packages/libgcrypt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:5652f2273d9ff1021a778df85636ca73de487cd5
Branches Tags
packages:main
...
compare: packages:bd00ea327e21b1dfe11417d21e76dbc339f50b2c
Branches Tags
packages:main

11 Commits
5652f2273d ... bd00ea327e

Author SHA1 Message Date
openeuler-ci-bot
bd00ea327e !32 新增sm3算法支持 
From: @zhujianwei001
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2021-10-27 11:49:40 +00:00
zhujianwei001
df92a73a9d 更新spec 2021-10-27 09:28:22 +00:00
zhujianwei001
ee2f489ae6 更新DESC 2021-10-27 08:59:42 +00:00
zhujianwei001
2407d92f54 更新type 2021-10-27 08:58:20 +00:00
zhujianwei001
339b8c0693 新增sm3算法支持 2021-10-27 08:55:41 +00:00
openeuler-ci-bot
66f884077f !22 Fix CVE-2021-33560 CVE-2021-40528 
From: @zou_lin77
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2021-09-24 07:02:36 +00:00
zou_lin77
6a0f1c45c3 Fix CVE-2021-33560 CVE-2021-40528 2021-09-24 11:34:32 +08:00
openeuler-ci-bot
530fb93876 !14 Fix CVE-2021-33560 
From: @eaglegai
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2021-06-21 06:37:39 +00:00
eaglegai
b5fc3d4049 Fix CVE-2021-33560 2021-06-19 18:47:36 +08:00
openeuler-ci-bot
7ed0d9a1c6 !11 Fix warnings introduced by aes-perf patch 
From: @xia_qirong
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
 2020-09-30 17:10:48 +08:00
xiaqirong
617ef29524 Fix warnings introduced by aes-perf patch 2020-09-21 15:22:35 +08:00
5 changed files with 947 additions and 33 deletions
Show Stats Expand all files Collapse all files

73
CVE-2021-33560.patch Normal file
View File

@ -0,0 +1,73 @@
From e8b7f10be275bcedb5fc05ed4837a89bfd605c61 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 13 Apr 2021 10:00:00 +0900
Subject: [PATCH] cipher: Hardening ElGamal by introducing exponent blinding
too.
* cipher/elgamal.c (do_encrypt): Also do exponent blinding.
--
Base blinding had been introduced with USE_BLINDING. This patch add
exponent blinding as well to mitigate side-channel attack on mpi_powm.
GnuPG-bug-id: 5328
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
cipher/elgamal.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 4eb52d6..9835122 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
static void
decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
{
- gcry_mpi_t t1, t2, r;
+ gcry_mpi_t t1, t2, r, r1, h;
unsigned int nbits = mpi_get_nbits (skey->p);
+ gcry_mpi_t x_blind;
mpi_normalize (a);
mpi_normalize (b);
@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
t2 = mpi_snew (nbits);
r = mpi_new (nbits);
+ r1 = mpi_new (nbits);
+ h = mpi_new (nbits);
+ x_blind = mpi_snew (nbits);
/* We need a random number of about the prime size. The random
number merely needs to be unpredictable; thus we use level 0. */
_gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
+ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
+ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
+ mpi_set_highbit (r1, nbits - 1);
+ mpi_sub_ui (h, skey->p, 1);
+ mpi_mul (x_blind, h, r1);
+ mpi_add (x_blind, skey->x, x_blind);
+
/* t1 = r^x mod p */
- mpi_powm (t1, r, skey->x, skey->p);
+ mpi_powm (t1, r, x_blind, skey->p);
/* t2 = (a * r)^-x mod p */
mpi_mulm (t2, a, r, skey->p);
- mpi_powm (t2, t2, skey->x, skey->p);
+ mpi_powm (t2, t2, x_blind, skey->p);
mpi_invm (t2, t2, skey->p);
/* t1 = (t1 * t2) mod p*/
mpi_mulm (t1, t1, t2, skey->p);
+ mpi_free (x_blind);
+ mpi_free (h);
+ mpi_free (r1);
mpi_free (r);
mpi_free (t2);
--
1.8.3.1

105
CVE-2021-40528.patch Normal file
View File

@ -0,0 +1,105 @@
From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 21 May 2021 11:15:07 +0900
Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.
--
Cherry-pick master commit of:
632d80ef30e13de6926d503aa697f92b5dbfbc5e
This change basically reverts encryption changes in two commits:
74386120dad6b3da62db37f7044267c8ef34689b
78531373a342aeb847950f404343a05e36022065
Use of smaller K for ephemeral key in ElGamal encryption is only good,
when we can guarantee that recipient's key is generated by our
implementation (or compatible).
For detail, please see:
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
"On the (in)security of ElGamal in OpenPGP";
in the proceedings of CCS'2021.
CVE-id: CVE-2021-33560(This patch actually modifies CVE-2021-40528,see:https://dev.gnupg.org/T5328#149606)
GnuPG-bug-id: 5328
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
cipher/elgamal.c | 24 ++++++------------------
1 file changed, 6 insertions(+), 18 deletions(-)
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 9835122..eead450 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -66,7 +66,7 @@ static const char *elg_names[] =
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static gcry_mpi_t gen_k (gcry_mpi_t p);
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
gcry_mpi_t **factors);
static int check_secret_key (ELG_secret_key *sk);
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
/****************
* Generate a random secret exponent k from prime p, so that k is
- * relatively prime to p-1. With SMALL_K set, k will be selected for
- * better encryption performance - this must never be used signing!
+ * relatively prime to p-1.
*/
static gcry_mpi_t
-gen_k( gcry_mpi_t p, int small_k )
+gen_k( gcry_mpi_t p )
{
gcry_mpi_t k = mpi_alloc_secure( 0 );
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
unsigned int nbits, nbytes;
char *rndbuf = NULL;
- if (small_k)
- {
- /* Using a k much lesser than p is sufficient for encryption and
- * it greatly improves the encryption performance. We use
- * Wiener's table and add a large safety margin. */
- nbits = wiener_map( orig_nbits ) * 3 / 2;
- if( nbits >= orig_nbits )
- BUG();
- }
- else
- nbits = orig_nbits;
-
+ nbits = orig_nbits;
nbytes = (nbits+7)/8;
if( DBG_CIPHER )
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
* error code.
*/
- k = gen_k( pkey->p, 1 );
+ k = gen_k( pkey->p );
mpi_powm (a, pkey->g, k, pkey->p);
/* b = (y^k * input) mod p
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
*
*/
mpi_sub_ui(p_1, p_1, 1);
- k = gen_k( skey->p, 0 /* no small K ! */ );
+ k = gen_k( skey->p );
mpi_powm( a, skey->g, k, skey->p );
mpi_mul(t, skey->x, a );
mpi_subm(t, input, t, p_1 );
--
1.8.3.1

730
backport-add-crypto-hash-sm3.patch Normal file
View File

@ -0,0 +1,730 @@
From 78cb95d8fbd76159c1162c4ff72643f2c9984bf6 Mon Sep 17 00:00:00 2001
From: zhujianwei001 <zhujianwei7@huawei.com>
Date: Fri, 13 Aug 2021 08:51:20 +0800
Subject: [PATCH] add support sm3 md
Reference: https://github.com/gpg/libgcrypt/commit/4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd#diff-4cfeaaa70bbeb65cd0cbb0bec58738e97bd585f3acb1f6ddc63cfa3a9abeb5dd
Conflict: fetch sm3.c from 1.9.3 tag, but remove _gcry_sm3_hash_buffer, _gcry_sm3_hash_buffers in struct _gcry_digest_spec_sm3, adjust hd->bctx.blocksize init in sm3_init; add some build support
Add crypto hash SM3.
* configure.ac (available_digests): Add sm3.
* src/cipher.h: Add declarations for SM3.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c.
* cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3.
* cipher/pubkey-util.c (hashnames): Add "sm3".
* cipher/sm3.c: New.
* tests/basic.c (check_digests): Add test vectors for SM3.
* tests/hashtest-256g.in (algos): Add SM3.
* tests/hashtest.c (testvectors): Add for SM3.
--
GnuPG-bug-id: 3454
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
---
cipher/Makefile.am | 1 +
cipher/md.c | 11 +
cipher/pubkey-util.c | 1 +
cipher/sm3.c | 472 +++++++++++++++++++++++++++++++++++++++++
configure.ac | 7 +
doc/gcrypt.texi | 4 +
src/cipher.h | 7 +
src/gcrypt.h.in | 3 +-
tests/basic.c | 25 +++
tests/hashtest-256g.in | 2 +-
tests/hashtest.c | 11 +
11 files changed, 542 insertions(+), 2 deletions(-)
create mode 100644 cipher/sm3.c
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 85a5b5f..d44dfea 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -97,6 +97,7 @@ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \
sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \
sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \
sha512-armv7-neon.S sha512-arm.S \
+sm3.c \
keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \
stribog.c \
tiger.c \
diff --git a/cipher/md.c b/cipher/md.c
index 0d07854..13e3b3e 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -94,6 +94,9 @@ static gcry_md_spec_t *digest_list[] =
&_gcry_digest_spec_blake2s_224,
&_gcry_digest_spec_blake2s_160,
&_gcry_digest_spec_blake2s_128,
+#endif
+#if USE_SM3
+ &_gcry_digest_spec_sm3,
#endif
NULL
};
@@ -1042,6 +1045,10 @@ _gcry_md_hash_buffer (int algo, void *digest,
#if USE_RMD160
else if (algo == GCRY_MD_RMD160 && !fips_mode () )
_gcry_rmd160_hash_buffer (digest, buffer, length);
+#endif
+#if USE_SM3
+ else if (algo == GCRY_MD_SM3)
+ _gcry_sm3_hash_buffer (digest, buffer, length);
#endif
else
{
@@ -1115,6 +1122,10 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
#if USE_SHA1
else if (algo == GCRY_MD_SHA1 && !hmac)
_gcry_sha1_hash_buffers (digest, iov, iovcnt);
+#endif
+#if USE_SM3
+ else if (algo == GCRY_MD_SM3 && !hmac)
+ _gcry_sm3_hash_buffers (digest, iov, iovcnt);
#endif
else
{
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index c40ef97..ae0e1c4 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -221,6 +221,7 @@ get_hash_algo (const char *s, size_t n)
{ "sha3-256", GCRY_MD_SHA3_256 },
{ "sha3-384", GCRY_MD_SHA3_384 },
{ "sha3-512", GCRY_MD_SHA3_512 },
+ { "sm3", GCRY_MD_SM3 },
{ NULL, 0 }
};
int algo;
diff --git a/cipher/sm3.c b/cipher/sm3.c
new file mode 100644
index 0000000..274b14e
--- /dev/null
+++ b/cipher/sm3.c
@@ -0,0 +1,472 @@
+/* sm3.c - SM3 hash function
+ * Copyright (C) 2017 Jia Zhang
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors:
+ *
+ * "abc"
+ * SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0
+ *
+ * "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
+ * SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732
+ *
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05
+ *
+ * "a" one million times
+ * SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3
+ *
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "bithelp.h"
+#include "bufhelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+
+typedef struct {
+ gcry_md_block_ctx_t bctx;
+ u32 h0,h1,h2,h3,h4,h5,h6,h7;
+} SM3_CONTEXT;
+
+
+static unsigned int
+transform (void *c, const unsigned char *data, size_t nblks);
+
+
+static void
+sm3_init (void *context, unsigned int flags)
+{
+ SM3_CONTEXT *hd = context;
+ unsigned int features = _gcry_get_hw_features ();
+
+ (void)flags;
+
+ hd->h0 = 0x7380166f;
+ hd->h1 = 0x4914b2b9;
+ hd->h2 = 0x172442d7;
+ hd->h3 = 0xda8a0600;
+ hd->h4 = 0xa96f30bc;
+ hd->h5 = 0x163138aa;
+ hd->h6 = 0xe38dee4d;
+ hd->h7 = 0xb0fb0e4e;
+
+ hd->bctx.nblocks = 0;
+ hd->bctx.nblocks_high = 0;
+ hd->bctx.count = 0;
+ hd->bctx.blocksize = 64;
+ hd->bctx.bwrite = transform;
+
+ (void)features;
+}
+
+
+/*
+ * Transform the message X which consists of 16 32-bit-words. See
+ * GM/T 004-2012 for details. */
+#define R(i,a,b,c,d,e,f,g,h,t,w1,w2) do \
+ { \
+ ss1 = rol ((rol ((a), 12) + (e) + (t)), 7); \
+ ss2 = ss1 ^ rol ((a), 12); \
+ d += FF##i(a,b,c) + ss2 + ((w1) ^ (w2)); \
+ h += GG##i(e,f,g) + ss1 + (w1); \
+ b = rol ((b), 9); \
+ f = rol ((f), 19); \
+ h = P0 ((h)); \
+ } while (0)
+
+#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2)
+#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2)
+
+#define FF1(x, y, z) (x ^ y ^ z)
+
+#define FF2(x, y, z) ((x & y) | (x & z) | (y & z))
+
+#define GG1(x, y, z) (x ^ y ^ z)
+
+#define GG2(x, y, z) ((x & y) | ( ~x & z))
+
+/* Message expansion */
+#define P0(x) ((x) ^ rol ((x), 9) ^ rol ((x), 17))
+#define P1(x) ((x) ^ rol ((x), 15) ^ rol ((x), 23))
+#define I(i) ( w[i] = buf_get_be32(data + i * 4) )
+#define W1(i) ( w[i&0x0f] )
+#define W2(i) ( w[i&0x0f] = P1(w[i &0x0f] \
+ ^ w[(i-9)&0x0f] \
+ ^ rol (w[(i-3)&0x0f], 15)) \
+ ^ rol (w[(i-13)&0x0f], 7) \
+ ^ w[(i-6)&0x0f] )
+
+static unsigned int
+transform_blk (void *ctx, const unsigned char *data)
+{
+ SM3_CONTEXT *hd = ctx;
+ static const u32 K[64] = {
+ 0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb,
+ 0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc,
+ 0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce,
+ 0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6,
+ 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
+ 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
+ 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
+ 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5,
+ 0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53,
+ 0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d,
+ 0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4,
+ 0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43,
+ 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
+ 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
+ 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
+ 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5
+ };
+
+ u32 a,b,c,d,e,f,g,h,ss1,ss2;
+ u32 w[16];
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+ R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4));
+ R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5));
+ R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6));
+ R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7));
+ R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8));
+ R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9));
+ R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10));
+ R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11));
+ R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12));
+ R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13));
+ R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14));
+ R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15));
+ R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16));
+ R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17));
+ R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18));
+ R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19));
+
+ R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20));
+ R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21));
+ R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22));
+ R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23));
+ R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24));
+ R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25));
+ R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26));
+ R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27));
+ R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28));
+ R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29));
+ R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30));
+ R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31));
+ R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32));
+ R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33));
+ R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34));
+ R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35));
+
+ R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36));
+ R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37));
+ R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38));
+ R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39));
+ R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40));
+ R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41));
+ R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42));
+ R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43));
+ R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44));
+ R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45));
+ R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46));
+ R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47));
+ R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48));
+ R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49));
+ R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50));
+ R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51));
+
+ R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52));
+ R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53));
+ R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54));
+ R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55));
+ R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56));
+ R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57));
+ R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58));
+ R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59));
+ R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60));
+ R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61));
+ R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62));
+ R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63));
+ R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64));
+ R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65));
+ R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66));
+ R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67));
+
+ hd->h0 ^= a;
+ hd->h1 ^= b;
+ hd->h2 ^= c;
+ hd->h3 ^= d;
+ hd->h4 ^= e;
+ hd->h5 ^= f;
+ hd->h6 ^= g;
+ hd->h7 ^= h;
+
+ return /*burn_stack*/ 26*4+32;
+}
+#undef P0
+#undef P1
+#undef R
+#undef R1
+#undef R2
+
+static unsigned int
+transform (void *ctx, const unsigned char *data, size_t nblks)
+{
+ SM3_CONTEXT *hd = ctx;
+ unsigned int burn;
+
+ do
+ {
+ burn = transform_blk (hd, data);
+ data += 64;
+ }
+ while (--nblks);
+
+ return burn;
+}
+
+
+/*
+ * The routine finally terminates the computation and returns the
+ * digest. The handle is prepared for a new cycle, but adding bytes
+ * to the handle will the destroy the returned buffer. Returns: 32
+ * bytes with the message the digest. */
+static void
+sm3_final(void *context)
+{
+ SM3_CONTEXT *hd = context;
+ u32 t, th, msb, lsb;
+ byte *p;
+ unsigned int burn;
+
+ t = hd->bctx.nblocks;
+ if (sizeof t == sizeof hd->bctx.nblocks)
+ th = hd->bctx.nblocks_high;
+ else
+ th = hd->bctx.nblocks >> 32;
+
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = (th << 6) | (t >> 26);
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->bctx.count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->bctx.count < 56) /* enough room */
+ {
+ hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
+ if (hd->bctx.count < 56)
+ memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
+
+ /* append the 64 bit count */
+ buf_put_be32(hd->bctx.buf + 56, msb);
+ buf_put_be32(hd->bctx.buf + 60, lsb);
+ burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 1 );
+ }
+ else /* need one extra block */
+ {
+ hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
+ /* fill pad and next block with zeroes */
+ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
+
+ /* append the 64 bit count */
+ buf_put_be32(hd->bctx.buf + 64 + 56, msb);
+ buf_put_be32(hd->bctx.buf + 64 + 60, lsb);
+ burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 2 );
+ }
+
+ p = hd->bctx.buf;
+#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+
+ hd->bctx.count = 0;
+
+ _gcry_burn_stack (burn);
+}
+
+static byte *
+sm3_read (void *context)
+{
+ SM3_CONTEXT *hd = context;
+
+ return hd->bctx.buf;
+}
+
+
+/* Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 32 bytes. */
+void
+_gcry_sm3_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+ SM3_CONTEXT hd;
+
+ sm3_init (&hd, 0);
+ _gcry_md_block_write (&hd, buffer, length);
+ sm3_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
+/* Variant of the above shortcut function using multiple buffers. */
+void
+_gcry_sm3_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
+{
+ SM3_CONTEXT hd;
+
+ sm3_init (&hd, 0);
+ for (;iovcnt > 0; iov++, iovcnt--)
+ _gcry_md_block_write (&hd,
+ (const char*)iov[0].data + iov[0].off, iov[0].len);
+ sm3_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
+
+/*
+ * Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_sm3 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string (spec example 1)";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SM3, 0,
+ "abc", 3,
+ "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+ "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0", 32);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string (spec example 2)";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SM3, 0,
+ "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64,
+ "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d"
+ "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32",
+ 32);
+ if (errtxt)
+ goto failed;
+
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SM3, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea"
+ "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05",
+ 32);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SM3, 1,
+ NULL, 0,
+ "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6"
+ "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3",
+ 32);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SM3, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MD_SM3:
+ ec = selftests_sm3 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_DIGEST_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+static byte asn_sm3[] = /* Object ID is 1.2.156.10197.401 */
+ { 0x30, 0x2F, 0x30, 0x0B, 0x06, 0x07, 0x2A, 0x81,
+ 0x1C, 0xCF, 0x55, 0x83, 0x11, 0x05, 0x00, 0x04,
+ 0x20 };
+
+static gcry_md_oid_spec_t oid_spec_sm3[] =
+ {
+ /* China Electronics Standardization Instutute,
+ OID White paper (2015), Table 6 */
+ { "1.2.156.10197.401" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sm3 =
+ {
+ GCRY_MD_SM3, {0, 0},
+ "SM3", asn_sm3, DIM (asn_sm3), oid_spec_sm3, 32,
+ sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL,
+ sizeof (SM3_CONTEXT),
+ run_selftests
+ };
diff --git a/configure.ac b/configure.ac
index c588af4..d52b61f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -204,6 +204,7 @@ enabled_pubkey_ciphers=""
# Definitions for message digests.
available_digests="crc gostr3411-94 md2 md4 md5 rmd160 sha1 sha256 sha512"
available_digests="$available_digests sha3 tiger whirlpool stribog blake2"
+available_digests="$available_digests sm3"
enabled_digests=""
# Definitions for kdfs (optional ones)
@@ -2603,6 +2604,12 @@ case "${host}" in
;;
esac
+LIST_MEMBER(sm3, $enabled_digests)
+if test "$found" = "1" ; then
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sm3.lo"
+ AC_DEFINE(USE_SM3, 1, [Defined if this module should be included])
+fi
+
LIST_MEMBER(scrypt, $enabled_kdfs)
if test "$found" = "1" ; then
GCRYPT_KDFS="$GCRYPT_KDFS scrypt.lo"
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 7cd1b0f..8119e89 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3122,6 +3122,7 @@ are also supported.
@cindex MD2, MD4, MD5
@cindex TIGER, TIGER1, TIGER2
@cindex HAVAL
+@cindex SM3
@cindex Whirlpool
@cindex BLAKE2b-512, BLAKE2b-384, BLAKE2b-256, BLAKE2b-160
@cindex BLAKE2s-256, BLAKE2s-224, BLAKE2s-160, BLAKE2s-128
@@ -3281,6 +3282,9 @@ See RFC 7693 for the specification.
This is the BLAKE2s-128 algorithm which yields a message digest of 16 bytes.
See RFC 7693 for the specification.
+@item GCRY_MD_SM3
+This is the SM3 algorithm which yields a message digest of 32 bytes.
+
@end table
@c end table of hash algorithms
diff --git a/src/cipher.h b/src/cipher.h
index d9e0ac6..7c2e5d9 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -133,6 +133,12 @@ void _gcry_sha512_hash_buffer (void *outbuf,
void _gcry_sha512_hash_buffers (void *outbuf,
const gcry_buffer_t *iov, int iovcnt);
+/*-- sm3.c --*/
+void _gcry_sm3_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sm3_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
/*-- blake2.c --*/
gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
const unsigned char *key,
@@ -329,6 +335,7 @@ extern gcry_md_spec_t _gcry_digest_spec_blake2s_256;
extern gcry_md_spec_t _gcry_digest_spec_blake2s_224;
extern gcry_md_spec_t _gcry_digest_spec_blake2s_160;
extern gcry_md_spec_t _gcry_digest_spec_blake2s_128;
+extern gcry_md_spec_t _gcry_digest_spec_sm3;
/* Declarations for the pubkey cipher specifications. */
extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 75c49a0..72b09a9 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1240,7 +1240,8 @@ enum gcry_md_algos
GCRY_MD_BLAKE2S_256 = 322,
GCRY_MD_BLAKE2S_224 = 323,
GCRY_MD_BLAKE2S_160 = 324,
- GCRY_MD_BLAKE2S_128 = 325
+ GCRY_MD_BLAKE2S_128 = 325,
+ GCRY_MD_SM3 = 326,
};
/* Flags used with the open function. */
diff --git a/tests/basic.c b/tests/basic.c
index 0bd8020..f932b2b 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -8457,6 +8457,31 @@ check_digests (void)
"\x0e\xfc\x29\xde" },
{ GCRY_MD_BLAKE2S_128, "?",
"\x70\x0b\x8a\x71\x1d\x34\x0a\xf0\x13\x93\x19\x93\x5e\xd7\x54\x9c" },
+
+ { GCRY_MD_SM3, "abc",
+ "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+ "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0" },
+ { GCRY_MD_SM3,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea"
+ "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05" },
+ { GCRY_MD_SM3, "!",
+ "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6"
+ "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3" },
+ { GCRY_MD_SM3, "?",
+ "\x3a\x3f\x53\xfc\x96\xc2\xde\xb2\xd9\x12\x3a\x1b\xd8\x47\x71\x28"
+ "\xbc\x5d\x5e\x94\xea\x08\x86\x3d\xfb\xe4\x00\x5a\xd9\xed\x79\x26" },
+ { GCRY_MD_SM3,
+ "Libgcrypt is free software; you can redistribute it and/or modif"
+ "y it under the terms of the GNU Lesser general Public License as"
+ " published by the Free Software Foundation; either version 2.1 o"
+ "f the License, or (at your option) any later version.\nLibgcrypt"
+ " is distributed in the hope that it will be useful, but WITHOUT "
+ "ANY WARRANTY; without even the implied warranty of MERCHANTABILI"
+ "TY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser Gene"
+ "ral Public License for more details.",
+ "\x8b\x91\x3f\x0e\x85\xae\x43\x25\x6d\x28\x38\x6c\x09\x5c\xc7\x72"
+ "\xcc\x2e\x78\x89\x7e\x2e\x4e\x5a\x3d\xf6\x55\xfe\x87\xbe\xa6\xbc" },
{ 0 }
};
gcry_error_t err;
diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in
index 92b1c1b..a52b869 100755
--- a/tests/hashtest-256g.in
+++ b/tests/hashtest-256g.in
@@ -1,6 +1,6 @@
#!/bin/sh
-algos="SHA1 SHA256 SHA512"
+algos="SHA1 SHA256 SHA512 SM3"
test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
echo " now running 256 GiB tests for $algos - this takes looong"
diff --git a/tests/hashtest.c b/tests/hashtest.c
index 2ecbc1f..3394594 100644
--- a/tests/hashtest.c
+++ b/tests/hashtest.c
@@ -102,6 +102,17 @@ static struct {
"0c91b91665ceaf7af5102e0ed31aa4f050668ab3c57b1f4763946d567efe66b3"
"ab9a2016cf238dee5b44eae9f0cdfbf7b7a6eb1e759986273243dc35894706b6" },
+ { GCRY_MD_SM3, 256, -64,
+ "4ceb893abeb43965d4cac7626da9a4be895585b5b2f16f302626801308b1c02a" },
+ { GCRY_MD_SM3, 256, -1,
+ "825f01e4f2b6084136abc356fa1b343a9411d844a4dc1474293aad817cd2a48f" },
+ { GCRY_MD_SM3, 256, +0,
+ "d948a4025ac3ea0aa8989f43203411bd22ad17eaa5fd92ebdf9cabf869f1ba1b" },
+ { GCRY_MD_SM3, 256, +1,
+ "4f6d0e260299c1f286ef1dbb4638a0770979f266b6c007c55410ee6849cba2a8" },
+ { GCRY_MD_SM3, 256, +64,
+ "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" },
+
{ 0 }
};
--
2.19.1

39
libgcrypt-1.8.5-aes-perf.patch
View File

@ -1,25 +1,3 @@
pagure Logo
rpms / libgcrypt
Source
Issues
Pull Requests 1
Stats
Overview
Files
Commits
Branches
Forks
Releases
Monitoring status:
Bugzilla Assignee:
Fedora:
tmraz
EPEL:
tmraz
Files
master
libgcrypt-1.8.5-aes-perf.patch
diff -up libgcrypt-1.8.5/cipher/arcfour.c.aes-perf libgcrypt-1.8.5/cipher/arcfour.c
--- libgcrypt-1.8.5/cipher/arcfour.c.aes-perf 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/arcfour.c 2020-04-22 18:29:41.662862382 +0200
@ -1238,7 +1216,7 @@ diff -up libgcrypt-1.8.5/cipher/cipher-cmac.c.aes-perf libgcrypt-1.8.5/cipher/ci
diff -up libgcrypt-1.8.5/cipher/cipher-ctr.c.aes-perf libgcrypt-1.8.5/cipher/cipher-ctr.c
--- libgcrypt-1.8.5/cipher/cipher-ctr.c.aes-perf 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/cipher-ctr.c 2020-04-22 18:29:41.667862287 +0200
@@ -81,24 +81,38 @@ _gcry_cipher_ctr_encrypt (gcry_cipher_hd
@@ -81,24 +81,34 @@ _gcry_cipher_ctr_encrypt (gcry_cipher_hd
{
unsigned char tmp[MAX_BLOCKSIZE];
@ -1287,10 +1265,6 @@ diff -up libgcrypt-1.8.5/cipher/cipher-ctr.c.aes-perf libgcrypt-1.8.5/cipher/cip
+ {
+ n = inbuflen;
+ buf_xor(outbuf, inbuf, tmp, inbuflen);
+
+ inbuflen -= n;
+ outbuf += n;
+ inbuf += n;
+ }
/* Save the unused bytes of the counter. */
@ -2126,7 +2100,7 @@ diff -up libgcrypt-1.8.5/cipher/rfc2268.c.aes-perf libgcrypt-1.8.5/cipher/rfc226
diff -up libgcrypt-1.8.5/cipher/rijndael-aesni.c.aes-perf libgcrypt-1.8.5/cipher/rijndael-aesni.c
--- libgcrypt-1.8.5/cipher/rijndael-aesni.c.aes-perf 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/rijndael-aesni.c 2020-04-22 18:29:41.671862210 +0200
+++ libgcrypt-1.8.5/cipher/rijndael-aesni.c 2020-04-28 11:22:26.025519954 +0200
@@ -327,8 +327,8 @@ _gcry_aes_aesni_do_setkey (RIJNDAEL_cont
@ -2266,7 +2240,12 @@ diff -up libgcrypt-1.8.5/cipher/rijndael-aesni.c.aes-perf libgcrypt-1.8.5/cipher
_gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
size_t nblocks)
{
@@ -1813,4 +1831,303 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd
@@ -1810,7 +1828,306 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd
aesni_cleanup ();
aesni_cleanup_2_6 ();
+
+ return 0;
}
@ -2409,8 +2388,6 @@ diff -up libgcrypt-1.8.5/cipher/rijndael-aesni.c.aes-perf libgcrypt-1.8.5/cipher
+
+ aesni_cleanup ();
+ aesni_cleanup_2_6 ();
+
+ return 0;
+}
+
+

33
libgcrypt.spec
View File

@ -4,7 +4,7 @@
Name: libgcrypt
Version: 1.8.6
Release: 1
Release: 5
Summary: A general-purpose cryptography library
License: LGPLv2+
URL: https://www.gnupg.org/
@ -31,10 +31,15 @@ Patch30: libgcrypt-1.8.5-aes-perf.patch
Patch6004: CVE-2019-12904-1.patch
Patch6005: CVE-2019-12904-2.patch
Patch6006: CVE-2019-12904-3.patch
Patch6007: CVE-2021-33560.patch
Patch6008: CVE-2021-40528.patch
Patch6009: backport-add-crypto-hash-sm3.patch
BuildRequires: gcc texinfo git autoconf automake libtool
BuildRequires: gawk libgpg-error-devel >= 1.11 pkgconfig
Provides: %{name}-sm3 = %{version}-%{release}
%description
Libgcrypt is a general purpose cryptographic library originally based on code from GnuPG.
@ -51,7 +56,7 @@ applications using libgcrypt.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1 -S git
%autosetup -n %{name}-%{version} -p1
%build
%define _lto_cflags %{nil}
@ -136,6 +141,30 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%{_infodir}/gcrypt.info*
%changelog
* Wed Oct 27 2021 zhujianwei001 <zhujianwei7@huawei.com> - 1.8.6-5
- Type:requirements
- ID:NA
- SUG:NA
- DESC:add sm3 support
* Fri Sep 24 2021 zoulin <zoulin13@huawei.com> - 1.8.6-4
- Type:cves
- ID:NA
- SUG:NA
- DESC:Fix CVE-2021-33560 CVE-2021-40528
* Sat Jun 19 2021 gaihuiying1 <gaihuiying11@huawei.com> - 1.8.6-3
- Type:cves
- ID:NA
- SUG:NA
- DESC:Fix CVE-2021-33560
* Mon Sep 21 2020 xiaqirong <xiaqirong1@huawei.com> - 1.8.6-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix warnings introduced by aes-perf patch
* Mon Aug 31 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.6-1
- update to 1.8.6 from upstream