forked from pool/libgcrypt
Accepting request 235587 from devel:libraries:c_c++
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode. - libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11 - libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF DSO loading to meet FIPS requirements. (forwarded request 235418 from msmeissn) OBS-URL: https://build.opensuse.org/request/show/235587 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=48
This commit is contained in:
commit
dbc6021874
@ -47,7 +47,7 @@ Index: libgcrypt-1.6.1/src/fips.c
|
||||
- if (!dladdr ("gcry_check_version", &info))
|
||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||
+
|
||||
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
|
||||
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
||||
{
|
||||
|
24
libgcrypt-fix-rng.patch
Normal file
24
libgcrypt-fix-rng.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Index: libgcrypt-1.6.1/random/random.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/random/random.c
|
||||
+++ libgcrypt-1.6.1/random/random.c
|
||||
@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
size_t n;
|
||||
int err;
|
||||
|
||||
+ /* Make sure we are initialized. */
|
||||
+ _gcry_random_initialize (1);
|
||||
+
|
||||
/* First check whether we shall use the FIPS nonce generator. This
|
||||
is only done in FIPS mode, in all other modes, we use our own
|
||||
nonce generator which is seeded by the RNG actual in use. */
|
||||
@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
FIPS mode (not that this means it is also used if the FIPS RNG
|
||||
has been selected but we are not in fips mode). */
|
||||
|
||||
- /* Make sure we are initialized. */
|
||||
- _gcry_random_initialize (1);
|
||||
-
|
||||
/* Acquire the nonce buffer lock. */
|
||||
err = ath_mutex_lock (&nonce_buffer_lock);
|
||||
if (err)
|
13
libgcrypt-init-at-elf-load-fips.patch
Normal file
13
libgcrypt-init-at-elf-load-fips.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: libgcrypt-1.6.1/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/src/global.c
|
||||
+++ libgcrypt-1.6.1/src/global.c
|
||||
@@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test
|
||||
likely to be called at startup. The suggested way for an
|
||||
application to make sure that this has been called is by using
|
||||
gcry_check_version. */
|
||||
-static void
|
||||
+static void __attribute__((constructor))
|
||||
global_init (void)
|
||||
{
|
||||
gcry_error_t err = 0;
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 26 12:05:17 UTC 2014 - meissner@suse.com
|
||||
|
||||
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
|
||||
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
|
||||
and not libgcrypt.so.11
|
||||
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
|
||||
DSO loading to meet FIPS requirements.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com
|
||||
|
||||
|
@ -56,6 +56,8 @@ Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
||||
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
|
||||
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
|
||||
Patch27: 0007-User-interface-to-DRBG.patch
|
||||
Patch28: libgcrypt-fix-rng.patch
|
||||
Patch29: libgcrypt-init-at-elf-load-fips.patch
|
||||
BuildRequires: automake >= 1.11
|
||||
BuildRequires: libgpg-error-devel >= 1.11
|
||||
BuildRequires: libtool
|
||||
@ -136,6 +138,8 @@ understanding of applied cryptography is required to use Libgcrypt.
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%endif
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user