From 88000a9159ac26b5c465f4ebf51526f24487fe6a Mon Sep 17 00:00:00 2001
From: CentOS Buildsys <bugs@centos.org>
Date: Jan 26 2014 11:19:18 +0000
Subject: import libgcrypt-1.5.3-4.el7.src.rpm


---

diff --git a/SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch b/SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch
new file mode 100644
index 0000000..7017367
--- /dev/null
+++ b/SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch
@@ -0,0 +1,32 @@
+diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
+--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup	2014-01-21 15:49:22.676638703 +0100
++++ libgcrypt-1.5.3/cipher/kdf.c	2014-01-21 15:52:40.115047218 +0100
+@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
+       return ec;
+     }
+ 
++  ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
++  if (ec)
++    {
++      gcry_md_close (md);
++      gcry_free (sbuf);
++      return ec;
++    }
++
+   /* Step 3 and 4. */
+   memcpy (sbuf, salt, saltlen);
+   for (lidx = 1; lidx <= l; lidx++)
+     {
+       for (iter = 0; iter < iterations; iter++)
+         {
+-          ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
+-          if (ec)
+-            {
+-              gcry_md_close (md);
+-              gcry_free (sbuf);
+-              return ec;
+-            }
++          gcry_md_reset (md);
+           if (!iter) /* Compute U_1:  */
+             {
+               sbuf[saltlen]     = (lidx >> 24);
diff --git a/SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch b/SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch
new file mode 100644
index 0000000..f64c94f
--- /dev/null
+++ b/SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch
@@ -0,0 +1,28 @@
+diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
+--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug	2013-05-22 18:02:54.000000000 +0200
++++ libgcrypt-1.5.3/cipher/whirlpool.c	2014-01-21 15:45:51.308919415 +0100
+@@ -56,6 +56,7 @@ typedef struct {
+   unsigned char buffer[BLOCK_SIZE];
+   size_t count;
+   unsigned char length[32];
++  int bug;
+ } whirlpool_context_t;
+ 
+ 
+@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
+   whirlpool_context_t *context = ctx;
+ 
+   memset (context, 0, sizeof (*context));
++  context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
+ }
+ 
+ 
+@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
+ 	  buffer_n--;
+ 	}
+       whirlpool_add (context, NULL, 0);
+-      if (!buffer_n)
++      if (context->bug && !buffer_n)
+ 	/* Done.  */
+         return;
+     }
diff --git a/SPECS/libgcrypt.spec b/SPECS/libgcrypt.spec
index 6aca195..c7de2a1 100644
--- a/SPECS/libgcrypt.spec
+++ b/SPECS/libgcrypt.spec
@@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.5.3
-Release: 1%{?dist}
+Release: 4%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@@ -29,6 +29,12 @@ Patch11: libgcrypt-1.5.1-use-poll.patch
 Patch12: libgcrypt-1.5.2-aliasing.patch
 # slight optimalization of mpicoder.c to silence Valgrind (#968288)
 Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
+# pbkdf2 speedup - upstream
+Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
+# fix bug in whirlpool implementation (for backwards compatibility
+# with files generated with buggy version set environment
+# varible GCRYPT_WHIRLPOOL_BUG
+Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
 
 %define gcrylibdir %{_libdir}
 
@@ -73,6 +79,8 @@ applications using libgcrypt.
 %patch11 -p1 -b .use-poll
 %patch12 -p1 -b .aliasing
 %patch13 -p1 -b .gccopt
+%patch15 -p1 -b .pbkdf-speedup
+%patch16 -p1 -b .whirlpool-bug
 
 %build
 %configure --disable-static \
@@ -174,6 +182,16 @@ exit 0
 %doc COPYING
 
 %changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.5.3-4
+- Mass rebuild 2014-01-24
+
+* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
+- fix a bug in the Whirlpool hash implementation
+- speed up the PBKDF2 computation
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.5.3-2
+- Mass rebuild 2013-12-27
+
 * Fri Jul 26 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.3-1
 - new upstream version fixing cache side-channel attack on RSA private keys
 
@@ -236,7 +254,7 @@ exit 0
 * Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
-* Thu Feb  4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
+* Fri Feb  4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
 - fix a bug in the fips-186-3 dsa parameter generation code
 
 * Tue Feb  1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
@@ -413,5 +431,5 @@ exit 0
 * Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.5-1
 - fix the Source tag so that it's a real URL
 
-* Wed Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
+* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
 - initial package