Compare commits

...

205 Commits

Author SHA256 Message Date
Ana Guerrero
8a5ce89984 Accepting request 1235881 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1235881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=105
2025-01-09 14:04:12 +00:00
Ana Guerrero
3fa142f949 Accepting request 1229393 from devel:libraries:c_c++
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1229393
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=104
2024-12-10 22:42:50 +00:00
a86dd9c96a - Remove unrecognized option: --enable-m-guard
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=182
2024-12-02 12:11:19 +00:00
Dominique Leuenberger
eb967db9b2 Accepting request 1183830 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1183830
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=103
2024-07-24 13:29:19 +00:00
c1414c55a9 Accepting request 1183811 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.11.0:
  * New and extended interfaces:
    - Add an API for Key Encapsulation Mechanism (KEM). [T6755]
    - Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
    - Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
    - Add Classic McEliece algorithm. [rC003367b912]
    - Add One-Step KDF with hash and MAC. [T5964]
    - Add KDF algorithm HKDF of RFC-5869. [T5964]
    - Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
    - Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
    - Add ARIA block cipher algorithm. [rC316c6d7715]
    - Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
    - Add support for SHAKE as MGF in RSA. [T6557]
    - Add gcry_md_read support for SHAKE algorithms. [T6539]
    - Add gcry_md_hash_buffers_ext function. [T7035]
    - Add cSHAKE hash algorithm. [rC065b3f4e02]
    - Support internal generation of IV for AEAD cipher mode. [T4873]
  * Performance:
    - Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
    - Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
    - Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
    - Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
    - Add PowerPC vector implementation of SM4. [rC0b2da804ee]
    - Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
    - Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
    - Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
      and Camellia. [rCcf956793af]
    - Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
    - Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
      and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]

OBS-URL: https://build.opensuse.org/request/show/1183811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=180
2024-06-28 09:08:29 +00:00
Ana Guerrero
b55e290b2a Accepting request 1141963 from devel:libraries:c_c++
- add libgcrypt-no-deprecated-grep-alias.patch

- Build AVX2 enabled hwcaps library for x86_64-v3
  * Fix counter operand from read-only to read/write
- Fix gpg2 tests on BigEndian architectures: s390x ppc64
- making the build reproducible - see
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
- Correct patch 0007-User-interface-to-DRBG.patch so that the
- Drop arm-missing-files.diff, fixed upstream
- add arm-missing-files.diff: Add missing files to fix build
- update to 1.6.
- Library must be built with large file support in
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
- Libraries back into %{_libdir}, /usr merge project
 * New variants of the TIGER algorithm.
   generation.  DSA domain parameters may be given as well.
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
    entropy for the intial seeding
    the manual are under the GPL
- update to version 1.2.2
- require libgpg-error-devel (Bug #48271)
- update to version 1.2.0
- disable make check, because it uses /dev/random whihc is
  implemented.

OBS-URL: https://build.opensuse.org/request/show/1141963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=102
2024-01-29 21:25:48 +00:00
f462660008 - add libgcrypt-no-deprecated-grep-alias.patch
- Build AVX2 enabled hwcaps library for x86_64-v3
  * Fix counter operand from read-only to read/write
- Fix gpg2 tests on BigEndian architectures: s390x ppc64
- making the build reproducible - see
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
- Correct patch 0007-User-interface-to-DRBG.patch so that the
- Drop arm-missing-files.diff, fixed upstream
- add arm-missing-files.diff: Add missing files to fix build
- update to 1.6.
- Library must be built with large file support in
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
- Libraries back into %{_libdir}, /usr merge project
 * New variants of the TIGER algorithm.
   generation.  DSA domain parameters may be given as well.
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
    entropy for the intial seeding
    the manual are under the GPL
- update to version 1.2.2
- require libgpg-error-devel (Bug #48271)
- update to version 1.2.0
- disable make check, because it uses /dev/random whihc is
  implemented.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=178
2024-01-27 13:37:57 +00:00
Ana Guerrero
b78719a232 Accepting request 1127966 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1127966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=101
2023-11-23 20:38:31 +00:00
0d824d09dc Accepting request 1127956 from home:ohollmann:branches:devel:libraries:c_c++
- Re-create HMAC checksum after RPM build strips the library
  (bsc#1217058)

OBS-URL: https://build.opensuse.org/request/show/1127956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=176
2023-11-21 17:32:01 +00:00
Ana Guerrero
7f2be4226a Accepting request 1126688 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1126688
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=100
2023-11-17 19:47:54 +00:00
53013ef12a Accepting request 1126687 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.3:
 * Bug fixes:
   - Fix public key computation for other EdDSA curves. [rC469919751d6e]
   - Remove out of core handler diagnostic in FIPS mode. [T6515]
   - Check that the digest size is not zero in gcry_pk_sign_md and
     gcry_pk_verify_md. [T6539]
   - Make store an s-exp with \0 is considered to be binary. [T6747]
   - Various constant-time improvements.
 * Portability:
   - Use getrandom call only when supported by the platform. [T6442]
   - Change the default for --with-libtool-modification to never. [T6619]
 * Release-info: https://dev.gnupg.org/T6817
 * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch

OBS-URL: https://build.opensuse.org/request/show/1126687
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=174
2023-11-15 15:58:32 +00:00
Ana Guerrero
1af09eee9b Accepting request 1118833 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1118833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=99
2023-10-20 21:15:32 +00:00
63de2206c9 Accepting request 1118293 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Do not pull revision info from GIT when autoconf is run. This
  removes the -unknown suffix after the version number.
  * Add libgcrypt-nobetasuffix.patch [bsc#1216334]

OBS-URL: https://build.opensuse.org/request/show/1118293
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=172
2023-10-19 07:34:37 +00:00
Ana Guerrero
9cb4e967ab Accepting request 1116820 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1116820
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=98
2023-10-13 21:13:57 +00:00
30ec5cbd47 Accepting request 1116818 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- POWER: performance enhancements for cryptography [jsc#PED-5088]
  * Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006]
    - Chacha20/poly1305: Optimized chacha20/poly1305 for
      P10 operation [rC88fe7ac33eb4]
    - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES
      on arch-3.00 [rC2c5e5ab6843d]
  * Add patches:
    - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
    - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch

OBS-URL: https://build.opensuse.org/request/show/1116818
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=170
2023-10-11 07:38:30 +00:00
Dominique Leuenberger
d746817767 Accepting request 1089003 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1089003
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=97
2023-05-28 17:21:50 +00:00
20cf449281 Accepting request 1088864 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Merge the libgcrypt20-hmac package into the library and
  remove the "module is complete" trigger file .fips [bsc#1185116]
  * Remove libgcrypt-1.10.0-use-fipscheck.patch

OBS-URL: https://build.opensuse.org/request/show/1088864
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=168
2023-05-25 10:47:22 +00:00
Dominique Leuenberger
1f229e1cb7 Accepting request 1078615 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1078615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=96
2023-04-14 11:12:01 +00:00
d2525ea576 Accepting request 1078614 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1078614
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=166
2023-04-12 09:52:01 +00:00
07ae165632 Accepting request 1078466 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.2:
  * Bug fixes:
    - Fix Argon2 for the case output > 64. [rC13b5454d26]
    - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
    - Fix RSA key generation failure in forced FIPS mode. [T5919]
    - Fix gcry_pk_hash_verify for explicit hash. [T6066]
    - Fix a wrong result of gcry_mpi_invm. [T5970]
    - Allow building with --disable-asm for HPPA. [T5976]
    - Allow building with -Oz. [T6432]
    - Enable the fast path to ChaCha20 only when supported. [T6384]
    - Use size_t to avoid counter overflow in Keccak when directly
      feeding more than 4GiB. [T6217]
  * Other:
    - Do not use secure memory for a DRBG instance. [T5933]
    - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
    - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
    - Allow verification of small RSA signatures in FIPS mode. [T5975]
    - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
    - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
    - Add function-name based FIPS indicator function.
      GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
      an ABI changes because the new FIPS features were not yet
      approved. [rC822ee57f07]
    - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
    - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
    - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
    - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
    - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
    - Prefer gpgrt-config when available. [T5034]
    - Mark AESWRAP as approved FIPS algorithm. [T5512]

OBS-URL: https://build.opensuse.org/request/show/1078466
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=165
2023-04-11 14:55:16 +00:00
Dominique Leuenberger
9a8e9a51cb Accepting request 1070246 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1070246
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=95
2023-03-12 15:22:13 +00:00
7483d2b690 Accepting request 1070143 from home:pluskalm:branches:devel:libraries:c_c++
- Build AVX2 enabled hwcaps library for x86_64-v3

OBS-URL: https://build.opensuse.org/request/show/1070143
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=163
2023-03-08 18:05:37 +00:00
Dominique Leuenberger
42ed2c4012 Accepting request 1038228 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1038228
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=94
2022-11-27 11:52:48 +00:00
f23b31a152 Accepting request 1038227 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch

OBS-URL: https://build.opensuse.org/request/show/1038227
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=161
2022-11-25 14:49:39 +00:00
725ec59b57 Accepting request 1038172 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.1:
  * Bug fixes:
    - Fix minor memory leaks in FIPS mode.
    - Build fixes for MUSL libc.
  * Other:
    - More portable integrity check in FIPS mode.
    - Add X9.62 OIDs to sha256 and sha512 modules.
  * Add the hardware optimizations config file hwf.deny to
    the /etc/gcrypt/ directory. This file can be used to globally
    disable the use of hardware based optimizations.
  * Remove not needed separate_hmac256_binary hmac256 package

- Update to 1.10.0:
  * New and extended interfaces:
    - New control codes to check for FIPS 140-3 approved algorithms.
    - New control code to switch into non-FIPS mode.
    - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
    - Extended cipher mode AESWRAP with padding as specified by
      RFC-5649.
    - New set of KDF functions.
    - New KDF modes Argon2 and Balloon.
    - New functions for combining hashing and signing/verification.
  * Performance:
    - Improved support for PowerPC architectures.
    - Improved ECC performance on zSeries/s390x by using accelerated
      scalar multiplication.
    - Many more assembler performance improvements for several
      architectures.
  * Bug fixes:
    - Fix Elgamal encryption for other implementations.

OBS-URL: https://build.opensuse.org/request/show/1038172
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=160
2022-11-25 14:23:58 +00:00
Dominique Leuenberger
cf0b6d06ec Accepting request 1004197 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1004197
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=93
2022-09-19 14:02:44 +00:00
a52145f041 Accepting request 1004104 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
  * Add libgcrypt-FIPS-rndjent_poll.patch
  * Rebase libgcrypt-jitterentropy-3.4.0.patch

- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
  * Consider approved keylength greater or equal to 112 bits.
  * Add libgcrypt-FIPS-kdf-leylength.patch

- FIPS: Zeroize buffer and digest in check_binary_integrity()
  * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]

OBS-URL: https://build.opensuse.org/request/show/1004104
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=158
2022-09-16 21:00:13 +00:00
Dominique Leuenberger
87139e3bce Accepting request 1001249 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1001249
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=92
2022-09-07 09:05:09 +00:00
82bc8eba9a Accepting request 1001247 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
Sync the FIPS changes to be added in SLE-15-SP4

OBS-URL: https://build.opensuse.org/request/show/1001247
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=156
2022-09-05 10:55:04 +00:00
Dominique Leuenberger
8ec4bc8590 Accepting request 991962 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/991962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=91
2022-08-04 11:22:40 +00:00
80f9a1053d Accepting request 991956 from home:coolo:branches:devel:libraries:c_c++
- Fix reproducible build problems:
   - Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
   - Fix date call messed up by spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/991956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=154
2022-08-01 08:35:47 +00:00
Dominique Leuenberger
4021e5fdc1 Accepting request 950434 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/950434
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=90
2022-02-05 22:22:53 +00:00
c941c8db1e Accepting request 950433 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
  * Upstream task: https://dev.gnupg.org/T5710
  * Add libgcrypt-FIPS-disable-DSA.patch

- FIPS: Service level indicator [bsc#1190700]
  * Provide an indicator to check wether the service utilizes an
    approved cryptographic algorithm or not.
  * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch

- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
  * Disable jitter entropy by default in random.conf
  * Disable only-urandom option by default in random.conf

- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
  * rsa: Check RSA keylen constraints for key operations.
  * rsa: Fix regression in not returning an error for prime generation.
  * tests: Add 2k RSA key working in FIPS mode.
  * tests: pubkey: Replace RSA key to one of 2k.
  * tests: pkcs1v2: Skip tests with small keys in FIPS.
  * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch

- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
  * Add libgcrypt-FIPS-disable-3DES.patch

- FIPS: PBKDF requirements [bsc#1185137]

OBS-URL: https://build.opensuse.org/request/show/950433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
2022-02-01 13:12:14 +00:00
Dominique Leuenberger
2a9591aeaf Accepting request 940475 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/940475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=89
2021-12-18 19:29:55 +00:00
ca014dcd4e Accepting request 940468 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

OBS-URL: https://build.opensuse.org/request/show/940468
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=152
2021-12-14 13:04:25 +00:00
Dominique Leuenberger
69de87215c Accepting request 913986 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/913986
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=88
2021-08-28 20:31:04 +00:00
b49d3291e1 Accepting request 913985 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fix building test t-lock with pthread. [bsc#1189745]
  * Explicitly add -lpthread to compile the t-lock test.
  * Add libgcrypt-pthread-in-t-lock-test.patch

OBS-URL: https://build.opensuse.org/request/show/913985
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=151
2021-08-24 10:37:54 +00:00
00b6c7a408 Accepting request 913968 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.4:
  * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
  * Other features:
    - Add GCM and CCM to OID mapping table for AES.
  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

- Remove not needed patch libgcrypt-sparcv9.diff

- libgcrypt 1.9.3:
    - Fix for Apple iOS getentropy peculiarity.
    - Add VPMSUMD acceleration for GCM mode on PPC.
  - Fix rare assertion failure in gcry_prime_check.

OBS-URL: https://build.opensuse.org/request/show/913968
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
2021-08-24 10:13:55 +00:00
Dominique Leuenberger
3dba002cd7 Accepting request 900114 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/900114
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=87
2021-06-18 08:13:11 +00:00
79c721ab6b Accepting request 899923 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Security fix: [bsc#1187212, CVE-2021-33560]
  * cipher: Fix ElGamal encryption for other implementations.
  * Exponent blinding was added in version 1.9.3. This patch
    fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

OBS-URL: https://build.opensuse.org/request/show/899923
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=148
2021-06-15 09:30:21 +00:00
Dominique Leuenberger
07dafd246e Accepting request 887034 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/887034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=86
2021-04-26 14:38:12 +00:00
c47eb17c1d Accepting request 886925 from home:polslinux:branches:devel:libraries:c_c++
- libgcrypt 1.9.3: 
  * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.  
    - Make keygrip computation work for compressed points.
  * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC. 
  * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.

OBS-URL: https://build.opensuse.org/request/show/886925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=146
2021-04-20 14:18:49 +00:00
Dominique Leuenberger
91f02deb34 Accepting request 873072 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/873072
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=85
2021-02-23 19:18:45 +00:00
ed96a78f46 Accepting request 873060 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.9.2

OBS-URL: https://build.opensuse.org/request/show/873060
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=144
2021-02-17 10:20:09 +00:00
Dominique Leuenberger
032f6c67ac Accepting request 868946 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/868946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=84
2021-02-08 10:47:03 +00:00
dea0435690 Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.1
   * *Fix exploitable bug* in hash functions introduced with
     1.9.0. [bsc#1181632, CVE-2021-3345]
   * Return an error if a negative MPI is used with sexp scan
     functions.
   * Check for operational FIPS in the random and KDF functions.
   * Fix compile error on ARMv7 with NEON disabled.
   * Fix self-test in KDF module.
   * Improve assembler checks for better LTO support.
   * Fix 32-bit cross build on x86.
   * Fix non-NEON ARM assembly implementation for SHA512.
   * Fix build problems with the cipher_bulk_ops_t typedef.
   * Fix Ed25519 private key handling for preceding ZEROs.
   * Fix overflow in modular inverse implementation.
   * Fix register access for AVX/AVX2 implementations of Blake2.
   * Add optimized cipher and hash functions for s390x/zSeries.
   * Use hardware bit counting functionx when available.
   * Update DSA functions to match FIPS 186-3.
   * New self-tests for CMACs and KDFs.
   * Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version

- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch

- Add the global config file /etc/gcrypt/random.conf
  * This file can be used to globally change parameters of the random
    generator with the options: only-urandom and disable-jent.

- Update to 1.9.0:

OBS-URL: https://build.opensuse.org/request/show/868925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142
2021-02-03 12:44:42 +00:00
Dominique Leuenberger
700b9e13cb Accepting request 843816 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/843816
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=83
2020-10-29 08:21:24 +00:00
a15018a4a1 Accepting request 843758 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.7

OBS-URL: https://build.opensuse.org/request/show/843758
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=140
2020-10-24 20:30:16 +00:00
Dominique Leuenberger
fa4a386d83 Accepting request 819169 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/819169
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=82
2020-07-15 09:11:12 +00:00
211bd2f53b Accepting request 819163 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.8.6
  * mpi: Consider +0 and -0 the same in mpi_cmp
  * mpi: Fix flags in mpi_copy for opaque MPI
  * mpi: Fix the return value of mpi_invm_generic
  * mpi: DSA,ECDSA: Fix use of mpi_invm
    - Call mpi_invm before _gcry_dsa_modify_k
    - Call mpi_invm before _gcry_ecc_ecdsa_sign
  * mpi: Constant time mpi_inv with some conditions
    - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
    - New: mpih_abs_cond, mpi_invm_odd
    - Rename from _gcry_mpi_invm: mpi_invm_generic
    - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
  * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
  * Fix wrong code execution in Poly1305 ARM/NEON implementation
    - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
  * Set vZZ.16b register to zero before use in armv8 gcm implementation
  * random: Fix include of config.h
  * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
  * ecc: Fix wrong handling of shorten PK bytes
    - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
- Update libgcrypt-ecc-ecdsa-no-blinding.patch

OBS-URL: https://build.opensuse.org/request/show/819163
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=138
2020-07-07 09:36:56 +00:00
Yuchen Lin
f20d49ff1e Accepting request 807319 from devel:libraries:c_c++
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807319
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=81
2020-05-23 15:19:49 +00:00
Dominique Leuenberger
ae21839c90 Accepting request 805629 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/805629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=80
2020-05-19 12:43:00 +00:00
Vítězslav Čížek
b626ac7062 Accepting request 807298 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807298
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=135
2020-05-19 12:29:20 +00:00
Vítězslav Čížek
9a7cde5372 Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch

- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134
2020-05-14 15:39:34 +00:00
Dominique Leuenberger
d9360a0b9a Accepting request 766879 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/766879
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=79
2020-01-30 08:31:14 +00:00
Tomáš Chvátal
e37716ed54 Accepting request 766877 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
  * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch

- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
  * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

- Fix tests in FIPS mode:
  * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
  * Add patch libgcrypt-fix-tests-fipsmode.patch

- Fix test dsa-rfc6979 in FIPS mode:
  * Disable tests in elliptic curves with 192 bits which are not
    recommended in FIPS mode
  * Add patch libgcrypt-dsa-rfc6979-test-fix.patch

- CMAC AES and TDES FIPS self-tests:
  * CMAC AES self test missing [bsc#1155339]
  * CMAC TDES self test missing [bsc#1155338]
- Add libgcrypt-CMAC-AES-TDES-selftest.patch

OBS-URL: https://build.opensuse.org/request/show/766877
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=132
2020-01-24 12:13:28 +00:00
Dominique Leuenberger
07fa0c0e85 Accepting request 727334 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/727334
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=78
2019-09-07 09:28:42 +00:00
74a1d44e1d Accepting request 727257 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.5 CVE-2019-13627 boo#1148987

OBS-URL: https://build.opensuse.org/request/show/727257
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=130
2019-08-30 20:13:27 +00:00
Dominique Leuenberger
7ad624cbce Accepting request 712272 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/712272
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=77
2019-06-30 08:18:38 +00:00
d57c784f09 Accepting request 712076 from home:jsikes:branches:devel:libraries:c_c++
This fixes bsc#1133808. Hope it doesn't break anything else. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/712076
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=128
2019-06-27 15:31:10 +00:00
02d04cf4ae Accepting request 711377 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fixed env-script-interpreter in cavs_driver.pl

- Security fix: [bsc#1138939, CVE-2019-12904]
  * The C implementation of AES is vulnerable to a flush-and-reload
    side-channel attack because physical addresses are available to
    other processes. (The C implementation is used on platforms where
    an assembly-language implementation is unavailable.)
  * Added patches:
    - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    - libgcrypt-CVE-2019-12904-GCM.patch
    - libgcrypt-CVE-2019-12904-AES.patch

OBS-URL: https://build.opensuse.org/request/show/711377
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=127
2019-06-25 12:49:02 +00:00
Dominique Leuenberger
8d3c3ab6bd Accepting request 698628 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/698628
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=76
2019-06-07 16:00:42 +00:00
Tomáš Chvátal
61eeda1b5c Accepting request 698242 from home:jsikes:branches:devel:libraries:c_c++
Hopefully this fixes bsc#1131369. Hopefully.

OBS-URL: https://build.opensuse.org/request/show/698242
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=125
2019-04-27 08:19:28 +00:00
Tomáš Chvátal
44e7a5642f Accepting request 697283 from home:jsikes:branches:devel:libraries:c_c++
Fixed a few bugs. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/697283
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=124
2019-04-24 08:43:31 +00:00
Tomáš Chvátal
9521655df0 Accepting request 692407 from home:jsikes:branches:devel:libraries:c_c++
Fixed a little oops. Enjoy.

OBS-URL: https://build.opensuse.org/request/show/692407
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=123
2019-04-09 06:12:53 +00:00
9563eb9685 Accepting request 689095 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
  are invoked as well as the state transition, adjust the code so
  a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
  * update libgcrypt-binary_integrity_in_non-FIPS.patch

- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
  * add libgcrypt-fips_rsa_no_enforced_mode.patch

OBS-URL: https://build.opensuse.org/request/show/689095
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=122
2019-03-27 14:36:50 +00:00
Tomáš Chvátal
655523d262 Accepting request 688356 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Don't run full self-tests from constructor (bsc#1097073)
  * Don't call global_init() from the constructor, _gcry_global_constructor()
    from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
    integrity check instead.
  * Only the binary checksum will be verified, the remaining
    self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
  libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
  by libgcrypt-1.8.3-fips-ctor.patch

- Skip all the self-tests except for binary integrity when called
  from the constructor (bsc#1097073)
  * Added libgcrypt-1.8.3-fips-ctor.patch from Fedora

OBS-URL: https://build.opensuse.org/request/show/688356
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=121
2019-03-25 18:52:00 +00:00
Dominique Leuenberger
17e7a97b07 Accepting request 652051 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/652051
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=75
2018-12-03 09:03:49 +00:00
Tomáš Chvátal
b13fa86e81 Accepting request 652048 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Fail selftests when checksum file is missing in FIPS mode only
  (bsc#1117355)
  * add libgcrypt-binary_integrity_in_non-FIPS.patch

OBS-URL: https://build.opensuse.org/request/show/652048
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=119
2018-11-26 17:27:31 +00:00
Dominique Leuenberger
ca00da8440 Accepting request 645121 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/645121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=74
2018-11-08 08:41:01 +00:00
Ismail Dönmez
5a5bf04851 Accepting request 645112 from security:privacy
libgcrypt 1.8.4

OBS-URL: https://build.opensuse.org/request/show/645112
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=117
2018-10-28 21:21:59 +00:00
Dominique Leuenberger
df402ac9e9 Accepting request 620216 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/620216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=73
2018-07-07 19:56:53 +00:00
Tomáš Chvátal
fb3d3cb514 Accepting request 620215 from home:Andreas_Schwab:Factory
- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch,
  libgcrypt-strict-aliasing.patch: Remove obsolete patches
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff
- Reenable testsuite

OBS-URL: https://build.opensuse.org/request/show/620215
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=115
2018-07-02 10:45:19 +00:00
Yuchen Lin
8f175efdbf Accepting request 616511 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/616511
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=72
2018-06-22 11:15:10 +00:00
Vítězslav Čížek
f9c1c6b499 Accepting request 616502 from home:kbabioch:branches:devel:libraries:c_c++
- Update to version 1.8.3:
  - Use blinding for ECDSA signing to mitigate a novel side-channel
    attack. (CVE-2018-0495 bsc#1097410)
  - Fix incorrect counter overflow handling for GCM when using an IV
    size other than 96 bit.
  - Fix incorrect output of AES-keywrap mode for in-place encryption
    on some platforms.
  - Fix the gcry_mpi_ec_curve_point point validation function.
  - Fix rare assertion failure in gcry_prime_check. 
- Applied spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/616502
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=113
2018-06-13 11:32:30 +00:00
Dominique Leuenberger
559e3bbd71 Accepting request 603170 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/603170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=71
2018-05-07 12:52:21 +00:00
Tomáš Chvátal
074f940c73 Accepting request 603165 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/603165
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=111
2018-05-02 15:35:24 +00:00
Tomáš Chvátal
3e049117f8 Accepting request 603156 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
  are installed in the right order. [bsc#1090766]

OBS-URL: https://build.opensuse.org/request/show/603156
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=110
2018-05-02 15:02:36 +00:00
Dominique Leuenberger
dc00b54bb1 Accepting request 592209 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/592209
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=70
2018-04-03 10:11:16 +00:00
Tomáš Chvátal
7da0c092f1 Accepting request 592205 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
  --algo parameter for the FIPS testing of DSA SigVer and SigGen
  (bsc#1064455).
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch

OBS-URL: https://build.opensuse.org/request/show/592205
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=108
2018-03-29 09:57:58 +00:00
Dominique Leuenberger
d4f71c2dc2 Accepting request 580133 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/580133
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=69
2018-03-01 11:05:46 +00:00
Tomáš Chvátal
4de74bf3f1 Accepting request 580096 from home:favogt:licensetag
Use %license (boo#1082318). Please forward to SLE, if possible

OBS-URL: https://build.opensuse.org/request/show/580096
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=106
2018-02-26 09:33:50 +00:00
Dominique Leuenberger
9feec847c6 Accepting request 556784 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/556784
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=68
2017-12-29 17:48:36 +00:00
Tomáš Chvátal
e505d65dd8 Accepting request 556783 from security:privacy
libgcrypt 1.8.2

OBS-URL: https://build.opensuse.org/request/show/556783
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=104
2017-12-13 20:15:54 +00:00
Dominique Leuenberger
aafba70456 Accepting request 519870 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/519870
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=67
2017-09-07 20:07:50 +00:00
Tomáš Chvátal
8ea7d3a2d4 Accepting request 519788 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.1 libgcrypt 1.8.1 CVE-2017-0379 bsc#1055837

OBS-URL: https://build.opensuse.org/request/show/519788
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=102
2017-08-31 08:01:22 +00:00
Dominique Leuenberger
3938bc27a3 Accepting request 512433 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/512433
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=66
2017-08-29 09:33:52 +00:00
Tomáš Chvátal
8af5760958 Accepting request 512392 from home:jengelh:branches:devel:libraries:c_c++
- RPM group fixes.
remove with-pic, that's for static only

OBS-URL: https://build.opensuse.org/request/show/512392
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=100
2017-07-25 06:30:55 +00:00
Tomáš Chvátal
2658824b7f - Refresh patch libgcrypt-1.6.3-aliasing.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=99
2017-07-24 08:34:50 +00:00
Tomáš Chvátal
6ebe4a1bc9 Fix signature file redone by upstream
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=98
2017-07-24 08:27:58 +00:00
Tomáš Chvátal
17c1484584 Accepting request 512084 from security:privacy
libgcrypt 1.8.0

OBS-URL: https://build.opensuse.org/request/show/512084
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=97
2017-07-24 08:15:56 +00:00
Dominique Leuenberger
32e7beef4d Accepting request 507221 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/507221
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=65
2017-07-04 09:54:12 +00:00
Vítězslav Čížek
27c67e3671 Accepting request 507220 from security:privacy
libgcrypt 1.7.8 CVE-2017-7526 bsc#1046607

OBS-URL: https://build.opensuse.org/request/show/507220
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=95
2017-06-30 06:36:55 +00:00
Dominique Leuenberger
331b508318 Accepting request 501083 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/501083
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=64
2017-06-05 16:49:58 +00:00
Tomáš Chvátal
c785cdbe16 Accepting request 501007 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.7.7

OBS-URL: https://build.opensuse.org/request/show/501007
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=93
2017-06-05 07:34:40 +00:00
Tomáš Chvátal
ef71f17567 Accepting request 500599 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
  * Store the session key in secure memory to ensure that constant
    time point operations are used in the MPI library.

OBS-URL: https://build.opensuse.org/request/show/500599
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=92
2017-06-03 18:51:04 +00:00
Dominique Leuenberger
4616ce9677 Accepting request 451573 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/451573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=63
2017-01-25 21:32:29 +00:00
Tomáš Chvátal
fc34d37147 Accepting request 451572 from home:rmaliska:branches:devel:libraries:c_c++
- libgcrypt 1.7.6:
  * Fix counter operand from read-only to read/write 
  * Fix too large jump alignment in mpih-rshift

OBS-URL: https://build.opensuse.org/request/show/451572
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=90
2017-01-20 09:50:05 +00:00
Tomáš Chvátal
611eb05395 Accepting request 446365 from security:privacy
libgcrypt 1.7.5

OBS-URL: https://build.opensuse.org/request/show/446365
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=89
2016-12-15 11:55:13 +00:00
Dominique Leuenberger
827280d3a0 Accepting request 420988 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/420988
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=62
2016-08-30 22:00:25 +00:00
P. Janouch
b75d794f38 Accepting request 420659 from security:privacy
libgcrypt 1.7.3

OBS-URL: https://build.opensuse.org/request/show/420659
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=87
2016-08-22 09:21:16 +00:00
Dominique Leuenberger
48b4aca02c Accepting request 419868 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/419868
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=61
2016-08-22 08:06:35 +00:00
Ismail Dönmez
3cd014e39c Accepting request 419802 from security:privacy
libgcrypt 1.6.6 CVE-2016-6313 (bsc#994157)

OBS-URL: https://build.opensuse.org/request/show/419802
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=85
2016-08-18 07:41:25 +00:00
Dominique Leuenberger
9f54cee2c1 Accepting request 396173 from devel:libraries:c_c++
- remove conditionals for unsupported distributions (before 13.2),
  it would not build anyway because of new dependencies

- make the -hmac package depend on the same version of the library,
  fixing bsc#979629 FIPS: system fails to reboot after installing
  fips pattern

OBS-URL: https://build.opensuse.org/request/show/396173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=60
2016-05-20 09:55:14 +00:00
P. Janouch
81354459e3 Fixup, we need the same release as well
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=83
2016-05-16 16:03:22 +00:00
P. Janouch
b7923a28bd - remove conditionals for unsupported distributions (before 13.2),
it would not build anyway because of new dependencies

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=82
2016-05-16 14:41:28 +00:00
P. Janouch
5f4c72ab48 - make the -hmac package depend on the same version of the library,
fixing bsc#979629 FIPS: system fails to reboot after installing
  fips pattern

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=81
2016-05-16 14:30:25 +00:00
Dominique Leuenberger
00a51aa4f1 Accepting request 358621 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/358621
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=59
2016-02-18 10:06:19 +00:00
Michal Vyskocil
1e84b1513d Accepting request 358619 from security:privacy
update to 1.6.5: CVE-2015-7511: Mitigate side-channel attack on ECDH with Weierstrass curves (boo#965902)

OBS-URL: https://build.opensuse.org/request/show/358619
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=79
2016-02-09 21:32:46 +00:00
Dominique Leuenberger
141234108e Accepting request 337814 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/337814
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=58
2015-10-20 14:21:01 +00:00
Ismail Dönmez
ab89552259 Accepting request 337609 from security:privacy
- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4

OBS-URL: https://build.opensuse.org/request/show/337609
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=77
2015-10-10 17:29:21 +00:00
Stephan Kulow
ec74578bef Accepting request 329775 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/329775
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=57
2015-09-19 04:53:17 +00:00
Ismail Dönmez
cce4763633 Accepting request 329637 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- update to 1.6.4
- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
 * Speed up the random number generator by requiring less extra
   seeding.
 * New flag "no-keytest" for ECC key generation.  Due to a bug in the
   parser that flag will also be accepted but ignored by older version
   of Libgcrypt.
 * Always verify a created RSA signature to avoid private key leaks
   due to hardware failures.
 * Other minor bug fixes.

OBS-URL: https://build.opensuse.org/request/show/329637
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=75
2015-09-08 17:55:16 +00:00
Dominique Leuenberger
28ffe49c9d Accepting request 313365 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/313365
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=56
2015-07-02 20:45:56 +00:00
Ismail Dönmez
c32332f370 Accepting request 313303 from home:k0da:branches:devel:libraries:c_c++
- Fix gpg2 tests on BigEndian architectures: s390x ppc64 
  libgcrypt-1.6.3-aliasing.patch

OBS-URL: https://build.opensuse.org/request/show/313303
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=73
2015-06-24 07:39:00 +00:00
Dominique Leuenberger
a5579617e5 Accepting request 288429 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/288429
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=55
2015-03-05 14:39:00 +00:00
Ismail Dönmez
d508407bd5 Accepting request 288391 from security:privacy
- fix sosuffix for 1.6.3 (20.0.3)

OBS-URL: https://build.opensuse.org/request/show/288391
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=71
2015-03-02 09:31:21 +00:00
Ismail Dönmez
1025b98553 Accepting request 288249 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.6.3 [bnc#920057]

OBS-URL: https://build.opensuse.org/request/show/288249
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=70
2015-03-01 07:57:34 +00:00
Stephan Kulow
59fc2e6fc1 Accepting request 284556 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/284556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=54
2015-02-16 14:01:48 +00:00
Stephan Kulow
f5c7e834a5 Accepting request 284554 from home:dimstar:Factory
- Move %install_info_delete calls from postun to preun: the files
  must still be present to be parsed.
- Fix the names passed to install_info for gcrypt.info-[12].gz
  instead of gcrypt-[12].info.gz.

  via xtrymalloc macro

OBS-URL: https://build.opensuse.org/request/show/284554
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=68
2015-02-06 18:56:29 +00:00
Stephan Kulow
f3deb426aa Accepting request 284553 from home:coolo:branches:openSUSE:Factory
- making the build reproducible - see 
  http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html
  for a very similiar problem

- fix filename for info pages in %post scripts

OBS-URL: https://build.opensuse.org/request/show/284553
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=67
2015-02-06 18:56:02 +00:00
Dominique Leuenberger
327fa87bf4 Accepting request 259984 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/259984
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=53
2014-11-14 08:18:28 +00:00
Ismail Dönmez
7377b22af6 Accepting request 259951 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.6.2

OBS-URL: https://build.opensuse.org/request/show/259951
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=65
2014-11-05 20:53:18 +00:00
Stephan Kulow
71c6ef52ef Accepting request 251471 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/251471
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=52
2014-09-24 11:09:15 +00:00
Ismail Dönmez
c1ef8148bf Accepting request 250747 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- disabled curve P-192 in FIPS mode (bnc#896202)
  * added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

- run the fips self tests at the constructor code
  * added libgcrypt-fips_run_selftest_at_constructor.patch

- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
  * added libgcrypt-fips-dsa.patch
  * install fips186_dsa
- use 2048 bit keys in selftests_dsa

OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
2014-09-22 20:11:21 +00:00
Stephan Kulow
757d9c9f07 Accepting request 247278 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/247278
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=51
2014-09-04 05:55:53 +00:00
Ismail Dönmez
1521b4e1a9 Accepting request 247239 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- fix an issue in DRBG patchset
  * size_t type is 32-bit on 32-bit systems
- fix a potential NULL pointer deference in DRBG patchset
  * patches from https://bugs.g10code.com/gnupg/issue1701
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing
  * add cavs_driver.pl and cavs-test.sh from the kernel cavs package
  * added drbg_test.patch

OBS-URL: https://build.opensuse.org/request/show/247239
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=61
2014-09-02 17:36:56 +00:00
de36103e2d Accepting request 244560 from devel:libraries:c_c++
- split off the -hmac package that contains the checksums (forwarded request 244328 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/244560
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=49
2014-08-16 13:37:35 +00:00
2cd1fab710 Accepting request 244328 from home:msmeissn:branches:devel:libraries:c_c++
- split off the -hmac package that contains the checksums

OBS-URL: https://build.opensuse.org/request/show/244328
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=59
2014-08-13 13:20:08 +00:00
Stephan Kulow
dbc6021874 Accepting request 235587 from devel:libraries:c_c++
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
  and not libgcrypt.so.11
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF 
  DSO loading to meet FIPS requirements. (forwarded request 235418 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/235587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=48
2014-06-01 16:54:43 +00:00
Ismail Dönmez
31afb2af23 Accepting request 235418 from home:msmeissn:branches:devel:libraries:c_c++
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
  and not libgcrypt.so.11
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF 
  DSO loading to meet FIPS requirements.

OBS-URL: https://build.opensuse.org/request/show/235418
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=57
2014-05-27 18:06:59 +00:00
Stephan Kulow
7ab67ad752 Accepting request 233928 from devel:libraries:c_c++
- add new 0007-User-interface-to-DRBG.patch from upstream
  * fixes bnc#877233
  * supersedes the patch from previous entry (forwarded request 233696 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/233928
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=47
2014-05-17 20:01:36 +00:00
Ismail Dönmez
df3dfc3e0f Accepting request 233696 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- add new 0007-User-interface-to-DRBG.patch from upstream
  * fixes bnc#877233
  * supersedes the patch from previous entry

OBS-URL: https://build.opensuse.org/request/show/233696
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=55
2014-05-14 20:01:57 +00:00
Stephan Kulow
d919100f79 Accepting request 233465 from devel:libraries:c_c++
As reported via email, libgcrypt has an inconsistency in the 0007-*patch that was added last.  

This correction fixes the build failures we are currently seeing in Factory, etc. At least when build against libgcrypt with this patch, the error no longer occurs. However I can not see if this change has any other effect at the moment.  (forwarded request 233464 from tittiatcoke)

OBS-URL: https://build.opensuse.org/request/show/233465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=46
2014-05-12 07:28:38 +00:00
Stephan Kulow
9b151fdc3f Accepting request 233464 from home:tittiatcoke:branches:devel:libraries:c_c++
As reported via email, libgcrypt has an inconsistency in the 0007-*patch that was added last.  

This correction fixes the build failures we are currently seeing in Factory, etc. At least when build against libgcrypt with this patch, the error no longer occurs. However I can not see if this change has any other effect at the moment.

OBS-URL: https://build.opensuse.org/request/show/233464
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=53
2014-05-11 13:59:51 +00:00
Stephan Kulow
68f6c0bcd8 Accepting request 232952 from devel:libraries:c_c++
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch
  * only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
  applied anyway) (forwarded request 232937 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/232952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=45
2014-05-10 06:32:02 +00:00
0ee4a0f87b Accepting request 232937 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch
  * only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
  applied anyway)

OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
2014-05-07 15:00:08 +00:00
Stephan Kulow
8631b8d6e2 Accepting request 228871 from devel:libraries:c_c++
- Cleanup with spec-cleaner to sort out.
- Really apply ppc64 patch as it was ommited probably by mistake.

- FIPS changes (from Fedora):
  - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
    libgcrypt-1.6.1-fips-cfgrandom.patch
  - libgcrypt-fixed-sizet.patch: fixed an int type for -flto
  - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
  - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests
- use fipscheck only after 13.1
- libgcrypt-fips-allow-legacy.patch: attempt to allow some
  legacy algorithms for gpg2 usage even in FIPS mode.
  (currently not applied)

OBS-URL: https://build.opensuse.org/request/show/228871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=44
2014-04-05 14:50:10 +00:00
Tomáš Chvátal
1cf0e05117 - Cleanup with spec-cleaner to sort out.
- Really apply ppc64 patch as it was ommited probably by mistake.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=49
2014-04-03 12:08:53 +00:00
62320f7e7e - libgcrypt-fips-allow-legacy.patch: attempt to allow some
legacy algorithms for gpg2 usage even in FIPS mode.
  (currently not applied)

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=48
2014-04-02 12:04:17 +00:00
Stephan Kulow
07bdae674c Accepting request 228287 from home:msmeissn:branches:devel:libraries:c_c++
- use fipscheck only after 13.1

OBS-URL: https://build.opensuse.org/request/show/228287
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=47
2014-03-31 18:49:01 +00:00
Sascha Peilicke
c25b02784b Accepting request 227791 from home:msmeissn:branches:devel:libraries:c_c++
- FIPS changes (from Fedora):
  - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
    libgcrypt-1.6.1-fips-cfgrandom.patch
  - libgcrypt-fixed-sizet.patch: fixed an int type for -flto
  - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
  - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests

OBS-URL: https://build.opensuse.org/request/show/227791
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=46
2014-03-31 07:35:35 +00:00
Tomáš Chvátal
2868a087ec Accepting request 221146 from devel:libraries:c_c++
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/221146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=43
2014-02-08 09:34:19 +00:00
Ismail Dönmez
660cd0c24e - Drop arm-missing-files.diff, fixed upstream
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=44
2014-01-30 13:30:05 +00:00
Ismail Dönmez
8c0ad30407 Accepting request 215568 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.6.1

OBS-URL: https://build.opensuse.org/request/show/215568
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=43
2014-01-30 13:26:41 +00:00
Stephan Kulow
3d290d3247 Accepting request 212898 from devel:libraries:c_c++
Gcrypt submission for staging purposes, do not accept unless the staging is okay.

OBS-URL: https://build.opensuse.org/request/show/212898
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=42
2014-01-08 19:07:19 +00:00
0de965d808 - add arm-missing-files.diff: Add missing files to fix build
- fix bnc#856915: can't open /dev/urandom
  * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher

- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

- update to 1.6. 
 * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=41
2014-01-03 19:05:34 +00:00
9f8de8177f OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=40 2014-01-03 19:05:08 +00:00
Tomáš Chvátal
3bf1b3fb44 Unbreak again, this needs staging.
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=41
2014-01-03 18:27:45 +00:00
057648ad6a - add arm-missing-files.diff: Add missing files to fix build
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=39
2014-01-03 16:37:25 +00:00
Tomáš Chvátal
8852dd33f2 Accepting request 212727 from devel:libraries:c_c++
Needed fix for the libgcrypt functionality.

OBS-URL: https://build.opensuse.org/request/show/212727
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=40
2014-01-03 13:58:16 +00:00
Michal Vyskocil
471347a939 - require libgpg-error 1.11 or higher
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=37
2014-01-03 10:27:19 +00:00
Michal Vyskocil
2dd2695b1b - fix bnc#856915: can't open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=36
2014-01-03 09:44:43 +00:00
Stephan Kulow
fd1be62577 Accepting request 212103 from openSUSE:Factory
resubmit for another loop including staging

OBS-URL: https://build.opensuse.org/request/show/212103
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=35
2013-12-23 21:27:10 +00:00
Stephan Kulow
2027adeefa unbreak factory
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=39
2013-12-23 14:32:46 +00:00
OBS User buildservice-autocommit
69d02ac9fd Updating link to change in openSUSE:Factory/libgcrypt revision 39.0
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=8776088c4c1e29ad9c6b5b201a26bd16
2013-12-23 14:32:46 +00:00
Tomáš Chvátal
aadeed81f8 Accepting request 211707 from devel:libraries:c_c++
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

- update to 1.6. 
 * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
 * Added support for Deterministic DSA as per RFC-6969.
 * Added support for curve Ed25519.
 * Added a scatter gather hash convenience function.
 * Added several MPI amd SEXP helper functions.
 * Added support for negative numbers to gcry_mpi_print,
   gcry_mpi_aprint and gcry_mpi_scan.

OBS-URL: https://build.opensuse.org/request/show/211707
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=38
2013-12-22 18:35:06 +00:00
Michal Vyskocil
2704060764 - fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=33
2013-12-19 13:54:19 +00:00
Michal Vyskocil
c2b9970a6d - update to 1.6.
* Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
 * Added support for Deterministic DSA as per RFC-6969.
 * Added support for curve Ed25519.
 * Added a scatter gather hash convenience function.
 * Added several MPI amd SEXP helper functions.
 * Added support for negative numbers to gcry_mpi_print,
   gcry_mpi_aprint and gcry_mpi_scan.
 * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
   deprecated.  Use GCRY_PK_ECC if you need an algorithm id.
 * Changed gcry_pk_genkey for "ecc" to only include the curve name and
   not the parameters.  The flag "param" may be used to revert this.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=32
2013-12-19 09:11:12 +00:00
Stephan Kulow
811c511e16 Accepting request 184483 from devel:libraries:c_c++
add CVE (forwarded request 184457 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/184483
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=36
2013-07-29 15:42:10 +00:00
Dr. Werner Fink
0357e20aaf Accepting request 184457 from home:AndreasStieger:branches:devel:libraries:c_c++
add CVE

OBS-URL: https://build.opensuse.org/request/show/184457
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=30
2013-07-27 11:10:54 +00:00
Ismail Dönmez
9b48f489bf Accepting request 184381 from home:AndreasStieger:branches:devel:libraries:c_c++
update to 1.5.3 [bnc#831359] (CVE not forthcoming)

OBS-URL: https://build.opensuse.org/request/show/184381
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=29
2013-07-26 09:01:40 +00:00
Stephan Kulow
e73673942c Accepting request 184297 from devel:libraries:c_c++
- port SLE enhancenments to Factory (bnc#831028)
  * add libgcrypt-unresolved-dladdr.patch (bnc#701267)
  * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
  * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
  random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
  simply allowed them all

- Library must be built with large file support in

OBS-URL: https://build.opensuse.org/request/show/184297
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=35
2013-07-25 13:07:21 +00:00
Michal Vyskocil
84f3f9aea5 - port SLE enhancenments to Factory (bnc#831028)
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
  * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
  * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
  random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
  simply allowed them all
- Library must be built with large file support in

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=27
2013-07-25 09:26:56 +00:00
Stephan Kulow
f8e814bdfc Accepting request 179326 from devel:libraries:c_c++
- avoid gpg-offline in bootstrap packages (forwarded request 179324 from coolo)

OBS-URL: https://build.opensuse.org/request/show/179326
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=34
2013-06-18 08:31:49 +00:00
Ismail Dönmez
6a35aedefa Accepting request 179324 from home:coolo:branches:openSUSE:Factory
- avoid gpg-offline in bootstrap packages

OBS-URL: https://build.opensuse.org/request/show/179324
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=25
2013-06-17 13:34:36 +00:00
Sascha Peilicke
c75cb5e0ba Accepting request 179215 from home:elvigia:branches:devel:libraries:c_c++
- Library must by built with large file support in 
 32 bit archs.

OBS-URL: https://build.opensuse.org/request/show/179215
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=24
2013-06-17 07:25:49 +00:00
Stephan Kulow
24152979ad Accepting request 172374 from devel:libraries:c_c++
update to 1.5.2 (forwarded request 172373 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/172374
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=33
2013-04-19 07:56:34 +00:00
Ismail Dönmez
b6f5274965 Accepting request 172373 from home:AndreasStieger:branches:devel:libraries:c_c++
update to 1.5.2

OBS-URL: https://build.opensuse.org/request/show/172373
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=22
2013-04-18 19:00:41 +00:00
Stephan Kulow
5af4ff1917 Accepting request 160558 from devel:libraries:c_c++
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759) 

- update to 1.5.1
 * Allow empty passphrase with PBKDF2.
 * Do not abort on an invalid algorithm number in
   gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
 * Fixed some Valgrind warnings.
 * Fixed a problem with select and high fd numbers.
 * Improved the build system
 * Various minor bug fixes.
 * Interface changes relative to the 1.5.0 release:
   GCRYCTL_SET_ENFORCED_FIPS_FLAG         NEW.
   GCRYPT_VERSION_NUMBER                  NEW.
- add verification of source code signatures
- now requires automake 1.11 to build

- update license to new format

OBS-URL: https://build.opensuse.org/request/show/160558
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=32
2013-03-25 19:32:07 +00:00
Michal Vyskocil
1bb0687206 - add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=20
2013-03-22 09:31:45 +00:00
Ismail Dönmez
91b308c9c7 Accepting request 159896 from home:AndreasStieger:branches:devel:libraries:c_c++
1.5.1

OBS-URL: https://build.opensuse.org/request/show/159896
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=19
2013-03-19 09:04:38 +00:00
Stephan Kulow
c18825efff Accepting request 150821 from openSUSE:Factory:Staging:spdx
update license to new format

OBS-URL: https://build.opensuse.org/request/show/150821
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=18
2013-02-03 07:04:40 +00:00
Stephan Kulow
a434a9bdc7 Accepting request 124780 from devel:libraries:c_c++
fix deps
  * libgpg-error-devel >= 1.8
add libsoname macro (forwarded request 124757 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/124780
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=30
2012-06-25 12:02:19 +00:00
aadac53807 Accepting request 124757 from home:computersalat:devel:libs
fix deps
  * libgpg-error-devel >= 1.8
add libsoname macro

OBS-URL: https://build.opensuse.org/request/show/124757
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=16
2012-06-13 07:19:23 +00:00
Stephan Kulow
93a887199c Accepting request 110794 from devel:libraries:c_c++
Inbetween patent situation should be clear, so I resubmit the idea changes. (forwarded request 110723 from dstoecker)

OBS-URL: https://build.opensuse.org/request/show/110794
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=28
2012-03-26 09:03:04 +00:00
Sascha Peilicke
544f8f765c Accepting request 110723 from home:dstoecker
Inbetween patent situation should be clear, so I resubmit the idea changes.

OBS-URL: https://build.opensuse.org/request/show/110723
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=14
2012-03-23 11:47:53 +00:00
Stephan Kulow
606ee81da6 Accepting request 104143 from devel:libraries:c_c++
- Libraries back into %{_libdir}, /usr merge project (forwarded request 104142 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/104143
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=27
2012-02-15 15:15:59 +00:00
Cristian Rodríguez
1c1273999c Accepting request 104142 from home:elvigia:branches:devel:libraries:c_c++
- Libraries back into %{_libdir}, /usr merge project

OBS-URL: https://build.opensuse.org/request/show/104142
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=12
2012-02-12 16:27:21 +00:00
Stephan Kulow
7559b90d34 replace license with spdx.org variant
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=26
2011-12-06 17:23:36 +00:00
OBS User buildservice-autocommit
1b08220a03 Updating link to change in openSUSE:Factory/libgcrypt revision 26.0
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=5f71e276516a9c8a714f0ce2525108ca
2011-12-06 17:23:36 +00:00
Stephan Kulow
b123f895dd Accepting request 91520 from devel:libraries:c_c++
- Remove redundant/unwanted tags/section (cf. specfile guidelines)

OBS-URL: https://build.opensuse.org/request/show/91520
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=25
2011-11-16 16:18:46 +00:00
Stephan Kulow
1d2dee7342 merged
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=8
2011-11-15 12:55:51 +00:00
Stephan Kulow
236e77ccd3 Accepting request 91181 from devel:libraries:c_c++
add buildrequire libtool (forwarded request 91152 from coolo)

OBS-URL: https://build.opensuse.org/request/show/91181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=24
2011-11-14 11:13:45 +00:00
e821ff4fac Remove redundant/unwanted tags/section (cf. specfile guidelines)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=7
2011-11-13 14:40:21 +00:00
Ismail Dönmez
63ea93f660 Accepting request 91152 from home:coolo:removelibtool
add buildrequire libtool

OBS-URL: https://build.opensuse.org/request/show/91152
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=6
2011-11-13 10:16:22 +00:00
Lars Vogdt
16f500e9e9 Accepting request 86109 from devel:libraries:c_c++
- Update to version 1.5.0, most important changes
 * Uses the Intel AES-NI instructions if available
 * Support ECDH. (forwarded request 86107 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/86109
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=22
2011-10-03 07:24:08 +00:00
Cristian Rodríguez
57f4d9fa3f Accepting request 86107 from home:elvigia:branches:devel:libraries:c_c++
- Update to version 1.5.0, most important changes
 * Uses the Intel AES-NI instructions if available
 * Support ECDH.

OBS-URL: https://build.opensuse.org/request/show/86107
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=4
2011-10-02 18:44:43 +00:00
OBS User autobuild
7a189b4fc9 Autobuild autoformatter for 53419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=20
2010-11-20 10:15:45 +00:00
Ruediger Oertel
16277c07d8 Accepting request 53419 from devel:libraries:c_c++
Accepted submit request 53419 from user mvyskocil

OBS-URL: https://build.opensuse.org/request/show/53419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=19
2010-11-20 10:15:36 +00:00
OBS User autobuild
16693e1e44 Accepting request 43461 from home:hennevogel:TODO
Copy from home:hennevogel:TODO/libgcrypt based on submit request 43461 from user a_jaeger

OBS-URL: https://build.opensuse.org/request/show/43461
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=18
2010-07-20 18:17:16 +00:00
OBS User autobuild
b65531ec49 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=15 2010-03-18 15:02:49 +00:00
OBS User autobuild
b856e12c0f Accepting request 29043 from home:hennevogel:TODO
Copy from home:hennevogel:TODO/libgcrypt based on submit request 29043 from user coolo

OBS-URL: https://build.opensuse.org/request/show/29043
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=14
2010-01-14 14:27:35 +00:00
OBS User unknown
c8c3a8f3cd OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=12 2009-04-23 17:01:04 +00:00
OBS User unknown
b865ef73c1 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=11 2009-01-29 22:14:05 +00:00
OBS User unknown
9b89c9eaa8 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=10 2008-12-15 12:09:01 +00:00
OBS User unknown
d26de470a6 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=9 2008-11-17 16:16:05 +00:00
OBS User unknown
136387b962 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=8 2008-11-02 14:42:29 +00:00
OBS User unknown
4a523c8682 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=7 2008-07-05 00:29:19 +00:00
OBS User unknown
483178bbab OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=6 2008-05-16 20:06:57 +00:00
OBS User unknown
f5aacf25fd OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=5 2008-04-10 12:25:16 +00:00
OBS User unknown
8363b4f071 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=4 2008-01-18 01:02:35 +00:00
OBS User unknown
1ba9047201 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=3 2007-09-13 16:48:03 +00:00
OBS User unknown
a98529cf8a OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=2 2007-02-09 00:12:30 +00:00
OBS User unknown
bf104736a7 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=1 2007-01-15 23:21:52 +00:00
6 changed files with 0 additions and 2725 deletions

BIN
libgcrypt-1.10.3.tar.bz2 (Stored with Git LFS)

Binary file not shown.

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@ -1,618 +0,0 @@
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
@@ -42,7 +42,7 @@
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 3 /* API compatible, ABI may change, functional
+#define MINVERSION 4 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
@@ -200,29 +200,38 @@ ssize_t jent_read_entropy(struct rand_da
tocopy = (DATA_SIZE_BITS / 8);
else
tocopy = len;
- memcpy(p, &ec->data, tocopy);
+
+ jent_read_random_block(ec, p, tocopy);
len -= tocopy;
p += tocopy;
}
/*
- * To be on the safe side, we generate one more round of entropy
- * which we do not give out to the caller. That round shall ensure
- * that in case the calling application crashes, memory dumps, pages
- * out, or due to the CPU Jitter RNG lingering in memory for long
- * time without being moved and an attacker cracks the application,
- * all he reads in the entropy pool is a value that is NEVER EVER
- * being used for anything. Thus, he does NOT see the previous value
- * that was returned to the caller for cryptographic purposes.
+ * Enhanced backtracking support: At this point, the hash state
+ * contains the digest of the previous Jitter RNG collection round
+ * which is inserted there by jent_read_random_block with the SHA
+ * update operation. At the current code location we completed
+ * one request for a caller and we do not know how long it will
+ * take until a new request is sent to us. To guarantee enhanced
+ * backtracking resistance at this point (i.e. ensure that an attacker
+ * cannot obtain information about prior random numbers we generated),
+ * but still stirring the hash state with old data the Jitter RNG
+ * obtains a new message digest from its state and re-inserts it.
+ * After this operation, the Jitter RNG state is still stirred with
+ * the old data, but an attacker who gets access to the memory after
+ * this point cannot deduce the random numbers produced by the
+ * Jitter RNG prior to this point.
*/
/*
- * If we use secured memory, do not use that precaution as the secure
- * memory protects the entropy pool. Moreover, note that using this
- * call reduces the speed of the RNG by up to half
+ * If we use secured memory, where backtracking support may not be
+ * needed because the state is protected in a different method,
+ * it is permissible to drop this support. But strongly weigh the
+ * pros and cons considering that the SHA3 operation is not that
+ * expensive.
*/
#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
- jent_random_data(ec);
+ jent_read_random_block(ec, NULL, 0);
#endif
err:
@@ -379,6 +388,7 @@ static struct rand_data
*jent_entropy_collector_alloc_internal(unsigned int osr, unsigned int flags)
{
struct rand_data *entropy_collector;
+ uint32_t memsize = 0;
/*
* Requesting disabling and forcing of internal timer
@@ -405,7 +415,7 @@ static struct rand_data
return NULL;
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
- uint32_t memsize = jent_memsize(flags);
+ memsize = jent_memsize(flags);
entropy_collector->mem = _gcry_calloc (1, memsize);
@@ -431,13 +441,19 @@ static struct rand_data
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
}
+ if (sha3_alloc(&entropy_collector->hash_state))
+ goto err;
+
+ /* Initialize the hash state */
+ sha3_256_init(entropy_collector->hash_state);
+
/* verify and set the oversampling rate */
if (osr < JENT_MIN_OSR)
osr = JENT_MIN_OSR;
entropy_collector->osr = osr;
entropy_collector->flags = flags;
- if (jent_fips_enabled() || (flags & JENT_FORCE_FIPS))
+ if ((flags & JENT_FORCE_FIPS) || jent_fips_enabled())
entropy_collector->fips_enabled = 1;
/* Initialize the APT */
@@ -469,7 +485,7 @@ static struct rand_data
err:
if (entropy_collector->mem != NULL)
- jent_zfree(entropy_collector->mem, JENT_MEMORY_SIZE);
+ jent_zfree(entropy_collector->mem, memsize);
jent_zfree(entropy_collector, sizeof(struct rand_data));
return NULL;
}
@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
void jent_entropy_collector_free(struct rand_data *entropy_collector)
{
if (entropy_collector != NULL) {
+ sha3_dealloc(entropy_collector->hash_state);
jent_notime_disable(entropy_collector);
if (entropy_collector->mem != NULL) {
jent_zfree(entropy_collector->mem,
@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
int ret;
jent_notime_block_switch();
+ jent_health_cb_block_switch();
if (sha3_tester())
return EHASH;
@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
if (ret)
return ret;
+ ret = ENOTIME;
+
/* Test without internal timer unless caller does not want it */
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
ret = jent_time_entropy_init(osr,
@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
return jent_notime_switch(new_thread);
}
#endif
+
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
+{
+ return jent_set_fips_failure_callback_internal(cb);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
goto out;
}
- /*
- * Ensure that we have variations in the time stamp below 100 for at
- * least 10% of all checks -- on some platforms, the counter increments
- * in multiples of 100, but not always
- */
- if (running_gcd >= 100) {
+ /* Set a sensible maximum value. */
+ if (running_gcd >= UINT32_MAX / 2) {
ret = ECOARSETIME;
goto out;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
@@ -19,9 +19,24 @@
* DAMAGE.
*/
-#include "jitterentropy.h"
#include "jitterentropy-health.h"
+static jent_fips_failure_cb fips_cb = NULL;
+static int jent_health_cb_switch_blocked = 0;
+
+void jent_health_cb_block_switch(void)
+{
+ jent_health_cb_switch_blocked = 1;
+}
+
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb)
+{
+ if (jent_health_cb_switch_blocked)
+ return -EAGAIN;
+ fips_cb = cb;
+ return 0;
+}
+
/***************************************************************************
* Lag Predictor Test
*
@@ -434,5 +449,9 @@ unsigned int jent_health_failure(struct
if (!ec->fips_enabled)
return 0;
+ if (fips_cb && ec->health_failure) {
+ fips_cb(ec, ec->health_failure);
+ }
+
return ec->health_failure;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
@@ -20,11 +20,16 @@
#ifndef JITTERENTROPY_HEALTH_H
#define JITTERENTROPY_HEALTH_H
+#include "jitterentropy.h"
+
#ifdef __cplusplus
extern "C"
{
#endif
+void jent_health_cb_block_switch(void);
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb);
+
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
{
return (next - prev);
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
@@ -33,7 +33,7 @@
* Update of the loop count used for the next round of
* an entropy collection.
*
- * @ec [in] entropy collector struct -- may be NULL
+ * @ec [in] entropy collector struct
* @bits [in] is the number of low bits of the timer to consider
* @min [in] is the number of bits we shift the timer value to the right at
* the end to make sure we have a guaranteed minimum value
@@ -61,16 +61,13 @@ static uint64_t jent_loop_shuffle(struct
* Mix the current state of the random number into the shuffle
* calculation to balance that shuffle a bit more.
*/
- if (ec) {
- jent_get_nstime_internal(ec, &time);
- time ^= ec->data[0];
- }
+ jent_get_nstime_internal(ec, &time);
/*
* We fold the time value as much as possible to ensure that as many
* bits of the time stamp are included as possible.
*/
- for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
+ for (i = 0; (((sizeof(time) << 3) + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -91,11 +88,11 @@ static uint64_t jent_loop_shuffle(struct
* This function injects the individual bits of the time value into the
* entropy pool using a hash.
*
- * @ec [in] entropy collector struct -- may be NULL
- * @time [in] time stamp to be injected
+ * @ec [in] entropy collector struct
+ * @time [in] time delta to be injected
* @loop_cnt [in] if a value not equal to 0 is set, use the given value as
* number of loops to perform the hash operation
- * @stuck [in] Is the time stamp identified as stuck?
+ * @stuck [in] Is the time delta identified as stuck?
*
* Output:
* updated hash context
@@ -104,17 +101,19 @@ static void jent_hash_time(struct rand_d
uint64_t loop_cnt, unsigned int stuck)
{
HASH_CTX_ON_STACK(ctx);
- uint8_t itermediary[SHA3_256_SIZE_DIGEST];
+ uint8_t intermediary[SHA3_256_SIZE_DIGEST];
uint64_t j = 0;
- uint64_t hash_loop_cnt;
#define MAX_HASH_LOOP 3
#define MIN_HASH_LOOP 0
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_HASH_LOOP + MIN_HASH_LOOP) > 63);
- hash_loop_cnt =
+ uint64_t hash_loop_cnt =
jent_loop_shuffle(ec, MAX_HASH_LOOP, MIN_HASH_LOOP);
+ /* Use the memset to shut up valgrind */
+ memset(intermediary, 0, sizeof(intermediary));
+
sha3_256_init(&ctx);
/*
@@ -125,35 +124,54 @@ static void jent_hash_time(struct rand_d
hash_loop_cnt = loop_cnt;
/*
- * This loop basically slows down the SHA-3 operation depending
- * on the hash_loop_cnt. Each iteration of the loop generates the
- * same result.
+ * This loop fills a buffer which is injected into the entropy pool.
+ * The main reason for this loop is to execute something over which we
+ * can perform a timing measurement. The injection of the resulting
+ * data into the pool is performed to ensure the result is used and
+ * the compiler cannot optimize the loop away in case the result is not
+ * used at all. Yet that data is considered "additional information"
+ * considering the terminology from SP800-90A without any entropy.
+ *
+ * Note, it does not matter which or how much data you inject, we are
+ * interested in one Keccack1600 compression operation performed with
+ * the sha3_final.
*/
for (j = 0; j < hash_loop_cnt; j++) {
- sha3_update(&ctx, ec->data, SHA3_256_SIZE_DIGEST);
- sha3_update(&ctx, (uint8_t *)&time, sizeof(uint64_t));
+ sha3_update(&ctx, intermediary, sizeof(intermediary));
+ sha3_update(&ctx, (uint8_t *)&ec->rct_count,
+ sizeof(ec->rct_count));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_cutoff,
+ sizeof(ec->apt_cutoff));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_observations,
+ sizeof(ec->apt_observations));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_count,
+ sizeof(ec->apt_count));
+ sha3_update(&ctx,(uint8_t *) &ec->apt_base,
+ sizeof(ec->apt_base));
sha3_update(&ctx, (uint8_t *)&j, sizeof(uint64_t));
+ sha3_final(&ctx, intermediary);
+ }
- /*
- * If the time stamp is stuck, do not finally insert the value
- * into the entropy pool. Although this operation should not do
- * any harm even when the time stamp has no entropy, SP800-90B
- * requires that any conditioning operation to have an identical
- * amount of input data according to section 3.1.5.
- */
+ /*
+ * Inject the data from the previous loop into the pool. This data is
+ * not considered to contain any entropy, but it stirs the pool a bit.
+ */
+ sha3_update(ec->hash_state, intermediary, sizeof(intermediary));
- /*
- * The sha3_final operations re-initialize the context for the
- * next loop iteration.
- */
- if (stuck || (j < hash_loop_cnt - 1))
- sha3_final(&ctx, itermediary);
- else
- sha3_final(&ctx, ec->data);
- }
+ /*
+ * Insert the time stamp into the hash context representing the pool.
+ *
+ * If the time stamp is stuck, do not finally insert the value into the
+ * entropy pool. Although this operation should not do any harm even
+ * when the time stamp has no entropy, SP800-90B requires that any
+ * conditioning operation to have an identical amount of input data
+ * according to section 3.1.5.
+ */
+ if (!stuck)
+ sha3_update(ec->hash_state, (uint8_t *)&time, sizeof(uint64_t));
jent_memset_secure(&ctx, SHA_MAX_CTX_SIZE);
- jent_memset_secure(itermediary, sizeof(itermediary));
+ jent_memset_secure(intermediary, sizeof(intermediary));
}
#define MAX_ACC_LOOP_BIT 7
@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
- uint64_t i = 0;
+ uint64_t i = 0, time = 0;
union {
uint32_t u[4];
uint8_t b[sizeof(uint32_t) * 4];
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
uint32_t addressMask;
- uint64_t acc_loop_cnt;
if (NULL == ec || NULL == ec->mem)
return;
@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
- acc_loop_cnt =
+ uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
/*
@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
* "per-update: timing, it gets you mostly independent "per-update"
* timing, so we can now benefit from the Central Limit Theorem!
*/
- for (i = 0; i < sizeof(prngState); i++)
- prngState.b[i] ^= ec->data[i];
+ for (i = 0; i < sizeof(prngState); i++) {
+ jent_get_nstime_internal(ec, &time);
+ prngState.b[i] ^= (uint8_t)(time & 0xff);
+ }
/*
* testing purposes -- allow test app to set the counter, not
@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
/**
* Generator of one 256 bit random number
- * Function fills rand_data->data
+ * Function fills rand_data->hash_state
*
* @ec [in] Reference to entropy collector
*/
void jent_random_data(struct rand_data *ec)
{
- unsigned int k = 0, safety_factor = ENTROPY_SAFETY_FACTOR;
+ unsigned int k = 0, safety_factor = 0;
- if (!ec->fips_enabled)
- safety_factor = 0;
+ if (ec->fips_enabled)
+ safety_factor = ENTROPY_SAFETY_FACTOR;
/* priming of the ->prev_time value */
jent_measure_jitter(ec, 0, NULL);
- while (1) {
+ while (!jent_health_failure(ec)) {
/* If a stuck measurement is received, repeat measurement */
if (jent_measure_jitter(ec, 0, NULL))
continue;
@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
break;
}
}
+
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len)
+{
+ uint8_t jent_block[SHA3_256_SIZE_DIGEST];
+
+ BUILD_BUG_ON(SHA3_256_SIZE_DIGEST != (DATA_SIZE_BITS / 8));
+
+ /* The final operation automatically re-initializes the ->hash_state */
+ sha3_final(ec->hash_state, jent_block);
+ if (dst_len)
+ memcpy(dst, jent_block, dst_len);
+
+ /*
+ * Stir the new state with the data from the old state - the digest
+ * of the old data is not considered to have entropy.
+ */
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
+ jent_memset_secure(jent_block, sizeof(jent_block));
+}
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
uint64_t loop_cnt,
uint64_t *ret_current_delta);
void jent_random_data(struct rand_data *ec);
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len);
#ifdef __cplusplus
}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
@@ -19,6 +19,7 @@
*/
#include "jitterentropy-sha3.h"
+#include "jitterentropy.h"
/***************************************************************************
* Message Digest Implementation
@@ -380,3 +381,23 @@ int sha3_tester(void)
return 0;
}
+
+int sha3_alloc(void **hash_state)
+{
+ struct sha_ctx *tmp;
+
+ tmp = jent_zalloc(SHA_MAX_CTX_SIZE);
+ if (!tmp)
+ return 1;
+
+ *hash_state = tmp;
+
+ return 0;
+}
+
+void sha3_dealloc(void *hash_state)
+{
+ struct sha_ctx *ctx = (struct sha_ctx *)hash_state;
+
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
@@ -47,6 +47,8 @@ struct sha_ctx {
void sha3_256_init(struct sha_ctx *ctx);
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
void sha3_final(struct sha_ctx *ctx, uint8_t *digest);
+int sha3_alloc(void **hash_state);
+void sha3_dealloc(void *hash_state);
int sha3_tester(void);
#ifdef __cplusplus
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
/* Self test not run yet */
if (!jent_force_internal_timer &&
- jent_time_entropy_init(flags | JENT_FORCE_INTERNAL_TIMER,
- ec->osr))
+ jent_time_entropy_init(ec->osr,
+ flags | JENT_FORCE_INTERNAL_TIMER))
return EHEALTH;
ec->enable_notime = 1;
Index: libgcrypt-1.10.0/random/jitterentropy.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
+++ libgcrypt-1.10.0/random/jitterentropy.h
@@ -49,7 +49,7 @@
***************************************************************************/
/*
- * Enable timer-less timer support
+ * Enable timer-less timer support with JENT_CONF_ENABLE_INTERNAL_TIMER
*
* In case the hardware is identified to not provide a high-resolution time
* stamp, this option enables a built-in high-resolution time stamp mechanism.
@@ -166,7 +166,7 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint8_t data[SHA3_256_SIZE_DIGEST]; /* SENSITIVE Actual random number */
+ void *hash_state; /* SENSITIVE hash state entropy pool */
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
+/*
+ * Set a callback to run on health failure in FIPS mode.
+ * This function will take an action determined by the caller.
+ */
+typedef void (*jent_fips_failure_cb)(struct rand_data *ec,
+ unsigned int health_failure);
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb);
+
/* return version number of core library */
JENT_PRIVATE_STATIC
unsigned int jent_version(void);
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
/* Set a different thread handling logic for the notimer support */
JENT_PRIVATE_STATIC
int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread);
-#endif
/* -- END of Main interface functions -- */
/* -- BEGIN timer-less threading support functions to prevent code dupes -- */
-struct jent_notime_ctx {
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
+
+struct jent_notime_ctx {
pthread_attr_t notime_pthread_attr; /* pthreads library */
pthread_t notime_thread_id; /* pthreads thread ID */
-#endif
};
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
ext = strstr(buf, "K");
if (ext) {
shift = 10;
- ext = '\0';
+ *ext = '\0';
} else {
ext = strstr(buf, "M");
if (ext) {
shift = 20;
- ext = '\0';
+ *ext = '\0';
}
}

View File

@ -1,35 +0,0 @@
--- libgcrypt-1.10.3.orig/acinclude.m4
+++ libgcrypt-1.10.3/acinclude.m4
@@ -130,10 +130,10 @@ EOF
ac_nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \| cut -d \' \' -f 2 \> $ac_nlist) && test -s "$ac_nlist"; then
# See whether the symbols have a leading underscore.
- if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
+ if grep -E '^_nm_test_func' "$ac_nlist" >/dev/null; then
ac_cv_sys_symbol_underscore=yes
else
- if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
+ if grep -E '^nm_test_func ' "$ac_nlist" >/dev/null; then
:
else
echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
--- libgcrypt-1.10.3.orig/src/libgcrypt-config.in
+++ libgcrypt-1.10.3/src/libgcrypt-config.in
@@ -154,7 +154,7 @@ if test "$echo_cflags" = "yes"; then
tmp=""
for i in $includes $cflags_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done
@@ -175,7 +175,7 @@ if test "$echo_libs" = "yes"; then
tmp=""
for i in $libdirs $libs_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done

View File

@ -1,76 +0,0 @@
commit 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14
Author: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun Jun 12 21:51:34 2022 +0300
ppc enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch 3.00
* cipher/chacha20.c (chacha20_do_setkey) [USE_PPC_VEC]: Enable
P10 assembly for HWF_PPC_ARCH_3_00 if ENABLE_FORCE_SOFT_HWFEATURES is
defined.
* cipher/poly1305.c (poly1305_init) [POLY1305_USE_PPC_VEC]: Likewise.
* cipher/rijndael.c (do_setkey) [USE_PPC_CRYPTO_WITH_PPC9LE]: Likewise.
---
This change allows testing P10 implementations with P9 and with QEMU-PPC.
GnuPG-bug-id: 6006
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Index: libgcrypt-1.10.2/cipher/chacha20.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/chacha20.c
+++ libgcrypt-1.10.2/cipher/chacha20.c
@@ -484,6 +484,11 @@ chacha20_do_setkey (CHACHA20_context_t *
ctx->use_ppc = (features & HWF_PPC_ARCH_2_07) != 0;
# ifndef WORDS_BIGENDIAN
ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
# endif
#endif
#ifdef USE_S390X_VX
Index: libgcrypt-1.10.2/cipher/poly1305.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/poly1305.c
+++ libgcrypt-1.10.2/cipher/poly1305.c
@@ -90,11 +90,19 @@ static void poly1305_init (poly1305_cont
const byte key[POLY1305_KEYLEN])
{
POLY1305_STATE *st = &ctx->state;
+ unsigned int features = _gcry_get_hw_features ();
#ifdef POLY1305_USE_PPC_VEC
- ctx->use_p10 = (_gcry_get_hw_features () & HWF_PPC_ARCH_3_10) != 0;
+ ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
#endif
+ (void)features;
+
ctx->leftover = 0;
st->h[0] = 0;
Index: libgcrypt-1.10.2/cipher/rijndael.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/rijndael.c
+++ libgcrypt-1.10.2/cipher/rijndael.c
@@ -605,6 +605,12 @@ do_setkey (RIJNDAEL_context *ctx, const
bulk_ops->xts_crypt = _gcry_aes_ppc9le_xts_crypt;
if (hwfeatures & HWF_PPC_ARCH_3_10) /* for P10 */
bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ if (hwfeatures & HWF_PPC_ARCH_3_00)
+ bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# endif
}
#endif
#ifdef USE_PPC_CRYPTO