From 0c8865f0b9937dd7c6d741b814f6c2c03f0ddd0b Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 16 Aug 2017 10:55:16 +0200 Subject: [PATCH] new upstream version 1.8.0 --- curves.c | 37 ++---- libgcrypt-1.6.3-urandom-only.patch | 29 ----- libgcrypt-1.7.3-aliasing.patch | 24 ---- libgcrypt-1.7.3-fips-cfgrandom.patch | 104 ---------------- ...tests.patch => libgcrypt-1.8.0-tests.patch | 44 +++---- ...ll.patch => libgcrypt-1.8.0-use-poll.patch | 22 ++-- libgcrypt.spec | 29 ++--- random.conf | 4 + t-mpi-point.c | 114 +++++------------- 9 files changed, 92 insertions(+), 315 deletions(-) delete mode 100644 libgcrypt-1.6.3-urandom-only.patch delete mode 100644 libgcrypt-1.7.3-aliasing.patch delete mode 100644 libgcrypt-1.7.3-fips-cfgrandom.patch rename libgcrypt-1.7.3-tests.patch => libgcrypt-1.8.0-tests.patch (72%) rename libgcrypt-1.7.6-use-poll.patch => libgcrypt-1.8.0-use-poll.patch (76%) create mode 100644 random.conf diff --git a/curves.c b/curves.c index 545c03e..b68e0e2 100644 --- a/curves.c +++ b/curves.c @@ -28,6 +28,10 @@ #include "../src/gcrypt-int.h" + +#define PGM "curves" +#include "t-common.h" + /* Number of curves defined in ../cipger/ecc.c */ #define N_CURVES 14 @@ -48,31 +52,6 @@ static char const sample_key_1[] = static char const sample_key_1_curve[] = "NIST P-256"; static unsigned int sample_key_1_nbits = 256; -/* Program option flags. */ -static int verbose; -static int error_count; - -static void -fail (const char *format, ...) -{ - va_list arg_ptr; - - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - va_end (arg_ptr); - error_count++; -} - -static void -die (const char *format, ...) -{ - va_list arg_ptr; - - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - va_end (arg_ptr); - exit (1); -} static void @@ -145,8 +124,6 @@ check_get_params (void) int main (int argc, char **argv) { - int debug = 0; - if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; else if (argc > 1 && !strcmp (argv[1], "--debug")) @@ -155,10 +132,10 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + xgcry_control (GCRYCTL_DISABLE_SECMEM, 0); + xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) - gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); list_curves (); check_matching (); check_get_params (); diff --git a/libgcrypt-1.6.3-urandom-only.patch b/libgcrypt-1.6.3-urandom-only.patch deleted file mode 100644 index cf0901d..0000000 --- a/libgcrypt-1.6.3-urandom-only.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up libgcrypt-1.6.3/random/random-csprng.c.urandom-only libgcrypt-1.6.3/random/random-csprng.c ---- libgcrypt-1.6.3/random/random-csprng.c.urandom-only 2015-02-27 10:54:03.000000000 +0100 -+++ libgcrypt-1.6.3/random/random-csprng.c 2015-03-20 08:29:27.513113519 +0100 -@@ -1125,8 +1125,7 @@ getfnc_gather_random (void))(void (*)(co - enum random_origins, size_t, int); - - #if USE_RNDLINUX -- if ( !access (NAME_OF_DEV_RANDOM, R_OK) -- && !access (NAME_OF_DEV_URANDOM, R_OK)) -+ if (!access (NAME_OF_DEV_URANDOM, R_OK)) - { - fnc = _gcry_rndlinux_gather_random; - return fnc; -diff -up libgcrypt-1.6.3/random/rndlinux.c.urandom-only libgcrypt-1.6.3/random/rndlinux.c ---- libgcrypt-1.6.3/random/rndlinux.c.urandom-only 2015-03-20 08:36:13.472098269 +0100 -+++ libgcrypt-1.6.3/random/rndlinux.c 2015-03-20 08:36:43.765097131 +0100 -@@ -178,7 +178,11 @@ _gcry_rndlinux_gather_random (void (*add - { - if (fd_random == -1) - { -- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1); -+ /* We try to open /dev/random first but in case the open fails -+ we gracefully retry with /dev/urandom. */ -+ fd_random = open_device (NAME_OF_DEV_RANDOM, 0, 0); -+ if (fd_random == -1) -+ fd_random = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 1), 1); - ever_opened |= 1; - } - fd = fd_random; diff --git a/libgcrypt-1.7.3-aliasing.patch b/libgcrypt-1.7.3-aliasing.patch deleted file mode 100644 index 5fa3b9b..0000000 --- a/libgcrypt-1.7.3-aliasing.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up libgcrypt-1.7.3/cipher/bufhelp.h.aliasing libgcrypt-1.7.3/cipher/bufhelp.h ---- libgcrypt-1.7.3/cipher/bufhelp.h.aliasing 2016-04-07 17:30:08.000000000 +0200 -+++ libgcrypt-1.7.3/cipher/bufhelp.h 2016-11-22 17:00:13.065692916 +0100 -@@ -35,6 +35,11 @@ - # define BUFHELP_FAST_UNALIGNED_ACCESS 1 - #endif - -+#if _GCRY_GCC_VERSION >= 40400 -+# pragma GCC push_options -+# pragma GCC optimize ("no-strict-aliasing") -+#endif -+ - - #ifdef BUFHELP_FAST_UNALIGNED_ACCESS - /* Define type with one-byte alignment on architectures with fast unaligned -@@ -429,4 +434,8 @@ static inline void buf_put_le64(void *_b - - #endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/ - -+#if _GCRY_GCC_VERSION >= 40400 -+# pragma GCC pop_options -+#endif -+ - #endif /*GCRYPT_BUFHELP_H*/ diff --git a/libgcrypt-1.7.3-fips-cfgrandom.patch b/libgcrypt-1.7.3-fips-cfgrandom.patch deleted file mode 100644 index c9786e4..0000000 --- a/libgcrypt-1.7.3-fips-cfgrandom.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff -up libgcrypt-1.7.3/random/random-drbg.c.cfgrandom libgcrypt-1.7.3/random/random-drbg.c ---- libgcrypt-1.7.3/random/random-drbg.c.cfgrandom 2016-04-07 17:30:08.000000000 +0200 -+++ libgcrypt-1.7.3/random/random-drbg.c 2016-11-22 15:54:02.227319203 +0100 -@@ -627,8 +627,13 @@ drbg_get_entropy (drbg_state_t drbg, uns - read_cb_size = len; - read_cb_len = 0; - #if USE_RNDLINUX -+ /* First read from /etc/gcrypt/rngseed if available */ -+ _gcry_rndlinux_gather_random (drbg_read_cb, 0, len, -+ -1); -+ read_cb_len = 0; -+ /* then use /dev/urandom. */ - rc = _gcry_rndlinux_gather_random (drbg_read_cb, 0, len, -- GCRY_VERY_STRONG_RANDOM); -+ GCRY_STRONG_RANDOM); - #elif USE_RNDUNIX - rc = _gcry_rndunix_gather_random (drbg_read_cb, 0, len, - GCRY_VERY_STRONG_RANDOM); -diff -up libgcrypt-1.7.3/random/rndlinux.c.cfgrandom libgcrypt-1.7.3/random/rndlinux.c ---- libgcrypt-1.7.3/random/rndlinux.c.cfgrandom 2016-07-14 11:19:17.000000000 +0200 -+++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 15:45:19.921141761 +0100 -@@ -40,7 +40,9 @@ - #include "g10lib.h" - #include "rand-internal.h" - --static int open_device (const char *name, int retry); -+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed" -+ -+static int open_device (const char *name, int retry, int fatal); - - - static int -@@ -63,7 +65,7 @@ set_cloexec_flag (int fd) - * a fatal error but retries until it is able to reopen the device. - */ - static int --open_device (const char *name, int retry) -+open_device (const char *name, int retry, int fatal) - { - int fd; - -@@ -71,6 +73,8 @@ open_device (const char *name, int retry - _gcry_random_progress ("open_dev_random", 'X', 1, 0); - again: - fd = open (name, O_RDONLY); -+ if (fd == -1 && !fatal) -+ return fd; - if (fd == -1 && retry) - { - struct timeval tv; -@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add - { - static int fd_urandom = -1; - static int fd_random = -1; -+ static int fd_configured = -1; - static unsigned char ever_opened; - int fd; - int n; -@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add - close (fd_urandom); - fd_urandom = -1; - } -+ if (fd_configured != -1) -+ { -+ close (fd_configured); -+ fd_configured = -1; -+ } - return 0; - } - -@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add - that we always require the device to be existent but want a more - graceful behaviour if the rarely needed close operation has been - used and the device needs to be re-opened later. */ -+ -+ if (level == -1) -+ { -+ if (fd_configured == -1) -+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 ); -+ fd = fd_configured; -+ if (fd == -1) -+ return -1; -+ } -+ - if (level >= 2) - { - if (fd_random == -1) - { -- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1)); -+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1); - ever_opened |= 1; - } - fd = fd_random; - } -- else -+ else if (level != -1) - { - if (fd_urandom == -1) - { -- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2)); -+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1); - ever_opened |= 2; - } - fd = fd_urandom; diff --git a/libgcrypt-1.7.3-tests.patch b/libgcrypt-1.8.0-tests.patch similarity index 72% rename from libgcrypt-1.7.3-tests.patch rename to libgcrypt-1.8.0-tests.patch index f1b461c..f3dfe96 100644 --- a/libgcrypt-1.7.3-tests.patch +++ b/libgcrypt-1.8.0-tests.patch @@ -1,6 +1,6 @@ -diff -up libgcrypt-1.7.3/cipher/dsa.c.tests libgcrypt-1.7.3/cipher/dsa.c ---- libgcrypt-1.7.3/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200 -+++ libgcrypt-1.7.3/cipher/dsa.c 2016-11-22 15:33:48.813026002 +0100 +diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c +--- libgcrypt-1.8.0/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200 ++++ libgcrypt-1.8.0/cipher/dsa.c 2017-08-15 15:10:39.551600227 +0200 @@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un &prime_q, &prime_p, r_counter, @@ -42,9 +42,9 @@ diff -up libgcrypt-1.7.3/cipher/dsa.c.tests libgcrypt-1.7.3/cipher/dsa.c return GPG_ERR_MISSING_VALUE; } -diff -up libgcrypt-1.7.3/cipher/rsa.c.tests libgcrypt-1.7.3/cipher/rsa.c ---- libgcrypt-1.7.3/cipher/rsa.c.tests 2016-07-14 11:19:17.000000000 +0200 -+++ libgcrypt-1.7.3/cipher/rsa.c 2016-11-22 15:25:05.426838229 +0100 +diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c +--- libgcrypt-1.8.0/cipher/rsa.c.tests 2017-07-06 10:21:36.000000000 +0200 ++++ libgcrypt-1.8.0/cipher/rsa.c 2017-08-15 15:10:39.551600227 +0200 @@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig *swapped = 0; @@ -54,15 +54,15 @@ diff -up libgcrypt-1.7.3/cipher/rsa.c.tests libgcrypt-1.7.3/cipher/rsa.c e_value = 65537; /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */ -diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c ---- libgcrypt-1.7.3/tests/keygen.c.tests 2016-04-07 17:30:08.000000000 +0200 -+++ libgcrypt-1.7.3/tests/keygen.c 2016-11-22 15:25:33.178484464 +0100 -@@ -257,11 +257,11 @@ check_rsa_keys (void) +diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c +--- libgcrypt-1.8.0/tests/keygen.c.tests 2017-08-15 15:10:39.551600227 +0200 ++++ libgcrypt-1.8.0/tests/keygen.c 2017-08-15 15:16:05.433176171 +0200 +@@ -200,11 +200,11 @@ check_rsa_keys (void) if (verbose) -- show ("creating 512 bit RSA key with e=257\n"); -+ show ("creating 1024 bit RSA key with e=257\n"); +- info ("creating 512 bit RSA key with e=257\n"); ++ info ("creating 1024 bit RSA key with e=257\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" " (rsa\n" @@ -71,12 +71,12 @@ diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c " (rsa-use-e 3:257)\n" " ))", 0, 1); if (rc) -@@ -282,11 +282,11 @@ check_rsa_keys (void) +@@ -225,11 +225,11 @@ check_rsa_keys (void) gcry_sexp_release (key); if (verbose) -- show ("creating 512 bit RSA key with default e\n"); -+ show ("creating 1024 bit RSA key with default e\n"); +- info ("creating 512 bit RSA key with default e\n"); ++ info ("creating 1024 bit RSA key with default e\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" " (rsa\n" @@ -85,12 +85,12 @@ diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c " (rsa-use-e 1:0)\n" " ))", 0, 1); if (rc) -@@ -366,12 +366,12 @@ check_dsa_keys (void) +@@ -309,12 +309,12 @@ check_dsa_keys (void) } if (verbose) -- show ("creating 1536 bit DSA key\n"); -+ show ("creating 2048 bit DSA key\n"); +- info ("creating 1536 bit DSA key\n"); ++ info ("creating 2048 bit DSA key\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" " (dsa\n" @@ -101,10 +101,10 @@ diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c " ))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gpg_strerror (rc)); -diff -up libgcrypt-1.7.3/tests/pubkey.c.tests libgcrypt-1.7.3/tests/pubkey.c ---- libgcrypt-1.7.3/tests/pubkey.c.tests 2016-07-14 11:19:17.000000000 +0200 -+++ libgcrypt-1.7.3/tests/pubkey.c 2016-11-22 18:40:23.220813982 +0100 -@@ -651,7 +651,7 @@ get_dsa_key_fips186_with_seed_new (gcry_ +diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c +--- libgcrypt-1.8.0/tests/pubkey.c.tests 2017-01-18 15:24:25.000000000 +0100 ++++ libgcrypt-1.8.0/tests/pubkey.c 2017-08-15 15:10:39.552600207 +0200 +@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_ " (use-fips186)" " (transient-key)" " (derive-parms" diff --git a/libgcrypt-1.7.6-use-poll.patch b/libgcrypt-1.8.0-use-poll.patch similarity index 76% rename from libgcrypt-1.7.6-use-poll.patch rename to libgcrypt-1.8.0-use-poll.patch index 4ec20ce..07df8dd 100644 --- a/libgcrypt-1.7.6-use-poll.patch +++ b/libgcrypt-1.8.0-use-poll.patch @@ -1,6 +1,6 @@ -diff -up libgcrypt-1.7.6/random/rndlinux.c.use-poll libgcrypt-1.7.6/random/rndlinux.c ---- libgcrypt-1.7.6/random/rndlinux.c.use-poll 2017-01-30 14:20:13.665662981 +0100 -+++ libgcrypt-1.7.6/random/rndlinux.c 2017-01-30 14:27:45.957027214 +0100 +diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndlinux.c +--- libgcrypt-1.8.0/random/rndlinux.c.use-poll 2017-06-24 13:34:29.000000000 +0200 ++++ libgcrypt-1.8.0/random/rndlinux.c 2017-08-15 15:37:37.604629377 +0200 @@ -32,6 +32,7 @@ #include #include @@ -9,7 +9,7 @@ diff -up libgcrypt-1.7.6/random/rndlinux.c.use-poll libgcrypt-1.7.6/random/rndli #if defined(__linux__) && defined(HAVE_SYSCALL) # include #endif -@@ -211,9 +212,8 @@ _gcry_rndlinux_gather_random (void (*add +@@ -216,9 +217,8 @@ _gcry_rndlinux_gather_random (void (*add return with something we will actually use 100ms. */ while (length) { @@ -20,7 +20,7 @@ diff -up libgcrypt-1.7.6/random/rndlinux.c.use-poll libgcrypt-1.7.6/random/rndli /* If we have a modern Linux kernel and we want to read from the * the non-blocking /dev/urandom, we first try to use the new -@@ -269,33 +269,22 @@ _gcry_rndlinux_gather_random (void (*add +@@ -276,36 +276,25 @@ _gcry_rndlinux_gather_random (void (*add any_need_entropy = 1; } @@ -35,13 +35,19 @@ diff -up libgcrypt-1.7.6/random/rndlinux.c.use-poll libgcrypt-1.7.6/random/rndli + pfd.fd = fd; + pfd.events = POLLIN; + -+ if ( !(rc=poll(&pfd, 1, delay)) ) ++ _gcry_pre_syscall (); ++ rc = poll(&pfd, 1, delay); ++ _gcry_post_syscall (); ++ if (!rc) { - FD_ZERO(&rfds); - FD_SET(fd, &rfds); - tv.tv_sec = delay; - tv.tv_usec = delay? 0 : 100000; -- if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) +- _gcry_pre_syscall (); +- rc = select (fd+1, &rfds, NULL, NULL, &tv); +- _gcry_post_syscall (); +- if (!rc) - { - any_need_entropy = 1; - delay = 3; /* Use 3 seconds henceforth. */ @@ -68,4 +74,4 @@ diff -up libgcrypt-1.7.6/random/rndlinux.c.use-poll libgcrypt-1.7.6/random/rndli + continue; } - /* Read from the device. */ + do diff --git a/libgcrypt.spec b/libgcrypt.spec index ec79a86..d38e9b8 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,32 +1,30 @@ Name: libgcrypt -Version: 1.7.8 -Release: 3%{?dist} +Version: 1.8.0 +Release: 1%{?dist} URL: http://www.gnupg.org/ Source0: libgcrypt-%{version}-hobbled.tar.xz # The original libgcrypt sources now contain potentially patented ECC # cipher support. We have to remove it in the tarball we ship with # the hobble-libgcrypt script. # (We replace it with RH approved ECC in Source4-5) -#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 -#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig +#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2 +#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig Source2: wk@g10code.com Source3: hobble-libgcrypt # Approved ECC support (from 1.6.1) Source4: ecc-curves.c Source5: curves.c Source6: t-mpi-point.c +Source7: random.conf # make FIPS hmac compatible with fipscheck - non upstreamable # update on soname bump Patch2: libgcrypt-1.6.2-use-fipscheck.patch # fix tests in the FIPS mode, allow CAVS testing of DSA keygen -Patch5: libgcrypt-1.7.3-tests.patch -# add configurable source of RNG seed and seed by default -# from /dev/urandom in the FIPS mode -Patch6: libgcrypt-1.7.3-fips-cfgrandom.patch +Patch5: libgcrypt-1.8.0-tests.patch # update the CAVS tests Patch7: libgcrypt-1.7.3-fips-cavs.patch # use poll instead of select when gathering randomness -Patch11: libgcrypt-1.7.6-use-poll.patch +Patch11: libgcrypt-1.8.0-use-poll.patch # slight optimalization of mpicoder.c to silence Valgrind (#968288) Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch # fix tests to work with approved ECC @@ -35,10 +33,6 @@ Patch14: libgcrypt-1.7.3-ecc-test-fix.patch Patch18: libgcrypt-1.6.2-fips-ctor.patch # Block some operations if in FIPS non-operational state Patch22: libgcrypt-1.7.3-fips-reqs.patch -# do not use strict aliasing for bufhelp functions -Patch23: libgcrypt-1.7.3-aliasing.patch -# use only urandom if /dev/random cannot be opened -Patch24: libgcrypt-1.6.3-urandom-only.patch %define gcrylibdir %{_libdir} @@ -76,15 +70,13 @@ applications using libgcrypt. %{SOURCE3} %patch2 -p1 -b .use-fipscheck %patch5 -p1 -b .tests -%patch6 -p1 -b .cfgrandom %patch7 -p1 -b .cavs %patch11 -p1 -b .use-poll %patch13 -p1 -b .gccopt %patch14 -p1 -b .eccfix %patch18 -p1 -b .fips-ctor %patch22 -p1 -b .fips-reqs -%patch23 -p1 -b .aliasing -%patch24 -p1 -b .urandom-only +#%patch23 -p1 -b .aliasing cp %{SOURCE4} cipher/ cp %{SOURCE5} %{SOURCE6} tests/ @@ -155,6 +147,7 @@ popd # Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so # that _someone_ owns it. mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt +install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf %post -p /sbin/ldconfig @@ -174,6 +167,7 @@ exit 0 %files %defattr(-,root,root,-) %dir /etc/gcrypt +%config(noreplace) /etc/gcrypt/random.conf %{gcrylibdir}/libgcrypt.so.* %{gcrylibdir}/.libgcrypt.so.*.hmac %{!?_licensedir:%global license %%doc} @@ -196,6 +190,9 @@ exit 0 %license COPYING %changelog +* Wed Aug 16 2017 Tomáš Mráz 1.8.0-1 +- new upstream version 1.8.0 + * Thu Aug 03 2017 Fedora Release Engineering - 1.7.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/random.conf b/random.conf new file mode 100644 index 0000000..6041bcd --- /dev/null +++ b/random.conf @@ -0,0 +1,4 @@ +# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/ +only-urandom +# Keep jitter entropy generator enabled (should do no harm) +#disable-jent diff --git a/t-mpi-point.c b/t-mpi-point.c index b1b8b2c..3a67d8f 100644 --- a/t-mpi-point.c +++ b/t-mpi-point.c @@ -26,29 +26,8 @@ #include #include -#include "../src/gcrypt-int.h" - #define PGM "t-mpi-point" - -static const char *wherestr; -static int verbose; -static int debug; -static int error_count; - - -#define my_isascii(c) (!((c) & 0x80)) -#define digitp(p) (*(p) >= '0' && *(p) <= '9') -#define hexdigitp(a) (digitp (a) \ - || (*(a) >= 'A' && *(a) <= 'F') \ - || (*(a) >= 'a' && *(a) <= 'f')) -#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ - *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) -#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) -#define xmalloc(a) gcry_xmalloc ((a)) -#define xcalloc(a,b) gcry_xcalloc ((a),(b)) -#define xfree(a) gcry_free ((a)) -#define pass() do { ; } while (0) - +#include "t-common.h" static struct { @@ -155,50 +134,6 @@ static const char sample_ed25519_d[] = "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"; -static void -show (const char *format, ...) -{ - va_list arg_ptr; - - if (!verbose) - return; - fprintf (stderr, "%s: ", PGM); - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - va_end (arg_ptr); -} - -static void -fail (const char *format, ...) -{ - va_list arg_ptr; - - fflush (stdout); - fprintf (stderr, "%s: ", PGM); - if (wherestr) - fprintf (stderr, "%s: ", wherestr); - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - va_end (arg_ptr); - error_count++; -} - -static void -die (const char *format, ...) -{ - va_list arg_ptr; - - fflush (stdout); - fprintf (stderr, "%s: ", PGM); - if (wherestr) - fprintf (stderr, "%s: ", wherestr); - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - va_end (arg_ptr); - exit (1); -} - - static void print_mpi_2 (const char *text, const char *text2, gcry_mpi_t a) { @@ -310,7 +245,7 @@ hex2mpiopa (const char *string) die ("hex2mpiopa '%s' failed: parser error\n", string); val = gcry_mpi_set_opaque (NULL, buffer, buflen*8); if (!buffer) - die ("hex2mpiopa '%s' failed: set_opaque error%s\n", string); + die ("hex2mpiopa '%s' failed: set_opaque error\n", string); return val; } @@ -360,11 +295,11 @@ ec_p_new (gcry_ctx_t *r_ctx, gcry_mpi_t p, gcry_mpi_t a) static void set_get_point (void) { - gcry_mpi_point_t point; + gcry_mpi_point_t point, point2; gcry_mpi_t x, y, z; wherestr = "set_get_point"; - show ("checking point setting functions\n"); + info ("checking point setting functions\n"); point = gcry_mpi_point_new (0); x = gcry_mpi_set_ui (NULL, 17); @@ -404,7 +339,22 @@ set_get_point (void) || gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371)) fail ("point_snatch_set/point_get failed\n"); + point2 = gcry_mpi_point_copy (point); + + gcry_mpi_point_get (x, y, z, point2); + if (gcry_mpi_cmp_ui (x, 17) + || gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371)) + fail ("point_copy failed (1)\n"); + gcry_mpi_point_release (point); + + gcry_mpi_point_get (x, y, z, point2); + if (gcry_mpi_cmp_ui (x, 17) + || gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371)) + fail ("point_copy failed (2)\n"); + + gcry_mpi_point_release (point2); + gcry_mpi_release (x); gcry_mpi_release (y); gcry_mpi_release (z); @@ -419,7 +369,7 @@ context_alloc (void) gcry_mpi_t p, a; wherestr = "context_alloc"; - show ("checking context functions\n"); + info ("checking context functions\n"); p = gcry_mpi_set_ui (NULL, 1); a = gcry_mpi_set_ui (NULL, 1); @@ -526,7 +476,7 @@ context_param (void) wherestr = "context_param"; - show ("checking standard curves\n"); + info ("checking standard curves\n"); for (idx=0; test_curve[idx].desc; idx++) { /* P-192 and Ed25519 are not supported in fips mode */ @@ -535,7 +485,7 @@ context_param (void) if (!strcmp(test_curve[idx].desc, "NIST P-192") || !strcmp(test_curve[idx].desc, "Ed25519")) { - show("skipping %s in fips mode\n", test_curve[idx].desc ); + info ("skipping %s in fips mode\n", test_curve[idx].desc ); continue; } } @@ -568,7 +518,7 @@ context_param (void) } - show ("checking sample public key (nistp256)\n"); + info ("checking sample public key (nistp256)\n"); q = hex2mpi (sample_p256_q); err = gcry_sexp_build (&keyparam, NULL, "(public-key(ecc(curve %s)(q %m)))", @@ -639,7 +589,7 @@ context_param (void) if (gcry_fips_mode_active()) goto cleanup; - show ("checking sample public key (Ed25519)\n"); + info ("checking sample public key (Ed25519)\n"); q = hex2mpi (sample_ed25519_q); gcry_sexp_release (keyparam); err = gcry_sexp_build (&keyparam, NULL, @@ -761,7 +711,7 @@ basic_ec_math (void) gcry_mpi_t x, y, z; wherestr = "basic_ec_math"; - show ("checking basic math functions for EC\n"); + info ("checking basic math functions for EC\n"); P = hex2mpi ("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); A = hex2mpi ("0xfffffffffffffffffffffffffffffffefffffffffffffffc"); @@ -847,7 +797,7 @@ twistededwards_math (void) gcry_mpi_t w, a, x, y, z, p, n, b, I; wherestr = "twistededwards_math"; - show ("checking basic Twisted Edwards math\n"); + info ("checking basic Twisted Edwards math\n"); err = gcry_mpi_ec_new (&ctx, NULL, "Ed25519"); if (err) @@ -881,7 +831,7 @@ twistededwards_math (void) /* Check: p % 4 == 1 */ gcry_mpi_mod (w, p, GCRYMPI_CONST_FOUR); if (gcry_mpi_cmp_ui (w, 1)) - fail ("failed assertion: p % 4 == 1\n"); + fail ("failed assertion: p %% 4 == 1\n"); /* Check: 2^{n-1} mod n == 1 */ gcry_mpi_sub_ui (a, n, 1); @@ -985,11 +935,11 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + xgcry_control (GCRYCTL_DISABLE_SECMEM, 0); + xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); if (debug) - gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); set_get_point (); context_alloc (); @@ -1004,6 +954,6 @@ main (int argc, char **argv) twistededwards_math (); } - show ("All tests completed. Errors: %d\n", error_count); + info ("All tests completed. Errors: %d\n", error_count); return error_count ? 1 : 0; }