Accepting request 235418 from home:msmeissn:branches:devel:libraries:c_c++
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode. - libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11 - libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF DSO loading to meet FIPS requirements. OBS-URL: https://build.opensuse.org/request/show/235418 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=57
This commit is contained in:
parent
df3dfc3e0f
commit
31afb2af23
@ -47,7 +47,7 @@ Index: libgcrypt-1.6.1/src/fips.c
|
|||||||
- if (!dladdr ("gcry_check_version", &info))
|
- if (!dladdr ("gcry_check_version", &info))
|
||||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||||
+
|
+
|
||||||
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
|
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
24
libgcrypt-fix-rng.patch
Normal file
24
libgcrypt-fix-rng.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: libgcrypt-1.6.1/random/random.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.6.1.orig/random/random.c
|
||||||
|
+++ libgcrypt-1.6.1/random/random.c
|
||||||
|
@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
|
||||||
|
size_t n;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
+ /* Make sure we are initialized. */
|
||||||
|
+ _gcry_random_initialize (1);
|
||||||
|
+
|
||||||
|
/* First check whether we shall use the FIPS nonce generator. This
|
||||||
|
is only done in FIPS mode, in all other modes, we use our own
|
||||||
|
nonce generator which is seeded by the RNG actual in use. */
|
||||||
|
@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
|
||||||
|
FIPS mode (not that this means it is also used if the FIPS RNG
|
||||||
|
has been selected but we are not in fips mode). */
|
||||||
|
|
||||||
|
- /* Make sure we are initialized. */
|
||||||
|
- _gcry_random_initialize (1);
|
||||||
|
-
|
||||||
|
/* Acquire the nonce buffer lock. */
|
||||||
|
err = ath_mutex_lock (&nonce_buffer_lock);
|
||||||
|
if (err)
|
13
libgcrypt-init-at-elf-load-fips.patch
Normal file
13
libgcrypt-init-at-elf-load-fips.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: libgcrypt-1.6.1/src/global.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.6.1.orig/src/global.c
|
||||||
|
+++ libgcrypt-1.6.1/src/global.c
|
||||||
|
@@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test
|
||||||
|
likely to be called at startup. The suggested way for an
|
||||||
|
application to make sure that this has been called is by using
|
||||||
|
gcry_check_version. */
|
||||||
|
-static void
|
||||||
|
+static void __attribute__((constructor))
|
||||||
|
global_init (void)
|
||||||
|
{
|
||||||
|
gcry_error_t err = 0;
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 26 12:05:17 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
|
||||||
|
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
|
||||||
|
and not libgcrypt.so.11
|
||||||
|
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
|
||||||
|
DSO loading to meet FIPS requirements.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com
|
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com
|
||||||
|
|
||||||
|
@ -56,6 +56,8 @@ Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
|||||||
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
|
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
|
||||||
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
|
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
|
||||||
Patch27: 0007-User-interface-to-DRBG.patch
|
Patch27: 0007-User-interface-to-DRBG.patch
|
||||||
|
Patch28: libgcrypt-fix-rng.patch
|
||||||
|
Patch29: libgcrypt-init-at-elf-load-fips.patch
|
||||||
BuildRequires: automake >= 1.11
|
BuildRequires: automake >= 1.11
|
||||||
BuildRequires: libgpg-error-devel >= 1.11
|
BuildRequires: libgpg-error-devel >= 1.11
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
@ -136,6 +138,8 @@ understanding of applied cryptography is required to use Libgcrypt.
|
|||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
%patch27 -p1
|
%patch27 -p1
|
||||||
|
%patch28 -p1
|
||||||
|
%patch29 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user