From dc16c6bd298aca313f40359ad37a297dadc7ab83 Mon Sep 17 00:00:00 2001 From: zhengxiaoxiao Date: Mon, 14 Nov 2022 19:18:55 +0800 Subject: [PATCH] add backport-Fix-the-behavior-for-child-process.patch backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch --- ...P-scratch-area-immediately-after-use.patch | 29 ++++++++++++++++ ...t-Fix-the-behavior-for-child-process.patch | 33 +++++++++++++++++++ libgcrypt.spec | 11 ++++++- 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch create mode 100644 backport-Fix-the-behavior-for-child-process.patch diff --git a/backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch b/backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch new file mode 100644 index 0000000..c8836ec --- /dev/null +++ b/backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch @@ -0,0 +1,29 @@ +From b6d83057c7a14f958dffbc418ed799cdf779bf5a Mon Sep 17 00:00:00 2001 +From: zhengxiaoxiao +Date: Fri, 29 Jul 2022 15:25:39 +0800 +Subject: [PATCH] Clear AESWRAP scratch area immediately after use + +* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_decrypt): Call +wipememory. + +Reference: https://github.com/gpg/libgcrypt/commit/69e2e498f6a14cfa731cb5718bdb64f440f1c829 +Conflict: NA +--- + cipher/cipher-aeswrap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c +index c182657..4240751 100644 +--- a/cipher/cipher-aeswrap.c ++++ b/cipher/cipher-aeswrap.c +@@ -187,6 +187,7 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c, + memcpy (r+(i-1)*8, b+8, 8); + } + } ++ wipememory (b, 16); /* Clear scratch area. */ + + /* If an IV has been set we compare against this Alternative Initial + Value; if it has not been set we compare against the standard IV. */ +-- +2.27.0 + \ No newline at end of file diff --git a/backport-Fix-the-behavior-for-child-process.patch b/backport-Fix-the-behavior-for-child-process.patch new file mode 100644 index 0000000..97b22c7 --- /dev/null +++ b/backport-Fix-the-behavior-for-child-process.patch @@ -0,0 +1,33 @@ +From e154c6443d3d28bfa7d8d93252cd1f10e9c0efa9 Mon Sep 17 00:00:00 2001 +From: zhengxiaoxiao +Date: Fri, 29 Jul 2022 15:20:12 +0800 +Subject: [PATCH] Fix the behavior for child process. + +* random/random-drbg.c (_gcry_rngdrbg_randomize): Update change of PID +detection. +In a child process, it calls to drbg_reseed again and again, without +this change. + +Reference: https://github.com/gpg/libgcrypt/commit/35a7409dcf29009ed2cf365815c6abf02c94cb8f +Conflict: NA +--- + random/random-drbg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/random/random-drbg.c b/random/random-drbg.c +index 77d19a6..9ee5389 100644 +--- a/random/random-drbg.c ++++ b/random/random-drbg.c +@@ -1981,6 +1981,9 @@ _gcry_rngdrbg_randomize (void *buffer, size_t length, + * key, either a re-init or a reseed is sufficient for a fork */ + if (drbg_state->seed_init_pid != getpid ()) + { ++ /* Update the PID recorded. */ ++ drbg_state->seed_init_pid = getpid (); ++ + /* We are in a child of us. Perform a reseeding. */ + if (drbg_reseed (drbg_state, NULL)) + { +-- +2.27.0 + \ No newline at end of file diff --git a/libgcrypt.spec b/libgcrypt.spec index 841e4c0..9b0d463 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -4,7 +4,7 @@ Name: libgcrypt Version: 1.9.4 -Release: 1 +Release: 2 Summary: A general-purpose cryptography library License: LGPLv2+ URL: https://www.gnupg.org/ @@ -24,6 +24,8 @@ Patch9: backport-libgcrypt-1.8.3-fips-enttest.patch Patch10: backport-libgcrypt-1.8.3-md-fips-enforce.patch Patch11: backport-libgcrypt-1.8.5-intel-cet.patch Patch12: backport-libgcrypt-1.8.5-fips-module.patch +Patch13: backport-Fix-the-behavior-for-child-process.patch +Patch14: backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch BuildRequires: gcc texinfo autoconf automake libtool BuildRequires: gawk libgpg-error-devel >= 1.11 pkgconfig @@ -129,6 +131,13 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf %{_infodir}/gcrypt.info* %changelog +* Mon Nov 14 2022 zhengxiaoxiao - 1.9.4-2 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add backport-Fix-the-behavior-for-child-process.patch + backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch + * Tue Dec 7 2021 zoulin - 1.9.4-1 - Type:requirements - ID:NA