1.6.x testsuite error on Bigendian with gcc5 / gcrypt patches applied in RedHat Fedora

Andreas Metzler ametzler at bebt.de
Sun Sep 27 08:42:34 CEST 2015


Hello,

1.6.4 has a testsuite error withh gcc5 on bigendian (ppc64):

-------------
selftest for CFB failed - see syslog for details
pass 0, algo 4, mode 1, gcry_cipher_setkey failed: Selftest failed
pass 0, algo 4, mode 2, gcry_cipher_setkey failed: Selftest failed
pass 0, algo 4, mode 5, gcry_cipher_setkey failed: Selftest failed
pass 0, algo 4, mode 3, gcry_cipher_setkey failed: Selftest failed
pass 0, algo 4, mode 3, gcry_cipher_setkey failed: Selftest failed
pass 0, algo 4, mode 6, gcry_cipher_setkey failed: Selftest failed
FAIL: basic
[...]
selftest for CFB failed - see syslog for details
benchmark: error setting key for mac algorithm `CMAC_BLOWFISH': Selftest failed
FAIL: benchmark
selftest for CFB failed - see syslog for details
bench-slope: error setting key for mac `CMAC_BLOWFISH'
---------------

This is RedHat bug https://bugzilla.redhat.com/show_bug.cgi?id=1201219
[libgcrypt is violating C aliasing rules in buf_xor_n_copy
(cipher/bufhelp.h)] and Fedora is working around it by disabling strict
aliasing for these files (libgcrypt-1.6.3-aliasing.patch).

---------------------------------------------

Besides this patch Fedora is applying a bunch of other patches
<http://pkgs.fedoraproject.org/cgit/libgcrypt.git/tree/>, have these
been forwarded to you, yet?

* The original libgcrypt sources now contain potentially patented ECC
  cipher support. We have to remove it in the tarball we ship with
  the hobble-libgcrypt script. 
  (We replace it with RH approved ECC in Source4-5)

# make FIPS hmac compatible with fipscheck - non upstreamable
# update on soname bump
Patch2: libgcrypt-1.6.2-use-fipscheck.patch
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
Patch5: libgcrypt-1.6.1-tests.patch
# add configurable source of RNG seed and seed by default
# from /dev/urandom in the FIPS mode
Patch6: libgcrypt-1.6.1-fips-cfgrandom.patch
# update the CAVS tests
Patch7: libgcrypt-1.6.2-fips-cavs.patch
# fix for memory leaks an other errors found by Coverity scan
Patch9: libgcrypt-1.6.1-leak.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.6.1-use-poll.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
# fix tests to work with approved ECC
Patch14: libgcrypt-1.6.1-ecc-test-fix.patch
# Replace the FIPS RNG with DRBG
Patch15: libgcrypt-1.6.2-drbg.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.6.2-fips-ctor.patch
# Make it possible to run the test suite in the FIPS mode
Patch19: libgcrypt-1.6.2-fips-test.patch
# Make the FIPS RSA keygen to be FIPS 186-4 compliant
Patch20: libgcrypt-1.6.3-rsa-fips-keygen.patch
# update the selftests for new FIPS requirements
Patch22: libgcrypt-1.6.2-fips-reqs.patch
# do not use strict aliasing for bufhelp functions
Patch23: libgcrypt-1.6.3-aliasing.patch
# use only urandom if /dev/random cannot be opened
Patch24: libgcrypt-1.6.3-urandom-only.patch

Thanks, cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gcrypt-devel mailing list