Remove a no longer needed patch
This commit is contained in:
Jakub Jelen
parent
ef01d2c6d0
commit
02e6d9b5f1
@ -1,113 +0,0 @@
|
||||
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
|
||||
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
|
||||
@@ -317,6 +317,7 @@ struct drbg_state_s
|
||||
gcry_cipher_hd_t ctr_handle; /* CTR mode cipher handle */
|
||||
int seeded:1; /* DRBG fully seeded? */
|
||||
int pr:1; /* Prediction resistance enabled? */
|
||||
+ int ent_primed:1; /* Previous entropy data primed? */
|
||||
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
|
||||
* process which did the initialization so that we can detect a fork.
|
||||
* The volatile modifier is required so that the compiler does not
|
||||
@@ -324,6 +325,7 @@ struct drbg_state_s
|
||||
pid_t seed_init_pid;
|
||||
const struct drbg_state_ops_s *d_ops;
|
||||
const struct drbg_core_s *core;
|
||||
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
|
||||
struct drbg_test_data_s *test_data;
|
||||
};
|
||||
|
||||
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
||||
size_t len)
|
||||
{
|
||||
int rc = 0;
|
||||
+ unsigned char newhash[64];
|
||||
|
||||
/* Perform testing as defined in 11.3.2 */
|
||||
if (drbg->test_data && drbg->test_data->fail_seed_source)
|
||||
return -1;
|
||||
|
||||
+redo:
|
||||
read_cb_buffer = buffer;
|
||||
read_cb_size = len;
|
||||
read_cb_len = 0;
|
||||
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
||||
#else
|
||||
rc = -1;
|
||||
#endif
|
||||
+
|
||||
+ /* to avoid storing the actual entropy obtained for indefinite
|
||||
+ time, we just store the SHA-512 hash of the entropy gathered
|
||||
+ */
|
||||
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
|
||||
+
|
||||
+ if (!drbg->ent_primed)
|
||||
+ {
|
||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
||||
+ drbg->ent_primed = 1;
|
||||
+ goto redo;
|
||||
+ }
|
||||
+
|
||||
+ if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
|
||||
+ {
|
||||
+ fips_signal_error ("Entropy source failed the continuous test");
|
||||
+ return -1; /* continuous entropy test failed */
|
||||
+ }
|
||||
+
|
||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
||||
+
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
|
||||
}
|
||||
else
|
||||
{
|
||||
+ int nonce = 0;
|
||||
/* Gather entropy equal to the security strength of the DRBG.
|
||||
* With a derivation function, a nonce is required in addition
|
||||
* to the entropy. A nonce must be at least 1/2 of the security
|
||||
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
|
||||
* of the strength. The consideration of a nonce is only
|
||||
- * applicable during initial seeding. */
|
||||
+ * applicable during initial seeding.
|
||||
+ * To avoid pulling different length of data from entropy
|
||||
+ * source, we use 2 * strength for initial seeding. */
|
||||
entropylen = drbg_sec_strength (drbg->core->flags);
|
||||
if (!entropylen)
|
||||
return GPG_ERR_GENERAL;
|
||||
if (0 == reseed)
|
||||
- /* make sure we round up strength/2 in
|
||||
- * case it is not divisible by 2 */
|
||||
- entropylen = ((entropylen + 1) / 2) * 3;
|
||||
+ {
|
||||
+ nonce = 1;
|
||||
+ }
|
||||
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
|
||||
- entropy = xcalloc_secure (1, entropylen);
|
||||
+ entropy = xcalloc_secure (nonce + 1, entropylen);
|
||||
if (!entropy)
|
||||
return GPG_ERR_ENOMEM;
|
||||
ret = drbg_get_entropy (drbg, entropy, entropylen);
|
||||
if (ret)
|
||||
goto out;
|
||||
+ if (nonce)
|
||||
+ {
|
||||
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
|
||||
+ if (ret)
|
||||
+ goto out;
|
||||
+ /* make sure we round up strength/2 in
|
||||
+ * case it is not divisible by 2 */
|
||||
+ entropylen = 2 * entropylen;
|
||||
+ }
|
||||
drbg_string_fill (&data1, entropy, entropylen);
|
||||
}
|
||||
|
||||
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
|
||||
drbg->core = &drbg_cores[coreref];
|
||||
drbg->pr = pr;
|
||||
drbg->seeded = 0;
|
||||
+ drbg->ent_primed = 0;
|
||||
if (drbg->core->flags & DRBG_HMAC)
|
||||
drbg->d_ops = &drbg_hmac_ops;
|
||||
else if (drbg->core->flags & DRBG_HASH_MASK)
|
||||
@ -37,8 +37,6 @@ Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||
Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
||||
# Do not try to open /dev/urandom if getrandom() works
|
||||
Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||
# Continuous FIPS entropy test
|
||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||
# Missing Intel CET support in the library (#1954049)
|
||||
@ -89,7 +87,6 @@ applications using libgcrypt.
|
||||
%patch13 -p1 -b .gccopt
|
||||
%patch18 -p1 -b .fips-ctor
|
||||
%patch24 -p1 -b .getrandom
|
||||
%patch26 -p1 -b .fips-enttest
|
||||
%patch27 -p1 -b .fips-enforce
|
||||
%patch28 -p1 -b .intel-cet
|
||||
%patch30 -p1 -b .fips-module
|
||||
|
||||
Loading…
Reference in New Issue
Block a user