Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2017-12-29 18:48:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Fri Dec 29 18:48:36 2017 rev:68 rq:556784 version:1.8.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2017-09-07 22:07:58.791240652 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2017-12-29 18:48:44.050383732 +0100
@@ -1,0 +2,8 @@
+Wed Dec 13 20:09:28 UTC 2017 - astieger@suse.com
+
+- libgcrypt 1.8.2:
+ * Fix fatal out of secure memory status in the s-expression
+ parser on heavy loaded systems.
+ * Add auto expand secmem feature or use by GnuPG 2.2.4
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.8.1.tar.bz2
libgcrypt-1.8.1.tar.bz2.sig
New:
----
libgcrypt-1.8.2.tar.bz2
libgcrypt-1.8.2.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.3LcjiE/_old 2017-12-29 18:48:44.882144847 +0100
+++ /var/tmp/diff_new_pack.3LcjiE/_new 2017-12-29 18:48:44.882144847 +0100
@@ -21,7 +21,7 @@
%define libsoname %{name}20
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.8.1
+Version: 1.8.2
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+
++++++ libgcrypt-1.8.1.tar.bz2 -> libgcrypt-1.8.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/ChangeLog new/libgcrypt-1.8.2/ChangeLog
--- old/libgcrypt-1.8.1/ChangeLog 2017-08-27 09:27:04.000000000 +0200
+++ new/libgcrypt-1.8.2/ChangeLog 2017-12-13 14:55:01.000000000 +0100
@@ -1,3 +1,41 @@
+2017-12-13 Werner Koch
+
+ Release 1.8.2.
+ + commit eb84e429950b6a61c00112e70a584940c1d352e4
+
+
+2017-11-24 Werner Koch
+
+ sexp: Avoid a fatal error in case of ENOMEM in called functions.
+ + commit 59df8d6295426d0a9cf7646c381df2ea29fdb8c5
+ * src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error
+ return. Replace sprintf by snprintf.
+ (convert_to_hex): Replace sprintf by snprintf.
+ (convert_to_string): Ditto.
+ (_gcry_sexp_sprint): Ditto.
+
+2017-11-23 Werner Koch
+
+ api: Add auto expand secmem feature.
+ + commit f4582f8c429f22b18f8ca8a40660a91d721f5c96
+ * src/global.c (_gcry_vcontrol): Implement control value 78.
+ * src/secmem.c (auto_expand): New var.
+ (_gcry_secmem_set_auto_expand): New.
+ (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.
+
+2017-11-14 NIIBE Yutaka
+
+ tests: Add HAVE_MMAP check for MinGW.
+ + commit 334e1a1cfc8f59db765a0bff0ca29090aa11b0f6
+ * tests/t-secmem.c (main): Conditionalize with HAVE_MMAP.
+
+2017-11-09 NIIBE Yutaka
+
+ Fix secmem test for machine with larger page.
+ + commit da127f7505ff7681fc9dbfbf332121d2998e88aa
+ * tests/t-secmem.c (main): Detect page size and setup chunk size.
+ * src/secmem.c (init_pool): Simplify the expression.
+
2017-08-27 Werner Koch
Release 1.8.1.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/NEWS new/libgcrypt-1.8.2/NEWS
--- old/libgcrypt-1.8.1/NEWS 2017-08-27 09:21:06.000000000 +0200
+++ new/libgcrypt-1.8.2/NEWS 2017-12-13 14:50:46.000000000 +0100
@@ -1,3 +1,23 @@
+Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2]
+------------------------------------------------
+
+ * Bug fixes:
+
+ - Do not use /dev/srandom on OpenBSD.
+
+ - Fix test suite failure on systems with large pages. [#3351]
+
+ - Fix test suite to not use mmap on Windows.
+
+ - Fix fatal out of secure memory status in the s-expression parser
+ on heavy loaded systems.
+
+ * Other:
+
+ - Backport the auto expand secmem feature from master for use by
+ the forthcoming GnuPG 2.2.4.
+
+
Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1]
------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/VERSION new/libgcrypt-1.8.2/VERSION
--- old/libgcrypt-1.8.1/VERSION 2017-08-27 09:27:05.000000000 +0200
+++ new/libgcrypt-1.8.2/VERSION 2017-12-13 14:55:02.000000000 +0100
@@ -1 +1 @@
-1.8.1
+1.8.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/compat/Makefile.in new/libgcrypt-1.8.2/compat/Makefile.in
--- old/libgcrypt-1.8.1/compat/Makefile.in 2017-08-27 09:25:39.000000000 +0200
+++ new/libgcrypt-1.8.2/compat/Makefile.in 2017-12-13 14:54:15.000000000 +0100
@@ -111,8 +111,8 @@
build_triplet = @build@
host_triplet = @host@
subdir = compat
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am clock.c \
- getpid.c $(top_srcdir)/build-aux/depcomp
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am getpid.c \
+ clock.c $(top_srcdir)/build-aux/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/configure new/libgcrypt-1.8.2/configure
--- old/libgcrypt-1.8.1/configure 2017-08-27 09:25:40.000000000 +0200
+++ new/libgcrypt-1.8.2/configure 2017-12-13 14:54:17.000000000 +0100
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.1.
+# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.2.
#
# Report bugs to http://bugs.gnupg.org.
#
@@ -591,8 +591,8 @@
# Identity of this package.
PACKAGE_NAME='libgcrypt'
PACKAGE_TARNAME='libgcrypt'
-PACKAGE_VERSION='1.8.1'
-PACKAGE_STRING='libgcrypt 1.8.1'
+PACKAGE_VERSION='1.8.2'
+PACKAGE_STRING='libgcrypt 1.8.2'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
@@ -1453,7 +1453,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libgcrypt 1.8.1 to adapt to many kinds of systems.
+\`configure' configures libgcrypt 1.8.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1523,7 +1523,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libgcrypt 1.8.1:";;
+ short | recursive ) echo "Configuration of libgcrypt 1.8.2:";;
esac
cat <<\_ACEOF
@@ -1692,7 +1692,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libgcrypt configure 1.8.1
+libgcrypt configure 1.8.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2344,7 +2344,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libgcrypt $as_me 1.8.1, which was
+It was created by libgcrypt $as_me 1.8.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2699,7 +2699,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=1
+LIBGCRYPT_LT_REVISION=2
# If the API is changed in an incompatible way: increment the next counter.
@@ -3231,7 +3231,7 @@
# Define the identity of the package.
PACKAGE='libgcrypt'
- VERSION='1.8.1'
+ VERSION='1.8.2'
cat >>confdefs.h <<_ACEOF
@@ -3486,7 +3486,7 @@
#define VERSION "$VERSION"
_ACEOF
-VERSION_NUMBER=0x010801
+VERSION_NUMBER=0x010802
@@ -13079,21 +13079,8 @@
;;
esac
-#
-# Figure out the name of the random device
-#
-case "${host}" in
- *-openbsd*)
- NAME_OF_DEV_RANDOM="/dev/srandom"
- NAME_OF_DEV_URANDOM="/dev/urandom"
- ;;
-
- *)
- NAME_OF_DEV_RANDOM="/dev/random"
- NAME_OF_DEV_URANDOM="/dev/urandom"
- ;;
-esac
-
+NAME_OF_DEV_RANDOM="/dev/random"
+NAME_OF_DEV_URANDOM="/dev/urandom"
# Check whether --enable-endian-check was given.
if test "${enable_endian_check+set}" = set; then :
@@ -18803,7 +18790,7 @@
#
# Provide information about the build.
#
-BUILD_REVISION="80fd861"
+BUILD_REVISION="eb84e42"
cat >>confdefs.h <<_ACEOF
@@ -18812,7 +18799,7 @@
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
-BUILD_FILEVERSION="${BUILD_FILEVERSION}33021"
+BUILD_FILEVERSION="${BUILD_FILEVERSION}60292"
# Check whether --enable-build-timestamp was given.
@@ -19480,7 +19467,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libgcrypt $as_me 1.8.1, which was
+This file was extended by libgcrypt $as_me 1.8.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -19550,7 +19537,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libgcrypt config.status 1.8.1
+libgcrypt config.status 1.8.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/configure.ac new/libgcrypt-1.8.2/configure.ac
--- old/libgcrypt-1.8.1/configure.ac 2017-08-27 09:21:20.000000000 +0200
+++ new/libgcrypt-1.8.2/configure.ac 2017-12-13 14:51:33.000000000 +0100
@@ -30,7 +30,7 @@
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [1])
+m4_define(mym4_version_micro, [2])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
@@ -56,7 +56,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=1
+LIBGCRYPT_LT_REVISION=2
# If the API is changed in an incompatible way: increment the next counter.
@@ -315,21 +315,8 @@
;;
esac
-#
-# Figure out the name of the random device
-#
-case "${host}" in
- *-openbsd*)
- NAME_OF_DEV_RANDOM="/dev/srandom"
- NAME_OF_DEV_URANDOM="/dev/urandom"
- ;;
-
- *)
- NAME_OF_DEV_RANDOM="/dev/random"
- NAME_OF_DEV_URANDOM="/dev/urandom"
- ;;
-esac
-
+NAME_OF_DEV_RANDOM="/dev/random"
+NAME_OF_DEV_URANDOM="/dev/urandom"
AC_ARG_ENABLE(endian-check,
AC_HELP_STRING([--disable-endian-check],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/fips-fsm.eps new/libgcrypt-1.8.2/doc/fips-fsm.eps
--- old/libgcrypt-1.8.1/doc/fips-fsm.eps 2015-01-06 19:07:13.000000000 +0100
+++ new/libgcrypt-1.8.2/doc/fips-fsm.eps 2017-11-23 19:46:17.000000000 +0100
@@ -1,7 +1,7 @@
%!PS-Adobe-3.0 EPSF-3.0
-%%Title: /home/wk/s/libgcrypt/doc/fips-fsm.fig
+%%Title: /home/wk/s/libgcrypt-1.8/doc/fips-fsm.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Tue Jan 6 19:07:13 2015
+%%CreationDate: Thu Nov 23 19:46:17 2017
%%BoundingBox: 0 0 497 579
%Magnification: 1.0000
%%EndComments
Binary files old/libgcrypt-1.8.1/doc/fips-fsm.pdf and new/libgcrypt-1.8.2/doc/fips-fsm.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/gcrypt.info new/libgcrypt-1.8.2/doc/gcrypt.info
--- old/libgcrypt-1.8.1/doc/gcrypt.info 2017-08-27 09:27:04.000000000 +0200
+++ new/libgcrypt-1.8.2/doc/gcrypt.info 2017-12-13 14:55:00.000000000 +0100
@@ -1,6 +1,6 @@
This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.1, 18 July 2017), which is
+This manual is for Libgcrypt (version 1.8.2, 23 November 2017), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -24,7 +24,7 @@
The Libgcrypt Library
*********************
-This manual is for Libgcrypt (version 1.8.1, 18 July 2017), which is
+This manual is for Libgcrypt (version 1.8.2, 23 November 2017), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -359,7 +359,7 @@
/* Allocate a pool of 16k secure memory. This makes the secure memory
available and also drops privileges where needed. Note that by
using functions like gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt
- may extend the secure memory pool with memory which lacks the
+ may expand the secure memory pool with memory which lacks the
property of not being swapped out to disk. */
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
@@ -587,7 +587,7 @@
an encrypted swap space is in use. This command should be
executed right after 'gcry_check_version'. Note that by using
functions like gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt
- may extend the secure memory pool with memory which lacks the
+ may expand the secure memory pool with memory which lacks the
property of not being swapped out to disk (but will still be
zeroed out on free).
@@ -604,7 +604,7 @@
has been used the caller is responsible for dropping the
privileges.
- 'GCRYCTL_INIT_SECMEM; Arguments: int nbytes'
+ 'GCRYCTL_INIT_SECMEM; Arguments: unsigned int nbytes'
This command is used to allocate a pool of secure memory and
thus enabling the use of secure memory. It also drops all
extra privileges the process has (i.e. if it is run as setuid
@@ -7331,109 +7331,109 @@
Tag Table:
-Node: Top835
-Node: Introduction3361
-Node: Getting Started3733
-Node: Features4613
-Node: Overview5397
-Node: Preparation6020
-Node: Header6943
-Node: Building sources8014
-Node: Building sources using Automake9931
-Node: Initializing the library11859
-Ref: sample-use-suspend-secmem14927
-Ref: sample-use-resume-secmem15770
-Node: Multi-Threading16673
-Ref: Multi-Threading-Footnote-117852
-Node: Enabling FIPS mode18261
-Ref: enabling fips mode18442
-Node: Hardware features20254
-Ref: hardware features20421
-Ref: Hardware features-Footnote-121502
-Node: Generalities21663
-Node: Controlling the library21922
-Node: Error Handling40084
-Node: Error Values42623
-Node: Error Sources47563
-Node: Error Codes49831
-Node: Error Strings53307
-Node: Handler Functions54491
-Node: Progress handler55050
-Node: Allocation handler57199
-Node: Error handler58745
-Node: Logging handler60311
-Node: Symmetric cryptography60903
-Node: Available ciphers61643
-Node: Available cipher modes64324
-Node: Working with cipher handles68177
-Node: General cipher functions79681
-Node: Public Key cryptography83207
-Node: Available algorithms83973
-Node: Used S-expressions84322
-Node: RSA key parameters85439
-Node: DSA key parameters86714
-Node: ECC key parameters87368
-Ref: ecc_keyparam87519
-Node: Cryptographic Functions89390
-Node: General public-key related Functions101209
-Node: Hashing114729
-Node: Available hash algorithms115462
-Node: Working with hash algorithms121425
-Node: Message Authentication Codes135557
-Node: Available MAC algorithms136225
-Node: Working with MAC algorithms141387
-Node: Key Derivation147375
-Node: Random Numbers149777
-Node: Quality of random numbers150060
-Node: Retrieving random numbers150743
-Node: S-expressions152232
-Node: Data types for S-expressions152877
-Node: Working with S-expressions153203
-Node: MPI library166868
-Node: Data types167890
-Node: Basic functions168199
-Node: MPI formats170663
-Node: Calculations174187
-Node: Comparisons176456
-Node: Bit manipulations177459
-Node: EC functions178781
-Ref: gcry_mpi_ec_new181730
-Node: Miscellaneous187289
-Node: Prime numbers191433
-Node: Generation191703
-Node: Checking192990
-Node: Utilities193400
-Node: Memory allocation193777
-Node: Context management195133
-Ref: gcry_ctx_release195571
-Node: Buffer description195732
-Node: Config reporting196519
-Node: Tools197469
-Node: hmac256197636
-Node: Configuration198642
-Node: Architecture201695
-Ref: fig:subsystems203219
-Ref: Architecture-Footnote-1204305
-Ref: Architecture-Footnote-2204367
-Node: Public-Key Subsystem Architecture204451
-Node: Symmetric Encryption Subsystem Architecture206729
-Node: Hashing and MACing Subsystem Architecture208175
-Node: Multi-Precision-Integer Subsystem Architecture210098
-Node: Prime-Number-Generator Subsystem Architecture211536
-Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1213467
-Node: Random-Number Subsystem Architecture213759
-Node: CSPRNG Description216708
-Ref: CSPRNG Description-Footnote-1218264
-Node: FIPS PRNG Description218387
-Node: Self-Tests220521
-Node: FIPS Mode231980
-Ref: fig:fips-fsm235806
-Ref: tbl:fips-states235909
-Ref: tbl:fips-state-transitions237161
-Node: Library Copying240782
-Node: Copying268888
-Node: Figures and Tables288064
-Node: Concept Index288489
-Node: Function and Data Index299824
+Node: Top839
+Node: Introduction3369
+Node: Getting Started3741
+Node: Features4621
+Node: Overview5405
+Node: Preparation6028
+Node: Header6951
+Node: Building sources8022
+Node: Building sources using Automake9939
+Node: Initializing the library11867
+Ref: sample-use-suspend-secmem14935
+Ref: sample-use-resume-secmem15778
+Node: Multi-Threading16681
+Ref: Multi-Threading-Footnote-117860
+Node: Enabling FIPS mode18269
+Ref: enabling fips mode18450
+Node: Hardware features20262
+Ref: hardware features20429
+Ref: Hardware features-Footnote-121510
+Node: Generalities21671
+Node: Controlling the library21930
+Node: Error Handling40101
+Node: Error Values42640
+Node: Error Sources47580
+Node: Error Codes49848
+Node: Error Strings53324
+Node: Handler Functions54508
+Node: Progress handler55067
+Node: Allocation handler57216
+Node: Error handler58762
+Node: Logging handler60328
+Node: Symmetric cryptography60920
+Node: Available ciphers61660
+Node: Available cipher modes64341
+Node: Working with cipher handles68194
+Node: General cipher functions79698
+Node: Public Key cryptography83224
+Node: Available algorithms83990
+Node: Used S-expressions84339
+Node: RSA key parameters85456
+Node: DSA key parameters86731
+Node: ECC key parameters87385
+Ref: ecc_keyparam87536
+Node: Cryptographic Functions89407
+Node: General public-key related Functions101226
+Node: Hashing114746
+Node: Available hash algorithms115479
+Node: Working with hash algorithms121442
+Node: Message Authentication Codes135574
+Node: Available MAC algorithms136242
+Node: Working with MAC algorithms141404
+Node: Key Derivation147392
+Node: Random Numbers149794
+Node: Quality of random numbers150077
+Node: Retrieving random numbers150760
+Node: S-expressions152249
+Node: Data types for S-expressions152894
+Node: Working with S-expressions153220
+Node: MPI library166885
+Node: Data types167907
+Node: Basic functions168216
+Node: MPI formats170680
+Node: Calculations174204
+Node: Comparisons176473
+Node: Bit manipulations177476
+Node: EC functions178798
+Ref: gcry_mpi_ec_new181747
+Node: Miscellaneous187306
+Node: Prime numbers191450
+Node: Generation191720
+Node: Checking193007
+Node: Utilities193417
+Node: Memory allocation193794
+Node: Context management195150
+Ref: gcry_ctx_release195588
+Node: Buffer description195749
+Node: Config reporting196536
+Node: Tools197486
+Node: hmac256197653
+Node: Configuration198659
+Node: Architecture201712
+Ref: fig:subsystems203236
+Ref: Architecture-Footnote-1204322
+Ref: Architecture-Footnote-2204384
+Node: Public-Key Subsystem Architecture204468
+Node: Symmetric Encryption Subsystem Architecture206746
+Node: Hashing and MACing Subsystem Architecture208192
+Node: Multi-Precision-Integer Subsystem Architecture210115
+Node: Prime-Number-Generator Subsystem Architecture211553
+Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1213484
+Node: Random-Number Subsystem Architecture213776
+Node: CSPRNG Description216725
+Ref: CSPRNG Description-Footnote-1218281
+Node: FIPS PRNG Description218404
+Node: Self-Tests220538
+Node: FIPS Mode231997
+Ref: fig:fips-fsm235823
+Ref: tbl:fips-states235926
+Ref: tbl:fips-state-transitions237178
+Node: Library Copying240799
+Node: Copying268905
+Node: Figures and Tables288081
+Node: Concept Index288506
+Node: Function and Data Index299841
End Tag Table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/gcrypt.texi new/libgcrypt-1.8.2/doc/gcrypt.texi
--- old/libgcrypt-1.8.1/doc/gcrypt.texi 2017-07-18 16:13:57.000000000 +0200
+++ new/libgcrypt-1.8.2/doc/gcrypt.texi 2017-11-23 19:26:58.000000000 +0100
@@ -425,7 +425,7 @@
/* Allocate a pool of 16k secure memory. This makes the secure memory
available and also drops privileges where needed. Note that by
using functions like gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt
- may extend the secure memory pool with memory which lacks the
+ may expand the secure memory pool with memory which lacks the
property of not being swapped out to disk. */
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
@@ -672,7 +672,7 @@
Disabling the use of mlock may for example be done if an encrypted
swap space is in use. This command should be executed right after
@code{gcry_check_version}. Note that by using functions like
-gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may extend the secure
+gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may expand the secure
memory pool with memory which lacks the property of not being swapped
out to disk (but will still be zeroed out on free).
@@ -688,7 +688,7 @@
command has been used the caller is responsible for dropping the
privileges.
-@item GCRYCTL_INIT_SECMEM; Arguments: int nbytes
+@item GCRYCTL_INIT_SECMEM; Arguments: unsigned int nbytes
This command is used to allocate a pool of secure memory and thus
enabling the use of secure memory. It also drops all extra privileges
the process has (i.e. if it is run as setuid (root)). If the argument
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/libgcrypt-modules.eps new/libgcrypt-1.8.2/doc/libgcrypt-modules.eps
--- old/libgcrypt-1.8.1/doc/libgcrypt-modules.eps 2015-01-06 19:07:13.000000000 +0100
+++ new/libgcrypt-1.8.2/doc/libgcrypt-modules.eps 2017-11-23 19:46:17.000000000 +0100
@@ -1,7 +1,7 @@
%!PS-Adobe-3.0 EPSF-3.0
-%%Title: /home/wk/s/libgcrypt/doc/libgcrypt-modules.fig
+%%Title: /home/wk/s/libgcrypt-1.8/doc/libgcrypt-modules.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Tue Jan 6 19:07:13 2015
+%%CreationDate: Thu Nov 23 19:46:17 2017
%%BoundingBox: 0 0 488 300
%Magnification: 1.0000
%%EndComments
Binary files old/libgcrypt-1.8.1/doc/libgcrypt-modules.pdf and new/libgcrypt-1.8.2/doc/libgcrypt-modules.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/stamp-vti new/libgcrypt-1.8.2/doc/stamp-vti
--- old/libgcrypt-1.8.1/doc/stamp-vti 2017-08-27 09:26:41.000000000 +0200
+++ new/libgcrypt-1.8.2/doc/stamp-vti 2017-12-13 14:54:59.000000000 +0100
@@ -1,4 +1,4 @@
-@set UPDATED 18 July 2017
-@set UPDATED-MONTH July 2017
-@set EDITION 1.8.1
-@set VERSION 1.8.1
+@set UPDATED 23 November 2017
+@set UPDATED-MONTH November 2017
+@set EDITION 1.8.2
+@set VERSION 1.8.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/doc/version.texi new/libgcrypt-1.8.2/doc/version.texi
--- old/libgcrypt-1.8.1/doc/version.texi 2017-08-27 09:26:41.000000000 +0200
+++ new/libgcrypt-1.8.2/doc/version.texi 2017-12-13 14:54:59.000000000 +0100
@@ -1,4 +1,4 @@
-@set UPDATED 18 July 2017
-@set UPDATED-MONTH July 2017
-@set EDITION 1.8.1
-@set VERSION 1.8.1
+@set UPDATED 23 November 2017
+@set UPDATED-MONTH November 2017
+@set EDITION 1.8.2
+@set VERSION 1.8.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/src/global.c new/libgcrypt-1.8.2/src/global.c
--- old/libgcrypt-1.8.1/src/global.c 2017-06-24 13:34:29.000000000 +0200
+++ new/libgcrypt-1.8.2/src/global.c 2017-11-23 19:25:58.000000000 +0100
@@ -531,6 +531,10 @@
& ~GCRY_SECMEM_FLAG_SUSPEND_WARNING));
break;
+ case 78: /* GCRYCTL_AUTO_EXPAND_SECMEM (backport from 1.9) */
+ _gcry_secmem_set_auto_expand (va_arg (arg_ptr, unsigned int));
+ break;
+
case GCRYCTL_USE_SECURE_RNDPOOL:
global_init ();
_gcry_secure_random_alloc (); /* Put random number into secure memory. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/src/secmem.c new/libgcrypt-1.8.2/src/secmem.c
--- old/libgcrypt-1.8.1/src/secmem.c 2017-06-08 10:03:11.000000000 +0200
+++ new/libgcrypt-1.8.2/src/secmem.c 2017-11-23 19:38:12.000000000 +0100
@@ -91,7 +91,7 @@
static pooldesc_t mainpool;
-/* A couple of flags whith some being set early. */
+/* A couple of flags with some being set early. */
static int disable_secmem;
static int show_warning;
static int not_locked;
@@ -99,6 +99,8 @@
static int suspend_warning;
static int no_mlock;
static int no_priv_drop;
+static unsigned int auto_expand;
+
/* Lock protecting accesses to the memory pools. */
GPGRT_LOCK_DEFINE (secmem_lock);
@@ -407,7 +409,7 @@
# else
pgsize_val = -1;
# endif
- pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
+ pgsize = (pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
pool->size = (pool->size + pgsize - 1) & ~(pgsize - 1);
# ifdef MAP_ANONYMOUS
@@ -458,6 +460,24 @@
mb->flags = 0;
}
+
+/* Enable overflow pool allocation in all cases. CHUNKSIZE is a hint
+ * on how large to allocate overflow pools. */
+void
+_gcry_secmem_set_auto_expand (unsigned int chunksize)
+{
+ /* Round up to a multiple of the STANDARD_POOL_SIZE. */
+ chunksize = ((chunksize + (2*STANDARD_POOL_SIZE) - 1)
+ / STANDARD_POOL_SIZE ) * STANDARD_POOL_SIZE;
+ if (chunksize < STANDARD_POOL_SIZE) /* In case of overflow. */
+ chunksize = STANDARD_POOL_SIZE;
+
+ SECMEM_LOCK;
+ auto_expand = chunksize;
+ SECMEM_UNLOCK;
+}
+
+
void
_gcry_secmem_set_flags (unsigned flags)
{
@@ -617,7 +637,7 @@
/* If we are called from xmalloc style function resort to the
* overflow pools to return memory. We don't do this in FIPS mode,
* though. */
- if (xhint && !fips_mode ())
+ if ((xhint || auto_expand) && !fips_mode ())
{
for (pool = pool->next; pool; pool = pool->next)
{
@@ -635,7 +655,7 @@
pool = calloc (1, sizeof *pool);
if (!pool)
return NULL; /* Not enough memory for a new pool descriptor. */
- pool->size = STANDARD_POOL_SIZE;
+ pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
pool->mem = malloc (pool->size);
if (!pool->mem)
return NULL; /* Not enough memory available for a new pool. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/src/secmem.h new/libgcrypt-1.8.2/src/secmem.h
--- old/libgcrypt-1.8.1/src/secmem.h 2016-12-07 17:28:45.000000000 +0100
+++ new/libgcrypt-1.8.2/src/secmem.h 2017-11-23 19:21:11.000000000 +0100
@@ -27,6 +27,7 @@
void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint);
int _gcry_secmem_free (void *a);
void _gcry_secmem_dump_stats (int extended);
+void _gcry_secmem_set_auto_expand (unsigned int chunksize);
void _gcry_secmem_set_flags (unsigned flags);
unsigned _gcry_secmem_get_flags(void);
int _gcry_private_is_secure (const void *p);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/src/sexp.c new/libgcrypt-1.8.2/src/sexp.c
--- old/libgcrypt-1.8.1/src/sexp.c 2016-04-15 09:42:06.000000000 +0200
+++ new/libgcrypt-1.8.2/src/sexp.c 2017-11-24 10:38:42.000000000 +0100
@@ -1,7 +1,7 @@
/* sexp.c - S-Expression handling
* Copyright (C) 1999, 2000, 2001, 2002, 2003,
* 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2013, 2014 g10 Code GmbH
+ * Copyright (C) 2013, 2014, 2017 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -15,9 +15,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see https://www.gnu.org/licenses/.
+ * SPDX-License-Identifier: LGPL-2.1+
*/
@@ -1429,8 +1429,9 @@
}
else
{
- if (_gcry_mpi_print (mpifmt, NULL, 0, &nm, m))
- BUG ();
+ err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m);
+ if (err)
+ goto leave;
MAKE_SPACE (nm);
if (!_gcry_is_secure (c.sexp->d)
@@ -1456,8 +1457,9 @@
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, nm);
- if (_gcry_mpi_print (mpifmt, c.pos, nm, &nm, m))
- BUG ();
+ err = _gcry_mpi_print (mpifmt, c.pos, nm, &nm, m);
+ if (err)
+ goto leave;
c.pos += nm;
}
}
@@ -1521,7 +1523,7 @@
char buf[35];
ARG_NEXT (aint, int);
- sprintf (buf, "%d", aint);
+ snprintf (buf, sizeof buf, "%d", aint);
alen = strlen (buf);
MAKE_SPACE (alen);
*c.pos++ = ST_DATA;
@@ -1537,7 +1539,7 @@
char buf[35];
ARG_NEXT (aint, unsigned int);
- sprintf (buf, "%u", aint);
+ snprintf (buf, sizeof buf, "%u", aint);
alen = strlen (buf);
MAKE_SPACE (alen);
*c.pos++ = ST_DATA;
@@ -1810,7 +1812,7 @@
{
*dest++ = '#';
for (i=0; i < len; i++, dest += 2 )
- sprintf (dest, "%02X", src[i]);
+ snprintf (dest, 3, "%02X", src[i]);
*dest++ = '#';
}
return len*2+2;
@@ -1839,7 +1841,7 @@
default:
if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
{
- sprintf (p, "\\x%02x", *s);
+ snprintf (p, 5, "\\x%02x", *s);
p += 4;
}
else
@@ -1999,7 +2001,7 @@
}
else
{
- sprintf (numbuf, "%u:", (unsigned int)n );
+ snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n );
len += strlen (numbuf) + n;
if ( buffer )
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.1/tests/t-secmem.c new/libgcrypt-1.8.2/tests/t-secmem.c
--- old/libgcrypt-1.8.1/tests/t-secmem.c 2017-01-18 15:24:25.000000000 +0100
+++ new/libgcrypt-1.8.2/tests/t-secmem.c 2017-11-23 19:19:54.000000000 +0100
@@ -25,6 +25,7 @@
#include
#include
#include
+#include
#define PGM "t-secmem"
@@ -32,6 +33,11 @@
#include "../src/gcrypt-testapi.h"
+#define DEFAULT_PAGE_SIZE 4096
+#define MINIMUM_POOL_SIZE 16384
+static size_t pool_size;
+static size_t chunk_size;
+
static void
test_secmem (void)
{
@@ -42,12 +48,12 @@
memset (a, 0, sizeof a);
/* Allocating 28*512=14k should work in the default 16k pool even
- * with extrem alignment requirements. */
+ * with extra alignment requirements. */
for (i=0; i < DIM(a); i++)
- a[i] = gcry_xmalloc_secure (512);
+ a[i] = gcry_xmalloc_secure (chunk_size);
/* Allocating another 2k should fail for the default 16k pool. */
- b = gcry_malloc_secure (2048);
+ b = gcry_malloc_secure (chunk_size*4);
if (b)
fail ("allocation did not fail as expected\n");
@@ -68,7 +74,7 @@
/* Allocating 150*512=75k should require more than one overflow buffer. */
for (i=0; i < DIM(a); i++)
{
- a[i] = gcry_xmalloc_secure (512);
+ a[i] = gcry_xmalloc_secure (chunk_size);
if (verbose && !(i %40))
xgcry_control (GCRYCTL_DUMP_SECMEM_STATS, 0 , 0);
}
@@ -111,6 +117,20 @@
main (int argc, char **argv)
{
int last_argc = -1;
+ long int pgsize_val = -1;
+ size_t pgsize;
+
+#if HAVE_MMAP
+# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+ pgsize_val = sysconf (_SC_PAGESIZE);
+# elif defined(HAVE_GETPAGESIZE)
+ pgsize_val = getpagesize ();
+# endif
+#endif
+ pgsize = (pgsize_val > 0)? pgsize_val : DEFAULT_PAGE_SIZE;
+
+ pool_size = (MINIMUM_POOL_SIZE + pgsize - 1) & ~(pgsize - 1);
+ chunk_size = pool_size / 32;
if (argc)
{ argc--; argv++; }
@@ -153,7 +173,7 @@
if (debug)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
- xgcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+ xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
gcry_set_outofcore_handler (outofcore_handler, NULL);
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);