31 changed files with 3058 additions and 7012 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/libgcrypt-1.10.0.tar.bz2
+SOURCES/libgcrypt-1.11.0.tar.bz2
 SOURCES/libgcrypt-1.11.0.tar.bz2.sig
--- a/.libgcrypt.metadata
+++ b/.libgcrypt.metadata
@ -1 +1,2 @@
-363feb8187f6c59b6b10721af6a94558db8ec3af SOURCES/libgcrypt-1.10.0.tar.bz2
+dd2c68e0685bb99249efeeb06046fae15b5214ba SOURCES/libgcrypt-1.11.0.tar.bz2
 48af54df87466ae3aa0c6db805aa0462e9bcb77e SOURCES/libgcrypt-1.11.0.tar.bz2.sig
--- a/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch
+++ b/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch
@ -1,77 +0,0 @@
 From 58c92098d053aae7c78cc42bdd7c80c13efc89bb Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Fri, 24 Jun 2022 08:59:31 +0900
 Subject: [PATCH] hmac,hkdf: Allow use of shorter salt for HKDF.
 * cipher/md.c (prepare_macpads): Move the check to...
 * src/visibility.c (gcry_mac_setkey): ... here.
 * tests/t-kdf.c (check_hkdf): No failure is expected.
 --
 GnuPG-bug-id: 6039
 Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 ---
 cipher/md.c      |  3 ---
 src/visibility.c |  3 +++
 tests/t-kdf.c    | 12 +-----------
 3 files changed, 4 insertions(+), 14 deletions(-)
 diff --git a/cipher/md.c b/cipher/md.c
 index 4f4fc9bf..34336b5c 100644
 --- a/cipher/md.c
 +++ b/cipher/md.c
@@ -903,9 +903,6 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
 {
   GcryDigestEntry *r;
 -  if (fips_mode () && keylen < 14)
 -    return GPG_ERR_INV_VALUE;
 -
   if (!a->ctx->list)
     return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled.  */
 diff --git a/src/visibility.c b/src/visibility.c
 index c98247d8..aee5bffb 100644
 --- a/src/visibility.c
 +++ b/src/visibility.c
@@ -946,6 +946,9 @@ gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
   if (!fips_is_operational ())
     return gpg_error (fips_not_operational ());
 +  if (fips_mode () && keylen < 14)
 +    return GPG_ERR_INV_VALUE;
 +
   return gpg_error (_gcry_mac_setkey (hd, key, keylen));
 }
 -- 
 2.37.1
 commit 02718ade6ab5eee38169c2102097166770a2456d
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Thu Oct 20 16:33:11 2022 +0200
    visiblity: Check the HMAC key length in FIPS mode
    ---
    * src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS
      mode also in the md_ API.
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 diff --git a/src/visibility.c b/src/visibility.c
 index 150b197d..73db3dea 100644
 --- a/src/visibility.c
 +++ b/src/visibility.c
@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
 {
   if (!fips_is_operational ())
     return gpg_error (fips_not_operational ());
 +
 +  if (fips_mode () && keylen < 14)
 +    return GPG_ERR_INV_VALUE;
 +
   return gpg_error (_gcry_md_setkey (hd, key, keylen));
 }
--- a/SOURCES/libgcrypt-1.10.0-allow-small-RSA-verify.patch
+++ b/SOURCES/libgcrypt-1.10.0-allow-small-RSA-verify.patch
@ -1,70 +0,0 @@
 From ca2afc9fb64d9a9b2f8930ba505d9ab6c8a57667 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Thu, 12 May 2022 10:56:47 +0200
 Subject: [PATCH] cipher: Allow verification of small RSA signatures in FIPS
 mode
 * cipher/rsa.c (rsa_check_keysize): Formatting.
  (rsa_check_verify_keysize): New function.
  (rsa_verify): Allow using smaller keys for verification.
 --
 GnuPG-bug-id: 5975
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/rsa.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)
 diff --git a/cipher/rsa.c b/cipher/rsa.c
 index c6319b67..9f2b36e8 100644
 --- a/cipher/rsa.c
 +++ b/cipher/rsa.c
@@ -352,13 +352,35 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
 static gpg_err_code_t
 rsa_check_keysize (unsigned int nbits)
 {
 -  if (fips_mode() && nbits < 2048)
 +  if (fips_mode () && nbits < 2048)
     return GPG_ERR_INV_VALUE;
   return GPG_ERR_NO_ERROR;
 }
 +/* Check the RSA key length is acceptable for signature verification
 + *
 + * FIPS allows signature verification with RSA keys of size
 + * 1024, 1280, 1536 and 1792 in legacy mode, but this is up to the
 + * calling application to decide if the signature is legacy and
 + * should be accepted.
 + */
 +static gpg_err_code_t
 +rsa_check_verify_keysize (unsigned int nbits)
 +{
 +  if (fips_mode ())
 +    {
 +      if ((nbits >= 1024 && (nbits % 256) == 0) || nbits >= 2048)
 +        return GPG_ERR_NO_ERROR;
 +
 +      return GPG_ERR_INV_VALUE;
 +    }
 +
 +  return GPG_ERR_NO_ERROR;
 +}
 +
 +
 /****************
  * Generate a key pair with a key of size NBITS.
  * USE_E = 0 let Libcgrypt decide what exponent to use.
@@ -1602,7 +1624,7 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   gcry_mpi_t result = NULL;
   unsigned int nbits = rsa_get_nbits (keyparms);
 -  rc = rsa_check_keysize (nbits);
 +  rc = rsa_check_verify_keysize (nbits);
   if (rc)
     return rc;
 -- 
 2.37.1
--- a/SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
+++ b/SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
@ -1,239 +0,0 @@
 From d651e25be0bc0c11f4d3d7c72be8cfbbe82b3874 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Fri, 10 Sep 2021 18:39:00 +0200
 Subject: [PATCH] Allow building libgcrypt without Brainpool curves
 * README: Document possibility to build without brainpool curves
 * cipher/ecc-curves.c: Conditionalize brainpool curves definitions
 * configure.ac: Implement possibility to build without brainpool curves
 * tests/curves.c: Skip brainpool curves if they are not built-in
 * tests/keygrip.c: Skip brainpool curves if they are not built-in
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 README              |  3 +++
 cipher/ecc-curves.c |  4 ++++
 configure.ac        | 13 +++++++++++++
 tests/curves.c      | 46 ++++++++++++++++++++++++++++++---------------
 tests/keygrip.c     |  2 ++
 5 files changed, 53 insertions(+), 15 deletions(-)
 diff --git a/README b/README
 index 436b6cd4..1044109c 100644
 --- a/README
 +++ b/README
@@ -127,6 +127,9 @@
                      the list used with the current build the program
                      tests/version may be used.
 +     --disable-brainpool
 +                     Do not build in support for Brainpool curves.
 +
      --disable-endian-check
                      Don't let configure test for the endianness but
                      try to use the OS provided macros at compile
 diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
 index 7c86e12c..8fd95a9c 100644
 --- a/cipher/ecc-curves.c
 +++ b/cipher/ecc-curves.c
@@ -77,6 +77,7 @@ static const struct
     { "NIST P-521", "1.3.132.0.35" },
     { "NIST P-521", "nistp521"   },          /* rfc5656.  */
 +#ifdef ENABLE_BRAINPOOL
     { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
     { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
     { "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
@@ -84,6 +85,7 @@ static const struct
     { "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
     { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
     { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
 +#endif /* ENABLE_BRAINPOOL */
     { "GOST2001-test", "1.2.643.2.2.35.0" },
     { "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
@@ -297,6 +299,7 @@ static const ecc_domain_parms_t domain_parms[] =
       1
     },
 +#ifdef ENABLE_BRAINPOOL
     { "brainpoolP160r1", 160, 0,
       MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
       "0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
@@ -391,6 +394,7 @@ static const ecc_domain_parms_t domain_parms[] =
       "b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
       1
     },
 +#endif /* ENABLE_BRAINPOOL */
     {
       "GOST2001-test", 256, 0,
       MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
 diff --git a/configure.ac b/configure.ac
 index 6efbf139..f4ac1887 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -614,6 +614,14 @@ AC_ARG_WITH(fips-module-version,
 AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
                    [Define FIPS module version for certification])
 +# Implementation of the --disable-brainpool switch.
 +AC_MSG_CHECKING([whether we want to disable the use of brainpool curves])
 +AC_ARG_ENABLE(brainpool,
 +              AS_HELP_STRING([--disable-brainpool],
 +                             [Disable the brainpool curves]),
 +              use_brainpool="$enableval",use_brainpool=yes)
 +AC_MSG_RESULT($use_brainpool)
 +
 # Implementation of the --disable-jent-support switch.
 AC_MSG_CHECKING([whether jitter entropy support is requested])
 AC_ARG_ENABLE(jent-support,
@@ -2466,6 +2474,10 @@ if test x"$ppccryptosupport" = xyes ; then
   AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1,
             [Enable support for POWER 8 (PowerISA 2.07) crypto extension.])
 fi
 +if test x"$use_brainpool" = xyes ; then
 +  AC_DEFINE(ENABLE_BRAINPOOL, 1,
 +            [Enable support for the brainpool curves.])
 +fi
 if test x"$jentsupport" = xyes ; then
   AC_DEFINE(ENABLE_JENT_SUPPORT, 1,
             [Enable support for the jitter entropy collector.])
@@ -3296,6 +3308,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests])
 GCRY_MSG_WRAP([Enabled kdf algorithms:   ],[$enabled_kdfs])
 GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers])
 GCRY_MSG_SHOW([Random number generator:  ],[$random])
 +GCRY_MSG_SHOW([Enabled Brainpool curves: ],[$use_brainpool])
 GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
 GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
 GCRY_MSG_SHOW([FIPS module version:      ],[$fips_module_version])
 diff --git a/tests/curves.c b/tests/curves.c
 index 3c738171..8eb79565 100644
 --- a/tests/curves.c
 +++ b/tests/curves.c
@@ -33,7 +33,11 @@
 #include "t-common.h"
 /* Number of curves defined in ../cipher/ecc-curves.c */
 -#define N_CURVES 27
 +#ifdef ENABLE_BRAINPOOL
 +# define N_CURVES 27
 +#else
 +# define N_CURVES 20
 +#endif
 /* A real world sample public key.  */
 static char const sample_key_1[] =
@@ -52,6 +56,7 @@ static char const sample_key_1[] =
 static char const sample_key_1_curve[] = "NIST P-256";
 static unsigned int sample_key_1_nbits = 256;
 +#ifdef ENABLE_BRAINPOOL
 /* A made up sample public key.  */
 static char const sample_key_2[] =
 "(public-key\n"
@@ -68,6 +73,7 @@ static char const sample_key_2[] =
 "  ))";
 static char const sample_key_2_curve[] = "brainpoolP160r1";
 static unsigned int sample_key_2_nbits = 160;
 +#endif /* ENABLE_BRAINPOOL */
 static int in_fips_mode;
@@ -113,6 +119,7 @@ check_matching (void)
   gcry_sexp_release (key);
 +#ifdef ENABLE_BRAINPOOL
   if (!in_fips_mode)
     {
       err = gcry_sexp_new (&key, sample_key_2, 0, 1);
@@ -130,6 +137,7 @@ check_matching (void)
       gcry_sexp_release (key);
     }
 +#endif /* ENABLE_BRAINPOOL */
 }
 #define TEST_ERROR_EXPECTED (1 << 0)
@@ -185,20 +193,26 @@ check_get_params (void)
        { GCRY_PK_ECC, "1.3.132.0.35" },
        { GCRY_PK_ECC, "nistp521"   },
 -       { GCRY_PK_ECC, "brainpoolP160r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1",  TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP192r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3",  TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP224r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5",  TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP256r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7",  TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP320r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9",  TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP384r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", TEST_NOFIPS },
 -       { GCRY_PK_ECC, "brainpoolP512r1",       TEST_NOFIPS },
 -       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", TEST_NOFIPS },
 +#ifdef ENABLE_BRAINPOOL
 +# define BRAINPOOL_FLAGS TEST_NOFIPS
 +#else
 +# define BRAINPOOL_FLAGS TEST_ERROR_EXPECTED
 +#endif /* ENABLE_BRAINPOOL */
 +       { GCRY_PK_ECC, "brainpoolP160r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1",  BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP192r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3",  BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP224r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5",  BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP256r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7",  BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP320r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9",  BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP384r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "brainpoolP512r1",       BRAINPOOL_FLAGS },
 +       { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", BRAINPOOL_FLAGS },
 +#undef BRAINPOOL_ERROR_EXPECTED
        { GCRY_PK_ECC, "GOST2001-test", TEST_NOFIPS },
        { GCRY_PK_ECC, "1.2.643.2.2.35.0", TEST_NOFIPS },
@@ -282,6 +296,7 @@ check_get_params (void)
   gcry_sexp_release (param);
 +#ifdef ENABLE_BRAINPOOL
   if (!in_fips_mode)
     {
       param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
@@ -297,6 +312,7 @@ check_get_params (void)
       gcry_sexp_release (param);
     }
 +#endif /* ENABLE_BRAINPOOL */
   /* Some simple tests */
   for (idx=0; idx < DIM (tv); idx++)
 diff --git a/tests/keygrip.c b/tests/keygrip.c
 index 49bd71bc..fc4c17be 100644
 --- a/tests/keygrip.c
 +++ b/tests/keygrip.c
@@ -149,6 +149,7 @@ static struct
       " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
       "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
     },
 +#ifdef ENABLE_BRAINPOOL
     {
       GCRY_PK_ECC,
       "(public-key"
@@ -197,6 +198,7 @@ static struct
       "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
       1
     },
 +#endif /*ENABLE_BRAINPOOL */
     { /* Ed25519 standard */
       GCRY_PK_ECC,
       "(public-key"
 -- 
 2.34.1
--- a/SOURCES/libgcrypt-1.10.0-fips-drbg.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-drbg.patch
@ -1,85 +0,0 @@
 From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Wed, 1 Mar 2023 15:39:15 +0100
 Subject: [PATCH] random: Remove unused SHA384 DRBGs.
 * random/random-drbg.c (global): Remove unused SHA384-based defines.
 (drbg_cores): Remove SHA384 configurations.
 (drbg_sec_strength): Remove unused SHA384.
 --
 These are no longer allowed by FIPS and it looks like they were never
 usable as they do not have any conversion from the string flags.
 GnuPG-bug-id: 6393
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 random/random-drbg.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)
 diff --git a/random/random-drbg.c b/random/random-drbg.c
 index f1cfe286..af49a5a5 100644
 --- a/random/random-drbg.c
 +++ b/random/random-drbg.c
@@ -188,11 +188,9 @@
 #define DRBG_HASHSHA1		((u32)1<<4)
 #define DRBG_HASHSHA224		((u32)1<<5)
 #define DRBG_HASHSHA256		((u32)1<<6)
 -#define DRBG_HASHSHA384		((u32)1<<7)
 #define DRBG_HASHSHA512		((u32)1<<8)
 #define DRBG_HASH_MASK		(DRBG_HASHSHA1 | DRBG_HASHSHA224 \
 -				 | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
 -				 | DRBG_HASHSHA512)
 +				 | DRBG_HASHSHA256 | DRBG_HASHSHA512)
 /* type modifiers (A.3)*/
 #define DRBG_HMAC		((u32)1<<12)
 #define DRBG_SYM128		((u32)1<<13)
@@ -211,23 +209,18 @@
 #define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
 #define DRBG_PR_HASHSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
 #define DRBG_PR_HASHSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
 -#define DRBG_PR_HASHSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
 #define DRBG_PR_HASHSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
 #define DRBG_NOPR_HASHSHA1   (DRBG_HASHSHA1)
 #define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
 -#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
 #define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
 #define DRBG_PR_HMACSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
                               | DRBG_HMAC)
 #define DRBG_PR_HMACSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
                               | DRBG_HMAC)
 -#define DRBG_PR_HMACSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
 -                              | DRBG_HMAC)
 #define DRBG_PR_HMACSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
                               | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA1   (DRBG_HASHSHA1 | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
 -#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {
   /* Hash DRBGs */
   {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
   {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
 -  {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
   {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
   /* HMAC DRBGs */
   {DRBG_HASHSHA1   | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
   {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
 -  {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
   {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
   /* block ciphers */
   {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)
   else if (flags & DRBG_SYM192)
     return 24;
   else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
 -	   (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
 +	   (flags & DRBG_HASHSHA512))
     return 32;
   else
     return 32;
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch
@ -1,50 +0,0 @@
 From 0a5e608b8b18d4f41e4d7434c6262bf11507f859 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 16 Aug 2022 15:30:43 +0200
 Subject: [PATCH] random: Use getrandom (GRND_RANDOM) in FIPS mode
 The SP800-90C (clarified in IG D.K.) requires the following when
 different DRBGs are chained:
 * the parent needs to be reseeded before generate operation
 * the reseed & generate needs to be atomic
 In RHEL, this is addressed by change in the kernel, that will do this
 automatically, when the getentropy () is called with GRND_RANDOM flag.
 * random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use
  GRND_RANDOM in FIPS Mode
 ---
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 random/rndgetentropy.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
 index 7580873e..db4b09ed 100644
 --- a/random/rndgetentropy.c
 +++ b/random/rndgetentropy.c
@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
        * never blocking once the kernel is seeded.  */
       do
         {
 -          nbytes = length < sizeof (buffer)? length : sizeof (buffer);
           _gcry_pre_syscall ();
 -          ret = getentropy (buffer, nbytes);
 +          if (fips_mode ())
 +            {
 +              /* The getrandom API returns maximum 32 B of strong entropy */
 +              nbytes = length < 32 ? length : 32;
 +              ret = getrandom (buffer, nbytes, GRND_RANDOM);
 +            }
 +          else
 +            {
 +              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
 +              ret = getentropy (buffer, nbytes);
 +            }
           _gcry_post_syscall ();
         }
       while (ret == -1 && errno == EINTR);
 -- 
 2.37.1
--- a/SOURCES/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
@ -1,277 +0,0 @@
 From fd832687f36c1885d2388c55f7e8569184ba2593 Mon Sep 17 00:00:00 2001
 From: Tobias Heider <tobias.heider@canonical.com>
 Date: Thu, 16 Feb 2023 03:20:48 +0100
 Subject: [PATCH] fips: Add explicit indicators for md and mac algorithms
 * src/fips.c (_gcry_fips_indicator_mac): New function indicating
  non-approved mac algorithms
  (_gcry_fips_indicator_md): new functions indicating non-approved
  message digest algorithms
 * src/g10lib.h (_gcry_fips_indicator_mac): new function
  (_gcry_fips_indicator_md): ditto
 * src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols
  GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
  GCRYCTL_FIPS_SERVICE_INDICATOR_MD
 * src/global.c (_gcry_vcontrol): Handle new FIPS indicators.
 * doc/gcrypt.texi: Document the new option.
 --
 Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
 ---
 doc/gcrypt.texi | 13 +++++++++++++
 src/fips.c      | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
 src/g10lib.h    |  2 ++
 src/gcrypt.h.in |  4 +++-
 src/global.c    | 14 ++++++++++++++
 5 files changed, 83 insertions(+), 1 deletion(-)
 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
 index e44c2f2e..462c5931 100644
 --- a/doc/gcrypt.texi
 +++ b/doc/gcrypt.texi
@@ -992,6 +992,19 @@ certification. If the function is approved, this function returns
 @code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
 Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos
 +
 +Check if the given MAC is approved under the current FIPS 140-3
 +certification. If the MAC is approved, this function returns
 +@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
 +is returned.
 +
 +@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
 +
 +Check if the given message digest algorithm is approved under the current
 +FIPS 140-3 certification. If the algorithm is approved, this function returns
 +@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +
 @end table
 @end deftypefun
 diff --git a/src/fips.c b/src/fips.c
 index 272aabae..8b3b3f04 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -377,6 +377,57 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
     }
 }
 +int
 +_gcry_fips_indicator_mac (va_list arg_ptr)
 +{
 +  enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
 +
 +  switch (alg)
 +    {
 +    case GCRY_MAC_CMAC_AES:
 +    case GCRY_MAC_HMAC_SHA1:
 +    case GCRY_MAC_HMAC_SHA224:
 +    case GCRY_MAC_HMAC_SHA256:
 +    case GCRY_MAC_HMAC_SHA384:
 +    case GCRY_MAC_HMAC_SHA512:
 +    case GCRY_MAC_HMAC_SHA512_224:
 +    case GCRY_MAC_HMAC_SHA512_256:
 +    case GCRY_MAC_HMAC_SHA3_224:
 +    case GCRY_MAC_HMAC_SHA3_256:
 +    case GCRY_MAC_HMAC_SHA3_384:
 +    case GCRY_MAC_HMAC_SHA3_512:
 +      return GPG_ERR_NO_ERROR;
 +    default:
 +      return GPG_ERR_NOT_SUPPORTED;
 +    }
 +}
 +
 +int
 +_gcry_fips_indicator_md (va_list arg_ptr)
 +{
 +  enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
 +
 +  switch (alg)
 +    {
 +    case GCRY_MD_SHA1:
 +    case GCRY_MD_SHA224:
 +    case GCRY_MD_SHA256:
 +    case GCRY_MD_SHA384:
 +    case GCRY_MD_SHA512:
 +    case GCRY_MD_SHA512_224:
 +    case GCRY_MD_SHA512_256:
 +    case GCRY_MD_SHA3_224:
 +    case GCRY_MD_SHA3_256:
 +    case GCRY_MD_SHA3_384:
 +    case GCRY_MD_SHA3_512:
 +    case GCRY_MD_SHAKE128:
 +    case GCRY_MD_SHAKE256:
 +      return GPG_ERR_NO_ERROR;
 +    default:
 +      return GPG_ERR_NOT_SUPPORTED;
 +    }
 +}
 +
 int
 _gcry_fips_indicator_kdf (va_list arg_ptr)
 {
 diff --git a/src/g10lib.h b/src/g10lib.h
 index 6be0ab21..86337eed 100644
 --- a/src/g10lib.h
 +++ b/src/g10lib.h
@@ -467,6 +467,8 @@ void _gcry_fips_signal_error (const char *srcfile,
 #endif
 int _gcry_fips_indicator_cipher (va_list arg_ptr);
 +int _gcry_fips_indicator_mac (va_list arg_ptr);
 +int _gcry_fips_indicator_md (va_list arg_ptr);
 int _gcry_fips_indicator_kdf (va_list arg_ptr);
 int _gcry_fips_indicator_function (va_list arg_ptr);
 diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
 index aba22bfc..54080d46 100644
 --- a/src/gcrypt.h.in
 +++ b/src/gcrypt.h.in
@@ -330,7 +330,9 @@ enum gcry_ctl_cmds
     GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
     GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
     GCRYCTL_NO_FIPS_MODE = 83,
 -    GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84
 +    GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
 +    GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
 +    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
   };
 /* Perform various operations defined by CMD. */
 diff --git a/src/global.c b/src/global.c
 index debf6194..d16d3709 100644
 --- a/src/global.c
 +++ b/src/global.c
@@ -791,6 +791,20 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = _gcry_fips_indicator_cipher (arg_ptr);
       break;
 +    case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
 +      /* Get FIPS Service Indicator for a given message authentication code.
 +       * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
 +       * GPG_ERR_NOT_SUPPORTED otherwise */
 +      rc = _gcry_fips_indicator_mac (arg_ptr);
 +      break;
 +
 +    case GCRYCTL_FIPS_SERVICE_INDICATOR_MD:
 +      /* Get FIPS Service Indicator for a given message digest. Returns
 +       * GPG_ERR_NO_ERROR if algorithm is allowed or GPG_ERR_NOT_SUPPORTED
 +       * otherwise */
 +      rc = _gcry_fips_indicator_md (arg_ptr);
 +      break;
 +
     case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
       /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
        * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
 -- 
 2.39.2
 From 2d193a955d05b4b9caed2895cf25600add3484da Mon Sep 17 00:00:00 2001
 From: Tobias Heider <tobias.heider@canonical.com>
 Date: Thu, 16 Feb 2023 03:21:26 +0100
 Subject: [PATCH] fips: Unblock MD5 in fips mode but mark non-approved in
 indicator.
 * cipher/mac-hmac.c (_gcry_mac_type_spec_hmac_md5): allow in fips mode
 * cipher/md5.c (_gcry_digest_spec_md5): allow in fips mode
 --
 Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
 ---
 cipher/mac-hmac.c | 2 +-
 cipher/md5.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c
 index f1ab568b..9fac77dc 100644
 --- a/cipher/mac-hmac.c
 +++ b/cipher/mac-hmac.c
@@ -1413,7 +1413,7 @@ const gcry_mac_spec_t _gcry_mac_type_spec_hmac_tiger1 = {
 #endif
 #if USE_MD5
 const gcry_mac_spec_t _gcry_mac_type_spec_hmac_md5 = {
 -  GCRY_MAC_HMAC_MD5, {0, 0}, "HMAC_MD5",
 +  GCRY_MAC_HMAC_MD5, {0, 1}, "HMAC_MD5",
   &hmac_ops
 };
 #endif
 diff --git a/cipher/md5.c b/cipher/md5.c
 index 5457fc38..744a2cc1 100644
 --- a/cipher/md5.c
 +++ b/cipher/md5.c
@@ -314,7 +314,7 @@ static const gcry_md_oid_spec_t oid_spec_md5[] =
 const gcry_md_spec_t _gcry_digest_spec_md5 =
   {
 -    GCRY_MD_MD5, {0, 0},
 +    GCRY_MD_MD5, {0, 1},
     "MD5", asn, DIM (asn), oid_spec_md5, 16,
     md5_init, _gcry_md_block_write, md5_final, md5_read, NULL,
     NULL,
 -- 
 2.39.2
 From f52f33389da3302f51b6b00451cf9fc7e7a7e277 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 6 Mar 2023 17:26:17 +0100
 Subject: [PATCH] tests: Improve test coverage for FIPS service indicators
 * tests/basic.c (check_digests): Check the FIPS indicators
  (check_mac): Ditto.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/basic.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 diff --git a/tests/basic.c b/tests/basic.c
 index 095bdc97..5d5ceac9 100644
 --- a/tests/basic.c
 +++ b/tests/basic.c
@@ -14086,6 +14086,7 @@ check_mac (void)
 	"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
       {	0 },
     };
 +  gcry_error_t err;
   int i;
   if (verbose)
@@ -15370,6 +15370,12 @@ check_digests (void)
         {
           if (in_fips_mode)
             {
 +              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, algos[i].md);
 +              if (err == GPG_ERR_NO_ERROR)
 +                {
 +                  fail ("algo %d, gcry_md_test_algo failed while it should"
 +                        " have worked in FIPS mode\n", algos[i].md);
 +                }
               if (verbose)
                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
                          algos[i].md);
@@ -16948,6 +16954,7 @@ check_mac (void)
 #endif /* USE_GOST28147 */
       { 0 },
     };
 +  gcry_error_t err;
   int i;
   if (verbose)
@@ -16961,6 +16968,12 @@ check_mac (void)
         {
           if (in_fips_mode)
             {
 +              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MAC, algos[i].algo);
 +              if (err == GPG_ERR_NO_ERROR)
 +                {
 +                  fail ("algo %d, gcry_mac_test_algo failed while it should"
 +                        " have worked in FIPS mode\n", algos[i].algo);
 +                }
               if (verbose)
                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
                          algos[i].algo);
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-indicator-pk-flags.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-indicator-pk-flags.patch
@ -1,277 +0,0 @@
 From 0c0268177666f6ce53c0a61e86c1c5bd2c53c0b0 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 6 Mar 2023 15:57:40 +0100
 Subject: [PATCH] fips: Explicitly allow only some PK flags
 * src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit
  FIPS indicator for public key algorithm flags
 * src/g10lib.h (_gcry_fips_indicator_pk_flags): New.
 * src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New.
 * src/global.c (_gcry_vcontrol): Handle the new option.
 * doc/gcrypt.texi: Document new options.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 doc/gcrypt.texi |  6 ++++++
 src/fips.c      | 15 +++++++++++++++
 src/g10lib.h    |  1 +
 src/gcrypt.h.in |  3 ++-
 src/global.c    |  7 +++++++
 5 files changed, 31 insertions(+), 1 deletion(-)
 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
 index 462c5931..750b6718 100644
 --- a/doc/gcrypt.texi
 +++ b/doc/gcrypt.texi
@@ -1005,6 +1005,12 @@ Check if the given message digest algorithm is approved under the current
 FIPS 140-3 certification. If the algorithm is approved, this function returns
 @code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
 +
 +Check if the given public key operation flag is approved under the current
 +FIPS 140-3 certification. If the flag is approved, this function returns
 +@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +
 @end table
 @end deftypefun
 diff --git a/src/fips.c b/src/fips.c
 index 974ed833..cb547aa2 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -457,6 +457,21 @@ _gcry_fips_indicator_function (va_list arg_ptr)
 }
 +int
 +_gcry_fips_indicator_pk_flags (va_list arg_ptr)
 +{
 +  const char *flag = va_arg (arg_ptr, const char *);
 +
 +  if (strcmp (flag, "param") == 0 ||
 +      strcmp (flag, "raw") == 0 ||
 +      strcmp (flag, "no-blinding") == 0 ||
 +      strcmp (flag, "pss") == 0)
 +    return GPG_ERR_NO_ERROR;
 +
 +  return GPG_ERR_NOT_SUPPORTED;
 +}
 +
 +
 /* This is a test on whether the library is in the error or
    operational state. */
 int
 diff --git a/src/g10lib.h b/src/g10lib.h
 index 86337eed..acff2d6b 100644
 --- a/src/g10lib.h
 +++ b/src/g10lib.h
@@ -471,6 +471,7 @@ int _gcry_fips_indicator_mac (va_list arg_ptr);
 int _gcry_fips_indicator_md (va_list arg_ptr);
 int _gcry_fips_indicator_kdf (va_list arg_ptr);
 int _gcry_fips_indicator_function (va_list arg_ptr);
 +int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
 int _gcry_fips_is_operational (void);
 diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
 index 54080d46..121a2061 100644
 --- a/src/gcrypt.h.in
 +++ b/src/gcrypt.h.in
@@ -332,7 +332,8 @@ enum gcry_ctl_cmds
     GCRYCTL_NO_FIPS_MODE = 83,
     GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
     GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
 -    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
 +    GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
 +    GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
   };
 /* Perform various operations defined by CMD. */
 diff --git a/src/global.c b/src/global.c
 index d16d3709..f39df422 100644
 --- a/src/global.c
 +++ b/src/global.c
@@ -818,6 +818,13 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = _gcry_fips_indicator_function (arg_ptr);
       break;
 +    case GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS:
 +      /* Get FIPS Service Indicator for a public key operation flags.
 +       * Returns GPG_ERR_NO_ERROR if the flag is allowed to be used or
 +       * GPG_ERR_NOT_SUPPORTED otherwise */
 +      rc = _gcry_fips_indicator_pk_flags (arg_ptr);
 +      break;
 +
     case PRIV_CTL_INIT_EXTRNG_TEST:  /* Init external random test.  */
       rc = GPG_ERR_NOT_SUPPORTED;
       break;
 -- 
 2.39.2
 From 22a40df4c0210a671b331932a434f70b50354873 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 6 Mar 2023 16:05:07 +0100
 Subject: [PATCH] fips: Explicitly disable overriding random in FIPS mode
 * src/fips.c: (_gcry_fips_indicator_function): Mark using random
  override non-approved in FIPS mode.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/fips.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/src/fips.c b/src/fips.c
 index cb547aa2..a7342030 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -450,7 +450,8 @@ _gcry_fips_indicator_function (va_list arg_ptr)
   if (strcmp (function, "gcry_pk_sign") == 0 ||
       strcmp (function, "gcry_pk_verify") == 0 ||
       strcmp (function, "gcry_pk_encrypt") == 0 ||
 -      strcmp (function, "gcry_pk_decrypt") == 0)
 +      strcmp (function, "gcry_pk_decrypt") == 0 ||
 +      strcmp (function, "gcry_pk_random_override_new") == 0)
     return GPG_ERR_NOT_SUPPORTED;
   return GPG_ERR_NO_ERROR;
 -- 
 2.39.2
 From 1c916b8c99ea0e30f1d81d606fd63b0c45657186 Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Fri, 24 Mar 2023 13:12:56 +0900
 Subject: [PATCH] fips: More elaborate way of getting FIPS pk flags indicators.
 * src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string
 in the S-expression.
 * doc/gcrypt.texi: Add document for the FIPS service indicator
 GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example.
 --
 GnuPG-bug-id: 6417
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 ---
 doc/gcrypt.texi | 42 +++++++++++++++++++++++++++++++++++++++---
 src/fips.c      | 41 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 76 insertions(+), 7 deletions(-)
 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
 index 750b6718..752f64d6 100644
 --- a/doc/gcrypt.texi
 +++ b/doc/gcrypt.texi
@@ -1007,9 +1007,45 @@ FIPS 140-3 certification. If the algorithm is approved, this function returns
 @item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
 -Check if the given public key operation flag is approved under the current
 -FIPS 140-3 certification. If the flag is approved, this function returns
 -@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +Check if the given public key operation flag or s-expression object name is
 +approved under the current FIPS 140-3 certification.  If the flag is
 +approved, this function returns @code{GPG_ERR_NO_ERROR}.
 +
 +Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 +
 +For compound s-expression objects, if the object name is allowed, the user
 +is responsible to check also the internal members.  For example:
 +
 +@example
 +  gcry_sexp_t s_sig = NULL;
 +  gcry_md_hd_t hd = NULL;
 +  gcry_sexp_t s_sk = NULL;
 +  const char *data_tmpl = "(data(flags pss)(hash %s %b)(salt-length 1:0))";
 +
 +  if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_md_open") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, GCRY_MD_SHA512) &&
 +      err = gcry_md_open (&hd, GCRY_MD_SHA512, 0))
 +    @{
 +      printf ("gcry_md_open failed: %s", gpg_strerror (err));
 +      return;
 +    @}
 +  gcry_md_write (hd, buffer, buflen);
 +
 +  /* initialize the key in s_sk */
 +
 +  if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_pk_hash_sign") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "data") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "flags") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "pss") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "hash") &&
 +      err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "salt-length")
 +      err = gcry_pk_hash_sign (&s_sig, data_tmpl, s_sk, hd, NULL))
 +    @{
 +      printf ("gcry_pk_hash_sign failed: %s", gpg_strerror (err));
 +      return;
 +    @}
 +  /* ok */
 +@end example
 @end table
 diff --git a/src/fips.c b/src/fips.c
 index a7342030..669cfd0e 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -457,16 +457,49 @@ _gcry_fips_indicator_function (va_list arg_ptr)
   return GPG_ERR_NO_ERROR;
 }
 +/* Note: the array should be sorted.  */
 +static const char *valid_string_in_sexp[] = {
 +  "curve",
 +  "d",
 +  "data",
 +  "e",
 +  "ecdsa",
 +  "flags",
 +  "genkey",
 +  "hash",
 +  "n",
 +  "nbits",
 +  "pkcs1",
 +  "private-key",
 +  "pss",
 +  "public-key",
 +  "q",
 +  "r",
 +  "raw",
 +  "rsa",
 +  "rsa-use-e",
 +  "s",
 +  "salt-length",
 +  "sig-val",
 +  "value"
 +};
 +
 +static int
 +compare_string (const void *v1, const void *v2)
 +{
 +  const char * const *p_str1 = v1;
 +  const char * const *p_str2 = v2;
 +
 +  return strcmp (*p_str1, *p_str2);
 +}
 int
 _gcry_fips_indicator_pk_flags (va_list arg_ptr)
 {
   const char *flag = va_arg (arg_ptr, const char *);
 -  if (strcmp (flag, "param") == 0 ||
 -      strcmp (flag, "raw") == 0 ||
 -      strcmp (flag, "no-blinding") == 0 ||
 -      strcmp (flag, "pss") == 0)
 +  if (bsearch (&flag, valid_string_in_sexp, DIM (valid_string_in_sexp),
 +               sizeof (char *), compare_string))
     return GPG_ERR_NO_ERROR;
   return GPG_ERR_NOT_SUPPORTED;
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-indicator.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-indicator.patch
@ -1,55 +0,0 @@
 From c34c9e70055ee43e5ef257384fa15941f064e5a4 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 15 Nov 2022 10:47:18 +0100
 Subject: [PATCH] fips: Mark AES key wrapping as approved.
 * src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as
 approved.
 --
 GnuPG-bug-id: 5512
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/fips.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/fips.c b/src/fips.c
 index 6599121c..272aabae 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -367,6 +367,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
         case GCRY_CIPHER_MODE_CCM:
         case GCRY_CIPHER_MODE_GCM:
         case GCRY_CIPHER_MODE_XTS:
 +        case GCRY_CIPHER_MODE_AESWRAP:
           return GPG_ERR_NO_ERROR;
         default:
           return GPG_ERR_NOT_SUPPORTED;
 --
 commit d6117b04e0e4d5d68df8fb731f618b0d5126ee14
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Tue Jan 17 14:39:34 2023 +0100
    fips: Remove GCM mode from the allowed FIPS indicators
    * src/fips.c (_gcry_fips_indicator_cipher): Do not mark GCM mode as FIPS
      approved.
    ---
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 diff --git a/src/fips.c b/src/fips.c
 index 272aabae..774e7b4c 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -365,7 +365,6 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
         case GCRY_CIPHER_MODE_OFB:
         case GCRY_CIPHER_MODE_CTR:
         case GCRY_CIPHER_MODE_CCM:
 -        case GCRY_CIPHER_MODE_GCM:
         case GCRY_CIPHER_MODE_XTS:
         case GCRY_CIPHER_MODE_AESWRAP:
           return GPG_ERR_NO_ERROR;
 --
--- a/SOURCES/libgcrypt-1.10.0-fips-integrity.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-integrity.patch
--- a/SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
@ -1,190 +0,0 @@
 From 3c8b6c4a9cad59c5e1db5706f6774a3141b60210 Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Thu, 17 Feb 2022 10:28:05 +0900
 Subject: [PATCH] fips: Fix gen-note-integrity.sh script not to use cmp
 utility.
 * src/gen-note-integrity.sh: Simplify detecting 32-bit machine
 or 64-bit machine.
 --
 GnuPG-bug-id: 5835
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 ---
 src/gen-note-integrity.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
 index 969fdca6..878d7095 100755
 --- a/src/gen-note-integrity.sh
 +++ b/src/gen-note-integrity.sh
@@ -73,9 +73,9 @@ FILE=.libs/libgcrypt.so
 #
 # Fixup the ELF header to clean up section information
 #
 -printf '%b' '\002' > 2.bin
 -dd ibs=1 skip=4 count=1 if=$FILE status=none > class-byte.bin
 -if cmp class-byte.bin 2.bin; then
 +BYTE002=$(printf '%b' '\002')
 +CLASS_BYTE=$(dd ibs=1 skip=4 count=1 if=$FILE status=none)
 +if test "$CLASS_BYTE" = "$BYTE002"; then
     CLASS=64
     HEADER_SIZE=64
 else
@@ -112,4 +112,4 @@ END { print offset}")
  dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
  | ./hmac256 --stdkey --binary
 -rm -f 2.bin class-byte.bin header-fixed.bin
 +rm -f header-fixed.bin
 -- 
 2.39.1
 From 052c5ef4cea56772b7015e36f231fa0bcbf91410 Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Thu, 17 Feb 2022 11:21:35 +0900
 Subject: [PATCH] fips: Clarify what to be hashed for the integrity check.
 * src/fips.c (get_file_offset): Compute the maximum offset
 of segments.
 * src/gen-note-integrity.sh: Likewise.
 --
 The result is same (in current format of ELF program).
 Semantics is more clear.  It hashes:
  - From the start of shared library file,
  - fixed up the ELF header to exclude link-time information,
  - up to the last segment.
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 ---
 src/fips.c                | 20 +++++++++-----------
 src/gen-note-integrity.sh | 20 ++++++++++++++------
 2 files changed, 23 insertions(+), 17 deletions(-)
 diff --git a/src/fips.c b/src/fips.c
 index d798d577..89f8204b 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -595,7 +595,7 @@ run_random_selftests (void)
 /*
  * In the ELF file opened as FP, fill the ELF header to the pointer
 - * EHDR_P, determine the offset of last loadable segment in R_OFFSET.
 + * EHDR_P, determine the maximum offset of segments in R_OFFSET.
  * Also, find the section which contains the hmac value and return it
  * in HMAC.  Rewinds FP to the beginning on success.
  */
@@ -624,24 +624,22 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
   if (fseek (fp, ehdr_p->e_phoff, SEEK_SET) != 0)
     return gpg_error_from_syserror ();
 -  /* Iterate over the program headers, determine the last loadable
 -     segment.  */
 +  /* Iterate over the program headers, determine the last offset of
 +     segments.  */
   for (i = 0; i < ehdr_p->e_phnum; i++)
     {
 +      unsigned long off;
 +
       if (fread (&phdr, sizeof (phdr), 1, fp) != 1)
         return gpg_error_from_syserror ();
 -      if (phdr.p_type == PT_PHDR)
 -        continue;
 -
 -      if (phdr.p_type != PT_LOAD)
 -        break;
 -
 -      off_segment = phdr.p_offset + phdr.p_filesz;
 +      off = phdr.p_offset + phdr.p_filesz;
 +      if (off_segment < off)
 +        off_segment = off;
     }
   if (!off_segment)
 -    /* The segment not found in the file */
 +    /* No segment found in the file */
     return gpg_error (GPG_ERR_INV_OBJ);
   /* The section header entry size should match the size of the shdr struct */
 diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
 index 878d7095..50071bf5 100755
 --- a/src/gen-note-integrity.sh
 +++ b/src/gen-note-integrity.sh
@@ -95,21 +95,29 @@ else
     dd ibs=1         count=6  if=/dev/zero status=none
 fi > header-fixed.bin
 -# Compute the end of loadable segment.
 +#
 +# Compute the end of segments, and emit the COUNT to read
 +# (For each segment in program headers, calculate the offset
 +#  and select the maximum)
 #
 # This require computation in hexadecimal, and GNU awk needs
 # --non-decimal-data option
 #
 -OFFSET=$($READELF --wide --program-headers $FILE | \
 -         $AWK $AWK_OPTION "/^  LOAD/ { offset=\$2+\$5-$HEADER_SIZE }\
 -END { print offset}")
 +COUNT=$($READELF --wide --program-headers $FILE | \
 +         $AWK $AWK_OPTION \
 +"BEGIN { max_offset=0 }
 +/^\$/ { if (program_headers_start) program_headers_end=1 }
 +(program_headers_start && !program_headers_end) { offset = \$2 + \$5 }
 +(max_offset < offset) { max_offset = offset }
 +/^  Type/ { program_headers_start=1 }
 +END { print max_offset- $HEADER_SIZE }")
 #
 -# Feed the header fixed and loadable segments to HMAC256
 +# Feed the header fixed and all segments to HMAC256
 # to generate hmac hash of the FILE
 #
 (cat header-fixed.bin; \
 - dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
 + dd ibs=1 skip=$HEADER_SIZE count=$COUNT if=$FILE status=none) \
  | ./hmac256 --stdkey --binary
 rm -f header-fixed.bin
 -- 
 2.39.1
 From 3fd3bb31597f80c76a94ea62e42d58d796beabf1 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 20 Feb 2023 16:16:01 +0100
 Subject: [PATCH] fips: Check return value from ftell
 * src/fips.c (get_file_offset): Check return value of ftell to be able
  to detect errors.
 --
 Originally reported by coverity.
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/fips.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/src/fips.c b/src/fips.c
 index 272aabae..0d89b6da 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -681,6 +681,8 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
         return gpg_error_from_syserror ();
       off = ftell (fp);
 +      if (off < 0)
 +        return gpg_error_from_syserror ();
       if (shdr.sh_type == SHT_NOTE && shdr.sh_flags == 0 && shdr.sh_size == 48)
         {
           const char header_of_the_note[] = {
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-kdf.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-kdf.patch
@ -1,187 +0,0 @@
 From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
 From: Tobias Heider <tobias.heider@canonical.com>
 Date: Tue, 27 Sep 2022 13:31:05 +0900
 Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in
 FIPS mode.
 * cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check.
 --
 GnuPG-bug-id: 6219
 ---
 cipher/kdf.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/cipher/kdf.c b/cipher/kdf.c
 index 81523320..67c60df8 100644
 --- a/cipher/kdf.c
 +++ b/cipher/kdf.c
@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
     return GPG_ERR_INV_VALUE;
 #endif
 +  /* Check minimum key size */
 +  if (fips_mode () && dklen < 14)
 +    return GPG_ERR_INV_VALUE;
 +
   /* Step 2 */
   l = ((dklen - 1)/ hlen) + 1;
 -- 
 2.37.3
 From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 4 Oct 2022 12:44:54 +0200
 Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode
 * tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
  verify it fails in FIPS mode
 --
 GnuPG-bug-id: 6219
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/t-kdf.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
 diff --git a/tests/t-kdf.c b/tests/t-kdf.c
 index c0192d7b..716fb53e 100644
 --- a/tests/t-kdf.c
 +++ b/tests/t-kdf.c
@@ -909,6 +909,14 @@ check_pbkdf2 (void)
       "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
       "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6"
     },
 +    {
 +      "password", 8,
 +      "salt", 4,
 +      GCRY_MD_SHA1,
 +      1,
 +      10, /* too short dklen for FIPS */
 +      "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
 +    },
     {
       "password", 8,
       "salt", 4,
@@ -1109,7 +1117,7 @@ check_pbkdf2 (void)
                              GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
                              tv[tvidx].salt, tv[tvidx].saltlen,
                              tv[tvidx].c, tv[tvidx].dklen, outbuf);
 -      if (in_fips_mode && tvidx > 6)
 +      if (in_fips_mode && tvidx > 7)
         {
           if (!err)
             fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
@@ -1118,7 +1126,7 @@ check_pbkdf2 (void)
         }
       if (err)
         {
 -          if (in_fips_mode && tv[tvidx].plen < 14)
 +          if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14))
             {
               if (verbose)
                 fprintf (stderr,
 -- 
 2.37.3
 From f4a861f3e5ae82f278284061e4829c03edf9c3a7 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Fri, 18 Nov 2022 09:49:50 +0900
 Subject: [PATCH] pkdf2: Add checks for FIPS.
 * cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS.
 Set bounds for salt length and iteration count in FIPS mode.
 --
 GnuPG-bug-id: 6039
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/kdf.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 diff --git a/cipher/kdf.c b/cipher/kdf.c
 index d22584da..823c744e 100644
 --- a/cipher/kdf.c
 +++ b/cipher/kdf.c
@@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
     return GPG_ERR_INV_VALUE;
 #endif
 +  /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
 +  if (fips_mode () && passphraselen < 8)
 +    return GPG_ERR_INV_VALUE;
 +
 +  /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
 +  if (fips_mode () && saltlen < 16)
 +    return GPG_ERR_INV_VALUE;
 +
 +  /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
 +  if (fips_mode () && iterations < 1000)
 +    return GPG_ERR_INV_VALUE;
 +
   /* Check minimum key size */
   if (fips_mode () && dklen < 14)
     return GPG_ERR_INV_VALUE;
 -- 
 2.39.0
 From f5fe94810f3099c9ccc2ca3a5891502922ab0576 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 28 Feb 2023 12:53:28 +0100
 Subject: [PATCH] kdf: Update tests in regards to the allowed parameters in
 FIPS mode.
 * cipher/kdf.c (check_one): run selftests for more approved parameters
 and check that wrong parameters correctly fail in FIPS mode.
 --
 Fixes-commit: 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
 GnuPG-bug-id: 5512
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/kdf.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)
 diff --git a/cipher/kdf.c b/cipher/kdf.c
 index 823c744e..12beec56 100644
 --- a/cipher/kdf.c
 +++ b/cipher/kdf.c
@@ -2059,17 +2059,25 @@ check_one (int algo, int hash_algo,
 {
   unsigned char key[512]; /* hardcoded to avoid allocation */
   size_t keysize = expectlen;
 -
 -  /* Skip test with shoter passphrase in FIPS mode.  */
 -  if (fips_mode () && passphraselen < 14)
 -    return NULL;
 +  int rv;
   if (keysize > sizeof(key))
     return "invalid tests data";
 -  if (_gcry_kdf_derive (passphrase, passphraselen, algo,
 -                        hash_algo, salt, saltlen, iterations,
 -                        keysize, key))
 +  rv = _gcry_kdf_derive (passphrase, passphraselen, algo,
 +                         hash_algo, salt, saltlen, iterations,
 +                         keysize, key);
 +  /* In fips mode we have special requirements for the input and
 +   * output parameters */
 +  if (fips_mode ())
 +    {
 +      if (rv && (passphraselen < 8 || saltlen < 16 ||
 +                 iterations < 1000 || expectlen < 14))
 +        return NULL;
 +      else if (rv)
 +        return "gcry_kdf_derive unexpectedly failed in FIPS Mode";
 +    }
 +  else if (rv)
     return "gcry_kdf_derive failed";
   if (memcmp (key, expect, expectlen))
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-keygen.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-keygen.patch
@ -1,55 +0,0 @@
 From cd30ed3c0d715aa0c58a32a29cfb1476163a5b94 Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Wed, 20 Apr 2022 15:09:41 +0900
 Subject: [PATCH] cipher: Change the bounds for RSA key generation round.
 * cipher/rsa.c (generate_fips): Use 10 for p, 20 for q.
 --
 Constants from FIPS 186-5-draft.
 GnuPG-bug-id: 5919
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 ---
 cipher/rsa.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/cipher/rsa.c b/cipher/rsa.c
 index 486a34f0..771413b3 100644
 --- a/cipher/rsa.c
 +++ b/cipher/rsa.c
@@ -476,7 +476,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
  retry:
   /* generate p and q */
 -  for (i = 0; i < 5 * pbits; i++)
 +  for (i = 0; i < 10 * pbits; i++)
     {
     ploop:
       if (!testparms)
@@ -506,10 +506,10 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
       else if (testparms)
         goto err;
     }
 -  if (i >= 5 * pbits)
 +  if (i >= 10 * pbits)
     goto err;
 -  for (i = 0; i < 5 * pbits; i++)
 +  for (i = 0; i < 20 * pbits; i++)
     {
     qloop:
       if (!testparms)
@@ -555,7 +555,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
       else if (testparms)
         goto err;
     }
 -  if (i >= 5 * pbits)
 +  if (i >= 20 * pbits)
     goto err;
   if (testparms)
 -- 
 2.37.3
--- a/SOURCES/libgcrypt-1.10.0-fips-pct.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-pct.patch
@ -1,145 +0,0 @@
 From 2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Wed, 1 Mar 2023 15:42:29 +0100
 Subject: [PATCH] ecc: Do not allow skipping tests in FIPS Mode.
 * cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests
 in FIPS mode.
 --
 The new FIPS specification requires to run the PCT without any
 exceptions.
 GnuPG-bug-id: 6394
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/cipher/ecc.c b/cipher/ecc.c
 index 1e80200e..797f2368 100644
 --- a/cipher/ecc.c
 +++ b/cipher/ecc.c
@@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         log_debug ("ecgen result  using Ed25519+EdDSA\n");
     }
 -  if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ())
 +  if (fips_mode ())
     test_keys_fips (*r_skey);
  leave:
 -- 
 2.39.2
 From 23a2d1285e35b2eb91bb422609eb1c965c8a9bf6 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Thu, 2 Mar 2023 09:43:44 +0100
 Subject: [PATCH] ecc: Make the PCT recoverable in FIPS mode and consistent
 with RSA.
 * cipher/ecc.c (test_keys_fips): Replace calls to log_fatal with
 return code on error.
 (ecc_generate): Signal error when PCT fails in FIPS mode.
 --
 GnuPG-bug-id: 6397
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/ecc.c | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)
 diff --git a/cipher/ecc.c b/cipher/ecc.c
 index 797f2368..19520db3 100644
 --- a/cipher/ecc.c
 +++ b/cipher/ecc.c
@@ -101,7 +101,7 @@ static void *progress_cb_data;
 /* Local prototypes. */
 static void test_keys (mpi_ec_t ec, unsigned int nbits);
 -static void test_keys_fips (gcry_sexp_t skey);
 +static int test_keys_fips (gcry_sexp_t skey);
 static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
 static unsigned int ecc_get_nbits (gcry_sexp_t parms);
@@ -308,9 +308,10 @@ test_keys (mpi_ec_t ec, unsigned int nbits)
 /* We should get here only with the NIST curves as they are the only ones
  * having the fips bit set in ecc_domain_parms_t struct so this is slightly
  * simpler than the whole ecc_generate function */
 -static void
 +static int
 test_keys_fips (gcry_sexp_t skey)
 {
 +  int result = -1; /* Default to failure */
   gcry_md_hd_t hd = NULL;
   const char *data_tmpl = "(data (flags rfc6979) (hash %s %b))";
   gcry_sexp_t sig = NULL;
@@ -323,18 +324,27 @@ test_keys_fips (gcry_sexp_t skey)
   /* Open MD context and feed the random data in */
   rc = _gcry_md_open (&hd, GCRY_MD_SHA256, 0);
   if (rc)
 -    log_fatal ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
 +    {
 +      log_error ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
 +      goto leave;
 +    }
   _gcry_md_write (hd, plaintext, sizeof(plaintext));
   /* Sign the data */
   rc = _gcry_pk_sign_md (&sig, data_tmpl, hd, skey, NULL);
   if (rc)
 -    log_fatal ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
 +    {
 +      log_error ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
 +      goto leave;
 +    }
   /* Verify this signature.  */
   rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
   if (rc)
 -    log_fatal ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
 +    {
 +      log_error ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
 +      goto leave;
 +    }
   /* Modify the data and check that the signing fails.  */
   _gcry_md_reset(hd);
@@ -342,10 +352,16 @@ test_keys_fips (gcry_sexp_t skey)
   _gcry_md_write (hd, plaintext, sizeof(plaintext));
   rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
   if (rc != GPG_ERR_BAD_SIGNATURE)
 -    log_fatal ("ECDSA operation: signature verification worked on modified data\n");
 +    {
 +      log_error ("ECDSA operation: signature verification worked on modified data\n");
 +      goto leave;
 +    }
 +  result = 0;
 +leave:
   _gcry_md_close (hd);
   sexp_release (sig);
 +  return result;
 }
@@ -677,8 +693,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         log_debug ("ecgen result  using Ed25519+EdDSA\n");
     }
 -  if (fips_mode ())
 -    test_keys_fips (*r_skey);
 +  if (fips_mode () && test_keys_fips (*r_skey))
 +    {
 +      sexp_release (*r_skey); r_skey = NULL;
 +      fips_signal_error ("self-test after key generation failed");
 +      rc = GPG_ERR_SELFTEST_FAILED;
 +    }
  leave:
   mpi_free (public);
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
@ -1,109 +0,0 @@
 From bf1e62e59200b2046680d1d3d1599facc88cfe63 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 29 Nov 2022 14:04:59 +0100
 Subject: [PATCH] rsa: Prevent usage of long salt in FIPS mode
 * cipher/rsa-common.c (_gcry_rsa_pss_encode): Prevent usage of large
  salt lengths
  (_gcry_rsa_pss_verify): Ditto.
 * tests/basic.c (check_pubkey_sign): Check longer salt length fails in
  FIPS mode
 * tests/t-rsa-pss.c (one_test_sexp): Fix function name in error message
 ---
 cipher/rsa-common.c | 14 ++++++++++++++
 tests/basic.c       | 19 ++++++++++++++++++-
 tests/t-rsa-pss.c   |  2 +-
 3 files changed, 33 insertions(+), 2 deletions(-)
 diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
 index 233ddb2d..61cd60a4 100644
 --- a/cipher/rsa-common.c
 +++ b/cipher/rsa-common.c
@@ -809,6 +809,13 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
   hlen = _gcry_md_get_algo_dlen (algo);
   gcry_assert (hlen);  /* We expect a valid ALGO here.  */
 +  /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
 +  if (fips_mode () && saltlen > hlen)
 +    {
 +      rc = GPG_ERR_INV_ARG;
 +      goto leave;
 +    }
 +
   /* Allocate a help buffer and setup some pointers.  */
   buflen = 8 + hlen + saltlen + (emlen - hlen - 1);
   buf = xtrymalloc (buflen);
@@ -950,6 +957,13 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, int hashed_already,
   hlen = _gcry_md_get_algo_dlen (algo);
   gcry_assert (hlen);  /* We expect a valid ALGO here.  */
 +  /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
 +  if (fips_mode () && saltlen > hlen)
 +    {
 +      rc = GPG_ERR_INV_ARG;
 +      goto leave;
 +    }
 +
   /* Allocate a help buffer and setup some pointers.
      This buffer is used for two purposes:
         +------------------------------+-------+
 diff --git a/tests/basic.c b/tests/basic.c
 index 77e2fd93..429bd237 100644
 --- a/tests/basic.c
 +++ b/tests/basic.c
@@ -16602,6 +16602,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
     const char *data;
     int algo;
     int expected_rc;
 +    int flags;
   } datas[] =
     {
       { "(data\n (flags pkcs1)\n"
@@ -16672,6 +16673,22 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
         " (random-override #4253647587980912233445566778899019283747#))\n",
 	GCRY_PK_RSA,
 	0 },
 +      { "(data\n (flags pss)\n"
 +	" (hash-algo sha256)\n"
 +	" (value #11223344556677889900AABBCCDDEEFF#)\n"
 +	" (salt-length 2:32)\n"
 +        " (random-override #42536475879809122334455667788990192837465564738291"
 +                           "00122334455667#))\n",
 +	GCRY_PK_RSA,
 +	0 },
 +      { "(data\n (flags pss)\n"
 +	" (hash-algo sha256)\n"
 +	" (value #11223344556677889900AABBCCDDEEFF#)\n"
 +	" (salt-length 2:33)\n"
 +        " (random-override #42536475879809122334455667788990192837465564738291"
 +                           "0012233445566778#))\n",
 +	GCRY_PK_RSA,
 +	0, FLAG_NOFIPS },
       { NULL }
     };
@@ -16695,7 +16712,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	die ("converting data failed: %s\n", gpg_strerror (rc));
       rc = gcry_pk_sign (&sig, hash, skey);
 -      if (in_fips_mode && (flags & FLAG_NOFIPS))
 +      if (in_fips_mode && (flags & FLAG_NOFIPS || datas[dataidx].flags & FLAG_NOFIPS))
         {
           if (!rc)
             fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
 diff --git a/tests/t-rsa-pss.c b/tests/t-rsa-pss.c
 index c5f90116..82dd54b3 100644
 --- a/tests/t-rsa-pss.c
 +++ b/tests/t-rsa-pss.c
@@ -340,7 +340,7 @@ one_test_sexp (const char *n, const char *e, const char *d,
     snprintf (p, 3, "%02x", out[i]);
   if (strcmp (sig_string, s))
     {
 -      fail ("gcry_pkhash_sign failed: %s",
 +      fail ("gcry_pk_hash_sign failed: %s",
             "wrong value returned");
       info ("  expected: '%s'", s);
       info ("       got: '%s'", sig_string);
 -- 
 2.39.0
--- a/SOURCES/libgcrypt-1.10.0-fips-selftest.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-selftest.patch
--- a/SOURCES/libgcrypt-1.10.0-fips-status-sign-verify.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-status-sign-verify.patch
@ -1,46 +0,0 @@
 From 654d0dfa04993ebe28c0536d42f4bc6d87c28369 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Wed, 1 Mar 2023 17:14:00 +0100
 Subject: [PATCH] visibility: Check FIPS operational status for MD+Sign
 operation.
 * src/visibility.c (gcry_pk_hash_sign): Check fips status before
 calling the operation itself.
 (gcry_pk_hash_verify): Ditto.
 --
 GnuPG-bug-id: 6396
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/visibility.c | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/src/visibility.c b/src/visibility.c
 index 73db3dea..1f17e147 100644
 --- a/src/visibility.c
 +++ b/src/visibility.c
@@ -1050,6 +1050,11 @@ gcry_error_t
 gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey,
                    gcry_md_hd_t hd, gcry_ctx_t ctx)
 {
 +  if (!fips_is_operational ())
 +    {
 +      *result = NULL;
 +      return gpg_error (fips_not_operational ());
 +    }
   return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx));
 }
@@ -1065,6 +1070,8 @@ gcry_error_t
 gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey,
                      gcry_md_hd_t hd, gcry_ctx_t ctx)
 {
 +  if (!fips_is_operational ())
 +    return gpg_error (fips_not_operational ());
   return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx));
 }
 -- 
 2.39.2
--- a/SOURCES/libgcrypt-1.10.0-fips-x931.patch
+++ b/SOURCES/libgcrypt-1.10.0-fips-x931.patch
@ -1,139 +0,0 @@
 From 06ea5b5332ffdb44a0a394d766be8989bcb6a95c Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 6 Dec 2022 10:03:47 +0900
 Subject: [PATCH] fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
 * cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
 in FIPS mode.
 * tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
 (check_run): Skip checking X9.31 keys in FIPS mode.
 * doc/gcrypt.texi: Document "test-parms" and clarify some cases around
 the X9.31 keygen.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/rsa.c    |  5 +++++
 doc/gcrypt.texi | 41 ++++++++++++++++++++++++++++++++++++-----
 tests/pubkey.c  | 15 +++++++++++++--
 3 files changed, 54 insertions(+), 7 deletions(-)
 diff --git a/cipher/rsa.c b/cipher/rsa.c
 index df4af94b..45523e6b 100644
 --- a/cipher/rsa.c
 +++ b/cipher/rsa.c
@@ -1256,6 +1256,11 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
     {
       int swapped;
 +      if (fips_mode ())
 +        {
 +          sexp_release (deriveparms);
 +          return GPG_ERR_INV_SEXP;
 +        }
       ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
       sexp_release (deriveparms);
       if (!ec && swapped)
 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
 index d0372f3e..e845a4dd 100644
 --- a/doc/gcrypt.texi
 +++ b/doc/gcrypt.texi
@@ -2699,8 +2699,7 @@ achieve fastest ECC key generation.
 Force the use of the ANSI X9.31 key generation algorithm instead of
 the default algorithm. This flag is only meaningful for RSA key
 generation and usually not required.  Note that this algorithm is
 -implicitly used if either @code{derive-parms} is given or Libgcrypt is
 -in FIPS mode.
 +implicitly used if either @code{derive-parms} is given.
 @item use-fips186
 @cindex FIPS 186
@@ -3310,9 +3309,9 @@ This is currently only implemented for RSA and DSA keys.  It is not
 allowed to use this together with a @code{domain} specification.  If
 given, it is used to derive the keys using the given parameters.
 -If given for an RSA key the X9.31 key generation algorithm is used
 -even if libgcrypt is not in FIPS mode.  If given for a DSA key, the
 -FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
 +If given for an RSA key, the X9.31 key generation algorithm is used.
 +If given for a DSA key, the FIPS 186 algorithm is used even if
 +libgcrypt is not in FIPS mode.
 @example
 (genkey
@@ -3342,6 +3341,38 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
       (seed @var{seed-mpi}))))
 @end example
 +@item test-parms @var{list}
 +This is currently only implemented for RSA keys. If given, the
 +libgcrypt will not generate parameter, but tests whether the p,q is
 +probably prime. Returns key with zeroes.
 +
 +The FIPS key generation algorithm is used even if libgcrypt is not
 +in FIPS mode.
 +
 +@example
 +(genkey
 +  (rsa
 +    (nbits 4:1024)
 +    (rsa-use-e 1:3)
 +    (test-parms
 +      (e "65537")
 +      (p #00bbccabcee15d343944a47e492d4b1f4de79633e2
 +          0cbb46f7d2d6813392a807ad048cf77528edd19f77
 +          e7453f25173b9dcb70423afa2037aae147b81a33d5
 +          41fc58f875eff1e852ab55e2e09a3debfbc151b3b0
 +          d17fef6f74d81fca14fbae531418e211ef818592af
 +          70de5cec3b92795cc3578572bf456099cd8727150e
 +          523261#)
 +      (q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc
 +          34ecc563d587f166b52d42bfbe22bbc095b0b8426a
 +          2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b
 +          63481322911ebbd7014db83aa051e0ca2dbf302b75
 +          cd37f2ae8df90e134226e92f6353a284b28bb30af0
 +          bbf925b345b955328379866ebac11d55bc80fe84f1
 +          05d415#)
 +
 +@end example
 +
 @item flags @var{flaglist}
 This is preferred way to define flags.  @var{flaglist} may contain any
 diff --git a/tests/pubkey.c b/tests/pubkey.c
 index bc44f3a5..2669b41a 100644
 --- a/tests/pubkey.c
 +++ b/tests/pubkey.c
@@ -430,7 +430,17 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
   rc = gcry_pk_genkey (&key, key_spec);
   gcry_sexp_release (key_spec);
   if (rc)
 -    die ("error generating RSA key: %s\n", gcry_strerror (rc));
 +    {
 +      if (in_fips_mode)
 +        {
 +          if (verbose)
 +            fprintf (stderr, "The X9.31 RSA keygen is not available in FIPS modee.\n");
 +          return;
 +        }
 +      die ("error generating RSA key: %s\n", gcry_strerror (rc));
 +    }
 +  else if (in_fips_mode)
 +    die ("generating X9.31 RSA key unexpected worked in FIPS mode\n");
   if (verbose > 1)
     show_sexp ("generated RSA (X9.31) key:\n", key);
@@ -777,7 +787,8 @@ check_run (void)
   if (verbose)
     fprintf (stderr, "Checking generated RSA key (X9.31).\n");
   get_keys_x931_new (&pkey, &skey);
 -  check_keys (pkey, skey, 800, 0);
 +  if (!in_fips_mode)
 +    check_keys (pkey, skey, 800, 0);
   gcry_sexp_release (pkey);
   gcry_sexp_release (skey);
   pkey = skey = NULL;
 -- 
 2.39.0
--- a/SOURCES/libgcrypt-1.10.0-ppc-hwf.patch
+++ b/SOURCES/libgcrypt-1.10.0-ppc-hwf.patch
@ -1,29 +0,0 @@
 From 29bfb3ebbc63d7ed18b916c5c6946790fb3d15df Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 1 Apr 2022 09:49:20 +0300
 Subject: [PATCH] hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature
 * src/hwf-ppc.c (ppc_features): Add HWF_PPC_ARCH_3_10.
 --
 GnuPG-bug-id: T5913
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 src/hwf-ppc.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/hwf-ppc.c b/src/hwf-ppc.c
 index 7801f8b0..11d14dc1 100644
 --- a/src/hwf-ppc.c
 +++ b/src/hwf-ppc.c
@@ -103,6 +103,7 @@ static const struct feature_map_s ppc_features[] =
     { 0, PPC_FEATURE2_VEC_CRYPTO, HWF_PPC_VCRYPTO },
 #endif
     { 0, PPC_FEATURE2_ARCH_3_00, HWF_PPC_ARCH_3_00 },
 +    { 0, PPC_FEATURE2_ARCH_3_10, HWF_PPC_ARCH_3_10 },
   };
 #endif
 -- 
 2.34.1
--- a/SOURCES/libgcrypt-1.10.0-sha3-large.patch
+++ b/SOURCES/libgcrypt-1.10.0-sha3-large.patch
@ -1,621 +0,0 @@
 From 2c1bb2f34f2812888f75c476037afae6d9e21798 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Fri, 23 Sep 2022 18:39:20 +0200
 Subject: [PATCH] keccak: Use size_t to avoid integer overflow
 Any input to the SHA3 functions > 4GB was giving wrong result when it
 was invoked in one-shot, while working correctly when it was fed by
 chunks. It turned out that the calculation in the `keccak_write`
 overflows the `unsigned int` type (`nlanes * 8` does not fit 32b when
 the `inlen` > 4GB).
 * cipher/keccak-armv7-neon.S: Fix function name in comment and change
  parameter type to size_t
 * cipher/keccak.c (keccak_ops_t): Change absorb function signature to
  use size_t
  (keccak_absorb_lanes64_avx512): Change nlanes type to size_t
  (_gcry_keccak_absorb_lanes64_armv7_neon): Ditto.
  (keccak_absorb_lanes64_armv7_neon): Ditto.
  (keccak_absorb_lanes32bi): Ditto.
  (keccak_absorb_lanes32bi_bmi2): Ditto.
  (keccak_write): Change nlanes variable to use size_t and avoid
  overflow when calculating count.
 * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change
  nlanes argument to use size_t.
 ---
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/keccak-armv7-neon.S | 10 +++++-----
 cipher/keccak.c            | 20 ++++++++++----------
 cipher/keccak_permute_64.h |  2 +-
 3 files changed, 16 insertions(+), 16 deletions(-)
 diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S
 index 0bec8d50..28a284a1 100644
 --- a/cipher/keccak-armv7-neon.S
 +++ b/cipher/keccak-armv7-neon.S
@@ -467,11 +467,11 @@ _gcry_keccak_permute_armv7_neon:
 .ltorg
 .size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon;
 -@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4
 -@					    int pos,    @r1
 -@					    const byte *lanes,   @r2
 -@					    unsigned int nlanes, @r3
 -@					    int blocklanes) @ r5 callable from C
 +@//unsigned _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, @r4
 +@						int pos,    @r1
 +@						const byte *lanes,   @r2
 +@						size_t nlanes, @r3
 +@						int blocklanes) @ r5 callable from C
 .p2align 3
 .global   _gcry_keccak_absorb_lanes64_armv7_neon
 .type  _gcry_keccak_absorb_lanes64_armv7_neon,%function;
 diff --git a/cipher/keccak.c b/cipher/keccak.c
 index e7e42473..6c385f71 100644
 --- a/cipher/keccak.c
 +++ b/cipher/keccak.c
@@ -131,7 +131,7 @@ typedef struct
 {
   unsigned int (*permute)(KECCAK_STATE *hd);
   unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes,
 -			 unsigned int nlanes, int blocklanes);
 +			 size_t nlanes, int blocklanes);
   unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf,
 			   unsigned int outlen);
 } keccak_ops_t;
@@ -513,7 +513,7 @@ static const keccak_ops_t keccak_avx512_64_ops =
 unsigned int _gcry_keccak_permute_armv7_neon(u64 *state);
 unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos,
 						    const byte *lanes,
 -						    unsigned int nlanes,
 +						    size_t nlanes,
 						    int blocklanes);
 static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
@@ -523,7 +523,7 @@ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
 static unsigned int
 keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes,
 -				 unsigned int nlanes, int blocklanes)
 +				 size_t nlanes, int blocklanes)
 {
   if (blocklanes < 0)
     {
@@ -571,7 +571,7 @@ static const keccak_ops_t keccak_armv7_neon_64_ops =
 static unsigned int
 keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes,
 -		        unsigned int nlanes, int blocklanes)
 +		        size_t nlanes, int blocklanes)
 {
   unsigned int burn = 0;
@@ -653,7 +653,7 @@ keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1)
 static unsigned int
 keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
 -		             unsigned int nlanes, int blocklanes)
 +		             size_t nlanes, int blocklanes)
 {
   unsigned int burn = 0;
@@ -873,7 +873,8 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
   const byte *inbuf = inbuf_arg;
   unsigned int nburn, burn = 0;
   unsigned int count, i;
 -  unsigned int pos, nlanes;
 +  unsigned int pos;
 +  size_t nlanes;
 #ifdef USE_S390X_CRYPTO
   if (ctx->kimd_func)
@@ -918,8 +919,7 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
       burn = nburn > burn ? nburn : burn;
       inlen -= nlanes * 8;
       inbuf += nlanes * 8;
 -      count += nlanes * 8;
 -      count = count % bsize;
 +      count = ((size_t) count + nlanes * 8) % bsize;
     }
   if (inlen)
 diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h
 index b28c871e..45ef462f 100644
 --- a/cipher/keccak_permute_64.h
 +++ b/cipher/keccak_permute_64.h
@@ -292,7 +292,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
 static unsigned int
 KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes,
 -			      unsigned int nlanes, int blocklanes)
 +			      size_t nlanes, int blocklanes)
 {
   unsigned int burn = 0;
 -- 
 GitLab
 From 910dcbcef36e1cd3de3dde192d829a1513273e14 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Sun, 25 Sep 2022 22:23:22 +0300
 Subject: [PATCH] tests/hashtest: add hugeblock & disable-hwf options and 6 gig
 test vectors
 * .gitignore: Add 'tests/hashtest-6g'.
 * configure.ac: Add 'tests/hashtest-6g'.
 * tests/Makefile: Add 'hashtest-6g'.
 * tests/hashtest-6g.in: New.
 * tests/hashtest-256g.in: Add SHA3-512 to algos.
 * tests/hashtest.c (use_hugeblock): New.
 (testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and
 whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3,
 BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24.
 (run_longtest); Use huge 5 GiB pattern block when requested.
 (main): Add '--hugeblock' and '--disable-hwf' options.
 * tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'.
 ---
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 .gitignore             |   1 +
 configure.ac           |   1 +
 tests/Makefile.am      |   9 +-
 tests/hashtest-256g.in |   2 +-
 tests/hashtest-6g.in   |   7 ++
 tests/hashtest.c       | 249 +++++++++++++++++++++++++++++++++++++++--
 tests/testdrv.c        |   7 +-
 7 files changed, 261 insertions(+), 15 deletions(-)
 create mode 100644 tests/hashtest-6g.in
 diff --git a/configure.ac b/configure.ac
 index c8f24dcc..c39257b5 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -3511,6 +3511,7 @@ src/libgcrypt.pc
 src/versioninfo.rc
 tests/Makefile
 ])
 +AC_CONFIG_FILES([tests/hashtest-6g], [chmod +x tests/hashtest-6g])
 AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g])
 AC_CONFIG_FILES([tests/basic-disable-all-hwf], [chmod +x tests/basic-disable-all-hwf])
 AC_OUTPUT
 diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 302d923b..75aa5cf7 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
@@ -44,13 +44,14 @@ tests_bin_last = benchmark bench-slope
 tests_sh = basic-disable-all-hwf
 -tests_sh_last = hashtest-256g
 +tests_sh_last = hashtest-6g hashtest-256g
 TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last)
 # Force sequential run of some tests.
 bench-slope.log:    benchmark.log
 -hashtest-256g.log:  bench-slope.log
 +hashtest-6g.log:    bench-slope.log
 +hashtest-256g.log:  hashtest-6g.log
 TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1
@@ -76,8 +77,8 @@ CLEANFILES = testdrv-build
 EXTRA_DIST = README rsa-16k.key \
 	     pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \
 	     t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \
 -	     t-rsa-pss.inp stopwatch.h hashtest-256g.in sha3-224.h \
 -	     sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
 +	     t-rsa-pss.inp stopwatch.h hashtest-6g.in hashtest-256g.in \
 +	     sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
 	     basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
 LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
 diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in
 index a52b8692..44b69897 100755
 --- a/tests/hashtest-256g.in
 +++ b/tests/hashtest-256g.in
@@ -1,6 +1,6 @@
 #!/bin/sh
 -algos="SHA1 SHA256 SHA512 SM3"
 +algos="SHA1 SHA256 SHA512 SHA3-512 SM3"
 test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
 echo "      now running 256 GiB tests for $algos - this takes looong"
 diff --git a/tests/hashtest-6g.in b/tests/hashtest-6g.in
 new file mode 100644
 index 00000000..b3f3e2ff
 --- /dev/null
 +++ b/tests/hashtest-6g.in
@@ -0,0 +1,7 @@
 +#!/bin/sh
 +
 +algos="SHA1 SHA256 SHA512 SHA3-512 SM3 BLAKE2S_256 BLAKE2B_512 CRC32 CRC24RFC2440"
 +
 +test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
 +echo "      now running 6 GiB tests for $algos - this can take long"
 +exec ./hashtest@EXEEXT@ --hugeblock --gigs 6 $algos
 diff --git a/tests/hashtest.c b/tests/hashtest.c
 index 4c9704f3..9389e50c 100644
 --- a/tests/hashtest.c
 +++ b/tests/hashtest.c
@@ -34,6 +34,7 @@
 #define PGM "hashtest"
 #include "t-common.h"
 +static int use_hugeblock;
 static int missing_test_vectors;
 static struct {
@@ -113,6 +114,169 @@ static struct {
   { GCRY_MD_SM3, 256, +64,
     "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" },
 +  { GCRY_MD_BLAKE2S_256, 256, -64,
 +    "8a3d4f712275e8e8da70c76501cce364c75f8dd09748be58cf63c9ce38d62627" },
 +  { GCRY_MD_BLAKE2S_256, 256, -1,
 +    "0c01c9ad1e60e27dc889f2c9034a949ca8b9a9dc90dd99be64963af306d47b92" },
 +  { GCRY_MD_BLAKE2S_256, 256, +0,
 +    "f8c43d5c4bad93aca702c8c466987c5ac5e640a29b37dd9904252ff27b2348a0" },
 +  { GCRY_MD_BLAKE2S_256, 256, +1,
 +    "24c34b167b4eea1a7eb7d572ff3cf669a9856ea91bb112e9ef2ccd4b1aceccb4" },
 +  { GCRY_MD_BLAKE2S_256, 256, +64,
 +    "2f8d754f98e2d4ed7744389f89d0bdb9b770c9fa215b8badd3129ea1364af867" },
 +
 +  { GCRY_MD_BLAKE2B_512, 256, -64,
 +    "36d32ae4deeacab4119401c52e2aec5545675bd2dce4f67871ddc73671a05f94"
 +    "e8332c2a31f32f5601878606a571aa7b43029dac3ae71cf9ef141d05651dc4bf" },
 +  { GCRY_MD_BLAKE2B_512, 256, -1,
 +    "b5dc439f51664a6c9cbc87e2de98ce608ac4064a779e5140909d75d2120c9b2a"
 +    "a1d4ae7be9c1ba97025be91ddcfbe42c791c3231cffbfa4b5368ba18f9590e1b" },
 +  { GCRY_MD_BLAKE2B_512, 256, +0,
 +    "c413d011ba9abbf118dd96bfc827f5fd94493d8350df9f7aff834faace5adba2"
 +    "0c3037069dfb2c81718ffc7b418ce1c1320d334b6fe8cddfb5d2dd19eb530853" },
 +  { GCRY_MD_BLAKE2B_512, 256, +1,
 +    "b6dfb821f1c8167fb33995c29485010da56abd539c3d04ab9c222844301b8bba"
 +    "6f57a48e45a748e40847084b93f26706aae82212550671c736becffcc6fb1496" },
 +  { GCRY_MD_BLAKE2B_512, 256, +64,
 +    "8c21316a4a02044e302d503d0fe669d905c40d9d80ecd5aafc8e30f1df06736f"
 +    "51fdaf6002160bb8fe4e868eaad9623fc5ecdd728bcbfee4a19b386503710f48" },
 +
 +  { GCRY_MD_WHIRLPOOL, 256, -64,
 +    "aabf62344c1aa82d2dc7605f339b3571d540f1f320f97e6a8c0229645ee61f1f"
 +    "da796acde2f96caa1c56eb2c2f9a6029a6242ad690479def66feac44334cc3af" },
 +  { GCRY_MD_WHIRLPOOL, 256, -1,
 +    "9a35ec14aa9cefd40e04295d45d39f3111a98c2d76d90c54a7d2b8f2f5b9302b"
 +    "79663eab6b6674625c3ae3e4b5dbb3b0a2f5b2f49a7a59cd1723e2b16a3efea2" },
 +  { GCRY_MD_WHIRLPOOL, 256, +0,
 +    "818ad31a5110b6217cc6ffa099d554aaadc9566bf5291e104a5d58b21d51ae4d"
 +    "c216c6de888d1359066c584e24e6606f530a3fce80ef78aed8564de4a28801c8" },
 +  { GCRY_MD_WHIRLPOOL, 256, +1,
 +    "298805f5fc68488712427c1bcb27581d91aa04337c1c6b4657489ed3d239bb8b"
 +    "c70ef654065d380ac1f5596aca5cb59e6da8044b5a067e32ea4cd94ca606f9f3" },
 +  { GCRY_MD_WHIRLPOOL, 256, +64,
 +    "7bd35c3bee621bc0fb8907904b3b84d6cf4fae4c22cc64fbc744c8c5c8de806d"
 +    "0f11a27892d531dc907426597737762c83e3ddcdc62f50d16d130aaefaeec436" },
 +
 +  { GCRY_MD_SHA1, 6, -64,
 +    "eeee82d952403313bd63d6d7c8e342df0a1eea77" },
 +  { GCRY_MD_SHA1, 6, -1,
 +    "8217b9f987d67db5880bcfff1d6763a6514d629f" },
 +  { GCRY_MD_SHA1, 6, +0,
 +    "2b38aa63c05668217e5331320a4aee0adad7fc3b" },
 +  { GCRY_MD_SHA1, 6, +1,
 +    "f3222de4d0704554cff0a537bc95b30f15daa94f" },
 +  { GCRY_MD_SHA1, 6, +64,
 +    "b3bdd8065bb92d8208d55d28fad2281c6fbf2601" },
 +
 +  { GCRY_MD_SHA256, 6, -64,
 +    "a2d5add5be904b70d6ef9bcd5feb9c6cfc2be0799732a122d9eccb576ff5a922" },
 +  { GCRY_MD_SHA256, 6, -1,
 +    "88293b7e0e5a47fdef1148c6e510f95272770db6b5296958380209ba57db7a5d" },
 +  { GCRY_MD_SHA256, 6, +0,
 +    "ccee8e8dfc366eba67471e49c45057b0041be0d2206c6de1aa765ce07ecfc434" },
 +  { GCRY_MD_SHA256, 6, +1,
 +    "f4a89e92b38e0e61ee17079dc31411de06cfe1f77c83095ae1a2e7aa0205d94b" },
 +  { GCRY_MD_SHA256, 6, +64,
 +    "338708608c2356ed2927a85b08fe745223c6140243fb3a87f309e12b31b946a8" },
 +
 +  { GCRY_MD_SHA512, 6, -64,
 +    "658f52850932633c00b2f1d65b874c540ab84e2c0fe84a8a6c35f8e90e6f6a9c"
 +    "2f7e0ccca5064783562a42ad8f47eab48687aaf6998b04ee94441e82c14e834d" },
 +  { GCRY_MD_SHA512, 6, -1,
 +    "9ead6d66b46a3a72d77c7990874cfebc1575e5bfda6026430d76b3db6cc62d52"
 +    "4ca0dd2674b9c24208b2e780d75542572eee8df6724acadcc23a03eed8f82f0a" },
 +  { GCRY_MD_SHA512, 6, +0,
 +    "03e4549eb28bd0fb1606c321f1498503b5e889bec8d799cf0688567c7f8ac0d9"
 +    "a7ec4e84d1d729d6a359797656e286617c3ef82abb51991bb576aaf05f7b6573" },
 +  { GCRY_MD_SHA512, 6, +1,
 +    "ffe52f6385ccde6fa7d45845787d8f9993fdcb5833fb58b13c424a84e39ea50f"
 +    "52d40e254fe667cb0104ffe3837dc8d0eee3c81721cb8eac10d5851dfb1f91db" },
 +  { GCRY_MD_SHA512, 6, +64,
 +    "4a19da3d5eaaa79ac1eaff5e4062f23ee56573411f8d302f7bf3c6da8779bd00"
 +    "a936e9ad7f535597a49162ed308b0cced7724667f97a1bb24540152fcfe3ec95" },
 +
 +  { GCRY_MD_SHA3_512, 6, -64,
 +    "a99f2913d3beb9b45273402e30daa4d25c7a5e9eb8cf6039996eb2292a45c04c"
 +    "b9e3a1a187f71920626f465ed6cf7dc34047ec5578e05516374bb9c56683903a" },
 +  { GCRY_MD_SHA3_512, 6, -1,
 +    "fca50bde79c55e5fc4c9d97e66eb5cfacef7032395848731e645ca42f07f8d38"
 +    "be1d593727c2a82b9a9bc058ebc9744971f867fa920cfa902023448243ac017b" },
 +  { GCRY_MD_SHA3_512, 6, +0,
 +    "c61bb345c0a553edaa89fd38114ac9799b6d307ba8e3cde53552ad4c77cfe4b7"
 +    "2671d82c1519c8e7b23153a9268e2939239564fc7c2060608aa42955e938840d" },
 +  { GCRY_MD_SHA3_512, 6, +1,
 +    "502a83d8d1b977312806382a45c1cc9c0e7db437ca962e37eb181754d59db686"
 +    "14d91df286d510411adf69f7c9befc1027bdc0c33a48a5dd6ae0957b9061e7ca" },
 +  { GCRY_MD_SHA3_512, 6, +64,
 +    "207bfb83ae788ddd4531188567f0892bbddbbc88d69bc196b2357bee3e668706"
 +    "c27f832ecb50e9ae5b63e9f384bdc37373958d4a14f3825146d2f6b1a65d8e51" },
 +
 +  { GCRY_MD_SM3, 6, -64,
 +    "41d96d19cef4c942b0f5f4cdc3e1afe440dc62c0bc103a2c0e9eee9e1733a74a" },
 +  { GCRY_MD_SM3, 6, -1,
 +    "b7689cc4ef6c7dc795b9e5e6998e5cc3dc1daec02bc1181cdbef8d6812b4957a" },
 +  { GCRY_MD_SM3, 6, +0,
 +    "c6eae4a82052423cf98017bde4dee8769947c66120a1a2ff79f0f0dc945a3272" },
 +  { GCRY_MD_SM3, 6, +1,
 +    "f6590f161fee11529585c7a9dfc725f8b81951e49b616844097a3dbdc9ffdbec" },
 +  { GCRY_MD_SM3, 6, +64,
 +    "f3277fa90c47afe5e4fc52374aadf8e96bc29c2b5a7a4ebf5d704245ada837ea" },
 +
 +  { GCRY_MD_BLAKE2S_256, 6, -64,
 +    "0f3c17610777c34d40a0d11a93d5e5ed444ce16edefebabd0bc8e30392d5c2db" },
 +  { GCRY_MD_BLAKE2S_256, 6, -1,
 +    "92cbcf142c45de9d64da9791c51dce4e32b58f74d9f3d201b1ea74deac765f51" },
 +  { GCRY_MD_BLAKE2S_256, 6, +0,
 +    "b20702cb5a0bee2ab104f38eb513429589310a7edde81dd1f40043be7d16d0de" },
 +  { GCRY_MD_BLAKE2S_256, 6, +1,
 +    "bfc17dc74930989841da05aac08402bf0dcb4a597b17c52402a516ea7e541cdf" },
 +  { GCRY_MD_BLAKE2S_256, 6, +64,
 +    "d85588cdf5a00bec1327da02f22f1a10b68dd9d6b730f30a3aa65af3a51c1722" },
 +
 +  { GCRY_MD_BLAKE2B_512, 6, -64,
 +    "30b6015f94524861b04b83f0455be10a993460e0f8f0fd755fc3d0270b0c7d00"
 +    "039a6e01684ce0689ce4ef70932bd19a676acf4b4ea521c30337d2f445fc2055" },
 +  { GCRY_MD_BLAKE2B_512, 6, -1,
 +    "49abef820ad7fc5e6ed9b63acddce639a69dcd749b0798b140216649bc3b927c"
 +    "637dbe1cb39a41bbafe7f8b675401ccdcf69a7fba227ae4cda5cd28b9ff36776" },
 +  { GCRY_MD_BLAKE2B_512, 6, +0,
 +    "4182a7307a89391b78af9dbc3ba1e8d643708abbed5919086aa6e2bc65ae9597"
 +    "e40229450c86ac5d3117b006427dd0131f5ae4c1a1d64c81420d2731536c81d8" },
 +  { GCRY_MD_BLAKE2B_512, 6, +1,
 +    "33c0d9e65b1b18e9556134a08c1e725c19155bbf6ed4349d7d6d678f1827fef3"
 +    "74b6e3381471f3d3fff7ffbcb9474ce9038143b99e25cd5f8afbb336313d4648" },
 +  { GCRY_MD_BLAKE2B_512, 6, +64,
 +    "d2d7f388611af78a2ea40b06f99993cff156afd25cbc47695bdb567d4d35b992"
 +    "0ff8c325c359a2bdeddf54ececc671ac7b981031e90a7d63d6e0415ec4484282" },
 +
 +  { GCRY_MD_WHIRLPOOL, 6, -64,
 +    "247707d1f9cf31b90ee68527144b1c20ad5ce96293bdccd1a81c8f40bc9df10c"
 +    "e7441ac3b3097162d6fbf4d4b67b8fa09de451e2d920f16aad78c47ab00cb833" },
 +  { GCRY_MD_WHIRLPOOL, 6, -1,
 +    "af49e4a553bdbec1fdafc41713029e0fb1666894753c0ab3ecb280fc5af6eff8"
 +    "253120745a229d7a8b5831711e4fd16ed0741258504d8a47e2b42aa2f1886968" },
 +  { GCRY_MD_WHIRLPOOL, 6, +0,
 +    "f269ffa424bc2aad2da654f01783fc9b2b431219f2b05784d718da0935e78792"
 +    "9207b000ebbfb63dfdcc8adf8e5bd321d9616c1b8357430b9be6cb4640df8609" },
 +  { GCRY_MD_WHIRLPOOL, 6, +1,
 +    "52b77eb13129151b69b63c09abb655dc9cb046cafd4cbf7d4a82ae04b61ef9e6"
 +    "531dde04cae7c5ab400ed8ee8da2e3f490d177289b2b3aa29b12b292954b902c" },
 +  { GCRY_MD_WHIRLPOOL, 6, +64,
 +    "60a950c92f3f08abbc81c41c86ce0463679ffd5ab420e988e15b210615b454ae"
 +    "69607d14a1806fa44aacf8c926fbdcee998af46f56e0c642d3fb4ee54c8fb917" },
 +
 +  { GCRY_MD_CRC32, 6, -64, "20739052" },
 +  { GCRY_MD_CRC32, 6, -1,  "971a5a74" },
 +  { GCRY_MD_CRC32, 6, +0,  "bf48113c" },
 +  { GCRY_MD_CRC32, 6, +1,  "c7678ad5" },
 +  { GCRY_MD_CRC32, 6, +64, "1efa7255" },
 +
 +  { GCRY_MD_CRC24_RFC2440, 6, -64, "747e81" },
 +  { GCRY_MD_CRC24_RFC2440, 6, -1,  "deb97d" },
 +  { GCRY_MD_CRC24_RFC2440, 6, +0,  "7d5bea" },
 +  { GCRY_MD_CRC24_RFC2440, 6, +1,  "acc351" },
 +  { GCRY_MD_CRC24_RFC2440, 6, +64, "9d9032" },
 +
   { 0 }
 };
@@ -251,12 +415,38 @@ run_longtest (int algo, int gigs)
   gcry_md_hd_t hd_post = NULL;
   gcry_md_hd_t hd_post2 = NULL;
   char pattern[1024];
 -  int i, g;
 +  char *hugepattern = NULL;
 +  size_t hugesize;
 +  size_t hugegigs;
 +  int i, g, gppos, gptot;
   const unsigned char *digest;
   unsigned int digestlen;
   memset (pattern, 'a', sizeof pattern);
 +  if (use_hugeblock)
 +    {
 +      hugegigs = 5;
 +      if (sizeof(size_t) >= 8)
 +        {
 +          hugesize = hugegigs*1024*1024*1024;
 +          hugepattern = malloc(hugesize);
 +          if (hugepattern != NULL)
 +            memset(hugepattern, 'a', hugesize);
 +          else
 +            show_note ("failed to allocate %d GiB huge pattern block: %s",
 +                       hugegigs, strerror(errno));
 +        }
 +      else
 +        show_note ("cannot allocate %d GiB huge pattern block on 32-bit system",
 +                   hugegigs);
 +    }
 +  if (hugepattern == NULL)
 +    {
 +      hugegigs = 0;
 +      hugesize = 0;
 +    }
 +
   err = gcry_md_open (&hd, algo, 0);
   if (err)
     {
@@ -267,9 +457,17 @@ run_longtest (int algo, int gigs)
   digestlen = gcry_md_get_algo_dlen (algo);
 -
 -  for (g=0; g < gigs; g++)
 +  gppos = 0;
 +  gptot = 0;
 +  for (g=0; g < gigs; )
     {
 +      if (gppos >= 16)
 +        {
 +          gptot += 16;
 +          gppos -= 16;
 +          show_note ("%d GiB so far hashed with %s", gptot,
 +                     gcry_md_algo_name (algo));
 +        }
       if (g == gigs - 1)
         {
           for (i = 0; i < 1024*1023; i++)
@@ -283,16 +481,24 @@ run_longtest (int algo, int gigs)
             die ("gcry_md_copy failed for %s (%d): %s",
                  gcry_md_algo_name (algo), algo, gpg_strerror (err));
           gcry_md_write (hd, pattern, sizeof pattern);
 +          g++;
 +          gppos++;
 +        }
 +      else if (hugepattern != NULL && gigs - g > hugegigs)
 +        {
 +          gcry_md_write (hd, hugepattern, hugesize);
 +          g += hugegigs;
 +          gppos += hugegigs;
         }
       else
         {
           for (i = 0; i < 1024*1024; i++)
             gcry_md_write (hd, pattern, sizeof pattern);
 +          g++;
 +          gppos++;
         }
 -      if (g && !(g % 16))
 -        show_note ("%d GiB so far hashed with %s", g, gcry_md_algo_name (algo));
     }
 -  if (g >= 16)
 +  if (g >= 16 && gppos)
     show_note ("%d GiB hashed with %s", g, gcry_md_algo_name (algo));
   err = gcry_md_copy (&hd_post, hd);
@@ -335,6 +541,8 @@ run_longtest (int algo, int gigs)
   gcry_md_close (hd_pre2);
   gcry_md_close (hd_post);
   gcry_md_close (hd_post2);
 +
 +  free(hugepattern);
 }
@@ -361,9 +569,12 @@ main (int argc, char **argv)
         {
           fputs ("usage: " PGM " [options] [algos]\n"
                  "Options:\n"
 -                 "  --verbose       print timings etc.\n"
 -                 "  --debug         flyswatter\n"
 -                 "  --gigs N        Run a test on N GiB\n",
 +                 "  --verbose                 print timings etc.\n"
 +                 "  --debug                   flyswatter\n"
 +                 "  --hugeblock               Use 5 GiB pattern block\n"
 +                 "  --gigs N                  Run a test on N GiB\n"
 +                 "  --disable-hwf <features>  Disable hardware acceleration feature(s)\n"
 +                 "                            for benchmarking.\n",
                  stdout);
           exit (0);
         }
@@ -378,6 +589,11 @@ main (int argc, char **argv)
           debug++;
           argc--; argv++;
         }
 +      else if (!strcmp (*argv, "--hugeblock"))
 +        {
 +          use_hugeblock = 1;
 +          argc--; argv++;
 +        }
       else if (!strcmp (*argv, "--gigs"))
         {
           argc--; argv++;
@@ -387,6 +603,21 @@ main (int argc, char **argv)
               argc--; argv++;
             }
         }
 +      else if (!strcmp (*argv, "--disable-hwf"))
 +        {
 +          argc--;
 +          argv++;
 +          if (argc)
 +            {
 +              if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
 +                fprintf (stderr,
 +                        PGM
 +                        ": unknown hardware feature `%s' - option ignored\n",
 +                        *argv);
 +              argc--;
 +              argv++;
 +            }
 +        }
       else if (!strncmp (*argv, "--", 2))
         die ("unknown option '%s'", *argv);
     }
 diff --git a/tests/testdrv.c b/tests/testdrv.c
 index 0ccde326..bfca4c23 100644
 --- a/tests/testdrv.c
 +++ b/tests/testdrv.c
@@ -78,7 +78,12 @@ static struct {
    { "t-ed448"     },
    { "benchmark"   },
    { "bench-slope" },
 -   { "hashtest-256g",  "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SM3",
 +   { "hashtest-6g", "hashtest", "--hugeblock --gigs 6 SHA1 SHA256 SHA512 "
 +                                                     "SHA3-512 SM3 BLAKE2S_256 "
 +                                                     "BLAKE2B_512 CRC32 "
 +                                                     "CRC24RFC2440",
 +     LONG_RUNNING },
 +   { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SHA3-512 SM3",
      LONG_RUNNING },
    { NULL }
   };
 --
 2.34.1
 From 567bc62e1c3046594088de7209fee7c545ece1e3 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Fri, 30 Sep 2022 14:54:14 +0200
 Subject: [PATCH] tests: Avoid memory leak
 * tests/hashtest.c (run_longtest): Avoid memory leak on error
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/hashtest.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/tests/hashtest.c b/tests/hashtest.c
 index 9389e50c..379f7c40 100644
 --- a/tests/hashtest.c
 +++ b/tests/hashtest.c
@@ -452,6 +452,7 @@ run_longtest (int algo, int gigs)
     {
       fail ("gcry_md_open failed for %s (%d): %s",
             gcry_md_algo_name (algo), algo, gpg_strerror (err));
 +      free(hugepattern);
       return;
     }
 -- 
 2.37.3
--- a/SOURCES/libgcrypt-1.10.0.tar.bz2.sig
+++ b/SOURCES/libgcrypt-1.10.0.tar.bz2.sig
--- a/SOURCES/libgcrypt-1.10.1-annobin.patch
+++ b/SOURCES/libgcrypt-1.10.1-annobin.patch
@ -0,0 +1,22 @@
 diff -rup libgcrypt.orig/src/Makefile.am libgcrypt-1.8.3/src/Makefile.am
 --- libgcrypt.orig/src/Makefile.am	2021-10-18 16:36:20.914025497 +0100
 +++ libgcrypt-1.8.3/src/Makefile.am	2021-10-19 12:23:08.652960618 +0100
@@ -108,6 +108,7 @@ endif !HAVE_W32_SYSTEM
 libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
 +	-Wc,-fplugin=annobin \
 	$(libgcrypt_version_script_cmd) -version-info \
 	@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
 libgcrypt_la_DEPENDENCIES = \
 Only in libgcrypt-1.8.3/src: Makefile.am.annobin
 diff -rup libgcrypt.orig/src/Makefile.in libgcrypt-1.8.3/src/Makefile.in
 --- libgcrypt.orig/src/Makefile.in	2021-10-18 16:36:20.914025497 +0100
 +++ libgcrypt-1.8.3/src/Makefile.in	2021-10-19 12:23:37.791875325 +0100
@@ -483,6 +483,7 @@ gcrypt_hwf_modules = @GCRYPT_HWF_MODULES
 @HAVE_W32_SYSTEM_TRUE@gcrypt_deps = $(gcrypt_res) libgcrypt.def
 @HAVE_W32_SYSTEM_FALSE@gcrypt_res_ldflag = 
 libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
 +	-Wc,-fplugin=annobin \
 	$(libgcrypt_version_script_cmd) -version-info \
 	@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
--- a/SOURCES/libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
+++ b/SOURCES/libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
@ -0,0 +1,63 @@
 From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Thu, 20 Jun 2024 20:10:09 +0300
 Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE
 * cipher/keccak.c (keccak_final_s390x): Add assert check for
 expected SHAKE suffix.
 (_gcry_cshake_customize, cshake_hash_buffers): Disable s390x
 acceleration when selecting CSHAKE suffix.
 --
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 cipher/keccak.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
 diff --git a/cipher/keccak.c b/cipher/keccak.c
 index aaf83a62..44cc9f71 100644
 --- a/cipher/keccak.c
 +++ b/cipher/keccak.c
@@ -745,6 +745,8 @@ keccak_final_s390x (void *context)
     }
   else
     {
 +      gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX);
 +
       klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf,
 			  ctx->count);
       ctx->count = 0;
@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p)
     /* No customization */
     return 0;
 +  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
 +#ifdef USE_S390X_CRYPTO
 +  /* CSHAKE suffix is not supported by s390x/kimd. */
 +  ctx->kimd_func = 0;
 +#endif
 +
   len_written = cshake_input_n (ctx, p->n, p->n_len);
   cshake_input_s (ctx, p->s, p->s_len, len_written);
 -  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
   return 0;
 }
@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes,
           size_t s_len = iov[1].len;
           size_t len;
 +          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
 +#ifdef USE_S390X_CRYPTO
 +          /* CSHAKE suffix is not supported by s390x/kimd. */
 +          ctx.kimd_func = 0;
 +#endif
 +
           len = cshake_input_n (&ctx, n, n_len);
           cshake_input_s (&ctx, s, s_len, len);
 -          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
         }
       iovcnt -= 2;
       iov += 2;
 -- 
 2.43.0
--- a/SOURCES/libgcrypt-1.11.0-cf-protection.patch
+++ b/SOURCES/libgcrypt-1.11.0-cf-protection.patch
@ -0,0 +1,328 @@
 From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 26 Jul 2024 11:00:30 +0300
 Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
 model code
 * cipher/asm-common-amd64.h [__code_model_large__]
 (GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
 --
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 cipher/asm-common-amd64.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
 index 870fef9a..3fa065e8 100644
 --- a/cipher/asm-common-amd64.h
 +++ b/cipher/asm-common-amd64.h
@@ -59,14 +59,18 @@
 #  ifdef __code_model_large__
 #    define GET_EXTERN_POINTER(name, reg) \
 	       pushq %r15; \
 +	       CFI_PUSH(%r15); \
 	       pushq %r14; \
 +	       CFI_PUSH(%r14); \
 	    1: leaq 1b(%rip), reg; \
 	       movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
 	       movabsq $name@GOT, %r15; \
 	       addq %r14, reg; \
 	       popq %r14; \
 +	       CFI_POP(%r14); \
 	       movq (reg, %r15), reg; \
 -	       popq %r15;
 +	       popq %r15; \
 +	       CFI_POP(%r15);
 #  else
 #    define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
 #  endif
 -- 
 2.45.2
 From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Sat, 27 Jul 2024 08:16:56 +0300
 Subject: [PATCH] Do not build i386 assembly on x86-64
 * configure.ac: Enable building i386 "rijndael-vaes" only
 on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 configure.ac | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index d3dffb4b..1e182552 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -3025,6 +3025,11 @@ if test "$found" = "1" ; then
    AC_DEFINE(USE_AES, 1, [Defined if this module should be included])
    case "${host}" in
 +      i?86-*-*)
 +         # Build with the VAES/AVX2 implementation
 +         GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
 +         GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
 +      ;;
       x86_64-*-*)
          # Build with the assembly implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-amd64.lo"
@@ -3089,10 +3094,6 @@ if test "$found" = "1" ; then
          # Build with the Padlock implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-padlock.lo"
 -
 -         # Build with the VAES/AVX2 implementation
 -         GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
 -         GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
       ;;
    esac
 fi
 -- 
 2.45.2
 From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Sat, 27 Jul 2024 08:50:57 +0300
 Subject: [PATCH] Do not build amd64 assembly on i386
 * configure.ac: Build "serpent-avx2-amd64" and
 "camellia-*-amd64" only on x86-64.
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 configure.ac | 50 +++++++++++++++++++++++++++-----------------------
 1 file changed, 27 insertions(+), 23 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 1e182552..191aa38d 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
       x86_64-*-*)
          # Build with the SSE2 implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
 +
 +         if test x"$avx2support" = xyes ; then
 +            # Build with the AVX2 implementation
 +            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
 +         fi
       ;;
    esac
 -   if test x"$avx2support" = xyes ; then
 -      # Build with the AVX2 implementation
 -      GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
 -   fi
 -
    if test x"$avx512support" = xyes ; then
       # Build with the AVX512 implementation
       GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
       ;;
    esac
 -   if test x"$avxsupport" = xyes ; then
 -      if test x"$aesnisupport" = xyes ; then
 -        # Build with the AES-NI/AVX implementation
 -        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
 -      fi
 -   fi
 +   case "${host}" in
 +      x86_64-*-*)
 +         if test x"$avxsupport" = xyes ; then
 +            if test x"$aesnisupport" = xyes ; then
 +              # Build with the AES-NI/AVX implementation
 +              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
 +            fi
 +         fi
 -   if test x"$avx2support" = xyes ; then
 -      if test x"$aesnisupport" = xyes ; then
 -        # Build with the AES-NI/AVX2 implementation
 -        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
 +         if test x"$avx2support" = xyes ; then
 +            if test x"$aesnisupport" = xyes ; then
 +              # Build with the AES-NI/AVX2 implementation
 +              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
 -        # Build with the VAES/AVX2 implementation
 -        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
 +              # Build with the VAES/AVX2 implementation
 +              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
 -        # Build with the GFNI/AVX2 implementation
 -        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
 +              # Build with the GFNI/AVX2 implementation
 +              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
 -        # Build with the GFNI/AVX512 implementation
 -        GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
 -      fi
 -   fi
 +              # Build with the GFNI/AVX512 implementation
 +              GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
 +            fi
 +         fi
 +      ;;
 +   esac
 fi
 LIST_MEMBER(idea, $enabled_ciphers)
 -- 
 2.45.2
 From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 26 Jul 2024 10:59:12 +0300
 Subject: [PATCH] Add CET support for x86-64 assembly
 * cipher/asm-common-amd64.h (ENDBRANCH): New.
 (CFI_STARTPROC): Add ENDBRANCH.
 [__CET__] (note.gnu.property): Add CET property section.
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)
 diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
 index 3fa065e8..465ef62b 100644
 --- a/cipher/asm-common-amd64.h
 +++ b/cipher/asm-common-amd64.h
@@ -76,9 +76,15 @@
 #  endif
 #endif
 +#ifdef __CET__
 +#define ENDBRANCH endbr64
 +#else
 +#define ENDBRANCH /*_*/
 +#endif
 +
 #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
 /* CFI directives to emit DWARF stack unwinding information. */
 -# define CFI_STARTPROC()            .cfi_startproc
 +# define CFI_STARTPROC()            .cfi_startproc; ENDBRANCH
 # define CFI_ENDPROC()              .cfi_endproc
 # define CFI_REMEMBER_STATE()       .cfi_remember_state
 # define CFI_RESTORE_STATE()        .cfi_restore_state
@@ -146,7 +152,7 @@
 	    DW_SLEB128_28BIT(rsp_offs)
 #else
 -# define CFI_STARTPROC()
 +# define CFI_STARTPROC() ENDBRANCH
 # define CFI_ENDPROC()
 # define CFI_REMEMBER_STATE()
 # define CFI_RESTORE_STATE()
@@ -214,4 +220,24 @@
 	vpopcntb xmm16, xmm16; /* Supported only by newer AVX512 CPUs. */ \
 	vpxord ymm16, ymm16, ymm16;
 +#ifdef __CET__
 +/* Generate CET property for all assembly files including this header. */
 +ELF(.section .note.gnu.property,"a")
 +ELF(.align 8)
 +ELF(.long 1f - 0f)
 +ELF(.long 4f - 1f)
 +ELF(.long 5)
 +ELF(0:)
 +ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
 +ELF(1:)
 +ELF(.align 8)
 +ELF(.long 0xc0000002)
 +ELF(.long 3f - 2f)
 +ELF(2:)
 +ELF(.long 0x3)
 +ELF(3:)
 +ELF(.align 8)
 +ELF(4:)
 +#endif
 +
 #endif /* GCRY_ASM_COMMON_AMD64_H */
 -- 
 2.45.2
 From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Fri, 26 Jul 2024 11:09:37 +0300
 Subject: [PATCH] Add CET support for i386 assembly
 * cipher/asm-common-i386.h (ENDBRANCH): New.
 (CFI_STARTPROC): Add ENDBRANCH.
 [__CET__] (note.gnu.property): Add CET property section.
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)
 diff --git a/cipher/asm-common-i386.h b/cipher/asm-common-i386.h
 index d746ebc4..346a8ff2 100644
 --- a/cipher/asm-common-i386.h
 +++ b/cipher/asm-common-i386.h
@@ -59,9 +59,15 @@
 	movl name##@GOT(%reg), %reg;
 #endif
 +#ifdef __CET__
 +#define ENDBRANCH endbr32
 +#else
 +#define ENDBRANCH /*_*/
 +#endif
 +
 #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
 /* CFI directives to emit DWARF stack unwinding information. */
 -# define CFI_STARTPROC()            .cfi_startproc
 +# define CFI_STARTPROC()            .cfi_startproc; ENDBRANCH
 # define CFI_ENDPROC()              .cfi_endproc
 # define CFI_REMEMBER_STATE()       .cfi_remember_state
 # define CFI_RESTORE_STATE()        .cfi_restore_state
@@ -121,7 +127,7 @@
 	    DW_SLEB128_28BIT(esp_offs)
 #else
 -# define CFI_STARTPROC()
 +# define CFI_STARTPROC() ENDBRANCH
 # define CFI_ENDPROC()
 # define CFI_REMEMBER_STATE()
 # define CFI_RESTORE_STATE()
@@ -158,4 +164,24 @@
 	vpopcntb xmm7, xmm7; /* Supported only by newer AVX512 CPUs. */ \
 	vpxord ymm7, ymm7, ymm7;
 +#ifdef __CET__
 +/* Generate CET property for all assembly files including this header. */
 +ELF(.section .note.gnu.property,"a")
 +ELF(.align 4)
 +ELF(.long 1f - 0f)
 +ELF(.long 4f - 1f)
 +ELF(.long 5)
 +ELF(0:)
 +ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
 +ELF(1:)
 +ELF(.align 4)
 +ELF(.long 0xc0000002)
 +ELF(.long 3f - 2f)
 +ELF(2:)
 +ELF(.long 0x3)
 +ELF(3:)
 +ELF(.align 4)
 +ELF(4:)
 +#endif
 +
 #endif /* GCRY_ASM_COMMON_AMD64_H */
 -- 
 2.45.2
--- a/SOURCES/libgcrypt-1.11.0-covscan.patch
+++ b/SOURCES/libgcrypt-1.11.0-covscan.patch
@ -0,0 +1,109 @@
 From 03a0535661186ba1cf853a6b43ff2b2a5e42a3ea Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Thu, 25 Jul 2024 14:21:04 +0200
 Subject: [PATCH 2/3] sexp: Avoid memory leaks on invalid input
 * src/sexp.c (_gcry_hex2buffer): Free buffer on error.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/sexp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/src/sexp.c b/src/sexp.c
 index b15cb486..60ddcbc3 100644
 --- a/src/sexp.c
 +++ b/src/sexp.c
@@ -2715,7 +2715,10 @@ _gcry_hex2buffer (const char *string, size_t *r_length)
   for (s=string; *s; s +=2 )
     {
       if (!hexdigitp (s) || !hexdigitp (s+1))
 -        return NULL;           /* Invalid hex digits. */
 +        {
 +          xfree(buffer);
 +          return NULL;           /* Invalid hex digits. */
 +        }
       ((unsigned char*)buffer)[length++] = xtoi_2 (s);
     }
   *r_length = length;
 -- 
 GitLab
 From 45d77a0ed6dcacbfaf6e72f6402705f4635e5cf8 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Thu, 25 Jul 2024 14:32:19 +0200
 Subject: [PATCH 3/3] ecdh: Avoid memory leaks
 * cipher/ecc-ecdh.c (_gcry_ecc_curve_keypair): Free buffer on exit path.
  (_gcry_ecc_curve_mul_point): Free buffer on all exit paths.
 --
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/ecc-ecdh.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)
 diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
 index 8be57b72..c690d221 100644
 --- a/cipher/ecc-ecdh.c
 +++ b/cipher/ecc-ecdh.c
@@ -153,6 +153,7 @@ _gcry_ecc_curve_keypair (const char *curve,
           buf = _gcry_mpi_get_buffer (mpi_k, 0, &len, NULL);
           memset (seckey, 0, nbytes - len);
           memcpy (seckey + nbytes - len, buf, len);
 +          xfree (buf);
         }
       else /* p - y >= p */
         mpi_free (negative);
@@ -168,15 +169,14 @@ _gcry_ecc_curve_keypair (const char *curve,
           if (len != 1 + 2*nbytes)
             {
               err = GPG_ERR_INV_ARG;
 -              mpi_free (y);
             }
           else
             {
               /* (x,y) in SEC1 point encoding.  */
               memcpy (pubkey, buf, len);
 -              xfree (buf);
 -              mpi_free (y);
             }
 +          xfree (buf);
 +          mpi_free (y);
         }
     }
   else /* MPI_EC_MONTGOMERY */
@@ -293,15 +293,14 @@ _gcry_ecc_curve_mul_point (const char *curve,
           if (len != 1 + 2*nbytes)
             {
               err = GPG_ERR_INV_ARG;
 -              mpi_free (y);
             }
           else
             {
               /* (x,y) in SEC1 point encoding.  */
               memcpy (result, buf, len);
 -              xfree (buf);
 -              mpi_free (y);
             }
 +          xfree (buf);
 +          mpi_free (y);
         }
     }
   else                          /* MPI_EC_MONTGOMERY */
@@ -318,8 +317,8 @@ _gcry_ecc_curve_mul_point (const char *curve,
             {
               /* x in little endian.  */
               memcpy (result, buf, nbytes);
 -              xfree (buf);
             }
 +          xfree (buf);
         }
     }
   mpi_free (x);
 -- 
 GitLab
--- a/SOURCES/libgcrypt-1.11.0-marvin.patch
+++ b/SOURCES/libgcrypt-1.11.0-marvin.patch
--- a/SOURCES/libgcrypt-1.11.0-pac-bti-protection.patch
+++ b/SOURCES/libgcrypt-1.11.0-pac-bti-protection.patch
@ -0,0 +1,229 @@
 From afdd68b162103820edb72ad170f8ee26f206b396 Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Sun, 4 Aug 2024 18:51:34 +0300
 Subject: [PATCH] Add PAC/BTI support for AArch64 assembly
 * cipher/asm-common-aarch64.h (AARCH64_BTI_PROPERTY_FLAG)
 (AARCH64_HINT_BTI_C, AARCH64_PAC_PROPERTY_FLAG)
 (note.gnu.property): New.
 (CFI_STARTPROC): Add AARCH64_HINT_BTI_C.
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 cipher/asm-common-aarch64.h | 50 +++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)
 diff --git a/cipher/asm-common-aarch64.h b/cipher/asm-common-aarch64.h
 index 3a72d7c4..ff65ea6a 100644
 --- a/cipher/asm-common-aarch64.h
 +++ b/cipher/asm-common-aarch64.h
@@ -45,9 +45,25 @@
 	add     reg, reg, #:lo12:name ;
 #endif
 +#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
 +# define AARCH64_BTI_PROPERTY_FLAG (1 << 0)
 +# define AARCH64_HINT_BTI_C \
 +	hint #34
 +#else
 +# define AARCH64_BTI_PROPERTY_FLAG 0 /* No BTI */
 +# define AARCH64_HINT_BTI_C /*_*/
 +#endif
 +
 +#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 3) != 0
 +/* PAC enabled, signed with either A or B key. */
 +# define AARCH64_PAC_PROPERTY_FLAG (1 << 1)
 +#else
 +# define AARCH64_PAC_PROPERTY_FLAG 0 /* No PAC */
 +#endif
 +
 #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
 /* CFI directives to emit DWARF stack unwinding information. */
 -# define CFI_STARTPROC()            .cfi_startproc
 +# define CFI_STARTPROC()            .cfi_startproc; AARCH64_HINT_BTI_C
 # define CFI_ENDPROC()              .cfi_endproc
 # define CFI_REMEMBER_STATE()       .cfi_remember_state
 # define CFI_RESTORE_STATE()        .cfi_restore_state
@@ -89,7 +105,7 @@
 	    DW_SLEB128_28BIT(rsp_offs)
 #else
 -# define CFI_STARTPROC()
 +# define CFI_STARTPROC() AARCH64_HINT_BTI_C
 # define CFI_ENDPROC()
 # define CFI_REMEMBER_STATE()
 # define CFI_RESTORE_STATE()
@@ -129,4 +145,34 @@
 	ldp d8, d9, [sp], #16; \
 	CFI_ADJUST_CFA_OFFSET(-16);
 +#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG)
 +/* Generate PAC/BTI property for all assembly files including this header.
 + *
 + * libgcrypt support these extensions:
 + *  - Armv8.3-A Pointer Authentication (PAC):
 + *    As currently all AArch64 assembly functions are leaf functions and do
 + *    not store/load link register LR, we just mark PAC as supported.
 + *
 + *  - Armv8.5-A Branch Target Identification (BTI):
 + *    All AArch64 assembly functions get branch target instruction through
 + *    CFI_STARTPROC macro.
 + */
 +ELF(.section .note.gnu.property,"a")
 +ELF(.balign 8)
 +ELF(.long 1f - 0f)
 +ELF(.long 4f - 1f)
 +ELF(.long 5)
 +ELF(0:)
 +ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
 +ELF(1:)
 +ELF(.balign 8)
 +ELF(.long 0xc0000000)
 +ELF(.long 3f - 2f)
 +ELF(2:)
 +ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG))
 +ELF(3:)
 +ELF(.balign 8)
 +ELF(4:)
 +#endif
 +
 #endif /* GCRY_ASM_COMMON_AARCH64_H */
 -- 
 2.43.0
 From 07706d69f238f6a3bfc3f74145686a02decbee9c Mon Sep 17 00:00:00 2001
 From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 Date: Mon, 5 Aug 2024 20:18:05 +0300
 Subject: [PATCH] Do not build 32-bit ARM assembly on Aarch64
 * configure.ac: Build "serpent-armv7-neon", "salsa20-armv7-neon",
 "chacha20-armv7-neon", "sha512-armv7-neon" and "keccak-armv7-neon"
 only on 32-bit ARM.
 --
 GnuPG-bug-id: 7220
 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
 ---
 configure.ac | 54 ++++++++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 25 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 191aa38d..2b6ddb7b 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -3139,17 +3139,18 @@ if test "$found" = "1" ; then
             GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
          fi
       ;;
 +      arm*-*-*)
 +         if test x"$neonsupport" = xyes ; then
 +           # Build with the NEON implementation
 +           GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
 +         fi
 +      ;;
    esac
    if test x"$avx512support" = xyes ; then
       # Build with the AVX512 implementation
       GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
    fi
 -
 -   if test x"$neonsupport" = xyes ; then
 -      # Build with the NEON implementation
 -      GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
 -   fi
 fi
 LIST_MEMBER(rfc2268, $enabled_ciphers)
@@ -3230,12 +3231,13 @@ if test "$found" = "1" ; then
          # Build with the assembly implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-amd64.lo"
       ;;
 +      arm*-*-*)
 +         if test x"$neonsupport" = xyes ; then
 +            # Build with the NEON implementation
 +            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
 +         fi
 +      ;;
    esac
 -
 -   if test x"$neonsupport" = xyes ; then
 -     # Build with the NEON implementation
 -     GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
 -   fi
 fi
 LIST_MEMBER(gost28147, $enabled_ciphers)
@@ -3256,6 +3258,12 @@ if test "$found" = "1" ; then
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx2.lo"
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx512.lo"
       ;;
 +      arm*-*-*)
 +         if test x"$neonsupport" = xyes ; then
 +            # Build with the NEON implementation
 +            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
 +         fi
 +      ;;
       aarch64-*-*)
          # Build with the assembly implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-aarch64.lo"
@@ -3282,11 +3290,6 @@ if test "$found" = "1" ; then
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-s390x.lo"
       ;;
    esac
 -
 -   if test x"$neonsupport" = xyes ; then
 -     # Build with the NEON implementation
 -     GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
 -   fi
 fi
 LIST_MEMBER(sm4, $enabled_ciphers)
@@ -3491,6 +3494,11 @@ if test "$found" = "1" ; then
       arm*-*-*)
          # Build with the assembly implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-arm.lo"
 +
 +         if test x"$neonsupport" = xyes ; then
 +            # Build with the NEON implementation
 +            GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
 +         fi
       ;;
       aarch64-*-*)
          # Build with the assembly implementation
@@ -3510,11 +3518,6 @@ if test "$found" = "1" ; then
          # Build with the crypto extension implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-ppc.lo"
    esac
 -
 -   if test x"$neonsupport" = xyes ; then
 -     # Build with the NEON implementation
 -     GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
 -   fi
 fi
 LIST_MEMBER(sha3, $enabled_digests)
@@ -3527,12 +3530,13 @@ if test "$found" = "1" ; then
          # Build with the assembly implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-amd64-avx512.lo"
       ;;
 +      arm*-*-*)
 +         if test x"$neonsupport" = xyes ; then
 +           # Build with the NEON implementation
 +           GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
 +         fi
 +      ;;
    esac
 -
 -   if test x"$neonsupport" = xyes ; then
 -     # Build with the NEON implementation
 -     GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
 -   fi
 fi
 LIST_MEMBER(tiger, $enabled_digests)
 -- 
 2.43.0
--- a/SOURCES/signature_key.asc
+++ b/SOURCES/signature_key.asc
@ -0,0 +1,86 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
 3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
 a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
 LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
 MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
 ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
 hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
 F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
 +wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
 BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
 /0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
 dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
 xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
 hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
 ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
 QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
 ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
 iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
 CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
 FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
 CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
 IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
 fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
 6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
 ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
 sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
 /jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
 Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
 o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
 5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
 4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
 b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
 bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
 icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
 GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
 m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
 IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
 /8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
 BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
 ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
 AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
 BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
 EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
 BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
 V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
 c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
 OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
 l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
 Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
 HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
 UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
 7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
 wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
 C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
 bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
 Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
 VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
 fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
 dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
 AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
 my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
 7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
 3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
 QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
 vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
 vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
 YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
 t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
 eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
 4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
 7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
 D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
 MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
 MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
 14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
 jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
 WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
 AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
 RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
 IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
 N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
 eiInsGZ/+h5XYrpXTgA=
 =4+Sn
 -----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/wk@g10code.com
+++ b/SOURCES/wk@g10code.com
--- a/SPECS/libgcrypt.spec
+++ b/SPECS/libgcrypt.spec
@ -13,65 +13,30 @@ sha256sum:close()
 print(string.sub(hash, 0, 16))
 }
 Name: libgcrypt
-Version: 1.10.0
+Version: 1.11.0
-Release: 10%{?dist}
+Release: 5%{?dist}
 URL: https://www.gnupg.org/
 Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
 Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
-Source2: wk@g10code.com
+Source2: https://gnupg.org/signature_key.asc
-Patch1: libgcrypt-1.10.0-disable-brainpool.patch
+# Pass the annobin flags to the libgcrypt.so (#2016349)
-Patch3: libgcrypt-1.10.0-ppc-hwf.patch
+Patch1: libgcrypt-1.10.1-annobin.patch
-Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
+# https://dev.gnupg.org/T7167
-Patch5: libgcrypt-1.10.0-allow-short-salt.patch
+Patch2: libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
-Patch6: libgcrypt-1.10.0-fips-getrandom.patch
+# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/20
-# https://dev.gnupg.org/T6127
+Patch3: libgcrypt-1.11.0-covscan.patch
-# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
+# https://dev.gnupg.org/T7220
-Patch7: libgcrypt-1.10.0-fips-selftest.patch
+Patch4: libgcrypt-1.11.0-cf-protection.patch
-# https://dev.gnupg.org/T6217
+Patch5: libgcrypt-1.11.0-pac-bti-protection.patch
-Patch9: libgcrypt-1.10.0-sha3-large.patch
+# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19/
-# https://dev.gnupg.org/T5919
+Patch6: libgcrypt-1.11.0-marvin.patch
 Patch10: libgcrypt-1.10.0-fips-keygen.patch
 # https://dev.gnupg.org/T6219
 # f4a861f3e5ae82f278284061e4829c03edf9c3a7
 Patch11: libgcrypt-1.10.0-fips-kdf.patch
 # c34c9e70055ee43e5ef257384fa15941f064e5a4
 # https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/13
 Patch12: libgcrypt-1.10.0-fips-indicator.patch
 # beb5d6df5c5785db7c32a24a5d2a351cb964bfbc
 # 521500624b4b11538d206137205e2a511dad7072
 # 9dcf9305962b90febdf2d7cc73b49feadbf6a01f
 # a340e980388243ceae6df57d101036f3f2a955be
 Patch13: libgcrypt-1.10.0-fips-integrity.patch
 # 3c8b6c4a9cad59c5e1db5706f6774a3141b60210
 # 052c5ef4cea56772b7015e36f231fa0bcbf91410
 # 3fd3bb31597f80c76a94ea62e42d58d796beabf1
 Patch14: libgcrypt-1.10.0-fips-integrity2.patch
 # 06ea5b5332ffdb44a0a394d766be8989bcb6a95c
 Patch15: libgcrypt-1.10.0-fips-x931.patch
 # bf1e62e59200b2046680d1d3d1599facc88cfe63
 Patch16: libgcrypt-1.10.0-fips-rsa-pss.patch
 # https://dev.gnupg.org/T6376
 Patch17: libgcrypt-1.10.0-fips-indicator-md-hmac.patch
 # https://dev.gnupg.org/T6394
 # https://dev.gnupg.org/T6397
 Patch18: libgcrypt-1.10.0-fips-pct.patch
 # https://dev.gnupg.org/T6396
 Patch19: libgcrypt-1.10.0-fips-status-sign-verify.patch
 # https://dev.gnupg.org/T6393
 Patch20: libgcrypt-1.10.0-fips-drbg.patch
 # https://dev.gnupg.org/T6417
 Patch21: libgcrypt-1.10.0-fips-indicator-pk-flags.patch
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
 %global hmackey orboDeJITITejsirpADONivirpUkvarP
-# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
+License: BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-only) AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later AND MIT-Modern-Variant
 # Documentation and some utilities are GPLv2+ licensed. These files
 # are in the devel subpackage.
 License: LGPLv2+
 Summary: A general-purpose cryptography library
 BuildRequires: gcc
 BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
@ -79,10 +44,11 @@ BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
 BuildRequires: texinfo
 BuildRequires: autoconf, automake, libtool
 BuildRequires: make
 BuildRequires: gnupg2
 BuildRequires: annobin-annocheck binutils
 %package devel
 Summary: Development files for the %{name} package
 License: LGPLv2+ and GPLv2+
 Requires: libgpg-error-devel
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: pkgconfig
@ -97,38 +63,17 @@ in GNU Privacy Guard.  This package contains files needed to develop
 applications using libgcrypt.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %setup -q
-%patch1 -p1
+%patch 1 -p1
-%patch3 -p1
+%patch 2 -p1
-%patch4 -p1
+%patch 3 -p1
-%patch5 -p1
+%patch 4 -p1
-%patch6 -p1
+%patch 5 -p1
-%patch7 -p1
+%patch 6 -p1
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
 %build
-# This package has a configure test which uses ASMs, but does not link the
+# should be all algorithms except SM3 and SM4, aria
 # resultant .o files.  As such the ASM test is always successful, even on
 # architectures were the ASM is not valid when compiling with LTO.
 #
 # -ffat-lto-objects is sufficient to address this issue.  It is the default
 # for F33, but is expected to only be enabled for packages that need it in
 # F34, so we use it here explicitly
 %define _lto_cflags -flto=auto -ffat-lto-objects
 # should be all algorithms except SM3 and SM4
 export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
 export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
@ -142,10 +87,11 @@ autoreconf -f
 %endif
     --enable-noexecstack \
     --enable-hmac-binary-check=%{hmackey} \
     --disable-brainpool \
     --disable-jent-support \
     --disable-O-flag-munging \
     --enable-digests="$DIGESTS" \
     --enable-ciphers="$CIPHERS" \
     --enable-marvin-workaround \
     --with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
 sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
 %make_build
@ -155,6 +101,9 @@ make check
 # try in faked FIPS mode too
 LIBGCRYPT_FORCE_FIPS_MODE=1 make check
 PROFILE=%{?dist} annocheck --ignore-unknown --verbose --profile=${PROFILE:1} $RPM_BUILD_ROOT%{gcrylibdir}/libgcrypt.so.20.5.0
 # Add generation of HMAC checksums of the final stripped binaries 
 %define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
 %define __spec_install_post \
@ -236,73 +185,76 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
 %license COPYING
 %changelog
-* Mon Mar 20 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-10
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.11.0-5
- Provide FIPS indicators for MD and HMACs
+- Bump release for October 2024 mass rebuild:
- Improve PCT tests for ECDSA and always run them after key is generated
+  Resolves: RHEL-64018
 - Add missing guards for FIPS status in md_sign/verify function
 - Provider FIPS indicators for public key operation flags
 * Tue Jan 24 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-9
 - Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode
 - Do not allow large salt lengths with RSA-PSS padding
 - Disable X9.31 key generation in FIPS mode
 - Update the FIPS integrity checking code to upstream version
 - Update cipher modes FIPS indicators for AES WRAP and GCM
 - Disable jitter entropy generator
 * Thu Oct 20 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-8
 - Fix unneeded PBKDF2 passphrase length limitation in FIPS mode
 - Enforce HMAC key lengths in MD API in FIPS mode
 * Thu Oct 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-7
 - Properly enforce KDF limits in FIPS mode (#2130275)
 - Fix memory leak in large digest test (#2129150)
 - Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275)
 - Skip RSA encryption/decryption selftest in FIPS mode (#2130275)
 * Tue Sep 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-6
 - Fix SHA3 digests with large inputs (#2129150)
 - Fix FIPS RSA PCT (#2128455)
 - Fix RSA FIPS Keygen that non-deterministically fails (#2130275)
 - Get max 32B from getrandom in FIPS mode (#2130275)
 * Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5
 - Allow signature verification with smaller RSA keys (#2083846)
 - Allow short salt for KDF (#2114870)
 - Reseed the kernel DRBG by using GRND_RANDOM (#2118695)
 - Address FIPS review comments around selftests (#2118695)
 - Disable RSA-OAEP in FIPS mode (#2118695)
 * Fri May 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-4
 - Backport ppc hardware flags detection (#2051307)
 - Disable PKCS#1.5 encryption in FIPS mode (#2061328)
 * Thu Mar 31 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-3
 - Use correct FIPS module name (#2067123)
 * Thu Feb 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-2
 - Systematic FIPS module name with other FIPS modules
-* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
+* Thu Oct 17 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-4
- Final release (#2026636)
+- Fix remaining protection flags on shared object for Aarch64
 - Fix CVE-2024-2236 (RHEL-58736)
 * Fri Jul 26 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-3
 - Add CF protection on x86_64
 * Thu Jul 25 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-2
 - Clean up flags to pass rpminspect checks
 - Fix memory leaks reported by static analysis
 * Wed Jul 03 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-1
 - New upstream release (#2293064)
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.10.3-4
 - Bump release for June 2024 mass rebuild
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Tue Nov 14 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.3-1
 - New upstream release (#2249639)
-* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.3
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.2-2
- Fix broken soname in the previous beta
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.2
+* Tue Apr 11 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.2-1
- Provide compat soname symlink as the new release is backward compatible
+- New upstream release (#2185084)
-* Wed Jan 26 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.1
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-7
- New upstream pre-release (#2026636)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 - Upstream all patches
 - Implement FIPS 140-3 support
-* Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5
+* Sat Dec  3 2022 Florian Weimer <fweimer@redhat.com> - 1.10.1-6
- Allow HW optimizations in FIPS mode (#1990059)
+- Port configure script to C99
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-4
+* Tue Nov 08 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- enable brainpool by default (#1413618)
-  Related: rhbz#1991688
+- fix sporadic failures generating RSA keys in FIPS mode
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Sun May 29 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-3
 - improve --disable-brainpool configure output
 - use %%bcond_with to disable brainpool curves
 * Fri Apr 08 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-2
 - Adjust integrity check creation to match upstream (#2073018)
 * Tue Mar 29 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-1
 - Final release (#2069263)
 * Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
 - New upstream release (#2049322)
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Mon Aug 23 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
 - New upstream release (#1996467)
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Tue Jun 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-3
 - Fix for CVE-2021-33560 (#1970098)
@ -313,9 +265,6 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
 * Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
 - New upstream release (#1951325)
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.2-4
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3
 - Fix issues reported by coverity
`@ -1 +1,2 @@`
	`SOURCES/libgcrypt-1.10.0.tar.bz2`	`SOURCES/libgcrypt-1.11.0.tar.bz2`
		`SOURCES/libgcrypt-1.11.0.tar.bz2.sig`
`@ -1 +1,2 @@`
	`363feb8187f6c59b6b10721af6a94558db8ec3af SOURCES/libgcrypt-1.10.0.tar.bz2`	`dd2c68e0685bb99249efeeb06046fae15b5214ba SOURCES/libgcrypt-1.11.0.tar.bz2`
		`48af54df87466ae3aa0c6db805aa0462e9bcb77e SOURCES/libgcrypt-1.11.0.tar.bz2.sig`