Update the sources accordingly to its native counter-part (1.8.4)

Resolves: rhbz#1740734

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

libgcrypt-1.8.0-tests.patch

@@ -1,115 +0,0 @@
-diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c
---- libgcrypt-1.8.0/cipher/dsa.c.tests	2016-04-07 17:30:08.000000000 +0200
-+++ libgcrypt-1.8.0/cipher/dsa.c	2017-08-15 15:10:39.551600227 +0200
-@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
-                                              &prime_q, &prime_p,
-                                              r_counter,
-                                              r_seed, r_seedlen);
--      else
--        ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
-+      else if (!domain->p || !domain->q)
-+        ec = _gcry_generate_fips186_3_prime (nbits, qbits,
-+                                             initial_seed.seed,
-+                                             initial_seed.seedlen,
-                                              &prime_q, &prime_p,
-                                              r_counter,
-                                              r_seed, r_seedlen, NULL);
-+      else
-+        {
-+          /* Domain parameters p and q are given; use them.  */
-+          prime_p = mpi_copy (domain->p);
-+          prime_q = mpi_copy (domain->q);
-+          gcry_assert (mpi_get_nbits (prime_p) == nbits);
-+          gcry_assert (mpi_get_nbits (prime_q) == qbits);
-+          ec = 0;
-+        }
-       sexp_release (initial_seed.sexp);
-       if (ec)
-         goto leave;
-@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
-       sexp_release (l1);
-       sexp_release (domainsexp);
- 
--      /* Check that all domain parameters are available.  */
--      if (!domain.p || !domain.q || !domain.g)
-+      /* Check that p and q domain parameters are available.  */
-+      if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
-         {
-           _gcry_mpi_release (domain.p);
-           _gcry_mpi_release (domain.q);
-           _gcry_mpi_release (domain.g);
--          sexp_release (deriveparms);
-           return GPG_ERR_MISSING_VALUE;
-         }
- 
-diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c
---- libgcrypt-1.8.0/cipher/rsa.c.tests	2017-07-06 10:21:36.000000000 +0200
-+++ libgcrypt-1.8.0/cipher/rsa.c	2017-08-15 15:10:39.551600227 +0200
-@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
- 
-   *swapped = 0;
- 
--  if (e_value == 1)   /* Alias for a secure value. */
-+  if (e_value == 1 || e_value == 0)   /* Alias for a secure value. */
-     e_value = 65537;
- 
-   /* Point 1 of section 4.1:  k = 1024 + 256s with S >= 0  */
-diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c
---- libgcrypt-1.8.0/tests/keygen.c.tests	2017-08-15 15:10:39.551600227 +0200
-+++ libgcrypt-1.8.0/tests/keygen.c	2017-08-15 15:16:05.433176171 +0200
-@@ -200,11 +200,11 @@ check_rsa_keys (void)
- 
- 
-   if (verbose)
--    info ("creating 512 bit RSA key with e=257\n");
-+    info ("creating 1024 bit RSA key with e=257\n");
-   rc = gcry_sexp_new (&keyparm,
-                       "(genkey\n"
-                       " (rsa\n"
--                      "  (nbits 3:512)\n"
-+                      "  (nbits 4:1024)\n"
-                       "  (rsa-use-e 3:257)\n"
-                       " ))", 0, 1);
-   if (rc)
-@@ -225,11 +225,11 @@ check_rsa_keys (void)
-   gcry_sexp_release (key);
- 
-   if (verbose)
--    info ("creating 512 bit RSA key with default e\n");
-+    info ("creating 1024 bit RSA key with default e\n");
-   rc = gcry_sexp_new (&keyparm,
-                       "(genkey\n"
-                       " (rsa\n"
--                      "  (nbits 3:512)\n"
-+                      "  (nbits 4:1024)\n"
-                       "  (rsa-use-e 1:0)\n"
-                       " ))", 0, 1);
-   if (rc)
-@@ -309,12 +309,12 @@ check_dsa_keys (void)
-     }
- 
-   if (verbose)
--    info ("creating 1536 bit DSA key\n");
-+    info ("creating 2048 bit DSA key\n");
-   rc = gcry_sexp_new (&keyparm,
-                       "(genkey\n"
-                       " (dsa\n"
--                      "  (nbits 4:1536)\n"
--                      "  (qbits 3:224)\n"
-+                      "  (nbits 4:2048)\n"
-+                      "  (qbits 3:256)\n"
-                       " ))", 0, 1);
-   if (rc)
-     die ("error creating S-expression: %s\n", gpg_strerror (rc));
-diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c
---- libgcrypt-1.8.0/tests/pubkey.c.tests	2017-01-18 15:24:25.000000000 +0100
-+++ libgcrypt-1.8.0/tests/pubkey.c	2017-08-15 15:10:39.552600207 +0200
-@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
-      "    (use-fips186)"
-      "    (transient-key)"
-      "    (derive-parms"
--     "      (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
-+     "      (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
-      0, 1);
-   if (rc)
-     die ("error creating S-expression: %s\n", gcry_strerror (rc));

libgcrypt-1.8.3-getrandom.patch

@@ -1,101 +0,0 @@
-diff -up libgcrypt-1.8.3/random/random.c.getrandom libgcrypt-1.8.3/random/random.c
---- libgcrypt-1.8.3/random/random.c.getrandom	2017-11-23 19:16:58.000000000 +0100
-+++ libgcrypt-1.8.3/random/random.c	2018-07-10 15:38:34.303855808 +0200
-@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
-   unsigned int result = 0;
- 
-   fp = fopen (fname, "r");
--  if (!fp)
--    return result;
-+  if (!fp) /* We make only_urandom the default. */
-+    return RANDOM_CONF_ONLY_URANDOM;
- 
-   for (;;)
-     {
-diff -up libgcrypt-1.8.3/random/random-csprng.c.getrandom libgcrypt-1.8.3/random/random-csprng.c
---- libgcrypt-1.8.3/random/random-csprng.c.getrandom	2017-11-23 19:16:58.000000000 +0100
-+++ libgcrypt-1.8.3/random/random-csprng.c	2018-06-14 16:31:04.731179208 +0200
-@@ -55,6 +55,10 @@
- #ifdef __MINGW32__
- #include <process.h>
- #endif
-+#if defined(__linux__) && defined(HAVE_SYSCALL)
-+# include <sys/syscall.h>
-+# include <linux/random.h>
-+#endif
- #include "g10lib.h"
- #include "random.h"
- #include "rand-internal.h"
-@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
-              enum random_origins, size_t, int);
- 
- #if USE_RNDLINUX
-+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
-+  long ret;
-+  char buffer[1];
-+
-+  _gcry_pre_syscall ();
-+  ret = syscall (__NR_getrandom,
-+                 (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
-+  _gcry_post_syscall ();
-+  if (ret != -1 || errno != ENOSYS)
-+    {
-+      fnc = _gcry_rndlinux_gather_random;
-+      return fnc;
-+    }
-+  else
-+          /* The syscall is not supported - fallback to /dev/urandom. */
-+#endif
-   if ( !access (NAME_OF_DEV_RANDOM, R_OK)
-        && !access (NAME_OF_DEV_URANDOM, R_OK))
-     {
-diff -up libgcrypt-1.8.3/random/rndlinux.c.getrandom libgcrypt-1.8.3/random/rndlinux.c
---- libgcrypt-1.8.3/random/rndlinux.c.getrandom	2018-06-14 16:31:04.722178971 +0200
-+++ libgcrypt-1.8.3/random/rndlinux.c	2018-07-10 15:55:03.301075155 +0200
-@@ -35,6 +35,7 @@
- #include <poll.h>
- #if defined(__linux__) && defined(HAVE_SYSCALL)
- # include <sys/syscall.h>
-+# include <linux/random.h>
- #endif
- 
- #include "types.h"
-@@ -204,6 +205,18 @@ _gcry_rndlinux_gather_random (void (*add
-     {
-       if (fd_urandom == -1)
-         {
-+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
-+          long ret;
-+
-+          _gcry_pre_syscall ();
-+          ret = syscall (__NR_getrandom,
-+                         (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
-+          _gcry_post_syscall ();
-+          if (ret > -1 || errno == EAGAIN || errno == EINTR)
-+            fd_urandom = -2;
-+	  else
-+            /* The syscall is not supported - fallback to /dev/urandom. */
-+#endif
-           fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
-           ever_opened |= 2;
-         }
-@@ -230,7 +243,7 @@ _gcry_rndlinux_gather_random (void (*add
-        * syscall and not a new device and thus we are not able to use
-        * select(2) to have a timeout. */
- #if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
--      if (fd == fd_urandom)
-+      if (fd == -2)
-         {
-           long ret;
-           size_t nbytes;
-@@ -246,9 +259,7 @@ _gcry_rndlinux_gather_random (void (*add
-               _gcry_post_syscall ();
-             }
-           while (ret == -1 && errno == EINTR);
--          if (ret == -1 && errno == ENOSYS)
--            ; /* The syscall is not supported - fallback to /dev/urandom.  */
--          else
-+          if (1)
-             { /* The syscall is supported.  Some sanity checks.  */
-               if (ret == -1)
-                 log_fatal ("unexpected error from getrandom: %s\n",

libgcrypt-1.8.4-fips-keygen.patch

@@ -0,0 +1,65 @@
+diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
+--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/cipher/dsa.c	2019-02-12 14:29:25.629513989 +0100
+@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
+                                              &prime_q, &prime_p,
+                                              r_counter,
+                                              r_seed, r_seedlen);
+-      else
+-        ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
++      else if (!domain->p || !domain->q)
++        ec = _gcry_generate_fips186_3_prime (nbits, qbits,
++                                             initial_seed.seed,
++                                             initial_seed.seedlen,
+                                              &prime_q, &prime_p,
+                                              r_counter,
+                                              r_seed, r_seedlen, NULL);
++      else
++        {
++          /* Domain parameters p and q are given; use them.  */
++          prime_p = mpi_copy (domain->p);
++          prime_q = mpi_copy (domain->q);
++          gcry_assert (mpi_get_nbits (prime_p) == nbits);
++          gcry_assert (mpi_get_nbits (prime_q) == qbits);
++          ec = 0;
++        }
+       sexp_release (initial_seed.sexp);
+       if (ec)
+         goto leave;
+@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
+       sexp_release (l1);
+       sexp_release (domainsexp);
+ 
+-      /* Check that all domain parameters are available.  */
+-      if (!domain.p || !domain.q || !domain.g)
++      /* Check that p and q domain parameters are available.  */
++      if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
+         {
+           _gcry_mpi_release (domain.p);
+           _gcry_mpi_release (domain.q);
+           _gcry_mpi_release (domain.g);
+-          sexp_release (deriveparms);
+           return GPG_ERR_MISSING_VALUE;
+         }
+ 
+diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
+--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/cipher/rsa.c	2019-02-12 14:29:25.630513971 +0100
+@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
+ 
+   if (nbits < 1024 || (nbits & 0x1FF))
+     return GPG_ERR_INV_VALUE;
+-  if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
++  if (fips_mode() && nbits < 2048)
+       return GPG_ERR_INV_VALUE;
+ 
+   /* The random quality depends on the transient_key flag.  */
+@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
+ 
+   *swapped = 0;
+ 
+-  if (e_value == 1)   /* Alias for a secure value. */
++  if (e_value == 1 || e_value == 0)   /* Alias for a secure value. */
+     e_value = 65537;
+ 
+   /* Point 1 of section 4.1:  k = 1024 + 256s with S >= 0  */

libgcrypt-1.8.4-getrandom.patch

@@ -0,0 +1,134 @@
+diff -up libgcrypt-1.8.4/random/random.c.getrandom libgcrypt-1.8.4/random/random.c
+--- libgcrypt-1.8.4/random/random.c.getrandom	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/random/random.c	2018-11-20 15:52:41.738708554 +0100
+@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
+   unsigned int result = 0;
+ 
+   fp = fopen (fname, "r");
+-  if (!fp)
+-    return result;
++  if (!fp) /* We make only_urandom the default. */
++    return RANDOM_CONF_ONLY_URANDOM;
+ 
+   for (;;)
+     {
+diff -up libgcrypt-1.8.4/random/random-csprng.c.getrandom libgcrypt-1.8.4/random/random-csprng.c
+--- libgcrypt-1.8.4/random/random-csprng.c.getrandom	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/random/random-csprng.c	2018-11-20 15:52:41.738708554 +0100
+@@ -55,6 +55,10 @@
+ #ifdef __MINGW32__
+ #include <process.h>
+ #endif
++#if defined(__linux__) && defined(HAVE_SYSCALL)
++# include <sys/syscall.h>
++# include <linux/random.h>
++#endif
+ #include "g10lib.h"
+ #include "random.h"
+ #include "rand-internal.h"
+@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
+              enum random_origins, size_t, int);
+ 
+ #if USE_RNDLINUX
++#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
++  long ret;
++  char buffer[1];
++
++  _gcry_pre_syscall ();
++  ret = syscall (__NR_getrandom,
++                 (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
++  _gcry_post_syscall ();
++  if (ret != -1 || errno != ENOSYS)
++    {
++      fnc = _gcry_rndlinux_gather_random;
++      return fnc;
++    }
++  else
++          /* The syscall is not supported - fallback to /dev/urandom. */
++#endif
+   if ( !access (NAME_OF_DEV_RANDOM, R_OK)
+        && !access (NAME_OF_DEV_URANDOM, R_OK))
+     {
+diff -up libgcrypt-1.8.4/random/rndlinux.c.getrandom libgcrypt-1.8.4/random/rndlinux.c
+--- libgcrypt-1.8.4/random/rndlinux.c.getrandom	2018-11-20 15:52:41.731708393 +0100
++++ libgcrypt-1.8.4/random/rndlinux.c	2018-11-20 16:06:45.431207374 +0100
+@@ -35,6 +35,7 @@
+ #include <poll.h>
+ #if defined(__linux__) && defined(HAVE_SYSCALL)
+ # include <sys/syscall.h>
++# include <linux/random.h>
+ #endif
+ 
+ #include "types.h"
+@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
+   if (!add)
+     {
+       /* Special mode to close the descriptors.  */
+-      if (fd_random != -1)
++      if (fd_random >= 0)
+         {
+           close (fd_random);
+           fd_random = -1;
+         }
+-      if (fd_urandom != -1)
++      if (fd_urandom >= 0)
+         {
+           close (fd_urandom);
+           fd_urandom = -1;
+@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
+   apid = getpid ();
+   if (my_pid != apid)
+     {
+-      if (fd_random != -1)
++      if (fd_random >= 0)
+         {
+           close (fd_random);
+           fd_random = -1;
+         }
+-      if (fd_urandom != -1)
++      if (fd_urandom >= 0)
+         {
+           close (fd_urandom);
+           fd_urandom = -1;
+@@ -216,6 +217,22 @@ _gcry_rndlinux_gather_random (void (*add
+      that we always require the device to be existent but want a more
+      graceful behaviour if the rarely needed close operation has been
+      used and the device needs to be re-opened later. */
++#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
++   if (fd_urandom != -2)
++     {
++       long ret;
++
++       _gcry_pre_syscall ();
++       ret = syscall (__NR_getrandom,
++                      (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
++       _gcry_post_syscall ();
++       if (ret > -1 || errno == EAGAIN || errno == EINTR)
++         {
++           fd_urandom = -2;
++           fd_random = -2;
++         }
++     }
++#endif
+   if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
+     {
+       if (fd_random == -1)
+@@ -255,6 +272,7 @@ _gcry_rndlinux_gather_random (void (*add
+        * syscall and not a new device and thus we are not able to use
+        * select(2) to have a timeout. */
+ #if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
++      if (fd == -2)
+         {
+           long ret;
+           size_t nbytes;
+@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
+               _gcry_post_syscall ();
+             }
+           while (ret == -1 && errno == EINTR);
+-          if (ret == -1 && errno == ENOSYS)
+-            ; /* The syscall is not supported - fallback to pulling from fd.  */
+-          else
++          if (1)
+             { /* The syscall is supported.  Some sanity checks.  */
+               if (ret == -1)
+                 log_fatal ("unexpected error from getrandom: %s\n",

libgcrypt-1.8.4-tests-fipsmode.patch

@@ -0,0 +1,184 @@
+diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
+--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode	2018-04-17 17:29:40.000000000 +0200
++++ libgcrypt-1.8.4/tests/basic.c	2019-02-12 13:30:48.935791024 +0100
+@@ -6964,7 +6964,7 @@ check_ciphers (void)
+       check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
+       if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
+         check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
+-      if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
++      if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
+         check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
+       if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
+         check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
+@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
+   check_cfb_cipher ();
+   check_ofb_cipher ();
+   check_ccm_cipher ();
+-  check_gcm_cipher ();
+-  check_poly1305_cipher ();
+-  check_ocb_cipher ();
++  if (!in_fips_mode)
++    {
++      check_gcm_cipher ();
++      check_poly1305_cipher ();
++      check_ocb_cipher ();
++    }
+   check_xts_cipher ();
+-  check_gost28147_cipher ();
++  if (!in_fips_mode)
++    {
++      check_gost28147_cipher ();
++    }
+   check_stream_cipher ();
+   check_stream_cipher_large_block ();
+ 
+@@ -10001,7 +10007,7 @@ check_mac (void)
+           show_mac_not_available (algos[i].algo);
+           continue;
+         }
+-      if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
++      if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
+         {
+           if (verbose)
+             fprintf (stderr, "  algorithm %d not available in fips mode\n",
+@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
+       /* If we are in fips mode do some more tests. */
+       gcry_md_hd_t md;
+ 
+-      /* First trigger a self-test.  */
+-      xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+       if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
+         fail ("not in operational state after self-test\n");
+ 
+@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
+               gcry_md_close (md);
+               if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
+                 fail ("expected error state but still in operational state\n");
+-              else
+-                {
+-                  /* Now run a self-test and to get back into
+-                     operational state.  */
+-                  xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+-                  if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
+-                    fail ("did not reach operational after error "
+-                          "and self-test\n");
+-                }
+             }
+         }
+ 
+diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
+--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode	2019-02-12 11:31:44.859603883 +0100
++++ libgcrypt-1.8.4/tests/benchmark.c	2019-02-12 14:10:40.271999352 +0100
+@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
+           || (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
+         continue;
+ 
+-      if (modes[modeidx].req_blocksize > 0
+-          && blklen != modes[modeidx].req_blocksize)
++      if ((modes[modeidx].req_blocksize > 0
++           && blklen != modes[modeidx].req_blocksize)
++          || (in_fips_mode 
++           && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
+         {
+           printf (" %7s %7s", "-", "-" );
+           continue;
+diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
+--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/tests/bench-slope.c	2019-02-12 14:14:33.618763325 +0100
+@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
+     return;
+ 
+   /* GCM has restrictions for block-size */
+-  if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
++  if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
+     return;
+ 
+   /* XTS has restrictions for block-size */
+diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
+--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/tests/pubkey.c	2019-02-12 13:52:25.658746415 +0100
+@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
+   rc = gcry_sexp_new
+     (&key_spec,
+      "(genkey (dsa (transient-key)(domain"
+-     "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
+-     "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
+-     "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
+-     "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
+-     "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
+-     "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
+-     "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
+-     "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
+-     "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
++     " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
++     "     3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
++     "     2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
++     "     3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
++     "     0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
++     "     eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
++     "     3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
++     "     0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
++     "     66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
++     "     65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
++     "     2c8d7469db02e24d592394a7dba069e9#)"
++     " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
++     "     7441a0a5#)"
++     " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
++     "     21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
++     "     ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
++     "     0df242b75b414df372121e53a553f222f836b000f016485b"
++     "     6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
++     "     942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
++     "     02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
++     "     ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
++     "     4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
++     "     35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
++     "     45f322f82e4e85ca3ab85591b3c2a966#)"
+      ")))", 0, 1);
+   if (rc)
+     die ("error creating S-expression: %s\n", gcry_strerror (rc));
+@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
+      "    (use-fips186)"
+      "    (transient-key)"
+      "    (derive-parms"
+-     "      (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
++     "      (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
+      0, 1);
+   if (rc)
+     die ("error creating S-expression: %s\n", gcry_strerror (rc));
+diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
+--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode	2017-11-23 19:16:58.000000000 +0100
++++ libgcrypt-1.8.4/tests/t-cv25519.c	2019-02-12 14:02:35.935705390 +0100
+@@ -560,6 +560,9 @@ main (int argc, char **argv)
+     xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
+   xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+   xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
++  /* Curve25519 isn't supported in fips mode */
++  if (gcry_fips_mode_active())
++    return 77;
+ 
+   start_timer ();
+   check_cv25519 ();
+diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
+--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode	2017-11-23 19:19:54.000000000 +0100
++++ libgcrypt-1.8.4/tests/t-secmem.c	2019-02-12 11:51:02.462190538 +0100
+@@ -174,7 +174,8 @@ main (int argc, char **argv)
+     xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
+   xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+   xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
+-  gcry_set_outofcore_handler (outofcore_handler, NULL);
++  if (!gcry_fips_mode_active ())
++    gcry_set_outofcore_handler (outofcore_handler, NULL);
+   xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ 
+   /* Libgcrypt prints a warning when the first overflow is allocated;
+@@ -184,7 +185,8 @@ main (int argc, char **argv)
+ 
+ 
+   test_secmem ();
+-  test_secmem_overflow ();
++  if (!gcry_fips_mode_active ())
++    test_secmem_overflow ();
+   /* FIXME: We need to improve the tests, for example by registering
+    * our own log handler and comparing the output of
+    * PRIV_CTL_DUMP_SECMEM_STATS to expected pattern.  */

libgcrypt-1.8.4-use-poll.patch

@@ -1,6 +1,6 @@
-diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndlinux.c
---- libgcrypt-1.8.0/random/rndlinux.c.use-poll	2017-06-24 13:34:29.000000000 +0200
-+++ libgcrypt-1.8.0/random/rndlinux.c	2017-08-15 15:37:37.604629377 +0200
+diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
+--- libgcrypt-1.8.4/random/rndlinux.c.use-poll	2018-10-26 13:50:20.000000000 +0200
++++ libgcrypt-1.8.4/random/rndlinux.c	2018-11-20 15:51:56.760669058 +0100
 @@ -32,6 +32,7 @@
  #include <string.h>
  #include <unistd.h>
@@ -9,7 +9,7 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
  #if defined(__linux__) && defined(HAVE_SYSCALL)
  # include <sys/syscall.h>
  #endif
-@@ -216,9 +217,8 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
                   return with something we will actually use 100ms. */
    while (length)
      {
@@ -18,9 +18,9 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
        int rc;
 +      struct pollfd pfd;
  
-       /* If we have a modern Linux kernel and we want to read from the
-        * the non-blocking /dev/urandom, we first try to use the new
-@@ -276,36 +276,25 @@ _gcry_rndlinux_gather_random (void (*add
+       /* If we have a modern Linux kernel, we first try to use the new
+        * getrandom syscall.  That call guarantees that the kernel's
+@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
            any_need_entropy = 1;
          }
  

mingw-libgcrypt.spec

@@ -3,8 +3,8 @@
 %global run_tests 0
 
 Name:           mingw-libgcrypt
-Version:        1.8.3
-Release:        3%{?dist}
+Version:        1.8.4
+Release:        1%{?dist}
 Summary:        MinGW Windows gcrypt encryption library
 
 License:        LGPLv2+ and GPLv2+
@@ -28,12 +28,14 @@ Source7:        random.conf
 # make FIPS hmac compatible with fipscheck - non upstreamable
 # update on soname bump
 Patch2: libgcrypt-1.6.2-use-fipscheck.patch
-# fix tests in the FIPS mode, allow CAVS testing of DSA keygen
-Patch5: libgcrypt-1.8.0-tests.patch
+# modify FIPS RSA and DSA keygen to comply with requirements
+Patch5: libgcrypt-1.8.4-fips-keygen.patch
+# fix the tests to work correctly in the FIPS mode
+Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
 # update the CAVS tests
 Patch7: libgcrypt-1.7.3-fips-cavs.patch
 # use poll instead of select when gathering randomness
-Patch11: libgcrypt-1.8.0-use-poll.patch
+Patch11: libgcrypt-1.8.4-use-poll.patch
 # slight optimalization of mpicoder.c to silence Valgrind (#968288)
 Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
 # fix tests to work with approved ECC
@@ -43,8 +45,7 @@ Patch18: libgcrypt-1.8.3-fips-ctor.patch
 # Block some operations if in FIPS non-operational state
 Patch22: libgcrypt-1.7.3-fips-reqs.patch
 # Do not try to open /dev/urandom if getrandom() works
-Patch24: libgcrypt-1.8.3-getrandom.patch
-
+Patch24: libgcrypt-1.8.4-getrandom.patch
 
 # MinGW-specific patches
 
@@ -125,7 +126,8 @@ Static library for mingw64-libgcrypt development.
 %setup -q -n libgcrypt-%{version}
 %{SOURCE3}
 %patch2 -p1 -b .use-fipscheck
-%patch5 -p1 -b .tests
+%patch5 -p1 -b .fips-keygen
+%patch6 -p1 -b .tests-fipsmode
 %patch7 -p1 -b .cavs
 %patch11 -p1 -b .use-poll
 %patch13 -p1 -b .gccopt
@@ -210,6 +212,9 @@ rm $RPM_BUILD_ROOT%{mingw64_libdir}/libgcrypt.la
 
 
 %changelog
+* Tue Aug 13 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.8.4-1
+- Update the sources accordingly to its native counter-panter, rhbz#1740734
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (libgcrypt-1.8.3-hobbled.tar.xz) = 6981367a138e03375d7ccf44e2dacb5c96f0ebadf34c2734f95cf3b94a7d7b206a2864304abfbcc3acf0055cc83491fd68d065af33487fefa73f550954a99613
+SHA512 (libgcrypt-1.8.4-hobbled.tar.xz) = 9f124d84a401f6b63faabe46b983e157573a20064e9652fe47b4d18b58d580eab9458a47eb24694b26e8e8e7e8c82002f354f075a0fc7037e61fb4ab0eafdf19