new upstream version
This commit is contained in:
parent
9371d8c5fa
commit
b5054585fe
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
libgcrypt-1.4.5-hobbled.tar.bz2
|
||||
/libgcrypt-1.4.6-hobbled.tar.bz2
|
||||
/libgcrypt-1.5.0-hobbled.tar.bz2
|
||||
|
@ -1,24 +0,0 @@
|
||||
diff -up libgcrypt-1.4.5/tests/Makefile.am.ImplicitDSOLinking libgcrypt-1.4.5/tests/Makefile.am
|
||||
--- libgcrypt-1.4.5/tests/Makefile.am.ImplicitDSOLinking 2009-04-02 04:25:34.000000000 -0500
|
||||
+++ libgcrypt-1.4.5/tests/Makefile.am 2010-02-14 14:28:49.792383613 -0600
|
||||
@@ -36,7 +36,7 @@ TESTS += benchmark
|
||||
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
||||
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
|
||||
|
||||
-LDADD = ../src/libgcrypt.la $(DL_LIBS)
|
||||
+LDADD = ../src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||
|
||||
EXTRA_PROGRAMS = testapi pkbench
|
||||
noinst_PROGRAMS = $(TESTS) fipsdrv
|
||||
diff -up libgcrypt-1.4.5/tests/Makefile.in.ImplicitDSOLinking libgcrypt-1.4.5/tests/Makefile.in
|
||||
--- libgcrypt-1.4.5/tests/Makefile.in.ImplicitDSOLinking 2009-12-11 09:43:30.000000000 -0600
|
||||
+++ libgcrypt-1.4.5/tests/Makefile.in 2010-02-14 14:29:30.232368780 -0600
|
||||
@@ -334,7 +334,7 @@ top_srcdir = @top_srcdir@
|
||||
# a built header.
|
||||
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
||||
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
|
||||
-LDADD = ../src/libgcrypt.la $(DL_LIBS)
|
||||
+LDADD = ../src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||
EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl
|
||||
all: all-am
|
||||
|
@ -1,33 +0,0 @@
|
||||
diff -up libgcrypt-1.4.5/random/random-fips.c.urandom libgcrypt-1.4.5/random/random-fips.c
|
||||
--- libgcrypt-1.4.5/random/random-fips.c.urandom 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-01 11:33:59.000000000 +0100
|
||||
@@ -29,8 +29,8 @@
|
||||
|
||||
Generator Seed and Key Kernel entropy (init/reseed)
|
||||
------------------------------------------------------------
|
||||
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
+ GCRY_VERY_STRONG_RANDOM /dev/urandom 256/128 bits
|
||||
+ GCRY_STRONG_RANDOM /dev/urandom 256/128 bits
|
||||
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
||||
|
||||
All random generators return their data in 128 bit blocks. If the
|
||||
@@ -40,8 +40,7 @@
|
||||
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
|
||||
|
||||
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
|
||||
- keyed and seeded from the /dev/random device. Thus these
|
||||
- generators may block until the kernel has collected enough entropy.
|
||||
+ keyed and seeded from the /dev/urandom device.
|
||||
|
||||
The gcry_create_nonce generator is keyed and seeded from the
|
||||
GCRY_STRONG_RANDOM generator. It may also block if the
|
||||
@@ -562,7 +561,7 @@ get_entropy (size_t nbytes)
|
||||
#if USE_RNDLINUX
|
||||
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
X931_AES_KEYLEN,
|
||||
- GCRY_VERY_STRONG_RANDOM);
|
||||
+ GCRY_STRONG_RANDOM);
|
||||
#elif USE_RNDW32
|
||||
do
|
||||
{
|
@ -1,7 +1,7 @@
|
||||
diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
|
||||
--- libgcrypt-1.4.6/cipher/dsa.c.cavs 2011-05-26 22:03:17.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/cipher/dsa.c 2011-05-26 22:03:18.000000000 +0200
|
||||
@@ -467,7 +467,6 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
diff -up libgcrypt-1.5.0/cipher/dsa.c.cavs libgcrypt-1.5.0/cipher/dsa.c
|
||||
--- libgcrypt-1.5.0/cipher/dsa.c.cavs 2011-07-21 14:56:35.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-21 14:58:06.000000000 +0200
|
||||
@@ -479,7 +479,6 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
|
||||
&initial_seed.seedlen);
|
||||
}
|
||||
@ -9,7 +9,7 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
|
||||
if (use_fips186_2)
|
||||
ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
initial_seed.seed,
|
||||
@@ -475,13 +474,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
@@ -487,13 +486,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
@ -33,7 +33,7 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
|
||||
gcry_sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -772,13 +780,12 @@ dsa_generate_ext (int algo, unsigned int
|
||||
@@ -784,13 +792,12 @@ dsa_generate_ext (int algo, unsigned int
|
||||
gcry_sexp_release (l1);
|
||||
gcry_sexp_release (domainsexp);
|
||||
|
||||
@ -49,9 +49,9 @@ diff -up libgcrypt-1.4.6/cipher/dsa.c.cavs libgcrypt-1.4.6/cipher/dsa.c
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_driver.pl
|
||||
--- libgcrypt-1.4.6/tests/cavs_driver.pl.cavs 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/tests/cavs_driver.pl 2011-06-20 20:00:13.000000000 +0200
|
||||
diff -up libgcrypt-1.5.0/tests/cavs_driver.pl.cavs libgcrypt-1.5.0/tests/cavs_driver.pl
|
||||
--- libgcrypt-1.5.0/tests/cavs_driver.pl.cavs 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/cavs_driver.pl 2011-07-21 15:01:47.000000000 +0200
|
||||
@@ -1,9 +1,11 @@
|
||||
#!/usr/bin/env perl
|
||||
#
|
||||
@ -313,11 +313,11 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
|
||||
- $out .= "H = $H\n\n";
|
||||
+ $out .= "domain_parameter_seed = $Seed\n";
|
||||
+ $out .= "counter = $c\n\n";
|
||||
+ }
|
||||
+
|
||||
+ return $out;
|
||||
+}
|
||||
+
|
||||
}
|
||||
|
||||
return $out;
|
||||
}
|
||||
|
||||
+# DSA GGen test
|
||||
+# $1 modulus size
|
||||
+# $2 q size
|
||||
@ -436,11 +436,11 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
|
||||
+ }
|
||||
+ else {
|
||||
+ $out .= "Result = F\n\n";
|
||||
}
|
||||
|
||||
return $out;
|
||||
}
|
||||
|
||||
+ }
|
||||
+
|
||||
+ return $out;
|
||||
+}
|
||||
+
|
||||
+# DSA Keypair test
|
||||
+# $1 modulus size
|
||||
+# $2 q size
|
||||
@ -725,9 +725,9 @@ diff -up libgcrypt-1.4.6/tests/cavs_driver.pl.cavs libgcrypt-1.4.6/tests/cavs_dr
|
||||
$dsa_sign = \&libgcrypt_dsa_sign;
|
||||
$dsa_verify = \&libgcrypt_dsa_verify;
|
||||
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
|
||||
diff -up libgcrypt-1.4.6/tests/cavs_tests.sh.cavs libgcrypt-1.4.6/tests/cavs_tests.sh
|
||||
--- libgcrypt-1.4.6/tests/cavs_tests.sh.cavs 2011-05-26 21:02:02.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/tests/cavs_tests.sh 2011-05-26 22:20:20.000000000 +0200
|
||||
diff -up libgcrypt-1.5.0/tests/cavs_tests.sh.cavs libgcrypt-1.5.0/tests/cavs_tests.sh
|
||||
--- libgcrypt-1.5.0/tests/cavs_tests.sh.cavs 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/cavs_tests.sh 2011-07-21 15:02:16.000000000 +0200
|
||||
@@ -55,7 +55,7 @@ function run_one_test () {
|
||||
[ -d "$respdir" ] || mkdir "$respdir"
|
||||
[ -f "$rspfile" ] && rm "$rspfile"
|
||||
@ -737,10 +737,10 @@ diff -up libgcrypt-1.4.6/tests/cavs_tests.sh.cavs libgcrypt-1.4.6/tests/cavs_tes
|
||||
dflag="-D"
|
||||
fi
|
||||
|
||||
diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
|
||||
--- libgcrypt-1.4.6/tests/fipsdrv.c.cavs 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/tests/fipsdrv.c 2011-05-27 18:03:11.000000000 +0200
|
||||
@@ -893,9 +893,12 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
diff -up libgcrypt-1.5.0/tests/fipsdrv.c.cavs libgcrypt-1.5.0/tests/fipsdrv.c
|
||||
--- libgcrypt-1.5.0/tests/fipsdrv.c.cavs 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/fipsdrv.c 2011-07-21 15:06:44.000000000 +0200
|
||||
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
||||
|
||||
p = buf;
|
||||
@ -749,11 +749,7 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
|
||||
+ p = buf;
|
||||
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
|
||||
p += 2;
|
||||
-
|
||||
+
|
||||
printf ("%s\n", p);
|
||||
if (ferror (stdout))
|
||||
writerr++;
|
||||
|
||||
@@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t
|
||||
/* Generate a DSA key of size KEYSIZE and return the complete
|
||||
S-expression. */
|
||||
@ -795,10 +791,16 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
|
||||
if (err)
|
||||
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
||||
gpg_strerror (err));
|
||||
@@ -1726,13 +1730,44 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
return key;
|
||||
}
|
||||
|
||||
@@ -1720,6 +1724,37 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
err = gcry_pk_genkey (&key, keyspec);
|
||||
if (err)
|
||||
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
||||
+
|
||||
+ gcry_sexp_release (keyspec);
|
||||
+
|
||||
+ return key;
|
||||
+}
|
||||
+
|
||||
+/* Generate a DSA key with specified domain parameters and return the complete
|
||||
+ S-expression. */
|
||||
+static gcry_sexp_t
|
||||
@ -824,15 +826,10 @@ diff -up libgcrypt-1.4.6/tests/fipsdrv.c.cavs libgcrypt-1.4.6/tests/fipsdrv.c
|
||||
+ err = gcry_pk_genkey (&key, keyspec);
|
||||
+ if (err)
|
||||
+ die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
||||
+
|
||||
+ gcry_sexp_release (keyspec);
|
||||
+
|
||||
+ return key;
|
||||
+}
|
||||
+
|
||||
|
||||
/* Print the domain parameter as well as the derive information. KEY
|
||||
is the complete key as returned by dsa_gen. We print to stdout
|
||||
gcry_sexp_release (keyspec);
|
||||
|
||||
@@ -1732,7 +1767,7 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
with one parameter per line in hex format using this order: p, q,
|
||||
g, seed, counter, h. */
|
||||
static void
|
@ -1,14 +1,14 @@
|
||||
diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/random-fips.c
|
||||
--- libgcrypt-1.4.6/random/random-fips.c.cfgrandom 2011-06-20 21:13:38.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/random/random-fips.c 2011-06-20 21:32:47.000000000 +0200
|
||||
diff -up libgcrypt-1.5.0/random/random-fips.c.cfgrandom libgcrypt-1.5.0/random/random-fips.c
|
||||
--- libgcrypt-1.5.0/random/random-fips.c.cfgrandom 2011-07-21 14:50:34.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-21 14:50:34.000000000 +0200
|
||||
@@ -27,10 +27,10 @@
|
||||
There are 3 random context which map to the different levels of
|
||||
random quality:
|
||||
|
||||
- Generator Seed and Key Kernel entropy (init/reseed)
|
||||
- ------------------------------------------------------------
|
||||
- GCRY_VERY_STRONG_RANDOM /dev/urandom 256/128 bits
|
||||
- GCRY_STRONG_RANDOM /dev/urandom 256/128 bits
|
||||
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
+ Generator Seed and Key Kernel entropy (init/reseed)
|
||||
+ ---------------------------------------------------------------------------------------
|
||||
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
||||
@ -16,11 +16,12 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
|
||||
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
||||
|
||||
All random generators return their data in 128 bit blocks. If the
|
||||
@@ -40,7 +40,10 @@
|
||||
@@ -40,8 +40,10 @@
|
||||
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
|
||||
|
||||
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
|
||||
- keyed and seeded from the /dev/urandom device.
|
||||
- keyed and seeded from the /dev/random device. Thus these
|
||||
- generators may block until the kernel has collected enough entropy.
|
||||
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
|
||||
+ if the device or symlink to device exists xored with the data
|
||||
+ from the /dev/urandom device. This allows the system administrator
|
||||
@ -28,7 +29,7 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
|
||||
|
||||
The gcry_create_nonce generator is keyed and seeded from the
|
||||
GCRY_STRONG_RANDOM generator. It may also block if the
|
||||
@@ -559,6 +562,10 @@ get_entropy (size_t nbytes)
|
||||
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
|
||||
entropy_collect_buffer_len = 0;
|
||||
|
||||
#if USE_RNDLINUX
|
||||
@ -38,11 +39,15 @@ diff -up libgcrypt-1.4.6/random/random-fips.c.cfgrandom libgcrypt-1.4.6/random/r
|
||||
+ entropy_collect_buffer_len = 0;
|
||||
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
X931_AES_KEYLEN,
|
||||
GCRY_STRONG_RANDOM);
|
||||
diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndlinux.c
|
||||
--- libgcrypt-1.4.6/random/rndlinux.c.cfgrandom 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.6/random/rndlinux.c 2011-06-20 21:34:09.000000000 +0200
|
||||
@@ -35,7 +35,9 @@
|
||||
- GCRY_VERY_STRONG_RANDOM);
|
||||
+ GCRY_STRONG_RANDOM);
|
||||
#elif USE_RNDW32
|
||||
do
|
||||
{
|
||||
diff -up libgcrypt-1.5.0/random/rndlinux.c.cfgrandom libgcrypt-1.5.0/random/rndlinux.c
|
||||
--- libgcrypt-1.5.0/random/rndlinux.c.cfgrandom 2011-02-04 20:16:03.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/random/rndlinux.c 2011-07-21 14:50:34.000000000 +0200
|
||||
@@ -36,7 +36,9 @@
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
|
||||
@ -53,7 +58,7 @@ diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndl
|
||||
|
||||
|
||||
static int
|
||||
@@ -56,13 +58,17 @@ set_cloexec_flag (int fd)
|
||||
@@ -57,13 +59,17 @@ set_cloexec_flag (int fd)
|
||||
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
|
||||
*/
|
||||
static int
|
||||
@ -73,21 +78,23 @@ diff -up libgcrypt-1.4.6/random/rndlinux.c.cfgrandom libgcrypt-1.4.6/random/rndl
|
||||
|
||||
if (set_cloexec_flag (fd))
|
||||
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
|
||||
@@ -91,11 +97,13 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -92,6 +98,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
static int fd_urandom = -1;
|
||||
static int fd_random = -1;
|
||||
+ static int fd_configured = -1;
|
||||
int fd;
|
||||
int n;
|
||||
int warn=0;
|
||||
byte buffer[768];
|
||||
size_t n_hw;
|
||||
@@ -100,6 +107,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
size_t last_so_far = 0;
|
||||
int any_need_entropy = 0;
|
||||
int delay;
|
||||
+ size_t orig_length = length;
|
||||
|
||||
/* First read from a hardware source. However let it account only
|
||||
for up to 50% of the requested bytes. */
|
||||
@@ -106,16 +114,26 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -110,16 +118,26 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
length -= n_hw;
|
||||
|
||||
/* Open the requested device. */
|
12
libgcrypt-1.5.0-noecc.patch
Normal file
12
libgcrypt-1.5.0-noecc.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up libgcrypt-1.5.0/tests/Makefile.noecc libgcrypt-1.5.0/tests/Makefile
|
||||
--- libgcrypt-1.5.0/tests/Makefile.in.noecc 2011-07-21 15:34:33.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/tests/Makefile.in 2011-07-21 15:39:35.000000000 +0200
|
||||
@@ -57,7 +57,7 @@ TESTS = version$(EXEEXT) t-mpi-bit$(EXEE
|
||||
ac-data$(EXEEXT) basic$(EXEEXT) mpitests$(EXEEXT) \
|
||||
tsexp$(EXEEXT) keygen$(EXEEXT) pubkey$(EXEEXT) hmac$(EXEEXT) \
|
||||
keygrip$(EXEEXT) fips186-dsa$(EXEEXT) aeswrap$(EXEEXT) \
|
||||
- curves$(EXEEXT) t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
|
||||
+ t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
|
||||
$(am__EXEEXT_1) benchmark$(EXEEXT)
|
||||
|
||||
# random.c uses fork() thus a test for W32 does not make any sense.
|
@ -1,18 +1,21 @@
|
||||
diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
|
||||
--- libgcrypt-1.4.5/cipher/dsa.c.tests 2009-08-21 10:18:30.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-04 09:06:02.000000000 +0100
|
||||
@@ -468,21 +468,20 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
|
||||
--- libgcrypt-1.5.0/cipher/dsa.c.tests 2011-06-13 12:24:46.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-20 16:44:51.000000000 +0200
|
||||
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
|
||||
&initial_seed.seedlen);
|
||||
}
|
||||
|
||||
-
|
||||
- /* Fixme: Enable 186-3 after it has been approved and after fixing
|
||||
- the generation function. */
|
||||
- /* if (use_fips186_2) */
|
||||
- (void)use_fips186_2;
|
||||
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
- initial_seed.seed,
|
||||
+
|
||||
+ if (use_fips186_2)
|
||||
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
initial_seed.seed,
|
||||
+ initial_seed.seed,
|
||||
initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
@ -32,9 +35,9 @@ diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
|
||||
gcry_sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen.c
|
||||
--- libgcrypt-1.4.5/cipher/primegen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-04 09:06:34.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
|
||||
--- libgcrypt-1.5.0/cipher/primegen.c.tests 2011-03-28 14:19:52.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/cipher/primegen.c 2011-07-21 14:36:03.000000000 +0200
|
||||
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
gpg_err_code_t ec;
|
||||
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
||||
@ -81,9 +84,9 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen
|
||||
if (r_q)
|
||||
{
|
||||
*r_q = prime_q;
|
||||
diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
|
||||
--- libgcrypt-1.4.5/cipher/rsa.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
|
||||
--- libgcrypt-1.5.0/cipher/rsa.c.tests 2011-06-10 10:53:41.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/cipher/rsa.c 2011-07-21 14:36:59.000000000 +0200
|
||||
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
@ -93,9 +96,9 @@ diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||
diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/random-fips.c
|
||||
--- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-04 09:06:02.000000000 +0100
|
||||
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
|
||||
--- libgcrypt-1.5.0/random/random-fips.c.tests 2011-07-20 16:40:59.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-20 16:40:59.000000000 +0200
|
||||
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
|
||||
|
||||
check_guards (rng_ctx);
|
||||
@ -123,9 +126,9 @@ diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/rando
|
||||
}
|
||||
|
||||
if (x931_aes_driver (buffer, length, rng_ctx))
|
||||
diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
|
||||
--- libgcrypt-1.4.5/tests/ac.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/tests/ac.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
|
||||
--- libgcrypt-1.5.0/tests/ac.c.tests 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/ac.c 2011-07-20 16:40:59.000000000 +0200
|
||||
@@ -150,6 +150,9 @@ main (int argc, char **argv)
|
||||
if (!gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
@ -136,9 +139,9 @@ diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
|
||||
if (debug)
|
||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||
/* No valuable keys are create, so we can speed up our RNG. */
|
||||
diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
|
||||
--- libgcrypt-1.4.5/tests/ac-data.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
|
||||
--- libgcrypt-1.5.0/tests/ac-data.c.tests 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/ac-data.c 2011-07-20 16:40:59.000000000 +0200
|
||||
@@ -198,6 +198,9 @@ main (int argc, char **argv)
|
||||
if (!gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
@ -149,9 +152,9 @@ diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
|
||||
if (debug)
|
||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||
|
||||
diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schemes.c
|
||||
--- libgcrypt-1.4.5/tests/ac-schemes.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
|
||||
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/ac-schemes.c 2011-07-20 16:40:59.000000000 +0200
|
||||
@@ -338,6 +338,9 @@ main (int argc, char **argv)
|
||||
if (! gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
@ -162,9 +165,9 @@ diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schem
|
||||
if (debug)
|
||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
|
||||
|
||||
diff -up libgcrypt-1.4.5/tests/keygen.c.tests libgcrypt-1.4.5/tests/keygen.c
|
||||
--- libgcrypt-1.4.5/tests/keygen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||
+++ libgcrypt-1.4.5/tests/keygen.c 2011-02-04 09:06:02.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
|
||||
--- libgcrypt-1.5.0/tests/keygen.c.tests 2011-02-04 20:18:20.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/tests/keygen.c 2011-07-21 14:39:03.000000000 +0200
|
||||
@@ -148,12 +148,12 @@ check_rsa_keys (void)
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c
|
||||
--- libgcrypt-1.4.4/src/fips.c.use-fipscheck 2009-03-03 21:09:27.000000000 +0100
|
||||
+++ libgcrypt-1.4.4/src/fips.c 2009-03-05 11:20:48.000000000 +0100
|
||||
diff -up libgcrypt-1.5.0/src/fips.c.use-fipscheck libgcrypt-1.5.0/src/fips.c
|
||||
--- libgcrypt-1.5.0/src/fips.c.use-fipscheck 2011-02-04 20:17:33.000000000 +0100
|
||||
+++ libgcrypt-1.5.0/src/fips.c 2011-07-20 16:17:21.000000000 +0200
|
||||
@@ -570,23 +570,48 @@ run_random_selftests (void)
|
||||
return !!err;
|
||||
}
|
||||
@ -42,9 +42,10 @@ diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c
|
||||
int dlen;
|
||||
char *fname = NULL;
|
||||
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
|
||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||
|
||||
-
|
||||
- if (!dladdr ("gcry_check_version", &info))
|
||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||
+
|
||||
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
||||
@ -72,15 +73,15 @@ diff -up libgcrypt-1.4.4/src/fips.c.use-fipscheck libgcrypt-1.4.4/src/fips.c
|
||||
p = strrchr (fname, '/');
|
||||
if (p)
|
||||
p++;
|
||||
diff -up libgcrypt-1.4.4/src/Makefile.in.use-fipscheck libgcrypt-1.4.4/src/Makefile.in
|
||||
--- libgcrypt-1.4.4/src/Makefile.in.use-fipscheck 2009-01-22 19:16:51.000000000 +0100
|
||||
+++ libgcrypt-1.4.4/src/Makefile.in 2009-03-05 11:31:57.000000000 +0100
|
||||
@@ -337,7 +337,7 @@ libgcrypt_la_LIBADD = \
|
||||
diff -up libgcrypt-1.5.0/src/Makefile.in.use-fipscheck libgcrypt-1.5.0/src/Makefile.in
|
||||
--- libgcrypt-1.5.0/src/Makefile.in.use-fipscheck 2011-06-29 10:58:01.000000000 +0200
|
||||
+++ libgcrypt-1.5.0/src/Makefile.in 2011-07-20 16:19:33.000000000 +0200
|
||||
@@ -375,7 +375,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
||||
../cipher/libcipher.la \
|
||||
../random/librandom.la \
|
||||
../mpi/libmpi.la \
|
||||
- @LTLIBOBJS@ @GPG_ERROR_LIBS@
|
||||
+ @LTLIBOBJS@ @GPG_ERROR_LIBS@ -ldl
|
||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
||||
|
||||
dumpsexp_SOURCES = dumpsexp.c
|
||||
dumpsexp_LDADD =
|
||||
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
|
@ -1,6 +1,6 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.4.6
|
||||
Release: 4%{?dist}
|
||||
Version: 1.5.0
|
||||
Release: 1%{?dist}
|
||||
URL: http://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.bz2
|
||||
# The original libgcrypt sources now contain potentially patented ECC
|
||||
@ -10,18 +10,17 @@ Source0: libgcrypt-%{version}-hobbled.tar.bz2
|
||||
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
||||
Source2: wk@g10code.com
|
||||
Source3: hobble-libgcrypt
|
||||
# do not run the ecc curves test
|
||||
Patch1: libgcrypt-1.5.0-noecc.patch
|
||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||
Patch2: libgcrypt-1.4.4-use-fipscheck.patch
|
||||
# fix ImplicitDSOLinking (missing -lgpg-error linkage in tests/), upstreamable
|
||||
Patch3: libgcrypt-1.4.5-ImplicitDSOLinking.patch
|
||||
# use /dev/urandom in the FIPS mode
|
||||
Patch4: libgcrypt-1.4.5-urandom.patch
|
||||
Patch2: libgcrypt-1.5.0-use-fipscheck.patch
|
||||
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
|
||||
Patch5: libgcrypt-1.4.5-tests.patch
|
||||
# add configurable source of RNG seed in the FIPS mode
|
||||
Patch6: libgcrypt-1.4.6-fips-cfgrandom.patch
|
||||
Patch5: libgcrypt-1.5.0-tests.patch
|
||||
# add configurable source of RNG seed and seed by default
|
||||
# from /dev/urandom in the FIPS mode
|
||||
Patch6: libgcrypt-1.5.0-fips-cfgrandom.patch
|
||||
# make the FIPS-186-3 DSA CAVS testable
|
||||
Patch7: libgcrypt-1.4.6-cavs.patch
|
||||
Patch7: libgcrypt-1.5.0-fips-cavs.patch
|
||||
|
||||
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
|
||||
# Documentation and some utilities are GPLv2+ licensed. These files
|
||||
@ -54,9 +53,8 @@ applications using libgcrypt.
|
||||
%prep
|
||||
%setup -q
|
||||
%{SOURCE3}
|
||||
%patch1 -p1 -b .noecc
|
||||
%patch2 -p1 -b .use-fipscheck
|
||||
%patch3 -p1 -b .ImplicitDSOLinking
|
||||
%patch4 -p1 -b .urandom
|
||||
%patch5 -p1 -b .tests
|
||||
%patch6 -p1 -b .cfgrandom
|
||||
%patch7 -p1 -b .cavs
|
||||
@ -171,6 +169,9 @@ exit 0
|
||||
%doc COPYING
|
||||
|
||||
%changelog
|
||||
* Thu Jul 21 2011 Tomas Mraz <tmraz@redhat.com> 1.5.0-1
|
||||
- new upstream version
|
||||
|
||||
* Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4
|
||||
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user