SHA256
1
0
forked from pool/libgcrypt

Accepting request 211707 from devel:libraries:c_c++

- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

- update to 1.6. 
 * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
 * Added support for Deterministic DSA as per RFC-6969.
 * Added support for curve Ed25519.
 * Added a scatter gather hash convenience function.
 * Added several MPI amd SEXP helper functions.
 * Added support for negative numbers to gcry_mpi_print,
   gcry_mpi_aprint and gcry_mpi_scan.

OBS-URL: https://build.opensuse.org/request/show/211707
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=38
This commit is contained in:
Tomáš Chvátal 2013-12-22 18:35:06 +00:00 committed by Git OBS Bridge
commit aadeed81f8
10 changed files with 148 additions and 64 deletions

View File

@ -1,6 +1,6 @@
libgcrypt11 libgcrypt20
obsoletes "libgcrypt-<targettype> <= <version>" obsoletes "libgcrypt-<targettype> <= <version>"
provides "libgcrypt-<targettype> = <version>" provides "libgcrypt-<targettype> = <version>"
libgcrypt-devel libgcrypt-devel
requires -libgcrypt-<targettype> requires -libgcrypt-<targettype>
requires "libgcrypt11-<targettype> = <version>" requires "libgcrypt20-<targettype> = <version>"

View File

@ -15,11 +15,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=724841
random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 48 insertions(+), 12 deletions(-) 3 files changed, 48 insertions(+), 12 deletions(-)
Index: libgcrypt-1.5.2/random/random-csprng.c Index: libgcrypt-1.6.0/random/random-csprng.c
=================================================================== ===================================================================
--- libgcrypt-1.5.2.orig/random/random-csprng.c --- libgcrypt-1.6.0.orig/random/random-csprng.c
+++ libgcrypt-1.5.2/random/random-csprng.c +++ libgcrypt-1.6.0/random/random-csprng.c
@@ -827,7 +827,7 @@ read_seed_file (void) @@ -832,7 +832,7 @@ read_seed_file (void)
* entropy drivers, however the rndlinux driver will use * entropy drivers, however the rndlinux driver will use
* /dev/urandom and return some stuff - Do not read too much as we * /dev/urandom and return some stuff - Do not read too much as we
* want to be friendly to the scare system entropy resource. */ * want to be friendly to the scare system entropy resource. */
@ -28,10 +28,10 @@ Index: libgcrypt-1.5.2/random/random-csprng.c
allow_seed_file_update = 1; allow_seed_file_update = 1;
return 1; return 1;
Index: libgcrypt-1.5.2/random/random-fips.c Index: libgcrypt-1.6.0/random/random-fips.c
=================================================================== ===================================================================
--- libgcrypt-1.5.2.orig/random/random-fips.c --- libgcrypt-1.6.0.orig/random/random-fips.c
+++ libgcrypt-1.5.2/random/random-fips.c +++ libgcrypt-1.6.0/random/random-fips.c
@@ -27,10 +27,10 @@ @@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of There are 3 random context which map to the different levels of
random quality: random quality:
@ -56,31 +56,34 @@ Index: libgcrypt-1.5.2/random/random-fips.c
#elif USE_RNDW32 #elif USE_RNDW32
do do
{ {
Index: libgcrypt-1.5.2/random/rndlinux.c Index: libgcrypt-1.6.0/random/rndlinux.c
=================================================================== ===================================================================
--- libgcrypt-1.5.2.orig/random/rndlinux.c --- libgcrypt-1.6.0.orig/random/rndlinux.c
+++ libgcrypt-1.5.2/random/rndlinux.c +++ libgcrypt-1.6.0/random/rndlinux.c
@@ -36,7 +36,8 @@ @@ -36,7 +36,8 @@
#include "g10lib.h" #include "g10lib.h"
#include "rand-internal.h" #include "rand-internal.h"
-static int open_device ( const char *name ); -static int open_device (const char *name, int retry);
+static int open_device ( const char *name, int fatal ); +static int open_device (const char *name, int retry, int fatal);
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed" +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
static int static int
@@ -57,13 +58,17 @@ set_cloexec_flag (int fd) @@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)). * a fatal error but retries until it is able to reopen the device.
*/ */
static int static int
-open_device ( const char *name ) -open_device (const char *name, int retry)
+open_device ( const char *name, int fatal) +open_device (const char *name, int retry, int fatal)
{ {
int fd; int fd;
fd = open ( name, O_RDONLY ); @@ -77,8 +78,11 @@ open_device (const char *name, int retry
if ( fd == -1 ) select (0, NULL, NULL, NULL, &tv);
goto again;
}
- if (fd == -1)
- log_fatal ("can't open %s: %s\n", name, strerror(errno) ); - log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ { + {
+ if (fatal) + if (fatal)
@ -90,11 +93,12 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
if (set_cloexec_flag (fd)) if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n", log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add @@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add
{ {
static int fd_urandom = -1; static int fd_urandom = -1;
static int fd_random = -1; static int fd_random = -1;
+ static int fd_configured = -1; + static int fd_configured = -1;
static unsigned char ever_opened;
int fd; int fd;
int n; int n;
byte buffer[768]; byte buffer[768];
@ -103,10 +107,10 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
size_t want = length; size_t want = length;
size_t last_so_far = 0; size_t last_so_far = 0;
int any_need_entropy = 0; int any_need_entropy = 0;
@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add @@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add
length -= n_hw; that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
/* Open the requested device. */ used and the device needs to be re-opened later. */
+ +
+ /* Clarification: path how "level == -1" comes about: + /* Clarification: path how "level == -1" comes about:
+ gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) -> + gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
@ -126,7 +130,7 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
+ if (level == -1) + if (level == -1)
+ { + {
+ if (fd_configured == -1) + if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 ); + fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
+ fd = fd_configured; + fd = fd_configured;
+ if (fd == -1) + if (fd == -1)
+ level = 1; + level = 1;
@ -136,20 +140,24 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
if (level >= 2) if (level >= 2)
{ {
if (fd_random == -1) if (fd_random == -1)
- fd_random = open_device ( NAME_OF_DEV_RANDOM ); {
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 ); - fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
ever_opened |= 1;
}
fd = fd_random; fd = fd_random;
} }
- else - else
+ else if (level != -1) + else if (level != -1)
{ {
if (fd_urandom == -1) if (fd_urandom == -1)
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM ); {
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 ); - fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
fd = fd_urandom; + fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
ever_opened |= 2;
} }
fd = fd_urandom;
@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add @@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add
} }
memset(buffer, 0, sizeof(buffer) ); memset(buffer, 0, sizeof(buffer) );

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1
size 1508530

Binary file not shown.

View File

@ -0,0 +1,21 @@
From: Michal Vyskoci<mvyskocil@suse.com>
Subject: Use internall malloc in fips.c
---
src/fips.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libgcrypt-1.6.0/src/fips.c
===================================================================
--- libgcrypt-1.6.0.orig/src/fips.c
+++ libgcrypt-1.6.0/src/fips.c
@@ -613,7 +613,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else

3
libgcrypt-1.6.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708
size 2499149

BIN
libgcrypt-1.6.0.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.4.0/mpi/config.links Index: libgcrypt-1.6.0/mpi/config.links
=================================================================== ===================================================================
--- libgcrypt-1.4.0.orig/mpi/config.links --- libgcrypt-1.6.0.orig/mpi/config.links
+++ libgcrypt-1.4.0/mpi/config.links +++ libgcrypt-1.6.0/mpi/config.links
@@ -237,11 +237,11 @@ case "${host}" in @@ -282,12 +282,12 @@ case "${host}" in
;; ;;
ppc620-*-* | \ ppc620-*-* | \
@ -10,18 +10,19 @@ Index: libgcrypt-1.4.0/mpi/config.links
+ powerpc64-*-*) + powerpc64-*-*)
mpi_sflags="-Wa,-mppc" mpi_sflags="-Wa,-mppc"
path="powerpc64" path="powerpc64"
mpi_cpu_arch="ppc"
;; ;;
- powerpc*-*-linux*) - powerpc*-*-linux*)
+ powerpc-*-linux*) + powerpc-*-linux*)
echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h
@@ -276,7 +276,7 @@ case "${host}" in @@ -327,7 +327,7 @@ case "${host}" in
mpi_sflags="-Wa,-mppc"
path="powerpc32" path="powerpc32"
mpi_cpu_arch="ppc"
;; ;;
- powerpc*-*-*) - powerpc*-*-*)
+ powerpc-*-*) + powerpc-*-*)
mpi_sflags="-Wa,-mppc" mpi_sflags="-Wa,-mppc"
path="powerpc32" path="powerpc32"
;; mpi_cpu_arch="ppc"

View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency
-------------------------------------------------------------------
Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
* Added support for Deterministic DSA as per RFC-6969.
* Added support for curve Ed25519.
* Added a scatter gather hash convenience function.
* Added several MPI amd SEXP helper functions.
* Added support for negative numbers to gcry_mpi_print,
gcry_mpi_aprint and gcry_mpi_scan.
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
* Changed gcry_pk_genkey for "ecc" to only include the curve name and
not the parameters. The flag "param" may be used to revert this.
* Added a feature to globally disable selected hardware features.
* Added debug helper functions.
- rebased patches
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
* libgcrypt-ppc64.patch
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
- Move all documentation to -devel package
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de

View File

@ -19,12 +19,12 @@
%define build_hmac256 1 %define build_hmac256 1
%define separate_hmac256_binary 0 %define separate_hmac256_binary 0
%define libsoname %{name}11 %define libsoname %{name}20
%define sosuffix 11.8.2 %define sosuffix 20.0.0
Name: libgcrypt Name: libgcrypt
Url: http://directory.fsf.org/wiki/Libgcrypt Url: http://directory.fsf.org/wiki/Libgcrypt
Version: 1.5.3 Version: 1.6.0
Release: 0 Release: 0
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@ -45,6 +45,8 @@ Patch5: libgcrypt-unresolved-dladdr.patch
Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
#PATCH-FIX-SUSE: N/A #PATCH-FIX-SUSE: N/A
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
Patch8: libgcrypt-1.6.0-use-intenal-functions.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake >= 1.11 BuildRequires: automake >= 1.11
BuildRequires: libgpg-error-devel >= 1.8 BuildRequires: libgpg-error-devel >= 1.8
@ -91,7 +93,7 @@ library.
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libgcrypt11 = %version Requires: %{libsoname} = %version
Requires: libgpg-error-devel Requires: libgpg-error-devel
PreReq: %install_info_prereq PreReq: %install_info_prereq
@ -112,6 +114,7 @@ understanding of applied cryptography is required to use Libgcrypt.
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%build %build
echo building with build_hmac256 set to %{build_hmac256} echo building with build_hmac256 set to %{build_hmac256}
@ -127,7 +130,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
%endif %endif
--enable-hmac-binary-check \ --enable-hmac-binary-check \
--enable-random=linux --enable-random=linux
%{__make} %{?_smp_mflags} make %{?_smp_mflags}
%if 0%{?build_hmac256} %if 0%{?build_hmac256}
# this is a hack that re-defines the __os_install_post macro # this is a hack that re-defines the __os_install_post macro
@ -142,7 +145,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
}} }}
%endif %endif
@ -173,28 +176,31 @@ rm %{buildroot}%{_libdir}/%{name}.la
%files -n %{libsoname} %files -n %{libsoname}
%defattr(-,root,root) %defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %doc COPYING.LIB
%{_libdir}/%{name}.so.11* %{_libdir}/%{name}.so.*
%if 0%{?build_hmac256} %if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.11.hmac %{_libdir}/.libgcrypt.so.*.hmac
%endif # %if 0%{?build_hmac256} %endif # %if 0%{?build_hmac256}
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%_infodir/gcrypt.info.gz %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
%_infodir/gcrypt.info-1.gz %{_infodir}/gcrypt.info.gz
%_infodir/gcrypt.info-2.gz %{_infodir}/gcrypt.info-1.gz
%_bindir/dumpsexp %{_infodir}/gcrypt.info-2.gz
%_bindir/%{name}-config %{_bindir}/dumpsexp
%_libdir/%{name}.so %{_bindir}/mpicalc
%_includedir/gcrypt*.h %{_bindir}/%{name}-config
%_datadir/aclocal/%{name}.m4 %{_libdir}/%{name}.so
%if 0%{?separate_hmac256_binary} %{_includedir}/gcrypt*.h
%{_datadir}/aclocal/%{name}.m4
%if 0%{?separate_hmac256_binary}
%files hmac256 %files hmac256
%defattr(-,root,root) %defattr(-,root,root)
%endif # %if 0%{?separate_hmac256_binary} %endif # %if 0%{?separate_hmac256_binary}
%{_bindir}/hmac256 %{_bindir}/hmac256
%{_bindir}/.hmac256.hmac %{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1*
%changelog %changelog