2017-08-16 08:55:16 +00:00
|
|
|
diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c
|
|
|
|
--- libgcrypt-1.8.0/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
|
|
|
|
+++ libgcrypt-1.8.0/cipher/dsa.c 2017-08-15 15:10:39.551600227 +0200
|
2016-11-23 08:56:34 +00:00
|
|
|
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
|
|
&prime_q, &prime_p,
|
|
|
|
r_counter,
|
|
|
|
r_seed, r_seedlen);
|
|
|
|
- else
|
|
|
|
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|
|
|
+ else if (!domain->p || !domain->q)
|
|
|
|
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
|
|
+ initial_seed.seed,
|
|
|
|
+ initial_seed.seedlen,
|
|
|
|
&prime_q, &prime_p,
|
|
|
|
r_counter,
|
|
|
|
r_seed, r_seedlen, NULL);
|
|
|
|
+ else
|
|
|
|
+ {
|
|
|
|
+ /* Domain parameters p and q are given; use them. */
|
|
|
|
+ prime_p = mpi_copy (domain->p);
|
|
|
|
+ prime_q = mpi_copy (domain->q);
|
|
|
|
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
|
|
|
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
|
|
|
+ ec = 0;
|
|
|
|
+ }
|
|
|
|
sexp_release (initial_seed.sexp);
|
|
|
|
if (ec)
|
|
|
|
goto leave;
|
|
|
|
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
|
|
|
sexp_release (l1);
|
|
|
|
sexp_release (domainsexp);
|
|
|
|
|
|
|
|
- /* Check that all domain parameters are available. */
|
|
|
|
- if (!domain.p || !domain.q || !domain.g)
|
|
|
|
+ /* Check that p and q domain parameters are available. */
|
|
|
|
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
|
|
|
{
|
|
|
|
_gcry_mpi_release (domain.p);
|
|
|
|
_gcry_mpi_release (domain.q);
|
|
|
|
_gcry_mpi_release (domain.g);
|
|
|
|
- sexp_release (deriveparms);
|
|
|
|
return GPG_ERR_MISSING_VALUE;
|
|
|
|
}
|
|
|
|
|
2017-08-16 08:55:16 +00:00
|
|
|
diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c
|
|
|
|
--- libgcrypt-1.8.0/cipher/rsa.c.tests 2017-07-06 10:21:36.000000000 +0200
|
|
|
|
+++ libgcrypt-1.8.0/cipher/rsa.c 2017-08-15 15:10:39.551600227 +0200
|
2016-11-23 08:56:34 +00:00
|
|
|
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
|
|
|
|
|
|
|
*swapped = 0;
|
|
|
|
|
|
|
|
- if (e_value == 1) /* Alias for a secure value. */
|
|
|
|
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
|
|
|
e_value = 65537;
|
|
|
|
|
|
|
|
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
2017-08-16 08:55:16 +00:00
|
|
|
diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c
|
|
|
|
--- libgcrypt-1.8.0/tests/keygen.c.tests 2017-08-15 15:10:39.551600227 +0200
|
|
|
|
+++ libgcrypt-1.8.0/tests/keygen.c 2017-08-15 15:16:05.433176171 +0200
|
|
|
|
@@ -200,11 +200,11 @@ check_rsa_keys (void)
|
2016-11-23 08:56:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
if (verbose)
|
2017-08-16 08:55:16 +00:00
|
|
|
- info ("creating 512 bit RSA key with e=257\n");
|
|
|
|
+ info ("creating 1024 bit RSA key with e=257\n");
|
2016-11-23 08:56:34 +00:00
|
|
|
rc = gcry_sexp_new (&keyparm,
|
|
|
|
"(genkey\n"
|
|
|
|
" (rsa\n"
|
|
|
|
- " (nbits 3:512)\n"
|
|
|
|
+ " (nbits 4:1024)\n"
|
|
|
|
" (rsa-use-e 3:257)\n"
|
|
|
|
" ))", 0, 1);
|
|
|
|
if (rc)
|
2017-08-16 08:55:16 +00:00
|
|
|
@@ -225,11 +225,11 @@ check_rsa_keys (void)
|
2016-11-23 08:56:34 +00:00
|
|
|
gcry_sexp_release (key);
|
|
|
|
|
|
|
|
if (verbose)
|
2017-08-16 08:55:16 +00:00
|
|
|
- info ("creating 512 bit RSA key with default e\n");
|
|
|
|
+ info ("creating 1024 bit RSA key with default e\n");
|
2016-11-23 08:56:34 +00:00
|
|
|
rc = gcry_sexp_new (&keyparm,
|
|
|
|
"(genkey\n"
|
|
|
|
" (rsa\n"
|
|
|
|
- " (nbits 3:512)\n"
|
|
|
|
+ " (nbits 4:1024)\n"
|
|
|
|
" (rsa-use-e 1:0)\n"
|
|
|
|
" ))", 0, 1);
|
|
|
|
if (rc)
|
2017-08-16 08:55:16 +00:00
|
|
|
@@ -309,12 +309,12 @@ check_dsa_keys (void)
|
2016-11-23 08:56:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (verbose)
|
2017-08-16 08:55:16 +00:00
|
|
|
- info ("creating 1536 bit DSA key\n");
|
|
|
|
+ info ("creating 2048 bit DSA key\n");
|
2016-11-23 08:56:34 +00:00
|
|
|
rc = gcry_sexp_new (&keyparm,
|
|
|
|
"(genkey\n"
|
|
|
|
" (dsa\n"
|
|
|
|
- " (nbits 4:1536)\n"
|
|
|
|
- " (qbits 3:224)\n"
|
|
|
|
+ " (nbits 4:2048)\n"
|
|
|
|
+ " (qbits 3:256)\n"
|
|
|
|
" ))", 0, 1);
|
|
|
|
if (rc)
|
|
|
|
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
2017-08-16 08:55:16 +00:00
|
|
|
diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c
|
|
|
|
--- libgcrypt-1.8.0/tests/pubkey.c.tests 2017-01-18 15:24:25.000000000 +0100
|
|
|
|
+++ libgcrypt-1.8.0/tests/pubkey.c 2017-08-15 15:10:39.552600207 +0200
|
|
|
|
@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
2016-11-23 08:56:34 +00:00
|
|
|
" (use-fips186)"
|
|
|
|
" (transient-key)"
|
|
|
|
" (derive-parms"
|
|
|
|
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
|
|
|
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
|
|
|
0, 1);
|
|
|
|
if (rc)
|
|
|
|
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|