diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index fd8a3d7473c7..2a4dab3e4105 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,67 +1,66 @@ PORTNAME= libgcrypt -DISTVERSION= 1.12.0 -PORTREVISION= 1 +DISTVERSION= 1.12.2 CATEGORIES= security MASTER_SITES= GNUPG MAINTAINER= cy@FreeBSD.org COMMENT= General purpose cryptographic library based on the code from GnuPG WWW= https://www.gnupg.org/software/libgcrypt/index.html LICENSE= GPLv2+ LGPL21+ LICENSE_COMB= multi BUILD_DEPENDS= libgpg-error>=1.32:security/libgpg-error RUN_DEPENDS= libgpg-error>=1.32:security/libgpg-error USES= cpe libtool pathfix tar:bzip2 CPE_VENDOR= gnupg USE_LDCONFIG= yes GNU_CONFIGURE= yes CFLAGS+= -pthread TEST_TARGET= check DOCS= AUTHORS ChangeLog ChangeLog-2011 INSTALL NEWS THANKS TODO \ doc/HACKING doc/README.apichanges PORTDOCS= * CONFIGURE_ARGS= --disable-drng-support CONFIGURE_TARGET=${ARCH:S/amd64/x86_64/}-portbld-${OPSYS:tl}${OSREL} OPTIONS_DEFINE= DOCS INFO STATIC OPTIONS_DEFAULT= DOCS INFO STATIC OPTIONS_SUB= yes INFO_EXTRA_PATCHES_OFF= ${PATCHDIR}/extra-patch-no-info INFO_CONFIGURE_ENV= MAKEINFO="${MAKEINFO} --no-split" INFO_INFO= gcrypt INFO_USES= makeinfo STATIC_CONFIGURE_ENABLE= static .include .if ${ARCH} == "armv6" || ${ARCH} == "armv7" CONFIGURE_ARGS+= --disable-jent-support .endif .if defined(WITH_DEBUG) CFLAGS+= -DWITH_DEBUG .endif post-patch: @${RM} ${WRKSRC}/doc/gcrypt.info* @${REINPLACE_CMD} -e 's|ALIGN (3)|ALIGN (2)|g' ${WRKSRC}/mpi/i386/*.S post-install: @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}.so post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR} .include diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index fc3c8060db0f..b1c8b059b98e 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1769835694 -SHA256 (libgcrypt-1.12.0.tar.bz2) = 0311454e678189bad62a7e9402a9dd793025efff6e7449898616e2fc75e0f4f5 -SIZE (libgcrypt-1.12.0.tar.bz2) = 4438947 +TIMESTAMP = 1776471428 +SHA256 (libgcrypt-1.12.2.tar.bz2) = 7ce33c2492221a0436f96a8500215e9f3e3dcb5fd26a757cd415e7a843babd5e +SIZE (libgcrypt-1.12.2.tar.bz2) = 4441855 diff --git a/security/libgcrypt/files/patch-cipher_ecc-common.h b/security/libgcrypt/files/patch-cipher_ecc-common.h deleted file mode 100644 index 9f7cbd03731f..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-common.h +++ /dev/null @@ -1,11 +0,0 @@ ---- cipher/ecc-common.h.orig 2022-01-25 21:55:44 UTC -+++ cipher/ecc-common.h -@@ -47,7 +47,7 @@ point_set (mpi_point_t d, mpi_point_t s) - mpi_set (d->z, s->z); - } - --#define point_init(a) _gcry_mpi_point_init ((a)) -+#define point_init(a,nbits) _gcry_mpi_point_init ((a),(nbits)) - #define point_free(a) _gcry_mpi_point_free_parts ((a)) - - diff --git a/security/libgcrypt/files/patch-cipher_ecc-curves.c b/security/libgcrypt/files/patch-cipher_ecc-curves.c deleted file mode 100644 index 545864d61023..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-curves.c +++ /dev/null @@ -1,20 +0,0 @@ ---- cipher/ecc-curves.c.orig 2025-05-08 06:47:34 UTC -+++ cipher/ecc-curves.c -@@ -863,7 +863,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterato - if (rc) - goto leave; - -- _gcry_mpi_point_init (&E.G); -+ _gcry_mpi_point_init (&E.G, 0); - _gcry_mpi_point_set (&E.G, G->x, G->y, G->z); - - for (idx = 0; domain_parms[idx].desc; idx++) -@@ -1120,7 +1120,7 @@ mpi_ec_get_elliptic_curve (elliptic_curve_t *E, int *r - goto leave; - if (G) - { -- _gcry_mpi_point_init (&E->G); -+ _gcry_mpi_point_init (&E->G, 0); - mpi_point_set (&E->G, G->x, G->y, G->z); - mpi_point_set (G, NULL, NULL, NULL); - mpi_point_release (G); diff --git a/security/libgcrypt/files/patch-cipher_ecc-ecdh.c b/security/libgcrypt/files/patch-cipher_ecc-ecdh.c deleted file mode 100644 index 8148628b2aad..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-ecdh.c +++ /dev/null @@ -1,28 +0,0 @@ ---- cipher/ecc-ecdh.c.orig 2025-05-08 06:47:34 UTC -+++ cipher/ecc-ecdh.c -@@ -131,7 +131,7 @@ _gcry_ecc_curve_keypair (const char *curve, - return GPG_ERR_UNKNOWN_CURVE; - - x = mpi_new (nbits); -- point_init (&Q); -+ point_init (&Q, ec->nbits); - - _gcry_mpi_ec_mul_point (&Q, mpi_k, ec->G, ec); - -@@ -254,14 +254,14 @@ _gcry_ecc_curve_mul_point (const char *curve, - goto leave; - } - -- point_init (&Q); -+ point_init (&Q, ec->nbits); - - if (point) - { - gcry_mpi_t mpi_u = _gcry_mpi_set_opaque_copy (NULL, point, point_len*8); - mpi_point_struct P; - -- point_init (&P); -+ point_init (&P, ec->nbits); - if (ec->model == MPI_EC_WEIERSTRASS) - err = _gcry_ecc_sec_decodepoint (mpi_u, ec, &P); - else /* MPI_EC_MONTGOMERY */ diff --git a/security/libgcrypt/files/patch-cipher_ecc-ecdsa.c b/security/libgcrypt/files/patch-cipher_ecc-ecdsa.c deleted file mode 100644 index 6c1f50f2372f..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-ecdsa.c +++ /dev/null @@ -1,24 +0,0 @@ ---- cipher/ecc-ecdsa.c.orig 2025-09-23 13:14:22 UTC -+++ cipher/ecc-ecdsa.c -@@ -89,7 +89,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, gcry_mpi_t k_s - sum = mpi_alloc (0); - k_1 = mpi_alloc (0); - x = mpi_alloc (0); -- point_init (&I); -+ point_init (&I, ec->nbits); - - /* Two loops to avoid R or S are zero. This is more of a joke than - a real demand because the probability of them being zero is less -@@ -268,9 +268,9 @@ _gcry_ecc_ecdsa_verify (gcry_mpi_t input, mpi_ec_t ec, - h1 = mpi_alloc (0); - h2 = mpi_alloc (0); - x = mpi_alloc (0); -- point_init (&Q); -- point_init (&Q1); -- point_init (&Q2); -+ point_init (&Q, ec->nbits); -+ point_init (&Q1, ec->nbits); -+ point_init (&Q2, ec->nbits); - - /* h = s^(-1) (mod n) */ - mpi_invm (h, s, ec->n); diff --git a/security/libgcrypt/files/patch-cipher_ecc-eddsa.c b/security/libgcrypt/files/patch-cipher_ecc-eddsa.c deleted file mode 100644 index e9ea3bf6215c..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-eddsa.c +++ /dev/null @@ -1,117 +0,0 @@ ---- cipher/ecc-eddsa.c.orig 2025-07-14 12:48:50 UTC -+++ cipher/ecc-eddsa.c -@@ -126,8 +126,8 @@ _gcry_ecc_eddsa_encodepoint (mpi_point_t point, mpi_ec - gpg_err_code_t rc; - gcry_mpi_t x, y; - -- x = x_in? x_in : mpi_new (0); -- y = y_in? y_in : mpi_new (0); -+ x = x_in? x_in : mpi_new (ec->nbits); -+ y = y_in? y_in : mpi_new (ec->nbits); - - if (_gcry_mpi_ec_get_affine (x, y, point, ec)) - { -@@ -219,11 +219,11 @@ ecc_ed448_recover_x (gcry_mpi_t x, gcry_mpi_t y, int x - p34 = scanval ("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); - -- u = mpi_new (0); -- v = mpi_new (0); -- u3 = mpi_new (0); -- v3 = mpi_new (0); -- t = mpi_new (0); -+ u = mpi_new (ec->nbits); -+ v = mpi_new (ec->nbits); -+ u3 = mpi_new (ec->nbits); -+ v3 = mpi_new (ec->nbits); -+ t = mpi_new (ec->nbits); - - /* Compute u and v */ - /* u = y^2 */ -@@ -300,10 +300,10 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, - if (!seven) - seven = mpi_set_ui (NULL, 7); - -- u = mpi_new (0); -- v = mpi_new (0); -- v3 = mpi_new (0); -- t = mpi_new (0); -+ u = mpi_new (ec->nbits); -+ v = mpi_new (ec->nbits); -+ v3 = mpi_new (ec->nbits); -+ t = mpi_new (ec->nbits); - - /* Compute u and v */ - /* u = y^2 */ -@@ -592,7 +592,7 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) - { - gpg_err_code_t rc; - int b; -- gcry_mpi_t a, x, y; -+ gcry_mpi_t a; - mpi_point_struct Q; - gcry_random_level_t random_level; - char *dbuf; -@@ -616,8 +616,6 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) - dlen = b; - - a = mpi_snew (0); -- x = mpi_new (0); -- y = mpi_new (0); - - /* Generate a secret. */ - dbuf = _gcry_random_bytes_secure (dlen, random_level); -@@ -631,7 +629,7 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) - /* log_printmpi ("ecgen a", a); */ - - /* Compute Q. */ -- point_init (&Q); -+ point_init (&Q, ec->nbits); - _gcry_mpi_ec_mul_point (&Q, a, ec->G, ec); - if (DBG_CIPHER) - log_printpnt ("ecgen pk", &Q, ec); -@@ -643,8 +641,6 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) - - leave: - _gcry_mpi_release (a); -- _gcry_mpi_release (x); -- _gcry_mpi_release (y); - return rc; - } - -@@ -716,11 +712,11 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, mpi_ec_t ec, - return GPG_ERR_INV_DATA; - - /* Initialize some helpers. */ -- point_init (&I); -+ point_init (&I, ec->nbits); - a = mpi_snew (0); -- x = mpi_new (0); -- y = mpi_new (0); -- r = mpi_snew (0); -+ x = mpi_new (ec->nbits); -+ y = mpi_new (ec->nbits); -+ r = mpi_snew (ec->nbits); - - rc = _gcry_ecc_eddsa_compute_h_d (&digest, ec); - if (rc) -@@ -732,7 +728,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, mpi_ec_t ec, - { - mpi_point_struct Q; - -- point_init (&Q); -+ point_init (&Q, ec->nbits); - _gcry_mpi_ec_mul_point (&Q, a, ec->G, ec); - ec->Q = mpi_point_snatch_set (NULL, Q.x, Q.y, Q.z); - } -@@ -939,8 +935,8 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec, - else - return GPG_ERR_NOT_IMPLEMENTED; - -- point_init (&Ia); -- point_init (&Ib); -+ point_init (&Ia, ec->nbits); -+ point_init (&Ib, ec->nbits); - h = mpi_new (0); - s = mpi_new (0); - diff --git a/security/libgcrypt/files/patch-cipher_ecc-gost.c b/security/libgcrypt/files/patch-cipher_ecc-gost.c deleted file mode 100644 index 0f84639c9b7a..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-gost.c +++ /dev/null @@ -1,24 +0,0 @@ ---- cipher/ecc-gost.c.orig 2021-02-12 11:23:24 UTC -+++ cipher/ecc-gost.c -@@ -63,7 +63,7 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, mpi_ec_t ec, - ke = mpi_alloc (0); - e = mpi_alloc (0); - x = mpi_alloc (0); -- point_init (&I); -+ point_init (&I, ec->nbits); - - mpi_mod (e, input, ec->n); /* e = hash mod n */ - -@@ -148,9 +148,9 @@ _gcry_ecc_gost_verify (gcry_mpi_t input, mpi_ec_t ec, - rv = mpi_alloc (0); - zero = mpi_alloc (0); - -- point_init (&Q); -- point_init (&Q1); -- point_init (&Q2); -+ point_init (&Q, ec->nbits); -+ point_init (&Q1, ec->nbits); -+ point_init (&Q2, ec->nbits); - - mpi_mod (e, input, ec->n); /* e = hash mod n */ - if (!mpi_cmp_ui (e, 0)) diff --git a/security/libgcrypt/files/patch-cipher_ecc-misc.c b/security/libgcrypt/files/patch-cipher_ecc-misc.c deleted file mode 100644 index 7565d9aa71e6..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-misc.c +++ /dev/null @@ -1,37 +0,0 @@ ---- cipher/ecc-misc.c.orig 2025-03-13 09:47:17 UTC -+++ cipher/ecc-misc.c -@@ -60,7 +60,7 @@ _gcry_ecc_curve_copy (elliptic_curve_t E) - R.p = mpi_copy (E.p); - R.a = mpi_copy (E.a); - R.b = mpi_copy (E.b); -- _gcry_mpi_point_init (&R.G); -+ _gcry_mpi_point_init (&R.G, 0); - point_set (&R.G, &E.G); - R.n = mpi_copy (E.n); - R.h = E.h; -@@ -159,8 +159,8 @@ _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t e - { - gcry_mpi_t g_x, g_y, result; - -- g_x = mpi_new (0); -- g_y = mpi_new (0); -+ g_x = mpi_new (ec->nbits); -+ g_y = mpi_new (ec->nbits); - if (_gcry_mpi_ec_get_affine (g_x, g_y, point, ec)) - result = NULL; - else -@@ -236,10 +236,10 @@ _gcry_ecc_sec_decodepoint (gcry_mpi_t value, mpi_ec_t - * Recover Y. The Weierstrass curve: y^2 = x^3 + a*x + b - */ - -- x3 = mpi_new (0); -- t = mpi_new (0); -- p1_4 = mpi_new (0); -- y = mpi_new (0); -+ x3 = mpi_new (ec->nbits); -+ t = mpi_new (ec->nbits); -+ p1_4 = mpi_new (ec->nbits); -+ y = mpi_new (ec->nbits); - - /* Compute right hand side. */ - mpi_powm (x3, x, mpi_const (MPI_C_THREE), ec->p); diff --git a/security/libgcrypt/files/patch-cipher_ecc-sm2.c b/security/libgcrypt/files/patch-cipher_ecc-sm2.c deleted file mode 100644 index 31cc4a8fe3cb..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc-sm2.c +++ /dev/null @@ -1,68 +0,0 @@ ---- cipher/ecc-sm2.c.orig 2021-02-12 11:23:24 UTC -+++ cipher/ecc-sm2.c -@@ -114,12 +114,12 @@ _gcry_ecc_sm2_encrypt (gcry_sexp_t *r_ciph, gcry_mpi_t - unsigned char *cipher = NULL; - int i; - -- point_init (&kG); -- point_init (&kP); -- x1 = mpi_new (0); -- y1 = mpi_new (0); -- x2 = mpi_new (0); -- y2 = mpi_new (0); -+ point_init (&kG, ec->nbits); -+ point_init (&kP, ec->nbits); -+ x1 = mpi_new (ec->nbits); -+ y1 = mpi_new (ec->nbits); -+ x2 = mpi_new (ec->nbits); -+ y2 = mpi_new (ec->nbits); - - in = _gcry_mpi_get_buffer (input, 0, &inlen, NULL); - if (!in) -@@ -268,10 +268,10 @@ _gcry_ecc_sm2_decrypt (gcry_sexp_t *r_plain, gcry_sexp - unsigned int c3_len; - int i; - -- point_init (&c1); -- point_init (&kP); -- x2 = mpi_new (0); -- y2 = mpi_new (0); -+ point_init (&c1, ec->nbits); -+ point_init (&kP, ec->nbits); -+ x2 = mpi_new (ec->nbits); -+ y2 = mpi_new (ec->nbits); - - in = mpi_get_opaque (data_c2, &inlen); - inlen = (inlen + 7) / 8; -@@ -401,10 +401,10 @@ _gcry_ecc_sm2_sign (gcry_mpi_t input, mpi_ec_t ec, - if (rc) - return rc; - -- point_init (&kG); -- x1 = mpi_new (0); -- rk = mpi_new (0); -- tmp = mpi_new (0); -+ point_init (&kG, ec->nbits); -+ x1 = mpi_new (ec->nbits); -+ rk = mpi_new (ec->nbits); -+ tmp = mpi_new (ec->nbits); - - for (;;) - { -@@ -514,11 +514,11 @@ _gcry_ecc_sm2_verify (gcry_mpi_t input, mpi_ec_t ec, - if (err) - return err; - -- point_init (&sG); -- point_init (&tP); -- x1 = mpi_new (0); -- y1 = mpi_new (0); -- t = mpi_new (0); -+ point_init (&sG, ec->nbits); -+ point_init (&tP, ec->nbits); -+ x1 = mpi_new (ec->nbits); -+ y1 = mpi_new (ec->nbits); -+ t = mpi_new (ec->nbits); - - /* t = (r + s) % n, t != 0 */ - mpi_addm (t, r, s, ec->n); diff --git a/security/libgcrypt/files/patch-cipher_ecc.c b/security/libgcrypt/files/patch-cipher_ecc.c deleted file mode 100644 index a6df0bf614da..000000000000 --- a/security/libgcrypt/files/patch-cipher_ecc.c +++ /dev/null @@ -1,153 +0,0 @@ ---- cipher/ecc.c.orig 2025-09-23 13:14:22 UTC -+++ cipher/ecc.c -@@ -256,7 +256,7 @@ nist_generate_key (mpi_ec_t ec, int flags, - gcry_mpi_t x, y; - const unsigned int pbits = ec->nbits; - -- point_init (&Q); -+ point_init (&Q, ec->nbits); - - if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) - random_level = GCRY_STRONG_RANDOM; -@@ -387,7 +387,7 @@ test_keys (mpi_ec_t ec, unsigned int nbits) - if (DBG_CIPHER) - log_debug ("Testing key.\n"); - -- point_init (&R_); -+ point_init (&R_, ec->nbits); - - _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); - -@@ -544,7 +544,7 @@ test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, - if (DBG_CIPHER) - log_debug ("Testing ECDH only key.\n"); - -- point_init (&R_); -+ point_init (&R_, ec->nbits); - - if (ec->dialect == ECC_DIALECT_SAFECURVE || (flags & PUBKEY_FLAG_DJB_TWEAK)) - { -@@ -572,8 +572,8 @@ test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, - _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); - } - -- x0 = mpi_new (0); -- x1 = mpi_new (0); -+ x0 = mpi_new (ec->nbits); -+ x1 = mpi_new (ec->nbits); - - /* R_ = hkQ <=> R_ = hkdG */ - _gcry_mpi_ec_mul_point (&R_, test, ec->Q, ec); -@@ -617,12 +617,12 @@ check_secret_key (mpi_ec_t ec, int flags) - gcry_mpi_t x2 = NULL; - gcry_mpi_t y2 = NULL; - -- point_init (&Q); -- x1 = mpi_new (0); -+ point_init (&Q, ec->nbits); -+ x1 = mpi_new (ec->nbits); - if (ec->model == MPI_EC_MONTGOMERY) - y1 = NULL; - else -- y1 = mpi_new (0); -+ y1 = mpi_new (ec->nbits); - - /* G in E(F_p) */ - if (!_gcry_mpi_ec_curve_point (ec->G, ec)) -@@ -687,8 +687,8 @@ check_secret_key (mpi_ec_t ec, int flags) - } - else - { -- x2 = mpi_new (0); -- y2 = mpi_new (0); -+ x2 = mpi_new (ec->nbits); -+ y2 = mpi_new (ec->nbits); - if (_gcry_mpi_ec_get_affine (x2, y2, ec->Q, ec)) - { - if (DBG_CIPHER) -@@ -751,8 +751,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t - goto leave; - - /* Copy data to the result. */ -- Gx = mpi_new (0); -- Gy = mpi_new (0); -+ Gx = mpi_new (ec->nbits); -+ Gy = mpi_new (ec->nbits); - if (ec->model != MPI_EC_MONTGOMERY) - { - if (_gcry_mpi_ec_get_affine (Gx, Gy, ec->G, ec)) -@@ -787,8 +787,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t - { - /* This is the case for a key from _gcry_ecc_eddsa_generate - with no compression. */ -- Qx = mpi_new (0); -- Qy = mpi_new (0); -+ Qx = mpi_new (ec->nbits); -+ Qy = mpi_new (ec->nbits); - if (_gcry_mpi_ec_get_affine (Qx, Qy, ec->Q, ec)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - } -@@ -1369,13 +1369,13 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_da - unsigned int rawmpilen; - - rc = 0; -- x = mpi_new (0); -+ x = mpi_new (ec->nbits); - if (ec->model == MPI_EC_MONTGOMERY) - y = NULL; - else -- y = mpi_new (0); -+ y = mpi_new (ec->nbits); - -- point_init (&R); -+ point_init (&R, ec->nbits); - - /* R = kQ <=> R = kdG */ - _gcry_mpi_ec_mul_point (&R, data, ec->Q, ec); -@@ -1478,12 +1478,13 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_d - int flags = GCRYECC_FLAG_LEAST_LEAK; - int enable_specific_point_validation; - -- point_init (&kG); -- point_init (&R); -+ nbits = ecc_get_nbits (keyparms); - -- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, -- (nbits = ecc_get_nbits (keyparms))); -+ point_init (&kG, nbits); -+ point_init (&R, nbits); - -+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, nbits); -+ - /* - * Extract the key. - */ -@@ -1564,11 +1565,11 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_d - { - gcry_mpi_t x, y; - -- x = mpi_new (0); -+ x = mpi_new (ec->nbits); - if (ec->model == MPI_EC_MONTGOMERY) - y = NULL; - else -- y = mpi_new (0); -+ y = mpi_new (ec->nbits); - - if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) - { -@@ -1887,10 +1888,10 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms - * Recover Y. The Weierstrass curve: y^2 = x^3 + a*x + b - */ - -- x3 = mpi_new (0); -- t = mpi_new (0); -- p1_4 = mpi_new (0); -- y = mpi_new (0); -+ x3 = mpi_new (ec->nbits); -+ t = mpi_new (ec->nbits); -+ p1_4 = mpi_new (ec->nbits); -+ y = mpi_new (ec->nbits); - - /* Compute right hand side. */ - mpi_powm (x3, x, mpi_const (MPI_C_THREE), ec->p); diff --git a/security/libgcrypt/files/patch-mpi_ec-hw-s390x.c b/security/libgcrypt/files/patch-mpi_ec-hw-s390x.c deleted file mode 100644 index cf1ce8bc7282..000000000000 --- a/security/libgcrypt/files/patch-mpi_ec-hw-s390x.c +++ /dev/null @@ -1,22 +0,0 @@ ---- mpi/ec-hw-s390x.c.orig 2022-01-25 21:55:44 UTC -+++ mpi/ec-hw-s390x.c -@@ -242,8 +242,8 @@ _gcry_s390x_ec_hw_mul_point (mpi_point_t result, gcry_ - if (!(pcc_query () & km_function_to_mask (pcc_func))) - return -1; /* HW does not support acceleration for this curve. */ - -- x = mpi_new (0); -- y = mpi_new (0); -+ x = mpi_new (ctx->nbits); -+ y = mpi_new (ctx->nbits); - - if (_gcry_mpi_ec_get_affine (x, y, point, ctx) < 0) - { -@@ -352,7 +352,7 @@ s390_mul_point_montgomery (mpi_point_t result, gcry_mp - if (!(pcc_query () & km_function_to_mask (pcc_func))) - return -1; /* HW does not support acceleration for this curve. */ - -- x = mpi_new (0); -+ x = mpi_new (ctx->nbits); - - if (mpi_is_opaque (scalar)) - { diff --git a/security/libgcrypt/files/patch-mpi_ec.c b/security/libgcrypt/files/patch-mpi_ec.c deleted file mode 100644 index d618eeeae2af..000000000000 --- a/security/libgcrypt/files/patch-mpi_ec.c +++ /dev/null @@ -1,162 +0,0 @@ ---- mpi/ec.c.orig 2026-01-20 13:36:28 UTC -+++ mpi/ec.c -@@ -33,7 +33,7 @@ extern void reverse_buffer (unsigned char *buffer, uns - - extern void reverse_buffer (unsigned char *buffer, unsigned int length); - --#define point_init(a) _gcry_mpi_point_init ((a)) -+#define point_init(a, nbits) _gcry_mpi_point_init ((a), (nbits)) - #define point_free(a) _gcry_mpi_point_free_parts ((a)) - - -@@ -55,8 +55,8 @@ _gcry_mpi_point_log (const char *name, mpi_point_t poi - - if (ctx) - { -- x = mpi_new (0); -- y = mpi_new (0); -+ x = mpi_new (ctx->nbits); -+ y = mpi_new (ctx->nbits); - } - if (!ctx || _gcry_mpi_ec_get_affine (x, y, point, ctx)) - { -@@ -90,10 +90,8 @@ _gcry_mpi_point_new (unsigned int nbits) - { - mpi_point_t p; - -- (void)nbits; /* Currently not used. */ -- - p = xmalloc (sizeof *p); -- _gcry_mpi_point_init (p); -+ _gcry_mpi_point_init (p, nbits); - return p; - } - -@@ -113,11 +111,11 @@ void - /* Initialize the fields of a point object. gcry_mpi_point_free_parts - may be used to release the fields. */ - void --_gcry_mpi_point_init (mpi_point_t p) -+_gcry_mpi_point_init (mpi_point_t p, unsigned int nbits) - { -- p->x = mpi_new (0); -- p->y = mpi_new (0); -- p->z = mpi_new (0); -+ p->x = mpi_new (nbits); -+ p->y = mpi_new (nbits); -+ p->z = mpi_new (nbits); - } - - -@@ -1213,8 +1211,8 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, m - saved_flags = ctx->flags; - ctx->flags |= GCRYECC_FLAG_LEAST_LEAK; - -- z1 = mpi_new (0); -- z2 = mpi_new (0); -+ z1 = mpi_new (ctx->nbits); -+ z2 = mpi_new (ctx->nbits); - ec_invm (z1, point->z, ctx); /* z1 = z^(-1) mod p */ - ec_mulm_lli (z2, z1, z1, ctx); /* z2 = z^(-2) mod p */ - -@@ -1229,7 +1227,7 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, m - { - mpi_resize (point->y, ctx->p->nlimbs); - point->y->nlimbs = ctx->p->nlimbs; -- z3 = mpi_new (0); -+ z3 = mpi_new (ctx->nbits); - ec_mulm_lli (z3, z2, z1, ctx); /* z3 = z^(-3) mod p */ - ec_mulm_lli (y, point->y, z3, ctx); - mpi_free (z3); -@@ -1269,7 +1267,7 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, m - return 0; - } - -- z = mpi_new (0); -+ z = mpi_new (ctx->nbits); - ec_invm (z, point->z, ctx); - - mpi_resize (z, ctx->p->nlimbs); -@@ -2111,10 +2109,10 @@ montgomery_mul_point (mpi_point_t result, - int scalar_copied = 0; - - nbits = mpi_get_nbits (scalar); -- point_init (&p1); -- point_init (&p2); -- point_init (&p1_); -- point_init (&p2_); -+ point_init (&p1, ctx->nbits); -+ point_init (&p2, ctx->nbits); -+ point_init (&p1_, ctx->nbits); -+ point_init (&p2_, ctx->nbits); - mpi_set_ui (p1.x, 1); - mpi_free (p2.x); - p2.x = mpi_copy (point->x); -@@ -2184,7 +2182,7 @@ montgomery_mul_point (mpi_point_t result, - } - else - { -- z1 = mpi_new (0); -+ z1 = mpi_new (ctx->nbits); - ec_invm (z1, p1.z, ctx); - ec_mulm (result->x, p1.x, z1, ctx); - mpi_set_ui (result->z, 1); -@@ -2216,13 +2214,13 @@ mpi_ec_mul_point_lli (mpi_point_t result, - - /* Convert POINT1 into affine coordinate, so that we can use - add_points_*_a routine with affine coordinate. */ -- point_init (point); -+ point_init (point, ctx->nbits); - if (_gcry_mpih_cmp_ui (point1->z->d, ctx->p->nlimbs, 1)) - { - gcry_mpi_t x, y; - -- x = mpi_new (0); -- y = mpi_new (0); -+ x = mpi_new (ctx->nbits); -+ y = mpi_new (ctx->nbits); - - if (_gcry_mpi_ec_get_affine (x, y, point1, ctx)) - { -@@ -2261,7 +2259,7 @@ mpi_ec_mul_point_lli (mpi_point_t result, - mpi_set_ui (result->z, 1); - } - -- point_init (&tmppnt); -+ point_init (&tmppnt, ctx->nbits); - mpi_point_resize (result, ctx); - mpi_point_resize (&tmppnt, ctx); - if (ctx->model == MPI_EC_WEIERSTRASS) -@@ -2418,8 +2416,8 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, - p1.x = x1; x1 = NULL; - p1.y = y1; y1 = NULL; - p1.z = z1; z1 = NULL; -- point_init (&p2); -- point_init (&p1inv); -+ point_init (&p2, ctx->nbits); -+ point_init (&p1inv, ctx->nbits); - - /* Invert point: y = p - y mod p */ - point_set (&p1inv, &p1); -@@ -2455,9 +2453,9 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ - int res = 0; - gcry_mpi_t x, y, w; - -- x = mpi_new (0); -- y = mpi_new (0); -- w = mpi_new (0); -+ x = mpi_new (ctx->nbits); -+ y = mpi_new (ctx->nbits); -+ w = mpi_new (ctx->nbits); - - /* Check that the point is in range. This needs to be done here and - * not after conversion to affine coordinates. */ -@@ -2477,7 +2475,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ - if (_gcry_mpi_ec_get_affine (x, y, point, ctx)) - goto leave; - -- xxx = mpi_new (0); -+ xxx = mpi_new (ctx->nbits); - - /* y^2 == x^3 + a·x + b */ - ec_pow2 (y, y, ctx); diff --git a/security/libgcrypt/files/patch-src_mpi.h b/security/libgcrypt/files/patch-src_mpi.h deleted file mode 100644 index 272afefcacc8..000000000000 --- a/security/libgcrypt/files/patch-src_mpi.h +++ /dev/null @@ -1,11 +0,0 @@ ---- src/mpi.h.orig 2025-11-27 09:08:47 UTC -+++ src/mpi.h -@@ -243,7 +243,7 @@ typedef struct gcry_mpi_point *mpi_point_t; - typedef struct gcry_mpi_point mpi_point_struct; - typedef struct gcry_mpi_point *mpi_point_t; - --void _gcry_mpi_point_init (mpi_point_t p); -+void _gcry_mpi_point_init (mpi_point_t p, unsigned int nbits); - void _gcry_mpi_point_free_parts (mpi_point_t p); - void _gcry_mpi_get_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, - mpi_point_t point); diff --git a/security/libgcrypt/pkg-plist b/security/libgcrypt/pkg-plist index b92f927ce23b..bfcba919531d 100644 --- a/security/libgcrypt/pkg-plist +++ b/security/libgcrypt/pkg-plist @@ -1,12 +1,12 @@ bin/mpicalc bin/dumpsexp bin/hmac256 bin/libgcrypt-config include/gcrypt.h %%STATIC%%lib/libgcrypt.a lib/libgcrypt.so lib/libgcrypt.so.20 -lib/libgcrypt.so.20.7.0 +lib/libgcrypt.so.20.7.2 libdata/pkgconfig/libgcrypt.pc share/man/man1/hmac256.1.gz share/aclocal/libgcrypt.m4