ fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL));
exit (2);
@}
@@ -405,10 +407,12 @@
@example
/* Version check should be the very first call because it
- makes sure that important subsystems are initialized. */
- if (!gcry_check_version (GCRYPT_VERSION))
+ makes sure that important subsystems are initialized.
+ #define NEED_LIBGCRYPT_VERSION to the minimum required version. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
@{
- fputs ("libgcrypt version mismatch\n", stderr);
+ fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL));
exit (2);
@}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/libgcrypt-modules.eps new/libgcrypt-1.8.5/doc/libgcrypt-modules.eps
--- old/libgcrypt-1.8.4/doc/libgcrypt-modules.eps 2018-10-26 19:32:26.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/libgcrypt-modules.eps 2019-08-29 15:12:05.000000000 +0200
@@ -1,7 +1,7 @@
%!PS-Adobe-3.0 EPSF-3.0
%%Title: /home/wk/s/libgcrypt-1.8/doc/libgcrypt-modules.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Fri Oct 26 19:32:26 2018
+%%CreationDate: Thu Aug 29 15:12:05 2019
%%BoundingBox: 0 0 488 300
%Magnification: 1.0000
%%EndComments
Binary files old/libgcrypt-1.8.4/doc/libgcrypt-modules.pdf and new/libgcrypt-1.8.5/doc/libgcrypt-modules.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/stamp-vti new/libgcrypt-1.8.5/doc/stamp-vti
--- old/libgcrypt-1.8.4/doc/stamp-vti 2018-10-26 19:32:26.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/stamp-vti 2019-08-29 15:12:05.000000000 +0200
@@ -1,4 +1,4 @@
-@set UPDATED 24 October 2018
-@set UPDATED-MONTH October 2018
-@set EDITION 1.8.4
-@set VERSION 1.8.4
+@set UPDATED 19 November 2018
+@set UPDATED-MONTH November 2018
+@set EDITION 1.8.5
+@set VERSION 1.8.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/doc/version.texi new/libgcrypt-1.8.5/doc/version.texi
--- old/libgcrypt-1.8.4/doc/version.texi 2018-10-26 19:32:26.000000000 +0200
+++ new/libgcrypt-1.8.5/doc/version.texi 2019-08-29 15:12:05.000000000 +0200
@@ -1,4 +1,4 @@
-@set UPDATED 24 October 2018
-@set UPDATED-MONTH October 2018
-@set EDITION 1.8.4
-@set VERSION 1.8.4
+@set UPDATED 19 November 2018
+@set UPDATED-MONTH November 2018
+@set EDITION 1.8.5
+@set VERSION 1.8.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/mpi/ec.c new/libgcrypt-1.8.5/mpi/ec.c
--- old/libgcrypt-1.8.4/mpi/ec.c 2018-06-11 18:46:24.000000000 +0200
+++ new/libgcrypt-1.8.5/mpi/ec.c 2019-08-19 10:07:08.000000000 +0200
@@ -1309,7 +1309,11 @@
unsigned int nbits;
int j;
- nbits = mpi_get_nbits (scalar);
+ if (mpi_cmp (scalar, ctx->p) >= 0)
+ nbits = mpi_get_nbits (scalar);
+ else
+ nbits = mpi_get_nbits (ctx->p);
+
if (ctx->model == MPI_EC_WEIERSTRASS)
{
mpi_set_ui (result->x, 1);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/random/jitterentropy-base.c new/libgcrypt-1.8.5/random/jitterentropy-base.c
--- old/libgcrypt-1.8.4/random/jitterentropy-base.c 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/random/jitterentropy-base.c 2018-11-14 14:17:30.000000000 +0100
@@ -642,6 +642,8 @@
int count_stuck = 0;
struct rand_data ec;
+ memset(&ec, 0, sizeof(ec));
+
/* We could perform statistical tests here, but the problem is
* that we only have a few loop counts to do testing. These
* loop counts may show some slight skew and we produce
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/Makefile.am new/libgcrypt-1.8.5/src/Makefile.am
--- old/libgcrypt-1.8.4/src/Makefile.am 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/src/Makefile.am 2018-11-14 14:16:40.000000000 +0100
@@ -20,8 +20,11 @@
## Process this file with automake to produce Makefile.in
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libgcrypt.pc
+
EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
- gcrypt.h.in libgcrypt.def
+ gcrypt.h.in libgcrypt.def libgcrypt.pc.in
bin_SCRIPTS = libgcrypt-config
m4datadir = $(datadir)/aclocal
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/libgcrypt.m4 new/libgcrypt-1.8.5/src/libgcrypt.m4
--- old/libgcrypt-1.8.4/src/libgcrypt.m4 2017-11-23 19:16:58.000000000 +0100
+++ new/libgcrypt-1.8.5/src/libgcrypt.m4 2018-11-14 14:16:40.000000000 +0100
@@ -1,5 +1,5 @@
# libgcrypt.m4 - Autoconf macros to detect libgcrypt
-# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018 g10 Code GmbH
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
@@ -9,7 +9,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# Last-changed: 2014-10-02
+# Last-changed: 2018-11-13
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -36,8 +36,20 @@
if test x"${LIBGCRYPT_CONFIG}" = x ; then
if test x"${libgcrypt_config_prefix}" != x ; then
LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
- else
- case "${SYSROOT}" in
+ fi
+ fi
+
+ use_gpgrt_config=""
+ if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+ if $GPGRT_CONFIG libgcrypt --exists; then
+ LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+ AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+ use_gpgrt_config=yes
+ fi
+ fi
+ if test -z "$use_gpgrt_config"; then
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ case "${SYSROOT}" in
/*)
if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
@@ -48,11 +60,11 @@
*)
AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
;;
- esac
- fi
+ esac
+ fi
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
fi
- AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -71,7 +83,11 @@
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ if test -z "$use_gpgrt_config"; then
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ else
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
+ fi
major=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $libgcrypt_config_version | \
@@ -103,7 +119,11 @@
# If we have a recent libgcrypt, we should also check that the
# API is compatible
if test "$req_libgcrypt_api" -gt 0 ; then
- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ if test -z "$use_gpgrt_config"; then
+ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ else
+ tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
+ fi
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([LIBGCRYPT API version])
if test "$req_libgcrypt_api" -eq "$tmp" ; then
@@ -119,12 +139,16 @@
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
ifelse([$2], , :, [$2])
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+ if test -z "$use_gpgrt_config"; then
+ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+ else
+ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
+ fi
if test x"$libgcrypt_config_host" != xnone ; then
if test x"$libgcrypt_config_host" != x"$host" ; then
AC_MSG_WARN([[
***
-*** The config script $LIBGCRYPT_CONFIG was
+*** The config script "$LIBGCRYPT_CONFIG" was
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/libgcrypt.pc.in new/libgcrypt-1.8.5/src/libgcrypt.pc.in
--- old/libgcrypt-1.8.4/src/libgcrypt.pc.in 1970-01-01 01:00:00.000000000 +0100
+++ new/libgcrypt-1.8.5/src/libgcrypt.pc.in 2018-11-14 14:16:40.000000000 +0100
@@ -0,0 +1,17 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+includedir=@includedir@
+libdir=@libdir@
+host=@LIBGCRYPT_CONFIG_HOST@
+api_version=@LIBGCRYPT_CONFIG_API_VERSION@
+symmetric_ciphers="@LIBGCRYPT_CIPHERS@"
+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@"
+digests="@LIBGCRYPT_DIGESTS@"
+
+Name: libgcrypt
+Description: General purpose cryptographic library
+Requires: gpg-error
+Version: @PACKAGE_VERSION@
+Cflags: @LIBGCRYPT_CONFIG_CFLAGS@
+Libs: @LIBGCRYPT_CONFIG_LIBS@
+URL: https://www.gnupg.org/software/libgcrypt/index.html
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/src/versioninfo.rc.in new/libgcrypt-1.8.5/src/versioninfo.rc.in
--- old/libgcrypt-1.8.4/src/versioninfo.rc.in 2018-06-13 09:17:09.000000000 +0200
+++ new/libgcrypt-1.8.5/src/versioninfo.rc.in 2019-08-29 15:03:26.000000000 +0200
@@ -39,7 +39,7 @@
VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0"
VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0"
VALUE "InternalName", "libgcrypt\0"
- VALUE "LegalCopyright", "Copyright © 2018 Free Software Foundation, Inc.\0"
+ VALUE "LegalCopyright", "Copyright © 2019 Free Software Foundation, Inc.\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "libgcrypt.dll\0"
VALUE "PrivateBuild", "\0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.8.4/tests/t-mpi-point.c new/libgcrypt-1.8.5/tests/t-mpi-point.c
--- old/libgcrypt-1.8.4/tests/t-mpi-point.c 2018-06-11 18:46:23.000000000 +0200
+++ new/libgcrypt-1.8.5/tests/t-mpi-point.c 2019-08-19 10:07:08.000000000 +0200
@@ -748,23 +748,11 @@
gcry_mpi_ec_mul (Q, tmp, G, ctx);
gcry_mpi_release (tmp);
gcry_mpi_point_get (x, y, z, Q);
- if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 0)
- || gcry_mpi_cmp_ui (z, 0))
+ if (gcry_mpi_cmp_ui (z, 0))
fail ("multiply a point by zero failed\n");
}
gcry_mpi_ec_mul (Q, d, G, ctx);
- gcry_mpi_point_get (x, y, z, Q);
- if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66")
- || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8")
- || cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F"))
- fail ("computed public key does not match\n");
- if (debug)
- {
- print_mpi ("Q.x", x);
- print_mpi ("Q.y", y);
- print_mpi ("Q.z", z);
- }
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
fail ("failed to get affine coordinates\n");
@@ -818,17 +806,6 @@
x = gcry_mpi_new (0);
y = gcry_mpi_new (0);
z = gcry_mpi_new (0);
- gcry_mpi_point_get (x, y, z, Q);
- if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66")
- || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8")
- || cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F"))
- fail ("computed public key does not match\n");
- if (debug)
- {
- print_mpi ("Q.x", x);
- print_mpi ("Q.y", y);
- print_mpi ("Q.z", z);
- }
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
fail ("failed to get affine coordinates\n");