rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream version

Browse Source
This commit is contained in:
Tomas Mraz 2011-07-21 15:57:57 +02:00
parent 9371d8c5fa
commit b5054585fe
10 changed files with 157 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
libgcrypt-1.4.5-hobbled.tar.bz2 libgcrypt-1.4.5-hobbled.tar.bz2
/libgcrypt-1.4.6-hobbled.tar.bz2 /libgcrypt-1.4.6-hobbled.tar.bz2
/libgcrypt-1.5.0-hobbled.tar.bz2

24
libgcrypt-1.4.5-ImplicitDSOLinking.patch
View File

@ -1,24 +0,0 @@
diff -up libgcrypt-1.4.5/tests/Makefile.am.ImplicitDSOLinking libgcrypt-1.4.5/tests/Makefile.am
--- libgcrypt-1.4.5/tests/Makefile.am.ImplicitDSOLinking 2009-04-02 04:25:34.000000000 -0500
+++ libgcrypt-1.4.5/tests/Makefile.am 2010-02-14 14:28:49.792383613 -0600
@@ -36,7 +36,7 @@ TESTS += benchmark
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
-LDADD = ../src/libgcrypt.la $(DL_LIBS)
+LDADD = ../src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
EXTRA_PROGRAMS = testapi pkbench
noinst_PROGRAMS = $(TESTS) fipsdrv
diff -up libgcrypt-1.4.5/tests/Makefile.in.ImplicitDSOLinking libgcrypt-1.4.5/tests/Makefile.in
--- libgcrypt-1.4.5/tests/Makefile.in.ImplicitDSOLinking 2009-12-11 09:43:30.000000000 -0600
+++ libgcrypt-1.4.5/tests/Makefile.in 2010-02-14 14:29:30.232368780 -0600
@@ -334,7 +334,7 @@ top_srcdir = @top_srcdir@
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
-LDADD = ../src/libgcrypt.la $(DL_LIBS)
+LDADD = ../src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl
all: all-am

33
libgcrypt-1.4.5-urandom.patch
View File

@ -1,33 +0,0 @@
diff -up libgcrypt-1.4.5/random/random-fips.c.urandom libgcrypt-1.4.5/random/random-fips.c
--- libgcrypt-1.4.5/random/random-fips.c.urandom 2009-04-02 11:25:34.000000000 +0200
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-01 11:33:59.000000000 +0100
@@ -29,8 +29,8 @@
Generator Seed and Key Kernel entropy (init/reseed)
------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ GCRY_VERY_STRONG_RANDOM /dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -40,8 +40,7 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded from the /dev/urandom device.
The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the
@@ -562,7 +561,7 @@ get_entropy (size_t nbytes)
#if USE_RNDLINUX
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDW32
do
{

83
libgcrypt-1.4.6-cavs.patch → libgcrypt-1.5.0-fips-cavs.patch
View File

@ -1,7 +1,7 @@
diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c diff -up libgcrypt-1.5.0/cipher/dsa.c.cavs libgcrypt-1.5.0/cipher/dsa.c
--- libgcrypt-1.4.6/cipher/dsa.c.cavs 2011-05-26 22:03:17.000000000 +0200 --- libgcrypt-1.5.0/cipher/dsa.c.cavs 2011-07-21 14:56:35.000000000 +0200
+++ libgcrypt-1.4.6/cipher/dsa.c 2011-05-26 22:03:18.000000000 +0200 +++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-21 14:58:06.000000000 +0200
@@ -467,7 +467,6 @@ generate_fips186 (DSA_secret_key *sk, un @@ -479,7 +479,6 @@ generate_fips186 (DSA_secret_key *sk, un
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1, initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen); &initial_seed.seedlen);
} }
@ -9,7 +9,7 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
if (use_fips186_2) if (use_fips186_2)
ec = _gcry_generate_fips186_2_prime (nbits, qbits, ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed, initial_seed.seed,
@@ -475,13 +474,22 @@ generate_fips186 (DSA_secret_key *sk, un @@ -487,13 +486,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p, &prime_q, &prime_p,
r_counter, r_counter,
r_seed, r_seedlen); r_seed, r_seedlen);
@ -33,7 +33,7 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
gcry_sexp_release (initial_seed.sexp); gcry_sexp_release (initial_seed.sexp);
if (ec) if (ec)
goto leave; goto leave;
@@ -772,13 +780,12 @@ dsa_generate_ext (int algo, unsigned int @@ -784,13 +792,12 @@ dsa_generate_ext (int algo, unsigned int
gcry_sexp_release (l1); gcry_sexp_release (l1);
gcry_sexp_release (domainsexp); gcry_sexp_release (domainsexp);
@ -49,9 +49,9 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
return GPG_ERR_MISSING_VALUE; return GPG_ERR_MISSING_VALUE;
} }
diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_driver.pl diff -up libgcrypt-1.5.0/tests/cavs_driver.pl.cavs libgcrypt-1.5.0/tests/cavs_driver.pl
--- libgcrypt-1.4.6/tests/cavs_driver.pl.cavs 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/cavs_driver.pl.cavs 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.6/tests/cavs_driver.pl 2011-06-20 20:00:13.000000000 +0200 +++ libgcrypt-1.5.0/tests/cavs_driver.pl 2011-07-21 15:01:47.000000000 +0200
@@ -1,9 +1,11 @@ @@ -1,9 +1,11 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# #
@ -313,11 +313,11 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
- $out .= "H = $H\n\n"; - $out .= "H = $H\n\n";
+ $out .= "domain_parameter_seed = $Seed\n"; + $out .= "domain_parameter_seed = $Seed\n";
+ $out .= "counter = $c\n\n"; + $out .= "counter = $c\n\n";
+ } }
+
+ return $out; return $out;
+} }
+
+# DSA GGen test +# DSA GGen test
+# $1 modulus size +# $1 modulus size
+# $2 q size +# $2 q size
@ -436,11 +436,11 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
+ } + }
+ else { + else {
+ $out .= "Result = F\n\n"; + $out .= "Result = F\n\n";
} + }
+
return $out; + return $out;
} +}
+
+# DSA Keypair test +# DSA Keypair test
+# $1 modulus size +# $1 modulus size
+# $2 q size +# $2 q size
@ -725,9 +725,9 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
$dsa_sign = \&libgcrypt_dsa_sign; $dsa_sign = \&libgcrypt_dsa_sign;
$dsa_verify = \&libgcrypt_dsa_verify; $dsa_verify = \&libgcrypt_dsa_verify;
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey; $dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
diff -up libgcrypt-1.4.6/tests/cavs_tests.sh.cavs libgcrypt-1.4.6/tests/cavs_tests.sh diff -up libgcrypt-1.5.0/tests/cavs_tests.sh.cavs libgcrypt-1.5.0/tests/cavs_tests.sh
--- libgcrypt-1.4.6/tests/cavs_tests.sh.cavs 2011-05-26 21:02:02.000000000 +0200 --- libgcrypt-1.5.0/tests/cavs_tests.sh.cavs 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.6/tests/cavs_tests.sh 2011-05-26 22:20:20.000000000 +0200 +++ libgcrypt-1.5.0/tests/cavs_tests.sh 2011-07-21 15:02:16.000000000 +0200
@@ -55,7 +55,7 @@ function run_one_test () { @@ -55,7 +55,7 @@ function run_one_test () {
[ -d "$respdir" ] || mkdir "$respdir" [ -d "$respdir" ] || mkdir "$respdir"
[ -f "$rspfile" ] && rm "$rspfile" [ -f "$rspfile" ] && rm "$rspfile"
@ -737,10 +737,10 @@ diff -up libgcrypt-1.4.6/tests/cavs_tests.sh.cavs libgcrypt-1.4.6/tests/cavs_tes
dflag="-D" dflag="-D"
fi fi
diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c diff -up libgcrypt-1.5.0/tests/fipsdrv.c.cavs libgcrypt-1.5.0/tests/fipsdrv.c
--- libgcrypt-1.4.6/tests/fipsdrv.c.cavs 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/fipsdrv.c.cavs 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.6/tests/fipsdrv.c 2011-05-27 18:03:11.000000000 +0200 +++ libgcrypt-1.5.0/tests/fipsdrv.c 2011-07-21 15:06:44.000000000 +0200
@@ -893,9 +893,12 @@ print_mpi_line (gcry_mpi_t a, int no_lz) @@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err)); die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf; p = buf;
@ -749,11 +749,7 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
+ p = buf; + p = buf;
if (no_lz && p[0] == '0' && p[1] == '0' && p[2]) if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2; p += 2;
-
+
printf ("%s\n", p);
if (ferror (stdout))
writerr++;
@@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t @@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t
/* Generate a DSA key of size KEYSIZE and return the complete /* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */ S-expression. */
@ -795,10 +791,16 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
if (err) if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n", die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@@ -1726,13 +1730,44 @@ dsa_gen_with_seed (int keysize, const vo @@ -1720,6 +1724,37 @@ dsa_gen_with_seed (int keysize, const vo
return key; err = gcry_pk_genkey (&key, keyspec);
} if (err)
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
+
+ gcry_sexp_release (keyspec);
+
+ return key;
+}
+
+/* Generate a DSA key with specified domain parameters and return the complete +/* Generate a DSA key with specified domain parameters and return the complete
+ S-expression. */ + S-expression. */
+static gcry_sexp_t +static gcry_sexp_t
@ -824,15 +826,10 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
+ err = gcry_pk_genkey (&key, keyspec); + err = gcry_pk_genkey (&key, keyspec);
+ if (err) + if (err)
+ die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err)); + die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
+
+ gcry_sexp_release (keyspec);
+
+ return key;
+}
+
/* Print the domain parameter as well as the derive information. KEY gcry_sexp_release (keyspec);
is the complete key as returned by dsa_gen. We print to stdout
@@ -1732,7 +1767,7 @@ dsa_gen_with_seed (int keysize, const vo
with one parameter per line in hex format using this order: p, q, with one parameter per line in hex format using this order: p, q,
g, seed, counter, h. */ g, seed, counter, h. */
static void static void

43
libgcrypt-1.4.6-fips-cfgrandom.patch → libgcrypt-1.5.0-fips-cfgrandom.patch
View File

@ -1,14 +1,14 @@
diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/random-fips.c diff -up libgcrypt-1.5.0/random/random-fips.c.cfgrandom libgcrypt-1.5.0/random/random-fips.c
--- libgcrypt-1.4.6/random/random-fips.c.cfgrandom 2011-06-20 21:13:38.000000000 +0200 --- libgcrypt-1.5.0/random/random-fips.c.cfgrandom 2011-07-21 14:50:34.000000000 +0200
+++ libgcrypt-1.4.6/random/random-fips.c 2011-06-20 21:32:47.000000000 +0200 +++ libgcrypt-1.5.0/random/random-fips.c 2011-07-21 14:50:34.000000000 +0200
@@ -27,10 +27,10 @@ @@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of There are 3 random context which map to the different levels of
random quality: random quality:
- Generator Seed and Key Kernel entropy (init/reseed) - Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------ - ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/urandom 256/128 bits - GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/urandom 256/128 bits - GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed) + Generator Seed and Key Kernel entropy (init/reseed)
+ --------------------------------------------------------------------------------------- + ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits + GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
@ -16,11 +16,12 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
gcry_create_nonce GCRY_STRONG_RANDOM n/a gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the All random generators return their data in 128 bit blocks. If the
@@ -40,7 +40,10 @@ @@ -40,8 +40,10 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode. (SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/urandom device. - keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed + keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
+ if the device or symlink to device exists xored with the data + if the device or symlink to device exists xored with the data
+ from the /dev/urandom device. This allows the system administrator + from the /dev/urandom device. This allows the system administrator
@ -28,7 +29,7 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
The gcry_create_nonce generator is keyed and seeded from the The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the GCRY_STRONG_RANDOM generator. It may also block if the
@@ -559,6 +562,10 @@ get_entropy (size_t nbytes) @@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
entropy_collect_buffer_len = 0; entropy_collect_buffer_len = 0;
#if USE_RNDLINUX #if USE_RNDLINUX
@ -38,11 +39,15 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
+ entropy_collect_buffer_len = 0; + entropy_collect_buffer_len = 0;
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0, rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN, X931_AES_KEYLEN,
GCRY_STRONG_RANDOM); - GCRY_VERY_STRONG_RANDOM);
diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndlinux.c + GCRY_STRONG_RANDOM);
--- libgcrypt-1.4.6/random/rndlinux.c.cfgrandom 2009-04-02 11:25:34.000000000 +0200 #elif USE_RNDW32
+++ libgcrypt-1.4.6/random/rndlinux.c 2011-06-20 21:34:09.000000000 +0200 do
@@ -35,7 +35,9 @@ {
diff -up libgcrypt-1.5.0/random/rndlinux.c.cfgrandom libgcrypt-1.5.0/random/rndlinux.c
--- libgcrypt-1.5.0/random/rndlinux.c.cfgrandom 2011-02-04 20:16:03.000000000 +0100
+++ libgcrypt-1.5.0/random/rndlinux.c 2011-07-21 14:50:34.000000000 +0200
@@ -36,7 +36,9 @@
#include "g10lib.h" #include "g10lib.h"
#include "rand-internal.h" #include "rand-internal.h"
@ -53,7 +58,7 @@ diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndl
static int static int
@@ -56,13 +58,17 @@ set_cloexec_flag (int fd) @@ -57,13 +59,17 @@ set_cloexec_flag (int fd)
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)). * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
*/ */
static int static int
@ -73,21 +78,23 @@ diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndl
if (set_cloexec_flag (fd)) if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n", log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
@@ -91,11 +97,13 @@ _gcry_rndlinux_gather_random (void (*add @@ -92,6 +98,7 @@ _gcry_rndlinux_gather_random (void (*add
{ {
static int fd_urandom = -1; static int fd_urandom = -1;
static int fd_random = -1; static int fd_random = -1;
+ static int fd_configured = -1; + static int fd_configured = -1;
int fd; int fd;
int n; int n;
int warn=0;
byte buffer[768]; byte buffer[768];
size_t n_hw; @@ -100,6 +107,7 @@ _gcry_rndlinux_gather_random (void (*add
size_t last_so_far = 0;
int any_need_entropy = 0;
int delay;
+ size_t orig_length = length; + size_t orig_length = length;
/* First read from a hardware source. However let it account only /* First read from a hardware source. However let it account only
for up to 50% of the requested bytes. */ for up to 50% of the requested bytes. */
@@ -106,16 +114,26 @@ _gcry_rndlinux_gather_random (void (*add @@ -110,16 +118,26 @@ _gcry_rndlinux_gather_random (void (*add
length -= n_hw; length -= n_hw;
/* Open the requested device. */ /* Open the requested device. */

12
libgcrypt-1.5.0-noecc.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up libgcrypt-1.5.0/tests/Makefile.noecc libgcrypt-1.5.0/tests/Makefile
--- libgcrypt-1.5.0/tests/Makefile.in.noecc 2011-07-21 15:34:33.000000000 +0200
+++ libgcrypt-1.5.0/tests/Makefile.in 2011-07-21 15:39:35.000000000 +0200
@@ -57,7 +57,7 @@ TESTS = version$(EXEEXT) t-mpi-bit$(EXEE
ac-data$(EXEEXT) basic$(EXEEXT) mpitests$(EXEEXT) \
tsexp$(EXEEXT) keygen$(EXEEXT) pubkey$(EXEEXT) hmac$(EXEEXT) \
keygrip$(EXEEXT) fips186-dsa$(EXEEXT) aeswrap$(EXEEXT) \
- curves$(EXEEXT) t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
+ t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
$(am__EXEEXT_1) benchmark$(EXEEXT)
# random.c uses fork() thus a test for W32 does not make any sense.

57
libgcrypt-1.4.5-tests.patch → libgcrypt-1.5.0-tests.patch
View File

@ -1,18 +1,21 @@
diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
--- libgcrypt-1.4.5/cipher/dsa.c.tests 2009-08-21 10:18:30.000000000 +0200 --- libgcrypt-1.5.0/cipher/dsa.c.tests 2011-06-13 12:24:46.000000000 +0200
+++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-20 16:44:51.000000000 +0200
@@ -468,21 +468,20 @@ generate_fips186 (DSA_secret_key *sk, un @@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen); &initial_seed.seedlen);
} }
-
- /* Fixme: Enable 186-3 after it has been approved and after fixing - /* Fixme: Enable 186-3 after it has been approved and after fixing
- the generation function. */ - the generation function. */
- /* if (use_fips186_2) */ - /* if (use_fips186_2) */
- (void)use_fips186_2; - (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits, - ec = _gcry_generate_fips186_2_prime (nbits, qbits,
- initial_seed.seed,
+
+ if (use_fips186_2) + if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits, + ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed, + initial_seed.seed,
initial_seed.seedlen, initial_seed.seedlen,
&prime_q, &prime_p, &prime_q, &prime_p,
r_counter, r_counter,
@ -32,9 +35,9 @@ diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
gcry_sexp_release (initial_seed.sexp); gcry_sexp_release (initial_seed.sexp);
if (ec) if (ec)
goto leave; goto leave;
diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen.c diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
--- libgcrypt-1.4.5/cipher/primegen.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/cipher/primegen.c.tests 2011-03-28 14:19:52.000000000 +0200
+++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-04 09:06:34.000000000 +0100 +++ libgcrypt-1.5.0/cipher/primegen.c 2011-07-21 14:36:03.000000000 +0200
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned @@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
gpg_err_code_t ec; gpg_err_code_t ec;
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */ unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
@ -81,9 +84,9 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen
if (r_q) if (r_q)
{ {
*r_q = prime_q; *r_q = prime_q;
diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
--- libgcrypt-1.4.5/cipher/rsa.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/cipher/rsa.c.tests 2011-06-10 10:53:41.000000000 +0200
+++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/cipher/rsa.c 2011-07-21 14:36:59.000000000 +0200
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig @@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0; *swapped = 0;
@ -93,9 +96,9 @@ diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
e_value = 65537; e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */ /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/random-fips.c diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
--- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-04 09:06:02.000000000 +0100 --- libgcrypt-1.5.0/random/random-fips.c.tests 2011-07-20 16:40:59.000000000 +0200
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/random/random-fips.c 2011-07-20 16:40:59.000000000 +0200
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length, @@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
check_guards (rng_ctx); check_guards (rng_ctx);
@ -123,9 +126,9 @@ diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/rando
} }
if (x931_aes_driver (buffer, length, rng_ctx)) if (x931_aes_driver (buffer, length, rng_ctx))
diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
--- libgcrypt-1.4.5/tests/ac.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/ac.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.5/tests/ac.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/tests/ac.c 2011-07-20 16:40:59.000000000 +0200
@@ -150,6 +150,9 @@ main (int argc, char **argv) @@ -150,6 +150,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION)) if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n"); die ("version mismatch\n");
@ -136,9 +139,9 @@ diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
if (debug) if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
/* No valuable keys are create, so we can speed up our RNG. */ /* No valuable keys are create, so we can speed up our RNG. */
diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
--- libgcrypt-1.4.5/tests/ac-data.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/ac-data.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/tests/ac-data.c 2011-07-20 16:40:59.000000000 +0200
@@ -198,6 +198,9 @@ main (int argc, char **argv) @@ -198,6 +198,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION)) if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n"); die ("version mismatch\n");
@ -149,9 +152,9 @@ diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
if (debug) if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schemes.c diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
--- libgcrypt-1.4.5/tests/ac-schemes.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/ac-schemes.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/tests/ac-schemes.c 2011-07-20 16:40:59.000000000 +0200
@@ -338,6 +338,9 @@ main (int argc, char **argv) @@ -338,6 +338,9 @@ main (int argc, char **argv)
if (! gcry_check_version (GCRYPT_VERSION)) if (! gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n"); die ("version mismatch\n");
@ -162,9 +165,9 @@ diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schem
if (debug) if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
diff -up libgcrypt-1.4.5/tests/keygen.c.tests libgcrypt-1.4.5/tests/keygen.c diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
--- libgcrypt-1.4.5/tests/keygen.c.tests 2009-04-02 11:25:34.000000000 +0200 --- libgcrypt-1.5.0/tests/keygen.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.4.5/tests/keygen.c 2011-02-04 09:06:02.000000000 +0100 +++ libgcrypt-1.5.0/tests/keygen.c 2011-07-21 14:39:03.000000000 +0200
@@ -148,12 +148,12 @@ check_rsa_keys (void) @@ -148,12 +148,12 @@ check_rsa_keys (void)
} }

25
libgcrypt-1.4.4-use-fipscheck.patch → libgcrypt-1.5.0-use-fipscheck.patch
View File

@ -1,6 +1,6 @@
diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c diff -up libgcrypt-1.5.0/src/fips.c.use-fipscheck libgcrypt-1.5.0/src/fips.c
--- libgcrypt-1.4.4/src/fips.c.use-fipscheck 2009-03-03 21:09:27.000000000 +0100 --- libgcrypt-1.5.0/src/fips.c.use-fipscheck 2011-02-04 20:17:33.000000000 +0100
+++ libgcrypt-1.4.4/src/fips.c 2009-03-05 11:20:48.000000000 +0100 +++ libgcrypt-1.5.0/src/fips.c 2011-07-20 16:17:21.000000000 +0200
@@ -570,23 +570,48 @@ run_random_selftests (void) @@ -570,23 +570,48 @@ run_random_selftests (void)
return !!err; return !!err;
} }
@ -42,9 +42,10 @@ diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c
int dlen; int dlen;
char *fname = NULL; char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?"; - const char key[] = "What am I, a doctor or a moonshuttle conductor?";
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP"; -
- if (!dladdr ("gcry_check_version", &info)) - if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath))) + if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
else else
@ -72,15 +73,15 @@ diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c
p = strrchr (fname, '/'); p = strrchr (fname, '/');
if (p) if (p)
p++; p++;
diff -up libgcrypt-1.4.4/src/Makefile.in.use-fipscheck libgcrypt-1.4.4/src/Makefile.in diff -up libgcrypt-1.5.0/src/Makefile.in.use-fipscheck libgcrypt-1.5.0/src/Makefile.in
--- libgcrypt-1.4.4/src/Makefile.in.use-fipscheck 2009-01-22 19:16:51.000000000 +0100 --- libgcrypt-1.5.0/src/Makefile.in.use-fipscheck 2011-06-29 10:58:01.000000000 +0200
+++ libgcrypt-1.4.4/src/Makefile.in 2009-03-05 11:31:57.000000000 +0100 +++ libgcrypt-1.5.0/src/Makefile.in 2011-07-20 16:19:33.000000000 +0200
@@ -337,7 +337,7 @@ libgcrypt_la_LIBADD = \ @@ -375,7 +375,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \ ../cipher/libcipher.la \
../random/librandom.la \ ../random/librandom.la \
../mpi/libmpi.la \ ../mpi/libmpi.la \
- @LTLIBOBJS@ @GPG_ERROR_LIBS@ - ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ @LTLIBOBJS@ @GPG_ERROR_LIBS@ -ldl + ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
dumpsexp_SOURCES = dumpsexp.c dumpsexp_SOURCES = dumpsexp.c
dumpsexp_LDADD = dumpsexp_CFLAGS = $(arch_gpg_error_cflags)

27
libgcrypt.spec
View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.4.6 Version: 1.5.0
Release: 4%{?dist} Release: 1%{?dist}
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.bz2 Source0: libgcrypt-%{version}-hobbled.tar.bz2
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -10,18 +10,17 @@ Source0: libgcrypt-%{version}-hobbled.tar.bz2
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig #Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: wk@g10code.com Source2: wk@g10code.com
Source3: hobble-libgcrypt Source3: hobble-libgcrypt
# do not run the ecc curves test
Patch1: libgcrypt-1.5.0-noecc.patch
# make FIPS hmac compatible with fipscheck - non upstreamable # make FIPS hmac compatible with fipscheck - non upstreamable
Patch2: libgcrypt-1.4.4-use-fipscheck.patch Patch2: libgcrypt-1.5.0-use-fipscheck.patch
# fix ImplicitDSOLinking (missing -lgpg-error linkage in tests/), upstreamable
Patch3: libgcrypt-1.4.5-ImplicitDSOLinking.patch
# use /dev/urandom in the FIPS mode
Patch4: libgcrypt-1.4.5-urandom.patch
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen # fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
Patch5: libgcrypt-1.4.5-tests.patch Patch5: libgcrypt-1.5.0-tests.patch
# add configurable source of RNG seed in the FIPS mode # add configurable source of RNG seed and seed by default
Patch6: libgcrypt-1.4.6-fips-cfgrandom.patch # from /dev/urandom in the FIPS mode
Patch6: libgcrypt-1.5.0-fips-cfgrandom.patch
# make the FIPS-186-3 DSA CAVS testable # make the FIPS-186-3 DSA CAVS testable
Patch7: libgcrypt-1.4.6-cavs.patch Patch7: libgcrypt-1.5.0-fips-cavs.patch
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction. # Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
# Documentation and some utilities are GPLv2+ licensed. These files # Documentation and some utilities are GPLv2+ licensed. These files
@ -54,9 +53,8 @@ applications using libgcrypt.
%prep %prep
%setup -q %setup -q
%{SOURCE3} %{SOURCE3}
%patch1 -p1 -b .noecc
%patch2 -p1 -b .use-fipscheck %patch2 -p1 -b .use-fipscheck
%patch3 -p1 -b .ImplicitDSOLinking
%patch4 -p1 -b .urandom
%patch5 -p1 -b .tests %patch5 -p1 -b .tests
%patch6 -p1 -b .cfgrandom %patch6 -p1 -b .cfgrandom
%patch7 -p1 -b .cavs %patch7 -p1 -b .cavs
@ -171,6 +169,9 @@ exit 0
%doc COPYING %doc COPYING
%changelog %changelog
* Thu Jul 21 2011 Tomas Mraz <tmraz@redhat.com> 1.5.0-1
- new upstream version
* Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4 * Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed - Always xor seed from /dev/urandom over /etc/gcrypt/rngseed

2
sources
View File

@ -1 +1 @@
f89395ced1cec0107d49524f5bf432f9 libgcrypt-1.4.6-hobbled.tar.bz2 35a73c1f2616ad904108ed8645c82f4c libgcrypt-1.5.0-hobbled.tar.bz2