3
0
forked from pool/libgcrypt
libgcrypt/libgcrypt.spec
Pedro Monreal Gonzalez c1414c55a9 Accepting request 1183811 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.11.0:
  * New and extended interfaces:
    - Add an API for Key Encapsulation Mechanism (KEM). [T6755]
    - Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
    - Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
    - Add Classic McEliece algorithm. [rC003367b912]
    - Add One-Step KDF with hash and MAC. [T5964]
    - Add KDF algorithm HKDF of RFC-5869. [T5964]
    - Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
    - Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
    - Add ARIA block cipher algorithm. [rC316c6d7715]
    - Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
    - Add support for SHAKE as MGF in RSA. [T6557]
    - Add gcry_md_read support for SHAKE algorithms. [T6539]
    - Add gcry_md_hash_buffers_ext function. [T7035]
    - Add cSHAKE hash algorithm. [rC065b3f4e02]
    - Support internal generation of IV for AEAD cipher mode. [T4873]
  * Performance:
    - Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
    - Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
    - Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
    - Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
    - Add PowerPC vector implementation of SM4. [rC0b2da804ee]
    - Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
    - Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
    - Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
      and Camellia. [rCcf956793af]
    - Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
    - Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
      and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]

OBS-URL: https://build.opensuse.org/request/show/1183811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=180
2024-06-28 09:08:29 +00:00

194 lines
7.3 KiB
RPMSpec

#
# spec file for package libgcrypt
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libsover 20
%define libsoname %{name}%{libsover}
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
Name: libgcrypt
Version: 1.11.0
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
Group: Development/Libraries/C and C++
URL: https://gnupg.org/software/libgcrypt
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
Source3: random.conf
Source4: hwf.deny
# https://www.gnupg.org/signature_key.html
Source5: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source99: libgcrypt.changes
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
Patch2: libgcrypt-nobetasuffix.patch
# FIPS patches:
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
Patch100: libgcrypt-FIPS-SLI-pk.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS: Check keylength in gcry_fips_indicator_kdf()
Patch101: libgcrypt-FIPS-SLI-kdf-leylength.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS add indicators
Patch102: libgcrypt-FIPS-SLI-hash-mac.patch
#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
Patch104: libgcrypt-FIPS-rndjent_poll.patch
#PATCH-FIX-SUSE bsc#1220896 FIPS: Replace the built-in jitter rng with standalone version
Patch105: libgcrypt-FIPS-jitter-standalone.patch
#PATCH-FIX-SUSE bsc#1220895 FIPS: Enforce the interpretation and use of jitter rng
Patch106: libgcrypt-FIPS-jitter-errorcodes.patch
#PATCH-FIX-SUSE bsc#1220893 FIPS: Use Jitter RNG for the whole length entropy buffer
Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
BuildRequires: automake >= 1.14
BuildRequires: libgpg-error-devel >= 1.49
BuildRequires: libtool
BuildRequires: makeinfo
BuildRequires: pkgconfig
%{?suse_build_hwcaps_libs}
%description
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%package -n %{libsoname}
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: System/Libraries
BuildRequires: jitterentropy-devel >= 3.4.0
Requires: libjitterentropy3 >= 3.4.0
Provides: %{libsoname}-hmac = %{version}-%{release}
Obsoletes: %{libsoname}-hmac < %{version}-%{release}
%description -n %{libsoname}
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).
%package devel
Summary: The GNU Crypto Library
License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: jitterentropy-devel >= 3.4.0
Requires: libgpg-error-devel >= 1.49
%description devel
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
This package contains needed files to compile and link against the
library.
%prep
%autosetup -p1
# Rename the internal .hmac file to include the so library version
sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile.am src/Makefile.in
# Replace the built-in jitter rng with the standalone version [bsc#1220896]
find . -type f -name "jitterentropy*" -print -delete
%build
export PUBKEYS="dsa elgamal rsa ecc"
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
export KDFS="s2k pkdf2 scrypt"
autoreconf -fi
date=$(date -u '+%%Y-%%m-%%dT%%H:%%M+0000' -r %{SOURCE99})
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure \
--with-fips-module-version="Libgcrypt version %{version}-%{release}" \
--enable-hmac-binary-check="%{hmac_key}" \
--enable-ciphers="$CIPHERS" \
--enable-pubkey-ciphers="$PUBKEYS" \
--enable-digests="$DIGESTS" \
--enable-kdfs="$KDFS" \
--enable-noexecstack \
--disable-static \
--enable-m-guard \
%ifarch %{sparc}
--disable-asm \
%endif
--enable-random=getentropy \
--enable-jent-support \
%{nil}
%make_build
%check
make -k check
# run the regression tests also in FIPS mode
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
%install
%make_install
# this is a hack that re-defines the __spec_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
cd src \
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac \
%{nil}
rm %{buildroot}%{_libdir}/%{name}.la
# Create /etc/gcrypt directory and install random.conf
mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%files -n %{libsoname}
%license COPYING COPYING.LIB LICENSES
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%{_libdir}/%{name}.so.*
%dir %{_sysconfdir}/gcrypt
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
%files devel
%license COPYING COPYING.LIB LICENSES
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_bindir}/mpicalc
%{_bindir}/%{name}-config
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/libgcrypt.pc
%{_datadir}/aclocal/%{name}.m4
%{_includedir}/gcrypt*.h
%{_infodir}/gcrypt.info*%{ext_info}*
%{_mandir}/man1/*
%changelog