Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory
checked in at 2016-08-31 00:00:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2016-08-22
10:06:37.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2016-08-31
00:00:27.000000000 +0200
@@ -1,0 +2,144 @@
+Sat Aug 20 10:38:15 UTC 2016 - mpluskal,vcizek,astieger}@suse.com
+
+- libgcrypt 1.7.3:
+ * security issue already fixes with 1.6.6
+ * Fix building of some asm modules with older compilers and CPUs.
+ * ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
+- includes changes from libgcrypt 1.7.2:
+ * Bug fixes:
+ - Fix setting of the ECC cofactor if parameters are specified.
+ - Fix memory leak in the ECC code.
+ - Remove debug message about unsupported getrandom syscall.
+ - Fix build problems related to AVX use.
+ - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
+ * Internal changes:
+ - Improved fatal error message for wrong use of gcry_md_read.
+ - Disallow symmetric encryption/decryption if key is not set.
+- includes changes from 1.7.1:
+ * Bug fixes:
+ - Fix ecc_verify for cofactor support.
+ - Fix portability bug when using gcc with Solaris 9 SPARC.
+ - Build fix for OpenBSD/amd64
+ - Add OIDs to the Serpent ciphers.
+ * Internal changes:
+ - Use getrandom system call on Linux if available.
+ - Blinding is now also used for RSA signature creation.
+ - Changed names of debug envvars
+- includes changes from 1.7.0:
+ * New algorithms and modes:
+ - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
+ - SHAKE128 and SHAKE256 extendable-output hash algorithms.
+ - ChaCha20 stream cipher.
+ - Poly1305 message authentication algorithm
+ - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
+ mode.
+ - OCB mode.
+ - HMAC-MD2 for use by legacy applications.
+ * New curves for ECC:
+ - Curve25519.
+ - sec256k1.
+ - GOST R 34.10-2001 and GOST R 34.10-2012.
+ * Performance:
+ - Improved performance of KDF functions.
+ - Assembler optimized implementations of Blowfish and Serpent on
+ ARM.
+ - Assembler optimized implementation of 3DES on x86.
+ - Improved AES using the SSSE3 based vector permutation method by
+ Mike Hamburg.
+ - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
+ about 20% faster than SSSE3 and more than 100% faster than the
+ generic C implementation.
+ - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
+ - 60-90% speedup for Whirlpool on x86.
+ - 300% speedup for RIPE MD-160.
+ - Up to 11 times speedup for CRC functions on x86.
+ * Other features:
+ - Improved ECDSA and FIPS 186-4 compliance.
+ - Support for Montgomery curves.
+ - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
+ algorithm.
+ - gcry_mpi_ec_sub to subtract two points on a curve.
+ - gcry_mpi_ec_decode_point to decode an MPI into a point object.
+ - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
+ - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
+ hash part.
+ - Parameter "saltlen" to set a non-default salt length for RSA PSS.
+ - A SP800-90A conforming DRNG replaces the former X9.31 alternative
+ random number generator.
+ - Map deprecated RSA algo number to the RSA algo number for better
+ backward compatibility. [from 1.6.2]
+ - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
+ See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
+ [from 1.6.3]
+ - Fixed data-dependent timing variations in modular exponentiation
+ [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
+ are Practical]. [from 1.6.3]
+ - Flag "no-keytest" for ECC key generation. Due to a bug in
+ the parser that flag will also be accepted but ignored by older
+ version of Libgcrypt. [from 1.6.4]
+ - Speed up the random number generator by requiring less extra
+ seeding. [from 1.6.4]
+ - Always verify a created RSA signature to avoid private key leaks
+ due to hardware failures. [from 1.6.4]
+ - Mitigate side-channel attack on ECDH with Weierstrass curves
+ [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
+ details. [from 1.6.5]
+ * Internal changes:
+ - Moved locking out to libgpg-error.
+ - Support of the SYSROOT envvar in the build system.
+ - Refactor some code.
+ - The availability of a 64 bit integer type is now mandatory.
+ * Bug fixes:
+ - Fixed message digest lookup by OID (regression in 1.6.0).
+ - Fixed a build problem on NetBSD
+ - Fixed some asm build problems and feature detection bugs.
+ * Interface changes relative to the 1.6.0 release:
+ gcry_cipher_final NEW macro.
+ GCRY_CIPHER_MODE_CFB8 NEW constant.
+ GCRY_CIPHER_MODE_OCB NEW.
+ GCRY_CIPHER_MODE_POLY1305 NEW.
+ gcry_cipher_set_sbox NEW macro.
+ gcry_mac_get_algo NEW.
+ GCRY_MAC_HMAC_MD2 NEW.
+ GCRY_MAC_HMAC_SHA3_224 NEW.
+ GCRY_MAC_HMAC_SHA3_256 NEW.
+ GCRY_MAC_HMAC_SHA3_384 NEW.
+ GCRY_MAC_HMAC_SHA3_512 NEW.
+ GCRY_MAC_POLY1305 NEW.
+ GCRY_MAC_POLY1305_AES NEW.
+ GCRY_MAC_POLY1305_CAMELLIA NEW.
+ GCRY_MAC_POLY1305_SEED NEW.
+ GCRY_MAC_POLY1305_SERPENT NEW.
+ GCRY_MAC_POLY1305_TWOFISH NEW.
+ gcry_md_extract NEW.
+ GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
+ GCRY_MD_GOSTR3411_CP NEW.
+ GCRY_MD_SHA3_224 NEW.
+ GCRY_MD_SHA3_256 NEW.
+ GCRY_MD_SHA3_384 NEW.
+ GCRY_MD_SHA3_512 NEW.
+ GCRY_MD_SHAKE128 NEW.
+ GCRY_MD_SHAKE256 NEW.
+ gcry_mpi_ec_decode_point NEW.
+ gcry_mpi_ec_sub NEW.
+ GCRY_PK_EDDSA NEW constant.
+ GCRYCTL_GET_TAGLEN NEW.
+ GCRYCTL_SET_SBOX NEW.
+ GCRYCTL_SET_TAGLEN NEW.
+- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
+ architectures
+- update drbg_test.patch and install cavs testing directory again
+- As DRBG is upstream, drop pateches:
+ v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
+ 0002-Compile-DRBG.patch
+ 0003-Function-definitions-of-interfaces-for-random.c.patch
+ 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
+ 0005-Function-definitions-for-gcry_control-callbacks.patch
+ 0006-DRBG-specific-gcry_control-requests.patch
+ v9-0007-User-interface-to-DRBG.patch
+ libgcrypt-fix-rng.patch
+- drop obsolete:
+ libgcrypt-fips-dsa.patch
+ libgcrypt-fips_ecdsa.patch
+
+-------------------------------------------------------------------
Old:
----
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
libgcrypt-1.6.6.tar.bz2
libgcrypt-1.6.6.tar.bz2.sig
libgcrypt-fips-dsa.patch
libgcrypt-fips_ecdsa.patch
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
v9-0007-User-interface-to-DRBG.patch
New:
----
libgcrypt-1.7.3.tar.bz2
libgcrypt-1.7.3.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:29.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:29.000000000 +0200
@@ -19,10 +19,10 @@
%define build_hmac256 1
%define separate_hmac256_binary 0
%define libsoname %{name}20
-%define sosuffix 20.0.6
+%define sosuffix 20.1.3
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.6.6
+Version: 1.7.3
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@@ -50,28 +50,16 @@
Patch13: libgcrypt-1.6.1-fips-cavs.patch
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
-# add support for SP800-90A DRBG (fate#316929, bnc#856312)
-Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
-Patch22: 0002-Compile-DRBG.patch
-Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
-Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
-Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
-Patch26: 0006-DRBG-specific-gcry_control-requests.patch
-Patch27: v9-0007-User-interface-to-DRBG.patch
Patch28: libgcrypt-fix-rng.patch
Patch29: libgcrypt-init-at-elf-load-fips.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
Patch30: drbg_test.patch
-#PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4
-Patch31: libgcrypt-fips-dsa.patch
#PATCH-FIX-SUSE run FIPS self-test from constructor
Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
-#PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4
-Patch33: libgcrypt-fips_ecdsa.patch
Patch34: libgcrypt-1.6.3-aliasing.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
-BuildRequires: libgpg-error-devel >= 1.11
+BuildRequires: libgpg-error-devel >= 1.13
BuildRequires: libtool
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -107,7 +95,7 @@
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
-Requires: libgpg-error-devel >= 1.8
+Requires: libgpg-error-devel >= 1.13
Requires(post): %{install_info_prereq}
%description devel
@@ -155,20 +143,15 @@
%patch5 -p1
%patch7 -p1
%patch12 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
-%patch31 -p1
%patch32 -p1
-%patch33 -p1
+# This patch breaks x86_64 builds but is needed for big-endian
+# architectures
+%ifarch ppc ppc64 s390 s390x
%patch34 -p1
+%endif
%patch13 -p1
%patch14 -p1
@@ -176,7 +159,7 @@
echo building with build_hmac256 set to %{build_hmac256}
%{?suse_update_config}
autoreconf -fi
-date=$(date -u +%Y-%m-%dT%H:%M+0000 -r %{SOURCE99})
+date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure --with-pic \
@@ -212,7 +195,7 @@
# make check
%install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
rm %{buildroot}%{_libdir}/%{name}.la
# cavs
@@ -220,14 +203,11 @@
install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir}
-mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%post -n %{libsoname} -p /sbin/ldconfig
-
%postun -n %{libsoname} -p /sbin/ldconfig
-
%post devel
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
@@ -248,7 +228,7 @@
%files devel
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
-%{_infodir}/gcrypt.info.gz
+%{_infodir}/gcrypt.info%{ext_info}
%{_bindir}/dumpsexp
%{_bindir}/mpicalc
%{_bindir}/%{name}-config
++++++ drbg_test.patch ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:29.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:29.000000000 +0200
@@ -1,9 +1,9 @@
-Index: libgcrypt-1.6.1/tests/drbg_test.c
+Index: libgcrypt-1.7.2/tests/drbg_test.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libgcrypt-1.6.1/tests/drbg_test.c 2014-09-02 16:49:42.279449470 +0200
-@@ -0,0 +1,1279 @@
-+/* DRBG test for libgcryt
++++ libgcrypt-1.7.2/tests/drbg_test.c 2016-08-16 16:04:52.289060124 +0200
+@@ -0,0 +1,1332 @@
++/* DRBG test for libgcrypt
+ Copyright (C) 2014 Stephan Mueller <[email protected]>
+
+ Compile:
@@ -17,69 +17,155 @@
+#include <config.h>
+#endif
+#include <getopt.h>
++#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <asm/types.h>
++#include <types.h>
++#include <unistd.h>
+#include "gcrypt.h"
+
++/* The following definitions are taken verbatim from random/random-drbg.c.
++ * libgcrypt upstream removed the public apis from gcrypt.h in
++ *
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fd13372fa9069d3a72947ea59c57e33637c936bf
++ */
++/******************************************************************
++ * Constants
++ ******************************************************************/
++
++/*
++ * DRBG flags bitmasks
++ *
++ * 31 (B) 28 19 (A) 0
++ * +-+-+-+--------+---+-----------+-----+
++ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
++ * +-+-+-+--------+- -+-----------+-----+
++ * ctl flg| |drbg use selection flags
++ *
++ */
++
++/* Internal state control flags (B) */
++#define DRBG_PREDICTION_RESIST ((u32)1<<28)
++
++/* CTR type modifiers (A.1)*/
++#define DRBG_CTRAES ((u32)1<<0)
++#define DRBG_CTRSERPENT ((u32)1<<1)
++#define DRBG_CTRTWOFISH ((u32)1<<2)
++#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT \
++ | DRBG_CTRTWOFISH)
++
++/* HASH type modifiers (A.2)*/
++#define DRBG_HASHSHA1 ((u32)1<<4)
++#define DRBG_HASHSHA224 ((u32)1<<5)
++#define DRBG_HASHSHA256 ((u32)1<<6)
++#define DRBG_HASHSHA384 ((u32)1<<7)
++#define DRBG_HASHSHA512 ((u32)1<<8)
++#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
++ | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
++ | DRBG_HASHSHA512)
++/* type modifiers (A.3)*/
++#define DRBG_HMAC ((u32)1<<12)
++#define DRBG_SYM128 ((u32)1<<13)
++#define DRBG_SYM192 ((u32)1<<14)
++#define DRBG_SYM256 ((u32)1<<15)
++#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 \
++ | DRBG_SYM256)
++#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK \
++ | DRBG_TYPE_MASK)
++
++#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES |
DRBG_SYM128)
++#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES |
DRBG_SYM192)
++#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES |
DRBG_SYM256)
++#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
++#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
++#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
++#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
++#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
++#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
++#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
++#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
++#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
++#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
++#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
++#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
++ | DRBG_HMAC)
++#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
++ | DRBG_HMAC)
++#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
++ | DRBG_HMAC)
++#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
++ | DRBG_HMAC)
++#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
++#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
++#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
++#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
++
++
++/* The default DRGB type. */
++#define DRBG_DEFAULT_TYPE DRBG_NOPR_HMACSHA256
++
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+
-+/* bin/hex conversion stolen from OpenSSL */
-+static int bin2hex(const unsigned char *in,int len,char *out)
++static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
++ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
++static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
++ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
++static char hex_char(unsigned int bin, int u)
+{
-+ int n1, n2;
-+ unsigned char ch;
++ if (bin < sizeof(hex_char_map_l))
++ return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin];
++ return 'X';
++}
+
-+ for (n1=0,n2=0 ; n1 < len ; ++n1)
-+ {
-+ ch=in[n1] >> 4;
-+ if (ch <= 0x09)
-+ out[n2++]=ch+'0';
-+ else
-+ out[n2++]=ch-10+'a';
-+ ch=in[n1] & 0x0f;
-+ if(ch <= 0x09)
-+ out[n2++]=ch+'0';
-+ else
-+ out[n2++]=ch-10+'a';
++/*
++ * Convert binary string into hex representation
++ * @bin input buffer with binary data
++ * @binlen length of bin
++ * @hex output buffer to store hex data
++ * @hexlen length of already allocated hex buffer (should be at least
++ * twice binlen -- if not, only a fraction of binlen is converted)
++ * @u case of hex characters (0=>lower case, 1=>upper case)
++ */
++static void bin2hex(const unsigned char *bin, size_t binlen,
++ char *hex, size_t hexlen, int u)
++{
++ size_t i = 0;
++ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
++
++ for (i = 0; i < chars; i++) {
++ hex[(i*2)] = hex_char((bin[i] >> 4), u);
++ hex[((i*2)+1)] = hex_char((bin[i] & 0x0f), u);
+ }
-+ out[n2]='\0';
-+ return n2;
+}
+
-+int hex2bin(const char *in, unsigned char *out)
++static int bin_char(unsigned char hex)
+{
-+ int n1, n2;
-+ unsigned char ch;
++ if (48 <= hex && 57 >= hex)
++ return (hex - 48);
++ if (65 <= hex && 70 >= hex)
++ return (hex - 55);
++ if (97 <= hex && 102 >= hex)
++ return (hex - 87);
++ return 0;
++}
++/*
++ * Convert hex representation into binary string
++ * @hex input buffer with hex representation
++ * @hexlen length of hex
++ * @bin output buffer with binary data
++ * @binlen length of already allocated bin buffer (should be at least
++ * half of hexlen -- if not, only a fraction of hexlen is converted)
++ */
++static void hex2bin(const unsigned char *hex, size_t hexlen,
++ unsigned char *bin, size_t binlen)
++{
++ size_t i = 0;
++ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
+
-+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
-+ { /* first byte */
-+ if ((in[n1] >= '0') && (in[n1] <= '9'))
-+ ch = in[n1++] - '0';
-+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-+ ch = in[n1++] - 'A' + 10;
-+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-+ ch = in[n1++] - 'a' + 10;
-+ else
-+ return -1;
-+ if(!in[n1])
-+ {
-+ out[n2++]=ch;
-+ break;
-+ }
-+ out[n2] = ch << 4;
-+ /* second byte */
-+ if ((in[n1] >= '0') && (in[n1] <= '9'))
-+ ch = in[n1++] - '0';
-+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-+ ch = in[n1++] - 'A' + 10;
-+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-+ ch = in[n1++] - 'a' + 10;
-+ else
-+ return -1;
-+ out[n2++] |= ch;
++ for (i = 0; i < chars; i++) {
++ bin[i] = bin_char(hex[(i*2)]) << 4;
++ bin[i] |= bin_char(hex[((i*2)+1)]);
+ }
-+ return n2;
+}
+
+/* Print a error message and exit the process with an error code. */
@@ -95,7 +181,7 @@
+}
+
+
-+struct drbg_test_vector
++struct gcry_drbg_test_vector
+{
+ u_int32_t flags; /* flags selecting the DRBG type */
+ unsigned char *entropy; /* entropy string for initialization -- this
@@ -120,7 +206,7 @@
+ size_t expectedlen; /* length of expected random value */
+};
+
-+struct drbg_test_vector drbg_test_pr[] = {
++struct gcry_drbg_test_vector drbg_test_pr[] = {
+ {
+ .flags = (DRBG_PR_HASHSHA256),
+ .entropy = (unsigned char *)
@@ -549,7 +635,7 @@
+ },
+};
+
-+struct drbg_test_vector drbg_test_nopr[] = {
++struct gcry_drbg_test_vector drbg_test_nopr[] = {
+ {
+ .flags = DRBG_NOPR_HASHSHA256,
+ .entropy = (unsigned char *)
@@ -927,57 +1013,22 @@
+ },
+};
+
-+
-+/*
-+ * CAVS Test driver
-+ *
-+ * @test: one test vector
-+ * @pr: true/false for enabling or disabling prediction resistance
-+ */
-+int drbg_cavs_test(struct drbg_test_vector *test, unsigned char *buf,
-+ size_t buflen)
-+{
-+ int ret = -1;
-+ struct drbg_test_data test_data;
-+ struct drbg_string addtl, pers, testentropy;
-+
-+ test_data.testentropy = &testentropy;
-+ drbg_string_fill(&testentropy, test->entropy, test->entropylen);
-+ drbg_string_fill(&pers, test->pers, test->perslen);
-+ ret = gcry_control(GCRYCTL_DRBG_REINIT, test->flags, &pers, &test_data);
-+ if(ret)
-+ {
-+ printf("Test FAIL: re-init DRBG with test entropy\n");
-+ return ret;
-+ }
-+
-+ drbg_string_fill(&addtl, test->addtla, test->addtllen);
-+ if(test->entpra)
-+ drbg_string_fill(&testentropy, test->entpra, test->entprlen);
-+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
-+ &test_data);
-+
-+ drbg_string_fill(&addtl, test->addtlb, test->addtllen);
-+ if(test->entpra)
-+ drbg_string_fill(&testentropy, test->entprb, test->entprlen);
-+
-+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
-+ &test_data);
-+
-+ return ret;
-+}
-+
+struct drbg_flags
+{
+ u_int32_t flags;
+};
+
++gpg_err_code_t
++gcry_drbg_cavs_test (struct gcry_drbg_test_vector *test, unsigned char *buf);
++extern gpg_err_code_t
++gcry_drbg_healthcheck_one (struct gcry_drbg_test_vector *test);
++
+void builtin_test(void)
+{
+ /* this must be larger than 128 as otherwise there is a crash */
+#define OUTLEN 150
+ char rndbuf[OUTLEN];
-+ char out[200];
++ char out[(OUTLEN * 2 + 1)];
+ int i = 0;
+ int ret = 0;
+ int result = 0;
@@ -1013,8 +1064,10 @@
+ if(0 == ret)
+ {
+ printf("Test PASS: enabling DRBG %d\n", i);
++ memset(rndbuf, 0, OUTLEN);
+ gcry_randomize(&rndbuf, OUTLEN, GCRY_STRONG_RANDOM);
-+ bin2hex(rndbuf, OUTLEN, out);
++ memset(out, 0, sizeof(out));
++ bin2hex(rndbuf, OUTLEN, out, sizeof(out), 0);
+ printf("Test PASS: gcry_randomize generated strong
random bytes for DRBG %d: %s\n", i, out);
+ }
+ else
@@ -1033,8 +1086,7 @@
+ for(i = 0; ARRAY_SIZE(drbg_test_nopr) > i; i++)
+ {
+ memset(rndbuf, 0, drbg_test_nopr[i].expectedlen);
-+ drbg_cavs_test(&drbg_test_nopr[i], rndbuf,
drbg_test_nopr[i].expectedlen);
-+ ret = memcmp(drbg_test_nopr[i].expected, rndbuf,
drbg_test_nopr[i].expectedlen);
++ ret = gcry_control(75, &drbg_test_nopr[i], NULL);
+ if(ret)
+ printf("CAVS test (nopr) FAILED %d, testdef %d\n", ret,
i);
+ else
@@ -1045,8 +1097,7 @@
+ for(i = 0; ARRAY_SIZE(drbg_test_pr) > i; i++)
+ {
+ memset(rndbuf, 0, drbg_test_pr[i].expectedlen);
-+ drbg_cavs_test(&drbg_test_pr[i], rndbuf,
drbg_test_pr[i].expectedlen);
-+ ret = memcmp(drbg_test_pr[i].expected, rndbuf,
drbg_test_pr[i].expectedlen);
++ ret = gcry_control(75, &drbg_test_pr[i], NULL);
+ if(ret)
+ printf("CAVS test (pr) FAILED %d, testdef %d\n", ret,
i);
+ else
@@ -1076,7 +1127,7 @@
+
+}
+
-+static void generate_test(struct drbg_test_vector *test)
++static void generate_test(struct gcry_drbg_test_vector *test)
+{
+ unsigned char *buf;
+#define DATALEN 10
@@ -1090,7 +1141,7 @@
+
+ if (test && test->flags)
+ {
-+ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL, NULL))
++ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL))
+ {
+ printf("Test FAIL: re-init DRBG with test entropy\n");
+ return;
@@ -1108,6 +1159,7 @@
+ }
+
+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
++ write(1, buf, len);
+ free (buf);
+ }
+}
@@ -1140,7 +1192,7 @@
+ }
+
+ tmp = drbg_malloc(tmplen);
-+ hex2bin(in, tmp);
++ hex2bin(in, strlen(in), tmp, tmplen);
+ *out = tmp;
+ *len = tmplen;
+}
@@ -1167,13 +1219,12 @@
+main (int argc, char **argv)
+{
+ int c = 0;
-+ long len = 0;
+ unsigned char *buf;
+ unsigned char *outbuf;
-+ struct drbg_test_vector exttest;
++ struct gcry_drbg_test_vector exttest;
+#define MAXDATA 256
+
-+ memset(&exttest, 0, sizeof(struct drbg_test_vector));
++ memset(&exttest, 0, sizeof(struct gcry_drbg_test_vector));
+ gcry_control (GCRYCTL_SET_VERBOSITY, 2);
+ gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+ if (!gcry_check_version ("1.5.0"))
@@ -1233,32 +1284,34 @@
+ hex2bin_m(optarg, &exttest.pers,
&exttest.perslen);
+ break;
+ case 'l':
-+ len = atol(optarg);
++ exttest.expectedlen = atoi(optarg);
+ break;
+ default:
+ usage();
+ }
+ }
+
-+ if (0 >= len)
++ if (0 >= exttest.expectedlen)
+ usage();
+
-+ buf = malloc(len);
++ buf = malloc(exttest.expectedlen);
+ if(!buf) {
-+ fprintf(stderr, "Cannot allocate %li bytes\n", len);
++ fprintf(stderr, "Cannot allocate %li bytes\n",
exttest.expectedlen);
+ return -1;
+ }
-+ outbuf = malloc(len * 2 + 1);
++ outbuf = malloc(exttest.expectedlen * 2 + 1);
+ if(!outbuf) {
-+ fprintf(stderr, "Cannot allocate %li bytes\n", (len*2+1));
++ fprintf(stderr, "Cannot allocate %li bytes\n",
++ (exttest.expectedlen*2+1));
+ return -1;
+ }
-+ memset(outbuf, 0, len * 2 + 1);
++ memset(outbuf, 0, exttest.expectedlen * 2 + 1);
+ if (exttest.entropy)
-+ drbg_cavs_test(&exttest, buf, len);
++ gcry_control(75, &exttest, buf);
+ else
-+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
-+ bin2hex(buf, len, outbuf);
++ gcry_randomize(buf, exttest.expectedlen, GCRY_STRONG_RANDOM);
++ bin2hex(buf, exttest.expectedlen,
++ outbuf, exttest.expectedlen * 2 + 1, 0);
+
+ printf("%s\n", outbuf);
+
@@ -1282,11 +1335,11 @@
+ return 0;
+}
+
-Index: libgcrypt-1.6.1/Makefile.am
+Index: libgcrypt-1.7.2/Makefile.am
===================================================================
---- libgcrypt-1.6.1.orig/Makefile.am 2014-01-12 12:19:50.000000000 +0100
-+++ libgcrypt-1.6.1/Makefile.am 2014-09-02 16:51:10.315504510 +0200
-@@ -36,6 +36,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
+--- libgcrypt-1.7.2.orig/Makefile.am 2016-08-16 15:57:43.397736723 +0200
++++ libgcrypt-1.7.2/Makefile.am 2016-08-16 15:57:44.341752563 +0200
+@@ -42,6 +42,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
DISTCLEANFILES =
++++++ libgcrypt-1.6.1-fips-cavs.patch ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:29.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:29.000000000 +0200
@@ -1,6 +1,7 @@
-diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs
libgcrypt-1.6.1/tests/cavs_driver.pl
---- libgcrypt-1.6.1/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000
+0100
-+++ libgcrypt-1.6.1/tests/cavs_driver.pl 2014-02-28 14:46:16.436544639
+0100
+Index: libgcrypt-1.7.2/tests/cavs_driver.pl
+===================================================================
+--- libgcrypt-1.7.2.orig/tests/cavs_driver.pl
++++ libgcrypt-1.7.2/tests/cavs_driver.pl
@@ -1,9 +1,11 @@
#!/usr/bin/env perl
#
@@ -674,9 +675,10 @@
$dsa_sign = \&libgcrypt_dsa_sign;
$dsa_verify = \&libgcrypt_dsa_verify;
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
-diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs
libgcrypt-1.6.1/tests/cavs_tests.sh
---- libgcrypt-1.6.1/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000
+0100
-+++ libgcrypt-1.6.1/tests/cavs_tests.sh 2014-02-28 14:46:16.437544662
+0100
+Index: libgcrypt-1.7.2/tests/cavs_tests.sh
+===================================================================
+--- libgcrypt-1.7.2.orig/tests/cavs_tests.sh
++++ libgcrypt-1.7.2/tests/cavs_tests.sh
@@ -55,7 +55,7 @@ function run_one_test () {
[ -d "$respdir" ] || mkdir "$respdir"
[ -f "$rspfile" ] && rm "$rspfile"
@@ -686,10 +688,11 @@
dflag="-D"
fi
-diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
---- libgcrypt-1.6.1/tests/fipsdrv.c.cavs 2013-12-16 18:44:32.000000000
+0100
-+++ libgcrypt-1.6.1/tests/fipsdrv.c 2014-02-28 14:46:16.437544662 +0100
-@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
+Index: libgcrypt-1.7.2/tests/fipsdrv.c
+===================================================================
+--- libgcrypt-1.7.2.orig/tests/fipsdrv.c
++++ libgcrypt-1.7.2/tests/fipsdrv.c
+@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
@@ -699,7 +702,7 @@
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
-@@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t
+@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
@@ -717,7 +720,7 @@
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
-@@ -1700,7 +1703,7 @@ dsa_gen (int keysize)
+@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
@@ -726,7 +729,7 @@
{
gpg_error_t err;
gcry_sexp_t keyspec, key;
-@@ -1709,10 +1712,11 @@ dsa_gen_with_seed (int keysize, const vo
+@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
"(genkey"
" (dsa"
" (nbits %d)"
@@ -740,7 +743,7 @@
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
-@@ -1720,6 +1724,37 @@ dsa_gen_with_seed (int keysize, const vo
+@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
err = gcry_pk_genkey (&key, keyspec);
if (err)
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
@@ -778,7 +781,7 @@
gcry_sexp_release (keyspec);
-@@ -1732,7 +1767,7 @@ dsa_gen_with_seed (int keysize, const vo
+@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
with one parameter per line in hex format using this order: p, q,
g, seed, counter, h. */
static void
@@ -787,7 +790,7 @@
{
gcry_sexp_t l1, l2;
gcry_mpi_t mpi;
-@@ -1768,6 +1803,9 @@ print_dsa_domain_parameters (gcry_sexp_t
+@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
}
gcry_sexp_release (l1);
@@ -797,7 +800,7 @@
/* Extract the seed values. */
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
if (!l1)
-@@ -1819,38 +1857,106 @@ print_dsa_domain_parameters (gcry_sexp_t
+@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
}
@@ -914,7 +917,7 @@
fp = fopen (filename, "wb");
if (!fp)
-@@ -1863,6 +1969,53 @@ run_dsa_gen (int keysize, const char *fi
+@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
}
@@ -968,7 +971,7 @@
�
/* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */
-@@ -1872,11 +2025,16 @@ run_dsa_sign (const void *data, size_t d
+@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
@@ -988,7 +991,7 @@
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
-@@ -1887,8 +2045,6 @@ run_dsa_sign (const void *data, size_t d
+@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
@@ -997,7 +1000,7 @@
err = gcry_pk_sign (&s_sig, s_data, s_key);
if (err)
{
-@@ -1964,13 +2120,18 @@ run_dsa_verify (const void *data, size_t
+@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig;
@@ -1005,11 +1008,11 @@
+ char hash[128];
gcry_mpi_t tmpmpi;
+ int algo;
-+
-+ s_key = read_sexp_from_file (keyfile);
-+ algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
++ s_key = read_sexp_from_file (keyfile);
++ algo = dsa_hash_from_key(s_key);
++
+ gcry_md_hash_buffer (algo, hash, data, datalen);
/* Note that we can't simply use %b with HASH to build the
S-expression, because that might yield a negative value. */
@@ -1019,7 +1022,7 @@
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
-@@ -1981,7 +2142,6 @@ run_dsa_verify (const void *data, size_t
+@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
@@ -1027,24 +1030,24 @@
s_sig = read_sexp_from_file (sigfile);
err = gcry_pk_verify (s_sig, s_data, s_key);
-@@ -2014,7 +2174,7 @@ usage (int show_help)
- "Run a crypto operation using hex encoded input and output.\n"
+@@ -2304,7 +2464,7 @@ usage (int show_help)
"MODE:\n"
" encrypt, decrypt, digest, random, hmac-sha,\n"
-- " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n"
-+ " rsa-{derive,gen,sign,verify}, dsa-{pq-gen,g-gen,gen,sign,verify}\n"
+ " rsa-{derive,gen,sign,verify},\n"
+- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
++ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
"OPTIONS:\n"
" --verbose Print additional information\n"
" --binary Input and output is in binary form\n"
-@@ -2024,6 +2184,7 @@ usage (int show_help)
- " --dt DT Use the hex encoded DT for the RNG\n"
+@@ -2315,6 +2475,7 @@ usage (int show_help)
" --algo NAME Use algorithm NAME\n"
+ " --curve NAME Select ECC curve spec NAME\n"
" --keysize N Use a keysize of N bits\n"
+ " --qize N Use a DSA q parameter size of N bits\n"
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
-@@ -2050,6 +2211,7 @@ main (int argc, char **argv)
+@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
const char *dt_string = NULL;
const char *algo_string = NULL;
const char *keysize_string = NULL;
@@ -1052,7 +1055,7 @@
const char *signature_string = NULL;
FILE *input;
void *data;
-@@ -2143,6 +2305,14 @@ main (int argc, char **argv)
+@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
keysize_string = *argv;
argc--; argv++;
}
@@ -1067,17 +1070,16 @@
else if (!strcmp (*argv, "--signature"))
{
argc--; argv++;
-@@ -2463,23 +2633,49 @@ main (int argc, char **argv)
+@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-pqg-gen"))
{
- int keysize;
+ int keysize, qsize;
-
- keysize = keysize_string? atoi (keysize_string) : 0;
- if (keysize < 1024 || keysize > 3072)
- die ("invalid keysize specified; needs to be 1024 .. 3072\n");
-- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
++
++ keysize = keysize_string? atoi (keysize_string) : 0;
++ if (keysize < 1024 || keysize > 3072)
++ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
@@ -1086,10 +1088,11 @@
+ else if (!strcmp (mode_string, "dsa-g-gen"))
+ {
+ int keysize, qsize;
-+
-+ keysize = keysize_string? atoi (keysize_string) : 0;
-+ if (keysize < 1024 || keysize > 3072)
-+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+
+ keysize = keysize_string? atoi (keysize_string) : 0;
+ if (keysize < 1024 || keysize > 3072)
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
++++++ libgcrypt-1.6.1-fips-cfgrandom.patch ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:29.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:29.000000000 +0200
@@ -1,55 +1,8 @@
-Index: libgcrypt-1.6.1/random/random-fips.c
+Index: libgcrypt-1.7.2/random/rndlinux.c
===================================================================
---- libgcrypt-1.6.1.orig/random/random-fips.c
-+++ libgcrypt-1.6.1/random/random-fips.c
-@@ -27,10 +27,10 @@
- There are 3 random context which map to the different levels of
- random quality:
-
-- Generator Seed and Key Kernel entropy (init/reseed)
-- ------------------------------------------------------------
-- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
-- GCRY_STRONG_RANDOM /dev/random 256/128 bits
-+ Generator Seed and Key Kernel entropy
(init/reseed)
-+
---------------------------------------------------------------------------------------
-+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
-+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
- gcry_create_nonce GCRY_STRONG_RANDOM n/a
-
- All random generators return their data in 128 bit blocks. If the
-@@ -40,8 +40,10 @@
- (SEED_TTL) output blocks; the re-seeding is disabled in test mode.
-
- The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
-- keyed and seeded from the /dev/random device. Thus these
-- generators may block until the kernel has collected enough entropy.
-+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
-+ if the device or symlink to device exists xored with the data
-+ from the /dev/urandom device. This allows the system administrator
-+ to always seed the RNGs from /dev/random if it is required.
-
- The gcry_create_nonce generator is keyed and seeded from the
- GCRY_STRONG_RANDOM generator. It may also block if the
-@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
- entropy_collect_buffer_len = 0;
-
- #if USE_RNDLINUX
-+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
-+ X931_AES_KEYLEN,
-+ -1);
-+ entropy_collect_buffer_len = 0;
- rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
- X931_AES_KEYLEN,
-- GCRY_VERY_STRONG_RANDOM);
-+ GCRY_STRONG_RANDOM);
- #elif USE_RNDW32
- do
- {
-Index: libgcrypt-1.6.1/random/rndlinux.c
-===================================================================
---- libgcrypt-1.6.1.orig/random/rndlinux.c
-+++ libgcrypt-1.6.1/random/rndlinux.c
-@@ -36,7 +36,9 @@
+--- libgcrypt-1.7.2.orig/random/rndlinux.c
++++ libgcrypt-1.7.2/random/rndlinux.c
+@@ -40,7 +40,9 @@
#include "g10lib.h"
#include "rand-internal.h"
@@ -60,7 +13,7 @@
static int
-@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
+@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
* a fatal error but retries until it is able to reopen the device.
*/
static int
@@ -69,7 +22,7 @@
{
int fd;
-@@ -67,6 +69,8 @@ open_device (const char *name, int retry
+@@ -71,6 +73,8 @@ open_device (const char *name, int retry
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
@@ -78,7 +31,7 @@
if (fd == -1 && retry)
{
struct timeval tv;
-@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
@@ -86,7 +39,7 @@
static unsigned char ever_opened;
int fd;
int n;
-@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
close (fd_urandom);
fd_urandom = -1;
}
@@ -98,7 +51,7 @@
return 0;
}
-@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
++++++ libgcrypt-1.6.3-aliasing.patch ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:29.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:29.000000000 +0200
@@ -1,7 +1,8 @@
-diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing
libgcrypt-1.6.3/cipher/bufhelp.h
---- libgcrypt-1.6.3/cipher/bufhelp.h.aliasing 2015-02-27 10:54:03.000000000
+0100
-+++ libgcrypt-1.6.3/cipher/bufhelp.h 2015-03-13 15:03:43.301749751 +0100
-@@ -80,7 +80,7 @@ do_bytes:
+Index: libgcrypt-1.7.2/cipher/bufhelp.h
+===================================================================
+--- libgcrypt-1.7.2.orig/cipher/bufhelp.h
++++ libgcrypt-1.7.2/cipher/bufhelp.h
+@@ -91,7 +91,7 @@ do_bytes:
for (; len; len--)
*dst++ = *src++;
#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/
@@ -10,7 +11,7 @@
/* Optimized function for buffer xoring */
-@@ -117,7 +117,7 @@ do_bytes:
+@@ -128,7 +128,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst++ = *src1++ ^ *src2++;
@@ -18,8 +19,8 @@
+} __attribute__ ((optimize("no-strict-aliasing")))
- /* Optimized function for buffer xoring with two destination buffers. Used
-@@ -155,7 +155,7 @@ do_bytes:
+ /* Optimized function for in-place buffer xoring. */
+@@ -200,7 +200,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst1++ = (*dst2++ ^= *src++);
@@ -28,7 +29,7 @@
/* Optimized function for combined buffer xoring and copying. Used by mainly
-@@ -208,7 +208,7 @@ do_bytes:
+@@ -253,7 +253,7 @@ do_bytes:
*dst_xor++ = *srcdst_cpy ^ *src_xor++;
*srcdst_cpy++ = temp;
}
@@ -37,7 +38,7 @@
/* Optimized function for combined buffer xoring and copying. Used by mainly
-@@ -234,7 +234,7 @@ buf_eq_const(const void *_a, const void
+@@ -279,7 +279,7 @@ buf_eq_const(const void *_a, const void
diff -= !!(a[i] - b[i]);
return !diff;
@@ -46,7 +47,7 @@
#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
-@@ -246,14 +246,14 @@ static inline u32 buf_get_be32(const voi
+@@ -291,14 +291,14 @@ static inline u32 buf_get_be32(const voi
const byte *in = _buf;
return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \
((u32)in[2] << 8) | (u32)in[3];
@@ -63,7 +64,7 @@
static inline void buf_put_be32(void *_buf, u32 val)
{
-@@ -262,7 +262,7 @@ static inline void buf_put_be32(void *_b
+@@ -307,7 +307,7 @@ static inline void buf_put_be32(void *_b
out[1] = val >> 16;
out[2] = val >> 8;
out[3] = val;
@@ -72,16 +73,16 @@
static inline void buf_put_le32(void *_buf, u32 val)
{
-@@ -271,7 +271,7 @@ static inline void buf_put_le32(void *_b
+@@ -316,7 +316,7 @@ static inline void buf_put_le32(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
- #ifdef HAVE_U64_TYPEDEF
+
/* Functions for loading and storing unaligned u64 values of different
-@@ -283,7 +283,7 @@ static inline u64 buf_get_be64(const voi
+@@ -328,7 +328,7 @@ static inline u64 buf_get_be64(const voi
((u64)in[2] << 40) | ((u64)in[3] << 32) | \
((u64)in[4] << 24) | ((u64)in[5] << 16) | \
((u64)in[6] << 8) | (u64)in[7];
@@ -90,7 +91,7 @@
static inline u64 buf_get_le64(const void *_buf)
{
-@@ -292,7 +292,7 @@ static inline u64 buf_get_le64(const voi
+@@ -337,7 +337,7 @@ static inline u64 buf_get_le64(const voi
((u64)in[5] << 40) | ((u64)in[4] << 32) | \
((u64)in[3] << 24) | ((u64)in[2] << 16) | \
((u64)in[1] << 8) | (u64)in[0];
@@ -99,7 +100,7 @@
static inline void buf_put_be64(void *_buf, u64 val)
{
-@@ -305,7 +305,7 @@ static inline void buf_put_be64(void *_b
+@@ -350,7 +350,7 @@ static inline void buf_put_be64(void *_b
out[5] = val >> 16;
out[6] = val >> 8;
out[7] = val;
@@ -108,70 +109,70 @@
static inline void buf_put_le64(void *_buf, u64 val)
{
-@@ -318,7 +318,7 @@ static inline void buf_put_le64(void *_b
+@@ -363,7 +363,7 @@ static inline void buf_put_le64(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
- #endif /*HAVE_U64_TYPEDEF*/
#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/
-@@ -328,24 +328,24 @@ static inline void buf_put_le64(void *_b
+
+@@ -377,24 +377,24 @@ typedef struct bufhelp_u32_s
static inline u32 buf_get_be32(const void *_buf)
{
- return be_bswap32(*(const u32 *)_buf);
+ return be_bswap32(((const bufhelp_u32_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u32 buf_get_le32(const void *_buf)
{
- return le_bswap32(*(const u32 *)_buf);
+ return le_bswap32(((const bufhelp_u32_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be32(void *_buf, u32 val)
{
- u32 *out = _buf;
- *out = be_bswap32(val);
+ bufhelp_u32_t *out = _buf;
+ out->a = be_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le32(void *_buf, u32 val)
{
- u32 *out = _buf;
- *out = le_bswap32(val);
+ bufhelp_u32_t *out = _buf;
+ out->a = le_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
- #ifdef HAVE_U64_TYPEDEF
- /* Functions for loading and storing unaligned u64 values of different
-@@ -353,24 +353,24 @@ static inline void buf_put_le32(void *_b
+
+ typedef struct bufhelp_u64_s
+@@ -407,24 +407,24 @@ typedef struct bufhelp_u64_s
static inline u64 buf_get_be64(const void *_buf)
{
- return be_bswap64(*(const u64 *)_buf);
+ return be_bswap64(((const bufhelp_u64_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u64 buf_get_le64(const void *_buf)
{
- return le_bswap64(*(const u64 *)_buf);
+ return le_bswap64(((const bufhelp_u64_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be64(void *_buf, u64 val)
{
- u64 *out = _buf;
- *out = be_bswap64(val);
+ bufhelp_u64_t *out = _buf;
+ out->a = be_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le64(void *_buf, u64 val)
{
- u64 *out = _buf;
- *out = le_bswap64(val);
+ bufhelp_u64_t *out = _buf;
+ out->a = le_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
- #endif /*HAVE_U64_TYPEDEF*/
+
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/
++++++ libgcrypt-1.6.6.tar.bz2 -> libgcrypt-1.7.3.tar.bz2 ++++++
++++ 94427 lines of diff (skipped)
++++++ libgcrypt-fix-rng.patch ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:30.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:30.000000000 +0200
@@ -1,8 +1,8 @@
-Index: libgcrypt-1.6.1/random/random.c
+Index: libgcrypt-1.7.2/random/random.c
===================================================================
---- libgcrypt-1.6.1.orig/random/random.c
-+++ libgcrypt-1.6.1/random/random.c
-@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
+--- libgcrypt-1.7.2.orig/random/random.c
++++ libgcrypt-1.7.2/random/random.c
+@@ -419,6 +419,9 @@ _gcry_create_nonce (void *buffer, size_t
size_t n;
int err;
@@ -12,7 +12,7 @@
/* First check whether we shall use the FIPS nonce generator. This
is only done in FIPS mode, in all other modes, we use our own
nonce generator which is seeded by the RNG actual in use. */
-@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
+@@ -433,9 +436,6 @@ _gcry_create_nonce (void *buffer, size_t
FIPS mode (not that this means it is also used if the FIPS RNG
has been selected but we are not in fips mode). */
@@ -20,5 +20,5 @@
- _gcry_random_initialize (1);
-
/* Acquire the nonce buffer lock. */
- err = ath_mutex_lock (&nonce_buffer_lock);
+ err = gpgrt_lock_lock (&nonce_buffer_lock);
if (err)
++++++ libgcrypt-sparcv9.diff ++++++
--- /var/tmp/diff_new_pack.rWfFai/_old 2016-08-31 00:00:30.000000000 +0200
+++ /var/tmp/diff_new_pack.rWfFai/_new 2016-08-31 00:00:30.000000000 +0200
@@ -8,16 +8,16 @@
mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: libgcrypt-1.6.4/mpi/longlong.h
+Index: libgcrypt-1.7.2/mpi/longlong.h
===================================================================
---- libgcrypt-1.6.4.orig/mpi/longlong.h 2015-09-07 15:33:48.000000000
+0200
-+++ libgcrypt-1.6.4/mpi/longlong.h 2015-09-08 10:36:28.124169828 +0200
-@@ -1287,7 +1287,7 @@ typedef unsigned int UTItype __attribute
+--- libgcrypt-1.7.2.orig/mpi/longlong.h
++++ libgcrypt-1.7.2/mpi/longlong.h
+@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
--#if defined (__sparc_v8__) || defined(__sparcv8)
-+#if defined (__sparc_v8__) || defined(__sparcv8) || defined(__sparc_v9__)
+-# if defined (__sparc_v8__) || defined(__sparcv8)
++# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,
