rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream version 1.7.3

Browse Source
This commit is contained in:
Tomas Mraz 2016-11-23 09:56:34 +01:00
parent 055651971a
commit 2c8c02279a
24 changed files with 756 additions and 4428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ libgcrypt-1.4.5-hobbled.tar.bz2
/libgcrypt-1.6.4-hobbled.tar.xz /libgcrypt-1.6.4-hobbled.tar.xz
/libgcrypt-1.6.5-hobbled.tar.xz /libgcrypt-1.6.5-hobbled.tar.xz
/libgcrypt-1.6.6-hobbled.tar.xz /libgcrypt-1.6.6-hobbled.tar.xz
/libgcrypt-1.7.3-hobbled.tar.xz

3
curves.c
View File

@ -29,7 +29,7 @@
#include "../src/gcrypt-int.h" #include "../src/gcrypt-int.h"
/* Number of curves defined in ../cipger/ecc.c */ /* Number of curves defined in ../cipger/ecc.c */
#define N_CURVES 4 #define N_CURVES 7
/* A real world sample public key. */ /* A real world sample public key. */
static char const sample_key_1[] = static char const sample_key_1[] =
@ -41,6 +41,7 @@ static char const sample_key_1[] =
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" " (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n" "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n" " (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE" " (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n" "86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
" ))"; " ))";

151
ecc-curves.c
View File

@ -40,9 +40,13 @@ static const struct
const char *other; /* Other name. */ const char *other; /* Other name. */
} curve_aliases[] = } curve_aliases[] =
{ {
/*{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },*/ { "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },
{ "Ed25519", "1.3.6.1.4.1.11591.15.1" }, { "Ed25519", "1.3.6.1.4.1.11591.15.1" },
{ "NIST P-224", "secp224r1" },
{ "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
{ "NIST P-224", "nistp224" }, /* rfc5656. */
{ "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
{ "NIST P-256", "prime256v1" }, { "NIST P-256", "prime256v1" },
{ "NIST P-256", "secp256r1" }, { "NIST P-256", "secp256r1" },
@ -56,6 +60,8 @@ static const struct
{ "NIST P-521", "1.3.132.0.35" }, { "NIST P-521", "1.3.132.0.35" },
{ "NIST P-521", "nistp521" }, /* rfc5656. */ { "NIST P-521", "nistp521" }, /* rfc5656. */
{ "secp256k1", "1.3.132.0.10" },
{ NULL, NULL} { NULL, NULL}
}; };
@ -76,9 +82,11 @@ typedef struct
const char *p; /* The prime defining the field. */ const char *p; /* The prime defining the field. */
const char *a, *b; /* The coefficients. For Twisted Edwards const char *a, *b; /* The coefficients. For Twisted Edwards
Curves b is used for d. */ Curves b is used for d. For Montgomery
Curves (a,b) has ((A-2)/4,B^-1). */
const char *n; /* The order of the base point. */ const char *n; /* The order of the base point. */
const char *g_x, *g_y; /* Base point. */ const char *g_x, *g_y; /* Base point. */
const char *h; /* Cofactor. */
} ecc_domain_parms_t; } ecc_domain_parms_t;
@ -88,13 +96,38 @@ static const ecc_domain_parms_t domain_parms[] =
{ {
/* (-x^2 + y^2 = 1 + dx^2y^2) */ /* (-x^2 + y^2 = 1 + dx^2y^2) */
"Ed25519", 256, 0, "Ed25519", 256, 0,
MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519, MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01", "-0x01",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A", "-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A", "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658" "0x6666666666666666666666666666666666666666666666666666666666666658",
"0x08"
},
{
/* (y^2 = x^3 + 486662*x^2 + x) */
"Curve25519", 256, 0,
MPI_EC_MONTGOMERY, ECC_DIALECT_STANDARD,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"0x01DB41",
"0x01",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x0000000000000000000000000000000000000000000000000000000000000009",
"0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
"0x08"
},
{
"NIST P-224", 224, 1,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
"0x01"
}, },
{ {
"NIST P-256", 256, 1, "NIST P-256", 256, 1,
@ -105,7 +138,8 @@ static const ecc_domain_parms_t domain_parms[] =
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
"0x01"
}, },
{ {
"NIST P-384", 384, 1, "NIST P-384", 384, 1,
@ -122,7 +156,8 @@ static const ecc_domain_parms_t domain_parms[] =
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38" "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
"5502f25dbf55296c3a545e3872760ab7", "5502f25dbf55296c3a545e3872760ab7",
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0" "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f" "0a60b1ce1d7e819d7a431d7c90ea0e5f",
"0x01"
}, },
{ {
"NIST P-521", 521, 1, "NIST P-521", 521, 1,
@ -139,10 +174,23 @@ static const ecc_domain_parms_t domain_parms[] =
"0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d" "0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d"
"3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", "3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
"0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e" "0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e"
"662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" "662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
"0x01"
}, },
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL } {
"secp256k1", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
"0x0000000000000000000000000000000000000000000000000000000000000000",
"0x0000000000000000000000000000000000000000000000000000000000000007",
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
"0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
"0x01"
},
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL }
}; };
@ -249,10 +297,9 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
switch (domain_parms[idx].model) switch (domain_parms[idx].model)
{ {
case MPI_EC_WEIERSTRASS: case MPI_EC_WEIERSTRASS:
case MPI_EC_TWISTEDEDWARDS: case MPI_EC_EDWARDS:
break;
case MPI_EC_MONTGOMERY: case MPI_EC_MONTGOMERY:
return GPG_ERR_NOT_SUPPORTED; break;
default: default:
return GPG_ERR_BUG; return GPG_ERR_BUG;
} }
@ -268,11 +315,21 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
if (!curve->p) if (!curve->p)
curve->p = scanval (domain_parms[idx].p); curve->p = scanval (domain_parms[idx].p);
if (!curve->a) if (!curve->a)
curve->a = scanval (domain_parms[idx].a); {
curve->a = scanval (domain_parms[idx].a);
if (curve->a->sign)
mpi_add (curve->a, curve->p, curve->a);
}
if (!curve->b) if (!curve->b)
curve->b = scanval (domain_parms[idx].b); {
curve->b = scanval (domain_parms[idx].b);
if (curve->b->sign)
mpi_add (curve->b, curve->p, curve->b);
}
if (!curve->n) if (!curve->n)
curve->n = scanval (domain_parms[idx].n); curve->n = scanval (domain_parms[idx].n);
if (!curve->h)
curve->h = scanval (domain_parms[idx].h);
if (!curve->G.x) if (!curve->G.x)
curve->G.x = scanval (domain_parms[idx].g_x); curve->G.x = scanval (domain_parms[idx].g_x);
if (!curve->G.y) if (!curve->G.y)
@ -288,7 +345,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
/* Give the name of the curve NAME, store the curve parameters into P, /* Give the name of the curve NAME, store the curve parameters into P,
A, B, G, and N if they point to NULL value. Note that G is returned A, B, G, N, and H if they point to NULL value. Note that G is returned
in standard uncompressed format. Also update MODEL and DIALECT if in standard uncompressed format. Also update MODEL and DIALECT if
they are not NULL. */ they are not NULL. */
gpg_err_code_t gpg_err_code_t
@ -296,7 +353,7 @@ _gcry_ecc_update_curve_param (const char *name,
enum gcry_mpi_ec_models *model, enum gcry_mpi_ec_models *model,
enum ecc_dialects *dialect, enum ecc_dialects *dialect,
gcry_mpi_t *p, gcry_mpi_t *a, gcry_mpi_t *b, gcry_mpi_t *p, gcry_mpi_t *a, gcry_mpi_t *b,
gcry_mpi_t *g, gcry_mpi_t *n) gcry_mpi_t *g, gcry_mpi_t *n, gcry_mpi_t *h)
{ {
int idx; int idx;
@ -346,6 +403,11 @@ _gcry_ecc_update_curve_param (const char *name,
_gcry_mpi_release (*n); _gcry_mpi_release (*n);
*n = scanval (domain_parms[idx].n); *n = scanval (domain_parms[idx].n);
} }
if (h)
{
_gcry_mpi_release (*h);
*h = scanval (domain_parms[idx].h);
}
return 0; return 0;
} }
@ -383,8 +445,8 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
/* /*
* Extract the curve parameters.. * Extract the curve parameters..
*/ */
rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgn", rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgnh",
&E.p, &E.a, &E.b, &mpi_g, &E.n, &E.p, &E.a, &E.b, &mpi_g, &E.n, &E.h,
NULL)); NULL));
if (rc == GPG_ERR_NO_OBJ) if (rc == GPG_ERR_NO_OBJ)
{ {
@ -442,17 +504,22 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
if (!mpi_cmp (tmp, E.n)) if (!mpi_cmp (tmp, E.n))
{ {
mpi_free (tmp); mpi_free (tmp);
tmp = scanval (domain_parms[idx].g_x); tmp = scanval (domain_parms[idx].h);
if (!mpi_cmp (tmp, E.G.x)) if (!mpi_cmp (tmp, E.h))
{ {
mpi_free (tmp); mpi_free (tmp);
tmp = scanval (domain_parms[idx].g_y); tmp = scanval (domain_parms[idx].g_x);
if (!mpi_cmp (tmp, E.G.y)) if (!mpi_cmp (tmp, E.G.x))
{ {
result = domain_parms[idx].desc; mpi_free (tmp);
if (r_nbits) tmp = scanval (domain_parms[idx].g_y);
*r_nbits = domain_parms[idx].nbits; if (!mpi_cmp (tmp, E.G.y))
goto leave; {
result = domain_parms[idx].desc;
if (r_nbits)
*r_nbits = domain_parms[idx].nbits;
goto leave;
}
} }
} }
} }
@ -469,6 +536,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
_gcry_mpi_release (mpi_g); _gcry_mpi_release (mpi_g);
_gcry_mpi_point_free_parts (&E.G); _gcry_mpi_point_free_parts (&E.G);
_gcry_mpi_release (E.n); _gcry_mpi_release (E.n);
_gcry_mpi_release (E.h);
return result; return result;
} }
@ -600,6 +668,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
gcry_mpi_t b = NULL; gcry_mpi_t b = NULL;
gcry_mpi_point_t G = NULL; gcry_mpi_point_t G = NULL;
gcry_mpi_t n = NULL; gcry_mpi_t n = NULL;
gcry_mpi_t h = NULL;
gcry_mpi_point_t Q = NULL; gcry_mpi_point_t Q = NULL;
gcry_mpi_t d = NULL; gcry_mpi_t d = NULL;
int flags = 0; int flags = 0;
@ -642,6 +711,9 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
errc = mpi_from_keyparam (&n, keyparam, "n"); errc = mpi_from_keyparam (&n, keyparam, "n");
if (errc) if (errc)
goto leave; goto leave;
errc = mpi_from_keyparam (&h, keyparam, "h");
if (errc)
goto leave;
} }
} }
else else
@ -715,6 +787,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
n = E->n; n = E->n;
E->n = NULL; E->n = NULL;
} }
if (!h)
{
h = E->h;
E->h = NULL;
}
_gcry_ecc_curve_free (E); _gcry_ecc_curve_free (E);
xfree (E); xfree (E);
} }
@ -741,6 +818,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
ec->n = n; ec->n = n;
n = NULL; n = NULL;
} }
if (h)
{
ec->h = h;
h = NULL;
}
/* Now that we know the curve name we can look for the public key /* Now that we know the curve name we can look for the public key
Q. point_from_keyparam needs to know the curve parameters so Q. point_from_keyparam needs to know the curve parameters so
@ -779,6 +861,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
mpi_free (b); mpi_free (b);
_gcry_mpi_point_release (G); _gcry_mpi_point_release (G);
mpi_free (n); mpi_free (n);
mpi_free (h);
_gcry_mpi_point_release (Q); _gcry_mpi_point_release (Q);
mpi_free (d); mpi_free (d);
return errc; return errc;
@ -793,7 +876,7 @@ _gcry_ecc_get_param_sexp (const char *name)
elliptic_curve_t E; elliptic_curve_t E;
mpi_ec_t ctx; mpi_ec_t ctx;
gcry_mpi_t g_x, g_y; gcry_mpi_t g_x, g_y;
gcry_mpi_t pkey[6]; gcry_mpi_t pkey[7];
gcry_sexp_t result; gcry_sexp_t result;
int i; int i;
@ -817,14 +900,15 @@ _gcry_ecc_get_param_sexp (const char *name)
pkey[2] = E.b; pkey[2] = E.b;
pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p); pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p);
pkey[4] = E.n; pkey[4] = E.n;
pkey[5] = NULL; pkey[5] = E.h;
pkey[6] = NULL;
mpi_free (g_x); mpi_free (g_x);
mpi_free (g_y); mpi_free (g_y);
if (sexp_build (&result, NULL, if (sexp_build (&result, NULL,
"(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%m)))",
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]))
result = NULL; result = NULL;
for (i=0; pkey[i]; i++) for (i=0; pkey[i]; i++)
@ -851,6 +935,8 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b); return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b);
if (!strcmp (name, "n") && ec->n) if (!strcmp (name, "n") && ec->n)
return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n); return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n);
if (!strcmp (name, "h") && ec->h)
return mpi_is_const (ec->h) && !copy? ec->h : mpi_copy (ec->h);
if (!strcmp (name, "d") && ec->d) if (!strcmp (name, "d") && ec->d)
return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d); return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d);
@ -884,7 +970,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
if (name[1] != '@') if (name[1] != '@')
return _gcry_mpi_ec_ec2os (ec->Q, ec); return _gcry_mpi_ec_ec2os (ec->Q, ec);
if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS) if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
{ {
unsigned char *encpk; unsigned char *encpk;
unsigned int encpklen; unsigned int encpklen;
@ -949,6 +1035,11 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec)
mpi_free (ec->n); mpi_free (ec->n);
ec->n = mpi_copy (newvalue); ec->n = mpi_copy (newvalue);
} }
else if (!strcmp (name, "h"))
{
mpi_free (ec->h);
ec->h = mpi_copy (newvalue);
}
else if (*name == 'q' && (!name[1] || name[1] == '@')) else if (*name == 'q' && (!name[1] || name[1] == '@'))
{ {
if (newvalue) if (newvalue)

56
ecc-gost.c Normal file
View File

@ -0,0 +1,56 @@
/* ecc-gots.c - Elliptic Curve GOST signatures
* Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
* Copyright (C) 2013 Dmitry Eremin-Solenikov
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "g10lib.h"
#include "mpi.h"
#include "cipher.h"
#include "context.h"
#include "ec-context.h"
#include "ecc-common.h"
#include "pubkey-internal.h"
/* Compute an GOST R 34.10-01/-12 signature.
* Return the signature struct (r,s) from the message hash. The caller
* must have allocated R and S.
*/
gpg_err_code_t
_gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey,
gcry_mpi_t r, gcry_mpi_t s)
{
return GPG_ERR_UNSUPPORTED_ALGORITHM;
}
/* Verify a GOST R 34.10-01/-12 signature.
* Check if R and S verifies INPUT.
*/
gpg_err_code_t
_gcry_ecc_gost_verify (gcry_mpi_t input, ECC_public_key *pkey,
gcry_mpi_t r, gcry_mpi_t s)
{
return GPG_ERR_UNSUPPORTED_ALGORITHM;
}

1
hobble-libgcrypt
View File

@ -7,5 +7,6 @@ set -e -x
# EC: ????????? ??/??/2015 # EC: ????????? ??/??/2015
rm -f cipher/ecc-curves.c rm -f cipher/ecc-curves.c
rm -f cipher/ecc-gost.c
rm -f tests/curves.c rm -f tests/curves.c
rm -f tests/t-mpi-point.c rm -f tests/t-mpi-point.c

214
libgcrypt-1.6.1-ecc-test-fix.patch
View File

@ -1,214 +0,0 @@
diff -up libgcrypt-1.6.1/tests/benchmark.c.eccfix libgcrypt-1.6.1/tests/benchmark.c
--- libgcrypt-1.6.1/tests/benchmark.c.eccfix 2014-01-27 14:36:43.000000000 +0100
+++ libgcrypt-1.6.1/tests/benchmark.c 2014-02-28 16:14:13.042505538 +0100
@@ -1087,8 +1087,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
- "gost256", "gost512" };
+ const char *p_sizes[] = { "256", "384", "521", "Ed25519" };
int testno;
if (print_header)
diff -up libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix libgcrypt-1.6.1/tests/dsa-rfc6979.c
--- libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/dsa-rfc6979.c 2014-02-28 16:18:44.138771523 +0100
@@ -210,27 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-224\")"
- " (q #04"
- " 00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C"
- " EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A#)"
- " (d #F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1#)"
- " ))"
- },
- {
"ECDSA, 256 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -443,169 +422,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC",
- "22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC",
- "66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "C1D1F2F10881088301880506805FEB4825FE09ACB6816C36991AA06D",
- "1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E",
- "A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "AD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC",
- "61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA",
- "BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "52B40F5A9D3D13040F494E83D3906C6079F29981035C7BD51E5CAC40",
- "0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953",
- "830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14",
- "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397",
- "A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "2519178F82C3F0E4F87ED5883A4E114E5B7A6E374043D8EFD329C253",
- "DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C",
- "95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "DF8B38D40DCA3E077D0AC520BF56B6D565134D9B5F2EAE0D34900524",
- "C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019",
- "902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "FF86F57924DA248D6E44E8154EB69F0AE2AEBAEE9931D0B5A969F904",
- "AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6",
- "178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "7046742B839478C1B5BD31DB2E862AD868E1A45C863585B5F22BDC2D",
- "389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4",
- "414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
- },
- {
- "ECDSA, 224 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "E39C2AA4EA6BE2306C72126D40ED77BF9739BB4D6EF2BBB1DCB6169D",
- "049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C",
- "077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF"
- },
- {
"ECDSA, 256 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

141
libgcrypt-1.6.1-fips-cfgrandom.patch
View File

@ -1,141 +0,0 @@
diff -up libgcrypt-1.6.1/random/random-fips.c.cfgrandom libgcrypt-1.6.1/random/random-fips.c
--- libgcrypt-1.6.1/random/random-fips.c.cfgrandom 2014-02-28 16:06:20.026572478 +0100
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 16:06:34.851915121 +0100
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
- Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed)
+ ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -40,8 +40,10 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
+ if the device or symlink to device exists xored with the data
+ from the /dev/urandom device. This allows the system administrator
+ to always seed the RNGs from /dev/random if it is required.
The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
entropy_collect_buffer_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
+ X931_AES_KEYLEN,
+ -1);
+ entropy_collect_buffer_len = 0;
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDW32
do
{
@@ -713,7 +719,7 @@ get_random (void *buffer, size_t length,
|| rng_ctx->seed_init_pid != getpid ())
{
/* Just reinitialize the key & seed. */
- gcry_cipher_close(rng_ctx->cipher_hd);
+ _gcry_cipher_close(rng_ctx->cipher_hd);
rng_ctx->cipher_hd = NULL;
rng_ctx->is_seeded = 0;
goto reinitialize;
diff -up libgcrypt-1.6.1/random/rndlinux.c.cfgrandom libgcrypt-1.6.1/random/rndlinux.c
--- libgcrypt-1.6.1/random/rndlinux.c.cfgrandom 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 16:06:20.027572501 +0100
@@ -36,7 +36,9 @@
#include "g10lib.h"
#include "rand-internal.h"
-static int open_device (const char *name, int retry);
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
+
+static int open_device (const char *name, int retry, int fatal);
static int
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
* a fatal error but retries until it is able to reopen the device.
*/
static int
-open_device (const char *name, int retry)
+open_device (const char *name, int retry, int fatal)
{
int fd;
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
+ if (fd == -1 && !fatal)
+ return fd;
if (fd == -1 && retry)
{
struct timeval tv;
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
static unsigned char ever_opened;
int fd;
int n;
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
close (fd_urandom);
fd_urandom = -1;
}
+ if (fd_configured != -1)
+ {
+ close (fd_configured);
+ fd_configured = -1;
+ }
return 0;
}
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
+
+ if (level == -1)
+ {
+ if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
+ fd = fd_configured;
+ if (fd == -1)
+ return -1;
+ }
+
if (level >= 2)
{
if (fd_random == -1)
{
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
ever_opened |= 1;
}
fd = fd_random;
}
- else
+ else if (level != -1)
{
if (fd_urandom == -1)
{
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
ever_opened |= 2;
}
fd = fd_urandom;

198
libgcrypt-1.6.1-tests.patch
View File

@ -1,198 +0,0 @@
diff -up libgcrypt-1.6.1/cipher/dsa.c.tests libgcrypt-1.6.1/cipher/dsa.c
--- libgcrypt-1.6.1/cipher/dsa.c.tests 2014-02-28 13:39:01.727288335 +0100
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-02-28 13:46:21.727458285 +0100
@@ -423,22 +423,29 @@ generate_fips186 (DSA_secret_key *sk, un
initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen);
}
-
- /* Fixme: Enable 186-3 after it has been approved and after fixing
- the generation function. */
- /* if (use_fips186_2) */
- (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- /* else */
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
- /* &prime_q, &prime_p, */
- /* r_counter, */
- /* r_seed, r_seedlen, NULL); */
+ else if (!domain->p || !domain->q)
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -829,13 +829,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.6.1/cipher/primegen.c.tests libgcrypt-1.6.1/cipher/primegen.c
--- libgcrypt-1.6.1/cipher/primegen.c.tests 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 13:49:52.291325147 +0100
@@ -1649,7 +1649,7 @@ _gcry_generate_fips186_3_prime (unsigned
gpg_err_code_t ec;
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
gcry_mpi_t tmpval = NULL; /* Helper variable. */
int hashalgo; /* The id of the Approved Hash Function. */
@@ -1739,7 +1739,7 @@ _gcry_generate_fips186_3_prime (unsigned
}
_gcry_mpi_release (prime_q); prime_q = NULL;
ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
- value_u, sizeof value_u, NULL);
+ value_u, qbits/8, NULL);
if (ec)
goto leave;
mpi_set_highbit (prime_q, qbits-1 );
@@ -1784,11 +1784,11 @@ _gcry_generate_fips186_3_prime (unsigned
if (seed_plus[i])
break;
}
- _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+ _gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
_gcry_mpi_release (tmpval); tmpval = NULL;
ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
- digest, sizeof digest, NULL);
+ digest, qbits/8, NULL);
if (ec)
goto leave;
if (value_j == value_n)
@@ -1824,11 +1824,11 @@ _gcry_generate_fips186_3_prime (unsigned
}
/* Step 12: Save p, q, counter and seed. */
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
+ /* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
log_printhex ("fips186-3 seed", seed, seedlen);
log_printmpi ("fips186-3 p", prime_p);
- log_printmpi ("fips186-3 q", prime_q);
+ log_printmpi ("fips186-3 q", prime_q); */
if (r_q)
{
*r_q = prime_q;
diff -up libgcrypt-1.6.1/cipher/rsa.c.tests libgcrypt-1.6.1/cipher/rsa.c
--- libgcrypt-1.6.1/cipher/rsa.c.tests 2014-01-29 08:49:49.000000000 +0100
+++ libgcrypt-1.6.1/cipher/rsa.c 2014-02-28 13:39:01.727288335 +0100
@@ -399,7 +399,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.6.1/random/random-fips.c.tests libgcrypt-1.6.1/random/random-fips.c
--- libgcrypt-1.6.1/random/random-fips.c.tests 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 13:39:01.727288335 +0100
@@ -692,6 +692,7 @@ get_random (void *buffer, size_t length,
check_guards (rng_ctx);
+ reinitialize:
/* Initialize the cipher handle and thus setup the key if needed. */
if (!rng_ctx->cipher_hd)
{
@@ -711,13 +712,11 @@ get_random (void *buffer, size_t length,
if (rng_ctx->key_init_pid != getpid ()
|| rng_ctx->seed_init_pid != getpid ())
{
- /* We are in a child of us. Because we have no way yet to do
- proper re-initialization (including self-checks etc), the
- only chance we have is to bail out. Obviusly a fork/exec
- won't harm because the exec overwrites the old image. */
- fips_signal_error ("fork without proper re-initialization "
- "detected in RNG");
- goto bailout;
+ /* Just reinitialize the key & seed. */
+ gcry_cipher_close(rng_ctx->cipher_hd);
+ rng_ctx->cipher_hd = NULL;
+ rng_ctx->is_seeded = 0;
+ goto reinitialize;
}
if (x931_aes_driver (buffer, length, rng_ctx))
diff -up libgcrypt-1.6.1/tests/keygen.c.tests libgcrypt-1.6.1/tests/keygen.c
--- libgcrypt-1.6.1/tests/keygen.c.tests 2014-02-28 13:39:01.728288358 +0100
+++ libgcrypt-1.6.1/tests/keygen.c 2014-02-28 13:42:18.288831563 +0100
@@ -215,11 +215,11 @@ check_rsa_keys (void)
if (verbose)
- show ("creating 512 bit RSA key with e=257\n");
+ show ("creating 1024 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
@@ -233,11 +233,11 @@ check_rsa_keys (void)
gcry_sexp_release (key);
if (verbose)
- show ("creating 512 bit RSA key with default e\n");
+ show ("creating 1024 bit RSA key with default e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)
@@ -307,12 +307,12 @@ check_dsa_keys (void)
}
if (verbose)
- show ("creating 1536 bit DSA key\n");
+ show ("creating 2048 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
- " (nbits 4:1536)\n"
- " (qbits 3:224)\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));

2698
libgcrypt-1.6.2-drbg.patch
View File

File diff suppressed because it is too large Load Diff

345
libgcrypt-1.6.2-fips-reqs.patch
View File

@ -1,345 +0,0 @@
diff -up libgcrypt-1.6.2/cipher/dsa.c.fips-reqs libgcrypt-1.6.2/cipher/dsa.c
--- libgcrypt-1.6.2/cipher/dsa.c.fips-reqs 2014-12-08 17:15:07.198102721 +0100
+++ libgcrypt-1.6.2/cipher/dsa.c 2014-12-08 17:16:59.636645610 +0100
@@ -66,42 +66,86 @@ static const char *dsa_names[] =
};
-/* A sample 1024 bit DSA key used for the selftests. */
+/* A sample 2048 bit DSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
-" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
-/* A sample 1024 bit DSA key used for the selftests (public only). */
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)"
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800"
+" ec55f6cc#)))";
+/* A sample 2048 bit DSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
-
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)))";
@@ -1164,14 +1208,14 @@ dsa_get_nbits (gcry_sexp_t parms)
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4f1e2d3c4b5a6978879605142#))";
static const char sample_data_bad[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d401e2d3c4b5a6978879605142#))";
const char *errtxt = NULL;
gcry_error_t err;
@@ -1247,7 +1291,7 @@ selftests_dsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.6.2/cipher/rsa.c.fips-reqs libgcrypt-1.6.2/cipher/rsa.c
--- libgcrypt-1.6.2/cipher/rsa.c.fips-reqs 2014-12-08 17:15:07.218103174 +0100
+++ libgcrypt-1.6.2/cipher/rsa.c 2014-12-08 17:20:24.666282521 +0100
@@ -62,33 +62,57 @@ static const char *rsa_names[] =
};
-/* A sample 1024 bit RSA key used for the selftests. */
+/* A sample 2048 bit RSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)"
-" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
-" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
-" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
-" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
-" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
-" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
-" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
-/* A sample 1024 bit RSA key used for the selftests (public only). */
+" (d #03b1e24a94e50ab21f8619701ec97679be2cf8f733c9331d9e2974dba721"
+" 27e5def480290e78a769f96b19d28397a284868fb614ca9b1fb3a0d7efed"
+" df41451204ce71aceba659f6ed15964ebb317712364e1cfaf2fded77d658"
+" 8561acc49c97c2d7efe75f1534b35bd4f6561e1f468b45590db34553d4d0"
+" c2cb4d806b74e1b2c52740462538865d9792b0aefbbf7b9827f4b3badcb3"
+" 5adab638266a2d2fb8422a7a19142e08848e56af77a66c39b2afafa2e15b"
+" 1a7e4ed1f2c7ed350678c0465d86472af97371b13ef5058662f835ef9087"
+" f6cca8281bbf1b6b155c737b33d9e443350df85e7cc3b507231fb839f41f"
+" 02c654b29017f35d69007c70e13ba0e5#)"
+" (p #00ccbe7b096906ee45bf884738a8f817e5b6ba6755e3e8058bb8e253d68e"
+" ef2ce74f4af74e268d850b3fecc31cd4ebec6ac8722a257dfda67796f01e"
+" cd2857f83730756bbdd47b0c87c56c8740a5bb272c78c9745a545b0b306f"
+" 444afa71e4216166f9ee65de7c04d7fda9155b7fe27aba698672a6068d9b"
+" 9055609e4c5da9b655#)"
+" (q #00fc5c6e16ce1f037bcdf7b372b28f1672b856aef7cd67d84e7d07afd543"
+" 26c335be438f4e2f1c434e6bd2b2ec526d97522bcc5c3a6bf414c674da66"
+" 381c7a3f842fe3f95ab865694606a33779b2a15b58ed5ea75f8c6566bbd1"
+" 2436e637a73d49778a8c34d86929f34d5822b05124b640a886590ab7ba5c"
+" 97da57e836da7a9cad#)"
+" (u #2396c191175e0a83d2dc7b69b2591d3358523f18c709501cb9a1bb4ca238"
+" 404c9a8efe9c9092d0719f899950911f348b745311114a70e2f730d88c80"
+" e1cc9ff163171a7d67294ccb4e747be03e9e2ff4678fecb95c001e7ea27b"
+" 92c96f4ce40ef94863cd50225dbfb69d01336af450be86984fca3f3afacf"
+" 0740c4aaadaebebf#)))";
+/* A sample 2048 bit RSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)))";
@@ -1610,20 +1634,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_s
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708090a1b1c1#))";
static const char sample_data_bad[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708091a1b1c1#))";
+ static const char signature_ka[] =
+ "(sig-val \n"
+ " (rsa \n"
+ " (s #0B12D55738B099D401C81BEEDA54E045B4B7D9CDA5A8769E9C484F696A58912A"
+ "1E5DE7E5A2D181DA15A5C254D802AB75F1056E27406850AC7BE310BC32D2CED8"
+ "6697FE84508F7EFFF4D147C52E955A0873EF2F52ED71F2FC9C3C12D4045CB643"
+ "70158378E1494D8FBAD2248B9B64233D2CC2C1932B0531E539DEB07434B76D3B"
+ "6959E8A37E33B234C0C8C2C8FB1D00939239C9C491B2EBEED77BF952B597E11B"
+ "D4ED0C103D2B88BC78B4E505CF9D8D08B585CE3688D4FBE83ED58D1E1341AC4D"
+ "7C5EFF3CBC565CC7AE61C2F568426763A5239D31C1FFFD366984901679A343C4"
+ "01BB778BBA5E533B7875BA658A19AA9E56170F4A28E4322BF1621175FB06463E#)\n"
+ " )\n"
+ " )\n";
const char *errtxt = NULL;
gcry_error_t err;
gcry_sexp_t data = NULL;
gcry_sexp_t data_bad = NULL;
gcry_sexp_t sig = NULL;
+ char buf[1024];
+ size_t len;
err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data));
if (!err)
@@ -1641,6 +1680,12 @@ selftest_sign_1024 (gcry_sexp_t pkey, gc
errtxt = "signing failed";
goto leave;
}
+ len = sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, buf, sizeof(buf));
+ if (len != sizeof (signature_ka) - 1 || memcmp (buf, signature_ka, len) != 0)
+ {
+ errtxt = "signature KAT failed";
+ goto leave;
+ }
err = _gcry_pk_verify (sig, data, pkey);
if (err)
{
@@ -1697,11 +1742,11 @@ extract_a_from_sexp (gcry_sexp_t encr_da
static const char *
-selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_encr (gcry_sexp_t pkey, gcry_sexp_t skey)
{
const char *errtxt = NULL;
gcry_error_t err;
- const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */
+ const unsigned int nbits = 2000; /* Encrypt 2000 random bits. */
gcry_mpi_t plaintext = NULL;
gcry_sexp_t plain = NULL;
gcry_sexp_t encr = NULL;
@@ -1822,12 +1867,12 @@ selftests_rsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
what = "encrypt";
- errtxt = selftest_encr_1024 (pkey, skey);
+ errtxt = selftest_encr (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.6.2/random/drbg.c.fips-reqs libgcrypt-1.6.2/random/drbg.c
diff -up libgcrypt-1.6.2/src/visibility.c.fips-reqs libgcrypt-1.6.2/src/visibility.c
--- libgcrypt-1.6.2/src/visibility.c.fips-reqs 2014-08-21 14:50:39.000000000 +0200
+++ libgcrypt-1.6.2/src/visibility.c 2014-12-08 17:23:06.530943221 +0100
@@ -1259,6 +1259,8 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations,
keysize, keybuffer));
@@ -1314,6 +1316,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1339,6 +1348,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
factors, cb_func, cb_arg,
random_level, flags));

18
libgcrypt-1.6.2-fips-test.patch
View File

@ -1,18 +0,0 @@
diff -up libgcrypt-1.6.2/tests/basic.c.fips-test libgcrypt-1.6.2/tests/basic.c
--- libgcrypt-1.6.2/tests/basic.c.fips-test 2014-08-21 14:50:39.000000000 +0200
+++ libgcrypt-1.6.2/tests/basic.c 2014-12-08 16:54:07.767619682 +0100
@@ -582,6 +582,14 @@ check_ctr_cipher (void)
if (!tv[i].algo)
continue;
+ if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode)
+ {
+ if (verbose)
+ fprintf (stderr, " algorithm %d not available in fips mode\n",
+ tv[i].algo);
+ continue;
+ }
+
err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
if (!err)
err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);

177
libgcrypt-1.6.3-aliasing.patch
View File

@ -1,177 +0,0 @@
diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhelp.h
--- libgcrypt-1.6.3/cipher/bufhelp.h.aliasing 2015-02-27 10:54:03.000000000 +0100
+++ libgcrypt-1.6.3/cipher/bufhelp.h 2015-03-13 15:03:43.301749751 +0100
@@ -80,7 +80,7 @@ do_bytes:
for (; len; len--)
*dst++ = *src++;
#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
/* Optimized function for buffer xoring */
@@ -117,7 +117,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst++ = *src1++ ^ *src2++;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
/* Optimized function for buffer xoring with two destination buffers. Used
@@ -155,7 +155,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst1++ = (*dst2++ ^= *src++);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
/* Optimized function for combined buffer xoring and copying. Used by mainly
@@ -208,7 +208,7 @@ do_bytes:
*dst_xor++ = *srcdst_cpy ^ *src_xor++;
*srcdst_cpy++ = temp;
}
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
/* Optimized function for combined buffer xoring and copying. Used by mainly
@@ -234,7 +234,7 @@ buf_eq_const(const void *_a, const void
diff -= !!(a[i] - b[i]);
return !diff;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
@@ -246,14 +246,14 @@ static inline u32 buf_get_be32(const voi
const byte *in = _buf;
return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \
((u32)in[2] << 8) | (u32)in[3];
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u32 buf_get_le32(const void *_buf)
{
const byte *in = _buf;
return ((u32)in[3] << 24) | ((u32)in[2] << 16) | \
((u32)in[1] << 8) | (u32)in[0];
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be32(void *_buf, u32 val)
{
@@ -262,7 +262,7 @@ static inline void buf_put_be32(void *_b
out[1] = val >> 16;
out[2] = val >> 8;
out[3] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le32(void *_buf, u32 val)
{
@@ -271,7 +271,7 @@ static inline void buf_put_le32(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#ifdef HAVE_U64_TYPEDEF
/* Functions for loading and storing unaligned u64 values of different
@@ -283,7 +283,7 @@ static inline u64 buf_get_be64(const voi
((u64)in[2] << 40) | ((u64)in[3] << 32) | \
((u64)in[4] << 24) | ((u64)in[5] << 16) | \
((u64)in[6] << 8) | (u64)in[7];
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u64 buf_get_le64(const void *_buf)
{
@@ -292,7 +292,7 @@ static inline u64 buf_get_le64(const voi
((u64)in[5] << 40) | ((u64)in[4] << 32) | \
((u64)in[3] << 24) | ((u64)in[2] << 16) | \
((u64)in[1] << 8) | (u64)in[0];
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be64(void *_buf, u64 val)
{
@@ -305,7 +305,7 @@ static inline void buf_put_be64(void *_b
out[5] = val >> 16;
out[6] = val >> 8;
out[7] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le64(void *_buf, u64 val)
{
@@ -318,7 +318,7 @@ static inline void buf_put_le64(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#endif /*HAVE_U64_TYPEDEF*/
#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/
@@ -328,24 +328,24 @@ static inline void buf_put_le64(void *_b
static inline u32 buf_get_be32(const void *_buf)
{
return be_bswap32(*(const u32 *)_buf);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u32 buf_get_le32(const void *_buf)
{
return le_bswap32(*(const u32 *)_buf);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be32(void *_buf, u32 val)
{
u32 *out = _buf;
*out = be_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le32(void *_buf, u32 val)
{
u32 *out = _buf;
*out = le_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#ifdef HAVE_U64_TYPEDEF
/* Functions for loading and storing unaligned u64 values of different
@@ -353,24 +353,24 @@ static inline void buf_put_le32(void *_b
static inline u64 buf_get_be64(const void *_buf)
{
return be_bswap64(*(const u64 *)_buf);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u64 buf_get_le64(const void *_buf)
{
return le_bswap64(*(const u64 *)_buf);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be64(void *_buf, u64 val)
{
u64 *out = _buf;
*out = be_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le64(void *_buf, u64 val)
{
u64 *out = _buf;
*out = le_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#endif /*HAVE_U64_TYPEDEF*/
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/

382
libgcrypt-1.6.3-rsa-fips-keygen.patch
View File

@ -1,382 +0,0 @@
Add FIPS 186-4 compliant RSA probable prime key generator.
Signed-off-by: Tomáš Mráz <tmraz@redhat.com>
diff -up libgcrypt-1.6.3/cipher/primegen.c.fips-keygen libgcrypt-1.6.3/cipher/primegen.c
--- libgcrypt-1.6.3/cipher/primegen.c.fips-keygen 2015-03-06 16:38:56.698052602 +0100
+++ libgcrypt-1.6.3/cipher/primegen.c 2015-03-06 16:45:45.848193024 +0100
@@ -1199,6 +1199,25 @@ _gcry_prime_check (gcry_mpi_t x, unsigne
return GPG_ERR_NO_PRIME;
}
+/* Check whether the number X is prime according to FIPS 186-4 table C.2. */
+gcry_err_code_t
+_gcry_fips186_4_prime_check (gcry_mpi_t x, unsigned int bits)
+{
+ gcry_err_code_t ec = GPG_ERR_NO_ERROR;
+
+ switch (mpi_cmp_ui (x, 2))
+ {
+ case 0: return ec; /* 2 is a prime */
+ case -1: return GPG_ERR_NO_PRIME; /* Only numbers > 1 are primes. */
+ }
+
+ /* We use 5 or 4 rounds as specified in table C.2 */
+ if (! check_prime (x, mpi_const (MPI_C_TWO), bits > 1024 ? 4 : 5, NULL, NULL))
+ ec = GPG_ERR_NO_PRIME;
+
+ return ec;
+}
+
/* Find a generator for PRIME where the factorization of (prime-1) is
in the NULL terminated array FACTORS. Return the generator as a
newly allocated MPI in R_G. If START_G is not NULL, use this as s
diff -up libgcrypt-1.6.3/cipher/rsa.c.fips-keygen libgcrypt-1.6.3/cipher/rsa.c
--- libgcrypt-1.6.3/cipher/rsa.c.fips-keygen 2015-03-06 16:38:56.661052411 +0100
+++ libgcrypt-1.6.3/cipher/rsa.c 2015-03-06 16:38:56.699052607 +0100
@@ -339,6 +339,279 @@ generate_std (RSA_secret_key *sk, unsign
}
+/****************
+ * Generate a key pair with a key of size NBITS.
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ * = 1 request the use of a "secure" exponent; this is required by some
+ * specification to be 65537.
+ * > 2 Use this public exponent. If the given exponent
+ * is not odd one is internally added to it.
+ * TESTPARMS: If set, do not generate but test whether the p,q is probably prime
+ * Returns key with zeroes to not break code calling this function.
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
+ * Returns: 2 structures filled with all needed values
+ */
+static gpg_err_code_t
+generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ gcry_sexp_t testparms, int transient_key)
+{
+ gcry_mpi_t p, q; /* the two primes */
+ gcry_mpi_t d; /* the private key */
+ gcry_mpi_t u;
+ gcry_mpi_t p1, q1;
+ gcry_mpi_t n; /* the public key */
+ gcry_mpi_t e; /* the exponent */
+ gcry_mpi_t g;
+ gcry_mpi_t minp;
+ gcry_mpi_t diff, mindiff;
+ gcry_random_level_t random_level;
+ unsigned int pbits = nbits/2;
+ unsigned int i;
+ int pqswitch;
+ gpg_err_code_t ec = GPG_ERR_NO_PRIME;
+
+ if (nbits < 1024 || (nbits & 0x1FF))
+ return GPG_ERR_INV_VALUE;
+ if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ return GPG_ERR_INV_VALUE;
+
+ /* The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+
+ if (testparms)
+ {
+ /* Parameters to derive the key are given. */
+ /* Note that we explicitly need to setup the values of tbl
+ because some compilers (e.g. OpenWatcom, IRIX) don't allow
+ to initialize a structure with automatic variables. */
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
+ { "e" },
+ { "p" },
+ { "q" },
+ { NULL }
+ };
+ int idx;
+ gcry_sexp_t oneparm;
+
+ tbl[0].value = &e;
+ tbl[1].value = &p;
+ tbl[2].value = &q;
+
+ for (idx=0; tbl[idx].name; idx++)
+ {
+ oneparm = sexp_find_token (testparms, tbl[idx].name, 0);
+ if (oneparm)
+ {
+ *tbl[idx].value = sexp_nth_mpi (oneparm, 1,
+ GCRYMPI_FMT_USG);
+ sexp_release (oneparm);
+ }
+ }
+ for (idx=0; tbl[idx].name; idx++)
+ if (!*tbl[idx].value)
+ break;
+ if (tbl[idx].name)
+ {
+ /* At least one parameter is missing. */
+ for (idx=0; tbl[idx].name; idx++)
+ _gcry_mpi_release (*tbl[idx].value);
+ return GPG_ERR_MISSING_VALUE;
+ }
+ }
+ else
+ {
+ if (use_e < 65537)
+ use_e = 65537; /* This is the smallest value allowed by FIPS */
+
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
+ use_e |= 1; /* make sure this is odd */
+ mpi_set_ui (e, use_e);
+
+ p = mpi_snew (pbits);
+ q = mpi_snew (pbits);
+ }
+
+ n = mpi_new (nbits);
+ d = mpi_snew (nbits);
+ u = mpi_snew (nbits);
+
+ /* prepare approximate minimum p and q */
+ minp = mpi_new (pbits);
+ mpi_set_ui (minp, 0xB504F334);
+ mpi_lshift (minp, minp, pbits - 32);
+
+ /* prepare minimum p and q difference */
+ diff = mpi_new (pbits);
+ mindiff = mpi_new (pbits - 99);
+ mpi_set_ui (mindiff, 1);
+ mpi_lshift (mindiff, mindiff, pbits - 100);
+
+ p1 = mpi_snew (pbits);
+ q1 = mpi_snew (pbits);
+ g = mpi_snew (pbits);
+
+retry:
+ /* generate p and q */
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ ploop:
+ if (!testparms)
+ {
+ _gcry_mpi_randomize (p, pbits, random_level);
+ }
+ if (mpi_cmp (p, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto ploop;
+ }
+
+ mpi_sub_ui (p1, p, 1);
+ if (mpi_gcd (g, p1, e))
+ {
+ if (_gcry_fips186_4_prime_check (p, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ qloop:
+ if (!testparms)
+ {
+ _gcry_mpi_randomize (q, pbits, random_level);
+ }
+ if (mpi_cmp (q, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+ if (mpi_cmp (p, q) > 0)
+ {
+ pqswitch = 1;
+ mpi_sub (diff, p, q);
+ }
+ else
+ {
+ pqswitch = 0;
+ mpi_sub (diff, q, p);
+ }
+ if (mpi_cmp (diff, mindiff) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+
+ mpi_sub_ui (q1, q, 1);
+ if (mpi_gcd (g, q1, e))
+ {
+ if (_gcry_fips186_4_prime_check (q, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ if (testparms)
+ {
+ mpi_clear (p);
+ mpi_clear (q);
+ }
+ else
+ {
+ gcry_mpi_t f;
+
+ if (pqswitch)
+ {
+ gcry_mpi_t tmp;
+
+ tmp = p;
+ p = q;
+ q = tmp;
+ }
+
+ f = mpi_snew (nbits);
+
+ /* calculate the modulus */
+ mpi_mul(n, p, q);
+
+ /* calculate the secret key d = e^1 mod phi */
+ mpi_gcd (g, p1, q1);
+ mpi_fdiv_q (f, p1, g);
+ mpi_mul (f, f, q1);
+
+ mpi_invm (d, e, f);
+
+ _gcry_mpi_release (f);
+
+ if (mpi_get_nbits (d) < pbits) goto retry;
+
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+ mpi_invm(u, p, q );
+ }
+
+ ec = 0;
+
+ if( DBG_CIPHER )
+ {
+ log_mpidump(" p= ", p );
+ log_mpidump(" q= ", q );
+ log_mpidump(" n= ", n );
+ log_mpidump(" e= ", e );
+ log_mpidump(" d= ", d );
+ log_mpidump(" u= ", u );
+ }
+
+err:
+
+ _gcry_mpi_release (p1);
+ _gcry_mpi_release (q1);
+ _gcry_mpi_release (g);
+ _gcry_mpi_release (minp);
+ _gcry_mpi_release (mindiff);
+ _gcry_mpi_release (diff);
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (ec || (!testparms && test_keys (sk, nbits - 64)))
+ {
+ _gcry_mpi_release (sk->n); sk->n = NULL;
+ _gcry_mpi_release (sk->e); sk->e = NULL;
+ _gcry_mpi_release (sk->p); sk->p = NULL;
+ _gcry_mpi_release (sk->q); sk->q = NULL;
+ _gcry_mpi_release (sk->d); sk->d = NULL;
+ _gcry_mpi_release (sk->u); sk->u = NULL;
+ if (!ec)
+ {
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+ }
+
+ return ec;
+}
+
+
/* Helper for generate_x931. */
static gcry_mpi_t
gen_x931_parm_xp (unsigned int nbits)
@@ -799,7 +1072,7 @@ rsa_generate (const gcry_sexp_t genparms
}
}
- if (deriveparms || (flags & PUBKEY_FLAG_USE_X931) || fips_mode ())
+ if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
{
int swapped;
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
@@ -819,9 +1092,14 @@ rsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
}
}
+ deriveparms = (genparms?
+ sexp_find_token (genparms, "test-parms", 0) : NULL);
/* Generate. */
- ec = generate_std (&sk, nbits, evalue,
- !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
+ if (deriveparms || fips_mode())
+ ec = generate_fips (&sk, nbits, evalue, deriveparms, !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
+ else
+ ec = generate_std (&sk, nbits, evalue, !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
+ sexp_release (deriveparms);
}
if (!ec)
diff -up libgcrypt-1.6.3/src/g10lib.h.fips-keygen libgcrypt-1.6.3/src/g10lib.h
--- libgcrypt-1.6.3/src/g10lib.h.fips-keygen 2015-02-23 11:55:58.000000000 +0100
+++ libgcrypt-1.6.3/src/g10lib.h 2015-03-06 16:38:56.699052607 +0100
@@ -259,6 +259,9 @@ gpg_err_code_t _gcry_generate_fips186_3_
int *r_counter,
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
+gpg_err_code_t _gcry_fips186_4_prime_check
+ (const gcry_mpi_t x, unsigned int bits);
+
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
diff -up libgcrypt-1.6.3/tests/keygen.c.fips-keygen libgcrypt-1.6.3/tests/keygen.c
--- libgcrypt-1.6.3/tests/keygen.c.fips-keygen 2015-03-06 16:38:56.661052411 +0100
+++ libgcrypt-1.6.3/tests/keygen.c 2015-03-06 16:38:56.699052607 +0100
@@ -215,12 +215,12 @@ check_rsa_keys (void)
if (verbose)
- show ("creating 1024 bit RSA key with e=257\n");
+ show ("creating 1024 bit RSA key with e=65539\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
- " (rsa-use-e 3:257)\n"
+ " (rsa-use-e 5:65539)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -229,7 +229,7 @@ check_rsa_keys (void)
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
- check_generated_rsa_key (key, 257);
+ check_generated_rsa_key (key, 65539);
gcry_sexp_release (key);
if (verbose)

27
libgcrypt-1.6.5-leak.patch
View File

@ -1,27 +0,0 @@
diff -up libgcrypt-1.6.5/cipher/primegen.c.leak libgcrypt-1.6.5/cipher/primegen.c
--- libgcrypt-1.6.5/cipher/primegen.c.leak 2016-07-21 11:06:32.783421204 +0200
+++ libgcrypt-1.6.5/cipher/primegen.c 2016-07-21 11:06:32.789421337 +0200
@@ -1208,10 +1208,7 @@ _gcry_prime_group_generator (gcry_mpi_t
gcry_mpi_t prime, gcry_mpi_t *factors,
gcry_mpi_t start_g)
{
- gcry_mpi_t tmp = mpi_new (0);
- gcry_mpi_t b = mpi_new (0);
- gcry_mpi_t pmin1 = mpi_new (0);
- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
+ gcry_mpi_t tmp, b, pmin1, g;
int first = 1;
int i, n;
@@ -1224,6 +1221,11 @@ _gcry_prime_group_generator (gcry_mpi_t
if (n < 2)
return GPG_ERR_INV_ARG;
+ tmp = mpi_new (0);
+ b = mpi_new (0);
+ pmin1 = mpi_new (0);
+ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
+
/* Extra sanity check - usually disabled. */
/* mpi_set (tmp, factors[0]); */
/* for(i = 1; i < n; i++) */

24
libgcrypt-1.7.3-aliasing.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up libgcrypt-1.7.3/cipher/bufhelp.h.aliasing libgcrypt-1.7.3/cipher/bufhelp.h
--- libgcrypt-1.7.3/cipher/bufhelp.h.aliasing 2016-04-07 17:30:08.000000000 +0200
+++ libgcrypt-1.7.3/cipher/bufhelp.h 2016-11-22 17:00:13.065692916 +0100
@@ -35,6 +35,11 @@
# define BUFHELP_FAST_UNALIGNED_ACCESS 1
#endif
+#if _GCRY_GCC_VERSION >= 40400
+# pragma GCC push_options
+# pragma GCC optimize ("no-strict-aliasing")
+#endif
+
#ifdef BUFHELP_FAST_UNALIGNED_ACCESS
/* Define type with one-byte alignment on architectures with fast unaligned
@@ -429,4 +434,8 @@ static inline void buf_put_le64(void *_b
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/
+#if _GCRY_GCC_VERSION >= 40400
+# pragma GCC pop_options
+#endif
+
#endif /*GCRYPT_BUFHELP_H*/

158
libgcrypt-1.7.3-ecc-test-fix.patch Normal file
View File

@ -0,0 +1,158 @@
diff -up libgcrypt-1.7.3/tests/basic.c.eccfix libgcrypt-1.7.3/tests/basic.c
--- libgcrypt-1.7.3/tests/basic.c.eccfix 2016-04-15 09:42:06.000000000 +0200
+++ libgcrypt-1.7.3/tests/basic.c 2016-11-22 18:43:19.732897206 +0100
@@ -8506,6 +8506,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
/* */ "000102030405060708090A0B0C0D0E0F#))",
0
},
+#if 0
{ 256,
"(data (flags gost)\n"
" (value #00112233445566778899AABBCCDDEEFF"
@@ -8530,6 +8531,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
/* */ "000102030405060708090A0B0C0D0E0F#))",
0
},
+#endif
{ 0, NULL }
};
@@ -9136,6 +9138,7 @@ check_pubkey (void)
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
},
+#if 0
{ /* GOST R 34.10-2001/2012 test 256 bit. */
GCRY_PK_ECDSA, FLAG_SIGN,
{
@@ -9187,6 +9190,7 @@ check_pubkey (void)
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
},
+#endif
{ /* secp256k1 test 256 bit. */
GCRY_PK_ECDSA, FLAG_SIGN,
{
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
@@ -1412,8 +1412,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
- "gost256", "gost512" };
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519" };
int testno;
if (print_header)
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
"ECDSA, 224 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

181
libgcrypt-1.6.2-fips-cavs.patch → libgcrypt-1.7.3-fips-cavs.patch
View File

@ -1,6 +1,6 @@
diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.cavs libgcrypt-1.5.3/tests/cavs_driver.pl diff -up libgcrypt-1.7.3/tests/cavs_driver.pl.cavs libgcrypt-1.7.3/tests/cavs_driver.pl
--- libgcrypt-1.5.3/tests/cavs_driver.pl.cavs 2013-05-22 18:02:55.000000000 +0200 --- libgcrypt-1.7.3/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.5.3/tests/cavs_driver.pl 2014-10-21 09:38:34.250691408 +0200 +++ libgcrypt-1.7.3/tests/cavs_driver.pl 2016-11-22 17:29:06.067553077 +0100
@@ -1,9 +1,11 @@ @@ -1,9 +1,11 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# #
@ -862,9 +862,9 @@ diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.cavs libgcrypt-1.5.3/tests/cavs_dr
} else { } else {
die "Invalid interface option given"; die "Invalid interface option given";
} }
diff -up libgcrypt-1.5.3/tests/cavs_tests.sh.cavs libgcrypt-1.5.3/tests/cavs_tests.sh diff -up libgcrypt-1.7.3/tests/cavs_tests.sh.cavs libgcrypt-1.7.3/tests/cavs_tests.sh
--- libgcrypt-1.5.3/tests/cavs_tests.sh.cavs 2013-05-22 18:02:55.000000000 +0200 --- libgcrypt-1.7.3/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.5.3/tests/cavs_tests.sh 2014-09-26 17:45:38.434674884 +0200 +++ libgcrypt-1.7.3/tests/cavs_tests.sh 2016-11-22 17:29:06.067553077 +0100
@@ -55,7 +55,7 @@ function run_one_test () { @@ -55,7 +55,7 @@ function run_one_test () {
[ -d "$respdir" ] || mkdir "$respdir" [ -d "$respdir" ] || mkdir "$respdir"
[ -f "$rspfile" ] && rm "$rspfile" [ -f "$rspfile" ] && rm "$rspfile"
@ -874,10 +874,10 @@ diff -up libgcrypt-1.5.3/tests/cavs_tests.sh.cavs libgcrypt-1.5.3/tests/cavs_tes
dflag="-D" dflag="-D"
fi fi
diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c diff -up libgcrypt-1.7.3/tests/fipsdrv.c.cavs libgcrypt-1.7.3/tests/fipsdrv.c
--- libgcrypt-1.5.3/tests/fipsdrv.c.cavs 2013-07-25 11:10:04.000000000 +0200 --- libgcrypt-1.7.3/tests/fipsdrv.c.cavs 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.5.3/tests/fipsdrv.c 2014-10-21 09:30:30.796777225 +0200 +++ libgcrypt-1.7.3/tests/fipsdrv.c 2016-11-22 17:33:15.468330859 +0100
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz) @@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err)); die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf; p = buf;
@ -887,77 +887,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
if (no_lz && p[0] == '0' && p[1] == '0' && p[2]) if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2; p += 2;
@@ -1346,6 +1349,69 @@ run_rsa_derive (const void *data, size_t @@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
}
+/* Generate RSA key using the S-expression in (DATA,DATALEN). This
+ S-expression is used directly as input to gcry_pk_genkey. The
+ result is printed to stdout with one parameter per line in hex
+ format and in this order: e, p, q, n, d. */
+static void
+run_rsa_keygen (const void *data, size_t datalen, int test)
+{
+ gpg_error_t err;
+ gcry_sexp_t s_keyspec, s_key, s_top, l1;
+ gcry_mpi_t mpi;
+ const char *parmlist;
+ int idx;
+
+ if (!datalen)
+ err = gpg_error (GPG_ERR_NO_DATA);
+ else
+ err = gcry_sexp_new (&s_keyspec, data, datalen, 1);
+ if (err)
+ die ("gcry_sexp_new failed for RSA key generation: %s\n",
+ gpg_strerror (err));
+
+ err = gcry_pk_genkey (&s_key, s_keyspec);
+
+ gcry_sexp_release (s_keyspec);
+
+ if (test) {
+ if (err)
+ printf("F\n");
+ else {
+ gcry_sexp_release (s_key);
+ printf("P\n");
+ }
+ return;
+ }
+
+ if (err)
+ die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err));
+
+ parmlist = "epqnd";
+
+ /* Parse and print the parameters. */
+ l1 = gcry_sexp_find_token (s_key, "private-key", 0);
+ s_top = gcry_sexp_find_token (l1, "rsa", 0);
+ gcry_sexp_release (l1);
+ if (!s_top)
+ die ("private-key part not found in result\n");
+
+ for (idx=0; parmlist[idx]; idx++)
+ {
+ l1 = gcry_sexp_find_token (s_top, parmlist+idx, 1);
+ mpi = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ if (!mpi)
+ die ("parameter %c missing in private-key\n", parmlist[idx]);
+ print_mpi_line (mpi, 1);
+ gcry_mpi_release (mpi);
+ }
+
+ gcry_sexp_release (s_top);
+ gcry_sexp_release (s_key);
+}
+
+
static size_t
compute_tag_length (size_t n)
@@ -1675,14 +1741,14 @@ run_rsa_verify (const void *data, size_t
/* Generate a DSA key of size KEYSIZE and return the complete /* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */ S-expression. */
static gcry_sexp_t static gcry_sexp_t
@ -975,7 +905,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
if (err) if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n", die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@@ -1700,7 +1766,7 @@ dsa_gen (int keysize) @@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
/* Generate a DSA key of size KEYSIZE and return the complete /* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */ S-expression. */
static gcry_sexp_t static gcry_sexp_t
@ -984,7 +914,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
{ {
gpg_error_t err; gpg_error_t err;
gcry_sexp_t keyspec, key; gcry_sexp_t keyspec, key;
@@ -1709,10 +1775,11 @@ dsa_gen_with_seed (int keysize, const vo @@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
"(genkey" "(genkey"
" (dsa" " (dsa"
" (nbits %d)" " (nbits %d)"
@ -998,7 +928,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
if (err) if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n", die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@@ -1720,6 +1787,37 @@ dsa_gen_with_seed (int keysize, const vo @@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
err = gcry_pk_genkey (&key, keyspec); err = gcry_pk_genkey (&key, keyspec);
if (err) if (err)
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err)); die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
@ -1036,7 +966,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
gcry_sexp_release (keyspec); gcry_sexp_release (keyspec);
@@ -1732,7 +1830,7 @@ dsa_gen_with_seed (int keysize, const vo @@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
with one parameter per line in hex format using this order: p, q, with one parameter per line in hex format using this order: p, q,
g, seed, counter, h. */ g, seed, counter, h. */
static void static void
@ -1045,7 +975,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
{ {
gcry_sexp_t l1, l2; gcry_sexp_t l1, l2;
gcry_mpi_t mpi; gcry_mpi_t mpi;
@@ -1768,6 +1866,9 @@ print_dsa_domain_parameters (gcry_sexp_t @@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
} }
gcry_sexp_release (l1); gcry_sexp_release (l1);
@ -1055,7 +985,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
/* Extract the seed values. */ /* Extract the seed values. */
l1 = gcry_sexp_find_token (key, "misc-key-info", 0); l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
if (!l1) if (!l1)
@@ -1819,38 +1920,106 @@ print_dsa_domain_parameters (gcry_sexp_t @@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
} }
@ -1172,7 +1102,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
fp = fopen (filename, "wb"); fp = fopen (filename, "wb");
if (!fp) if (!fp)
@@ -1863,6 +2032,53 @@ run_dsa_gen (int keysize, const char *fi @@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
} }
@ -1226,7 +1156,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
/* Sign DATA of length DATALEN using the key taken from the S-expression /* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */ encoded KEYFILE. */
@@ -1872,11 +2088,16 @@ run_dsa_sign (const void *data, size_t d @@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
{ {
gpg_error_t err; gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2; gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
@ -1234,19 +1164,19 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
+ char hash[128]; + char hash[128];
gcry_mpi_t tmpmpi; gcry_mpi_t tmpmpi;
+ int algo; + int algo;
+
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen); - gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL); - err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
+
+ gcry_md_hash_buffer (algo, hash, data, datalen); + gcry_md_hash_buffer (algo, hash, data, datalen);
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, + err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
+ gcry_md_get_algo_dlen(algo), NULL); + gcry_md_get_algo_dlen(algo), NULL);
if (!err) if (!err)
{ {
err = gcry_sexp_build (&s_data, NULL, err = gcry_sexp_build (&s_data, NULL,
@@ -1887,8 +2108,6 @@ run_dsa_sign (const void *data, size_t d @@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
die ("gcry_sexp_build failed for DSA data input: %s\n", die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@ -1255,7 +1185,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
err = gcry_pk_sign (&s_sig, s_data, s_key); err = gcry_pk_sign (&s_sig, s_data, s_key);
if (err) if (err)
{ {
@@ -1964,13 +2183,18 @@ run_dsa_verify (const void *data, size_t @@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
{ {
gpg_error_t err; gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig; gcry_sexp_t s_data, s_key, s_sig;
@ -1263,11 +1193,11 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
+ char hash[128]; + char hash[128];
gcry_mpi_t tmpmpi; gcry_mpi_t tmpmpi;
+ int algo; + int algo;
+
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen); - gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
+
+ gcry_md_hash_buffer (algo, hash, data, datalen); + gcry_md_hash_buffer (algo, hash, data, datalen);
/* Note that we can't simply use %b with HASH to build the /* Note that we can't simply use %b with HASH to build the
S-expression, because that might yield a negative value. */ S-expression, because that might yield a negative value. */
@ -1277,7 +1207,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
if (!err) if (!err)
{ {
err = gcry_sexp_build (&s_data, NULL, err = gcry_sexp_build (&s_data, NULL,
@@ -1981,7 +2205,6 @@ run_dsa_verify (const void *data, size_t @@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
die ("gcry_sexp_build failed for DSA data input: %s\n", die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err)); gpg_strerror (err));
@ -1285,24 +1215,24 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
s_sig = read_sexp_from_file (sigfile); s_sig = read_sexp_from_file (sigfile);
err = gcry_pk_verify (s_sig, s_data, s_key); err = gcry_pk_verify (s_sig, s_data, s_key);
@@ -2014,7 +2237,7 @@ usage (int show_help) @@ -2304,7 +2464,7 @@ usage (int show_help)
"Run a crypto operation using hex encoded input and output.\n"
"MODE:\n" "MODE:\n"
" encrypt, decrypt, digest, random, hmac-sha,\n" " encrypt, decrypt, digest, random, hmac-sha,\n"
- " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n" " rsa-{derive,gen,sign,verify},\n"
+ " rsa-{derive,gen,sign,verify}, dsa-{pq-gen,g-gen,gen,sign,verify}\n" - " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
"OPTIONS:\n" "OPTIONS:\n"
" --verbose Print additional information\n" " --verbose Print additional information\n"
" --binary Input and output is in binary form\n" " --binary Input and output is in binary form\n"
@@ -2024,6 +2247,7 @@ usage (int show_help) @@ -2315,6 +2475,7 @@ usage (int show_help)
" --dt DT Use the hex encoded DT for the RNG\n"
" --algo NAME Use algorithm NAME\n" " --algo NAME Use algorithm NAME\n"
" --curve NAME Select ECC curve spec NAME\n"
" --keysize N Use a keysize of N bits\n" " --keysize N Use a keysize of N bits\n"
+ " --qize N Use a DSA q parameter size of N bits\n" + " --qize N Use a DSA q parameter size of N bits\n"
" --signature NAME Take signature from file NAME\n" " --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n" " --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n" " --pkcs1 Use PKCS#1 encoding\n"
@@ -2050,6 +2274,7 @@ main (int argc, char **argv) @@ -2344,6 +2505,7 @@ main (int argc, char **argv)
const char *dt_string = NULL; const char *dt_string = NULL;
const char *algo_string = NULL; const char *algo_string = NULL;
const char *keysize_string = NULL; const char *keysize_string = NULL;
@ -1310,7 +1240,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
const char *signature_string = NULL; const char *signature_string = NULL;
FILE *input; FILE *input;
void *data; void *data;
@@ -2143,6 +2368,14 @@ main (int argc, char **argv) @@ -2437,6 +2599,14 @@ main (int argc, char **argv)
keysize_string = *argv; keysize_string = *argv;
argc--; argv++; argc--; argv++;
} }
@ -1325,36 +1255,16 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
else if (!strcmp (*argv, "--signature")) else if (!strcmp (*argv, "--signature"))
{ {
argc--; argv++; argc--; argv++;
@@ -2406,6 +2639,18 @@ main (int argc, char **argv) @@ -2792,23 +2962,49 @@ main (int argc, char **argv)
die ("no data available (do not use --chunk)\n");
run_rsa_derive (data, datalen);
}
+ else if (!strcmp (mode_string, "rsa-keygen"))
+ {
+ if (!data)
+ die ("no data available (do not use --chunk)\n");
+ run_rsa_keygen (data, datalen, 0);
+ }
+ else if (!strcmp (mode_string, "rsa-keygen-kat"))
+ {
+ if (!data)
+ die ("no data available (do not use --chunk)\n");
+ run_rsa_keygen (data, datalen, 1);
+ }
else if (!strcmp (mode_string, "rsa-gen"))
{
int keysize;
@@ -2463,23 +2708,49 @@ main (int argc, char **argv)
} }
else if (!strcmp (mode_string, "dsa-pqg-gen")) else if (!strcmp (mode_string, "dsa-pqg-gen"))
{ {
- int keysize; - int keysize;
+ int keysize, qsize; + int keysize, qsize;
+
keysize = keysize_string? atoi (keysize_string) : 0; + keysize = keysize_string? atoi (keysize_string) : 0;
if (keysize < 1024 || keysize > 3072) + if (keysize < 1024 || keysize > 3072)
die ("invalid keysize specified; needs to be 1024 .. 3072\n"); + die ("invalid keysize specified; needs to be 1024 .. 3072\n");
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+ qsize = qsize_string? atoi (qsize_string) : 0; + qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256) + if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n"); + die ("invalid qsize specified; needs to be 160 .. 256\n");
@ -1363,10 +1273,11 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
+ else if (!strcmp (mode_string, "dsa-g-gen")) + else if (!strcmp (mode_string, "dsa-g-gen"))
+ { + {
+ int keysize, qsize; + int keysize, qsize;
+
+ keysize = keysize_string? atoi (keysize_string) : 0; keysize = keysize_string? atoi (keysize_string) : 0;
+ if (keysize < 1024 || keysize > 3072) if (keysize < 1024 || keysize > 3072)
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n"); die ("invalid keysize specified; needs to be 1024 .. 3072\n");
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+ qsize = qsize_string? atoi (qsize_string) : 0; + qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256) + if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n"); + die ("invalid qsize specified; needs to be 160 .. 256\n");

104
libgcrypt-1.7.3-fips-cfgrandom.patch Normal file
View File

@ -0,0 +1,104 @@
diff -up libgcrypt-1.7.3/random/random-drbg.c.cfgrandom libgcrypt-1.7.3/random/random-drbg.c
--- libgcrypt-1.7.3/random/random-drbg.c.cfgrandom 2016-04-07 17:30:08.000000000 +0200
+++ libgcrypt-1.7.3/random/random-drbg.c 2016-11-22 15:54:02.227319203 +0100
@@ -627,8 +627,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
read_cb_size = len;
read_cb_len = 0;
#if USE_RNDLINUX
+ /* First read from /etc/gcrypt/rngseed if available */
+ _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
+ -1);
+ read_cb_len = 0;
+ /* then use /dev/urandom. */
rc = _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDUNIX
rc = _gcry_rndunix_gather_random (drbg_read_cb, 0, len,
GCRY_VERY_STRONG_RANDOM);
diff -up libgcrypt-1.7.3/random/rndlinux.c.cfgrandom libgcrypt-1.7.3/random/rndlinux.c
--- libgcrypt-1.7.3/random/rndlinux.c.cfgrandom 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 15:45:19.921141761 +0100
@@ -40,7 +40,9 @@
#include "g10lib.h"
#include "rand-internal.h"
-static int open_device (const char *name, int retry);
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
+
+static int open_device (const char *name, int retry, int fatal);
static int
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
* a fatal error but retries until it is able to reopen the device.
*/
static int
-open_device (const char *name, int retry)
+open_device (const char *name, int retry, int fatal)
{
int fd;
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
+ if (fd == -1 && !fatal)
+ return fd;
if (fd == -1 && retry)
{
struct timeval tv;
@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
static unsigned char ever_opened;
int fd;
int n;
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
close (fd_urandom);
fd_urandom = -1;
}
+ if (fd_configured != -1)
+ {
+ close (fd_configured);
+ fd_configured = -1;
+ }
return 0;
}
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
+
+ if (level == -1)
+ {
+ if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
+ fd = fd_configured;
+ if (fd == -1)
+ return -1;
+ }
+
if (level >= 2)
{
if (fd_random == -1)
{
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
ever_opened |= 1;
}
fd = fd_random;
}
- else
+ else if (level != -1)
{
if (fd_urandom == -1)
{
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
ever_opened |= 2;
}
fd = fd_urandom;

35
libgcrypt-1.7.3-fips-reqs.patch Normal file
View File

@ -0,0 +1,35 @@
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations,
keysize, keybuffer));
@@ -1343,6 +1345,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
factors, cb_func, cb_arg,
random_level, flags));

115
libgcrypt-1.7.3-tests.patch Normal file
View File

@ -0,0 +1,115 @@
diff -up libgcrypt-1.7.3/cipher/dsa.c.tests libgcrypt-1.7.3/cipher/dsa.c
--- libgcrypt-1.7.3/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
+++ libgcrypt-1.7.3/cipher/dsa.c 2016-11-22 15:33:48.813026002 +0100
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ else if (!domain->p || !domain->q)
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.7.3/cipher/rsa.c.tests libgcrypt-1.7.3/cipher/rsa.c
--- libgcrypt-1.7.3/cipher/rsa.c.tests 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/cipher/rsa.c 2016-11-22 15:25:05.426838229 +0100
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c
--- libgcrypt-1.7.3/tests/keygen.c.tests 2016-04-07 17:30:08.000000000 +0200
+++ libgcrypt-1.7.3/tests/keygen.c 2016-11-22 15:25:33.178484464 +0100
@@ -257,11 +257,11 @@ check_rsa_keys (void)
if (verbose)
- show ("creating 512 bit RSA key with e=257\n");
+ show ("creating 1024 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
@@ -282,11 +282,11 @@ check_rsa_keys (void)
gcry_sexp_release (key);
if (verbose)
- show ("creating 512 bit RSA key with default e\n");
+ show ("creating 1024 bit RSA key with default e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)
@@ -366,12 +366,12 @@ check_dsa_keys (void)
}
if (verbose)
- show ("creating 1536 bit DSA key\n");
+ show ("creating 2048 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
- " (nbits 4:1536)\n"
- " (qbits 3:224)\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
diff -up libgcrypt-1.7.3/tests/pubkey.c.tests libgcrypt-1.7.3/tests/pubkey.c
--- libgcrypt-1.7.3/tests/pubkey.c.tests 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/pubkey.c 2016-11-22 18:40:23.220813982 +0100
@@ -651,7 +651,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));

34
libgcrypt-1.6.1-use-poll.patch → libgcrypt-1.7.3-use-poll.patch
View File

@ -1,15 +1,15 @@
diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndlinux.c diff -up libgcrypt-1.7.3/random/rndlinux.c.use-poll libgcrypt-1.7.3/random/rndlinux.c
--- libgcrypt-1.6.1/random/rndlinux.c.use-poll 2014-02-28 15:17:55.294433915 +0100 --- libgcrypt-1.7.3/random/rndlinux.c.use-poll 2016-11-22 16:05:05.114761069 +0100
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 15:34:52.505945274 +0100 +++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 16:16:05.373139721 +0100
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>
+#include <poll.h> +#include <poll.h>
#include "types.h" #if defined(__linux__) && defined(HAVE_SYSCALL)
#include "g10lib.h" # include <sys/syscall.h>
#include "rand-internal.h" #endif
@@ -199,9 +200,11 @@ _gcry_rndlinux_gather_random (void (*add @@ -211,9 +212,11 @@ _gcry_rndlinux_gather_random (void (*add
return with something we will actually use 100ms. */ return with something we will actually use 100ms. */
while (length) while (length)
{ {
@ -23,7 +23,7 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
/* If we collected some bytes update the progress indicator. We /* If we collected some bytes update the progress indicator. We
do this always and not just if the select timed out because do this always and not just if the select timed out because
@@ -215,33 +218,18 @@ _gcry_rndlinux_gather_random (void (*add @@ -227,33 +230,19 @@ _gcry_rndlinux_gather_random (void (*add
any_need_entropy = 1; any_need_entropy = 1;
} }
@ -35,7 +35,14 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
-#ifdef FD_SETSIZE -#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE) - if (fd < FD_SETSIZE)
-#endif -#endif
- { + if ( !(rc=poll(&pfd, 1, delay)) )
+ {
+ any_need_entropy = 1;
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
{
- FD_ZERO(&rfds); - FD_ZERO(&rfds);
- FD_SET(fd, &rfds); - FD_SET(fd, &rfds);
- tv.tv_sec = delay; - tv.tv_sec = delay;
@ -54,13 +61,6 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
- we have ever blocked. */ - we have ever blocked. */
- continue; - continue;
- } - }
+ if ( !(rc=poll(&pfd, 1, delay)) )
+ {
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno)); + log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay) + if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before + delay = 1000; /* Use 1 second if we encounter an error before
@ -68,4 +68,4 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
+ continue; + continue;
} }
do /* If we have a modern Linux kernel and we want to read from the

38
libgcrypt.spec
View File

@ -1,5 +1,5 @@
Name: libgcrypt Name: libgcrypt
Version: 1.6.6 Version: 1.7.3
Release: 1%{?dist} Release: 1%{?dist}
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
@ -15,36 +15,29 @@ Source3: hobble-libgcrypt
Source4: ecc-curves.c Source4: ecc-curves.c
Source5: curves.c Source5: curves.c
Source6: t-mpi-point.c Source6: t-mpi-point.c
Source7: ecc-gost.c
# make FIPS hmac compatible with fipscheck - non upstreamable # make FIPS hmac compatible with fipscheck - non upstreamable
# update on soname bump # update on soname bump
Patch2: libgcrypt-1.6.2-use-fipscheck.patch Patch2: libgcrypt-1.6.2-use-fipscheck.patch
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen # fix tests in the FIPS mode, allow CAVS testing of DSA keygen
Patch5: libgcrypt-1.6.1-tests.patch Patch5: libgcrypt-1.7.3-tests.patch
# add configurable source of RNG seed and seed by default # add configurable source of RNG seed and seed by default
# from /dev/urandom in the FIPS mode # from /dev/urandom in the FIPS mode
Patch6: libgcrypt-1.6.1-fips-cfgrandom.patch Patch6: libgcrypt-1.7.3-fips-cfgrandom.patch
# update the CAVS tests # update the CAVS tests
Patch7: libgcrypt-1.6.2-fips-cavs.patch Patch7: libgcrypt-1.7.3-fips-cavs.patch
# fix for memory leaks and other errors found by Coverity scan
Patch9: libgcrypt-1.6.5-leak.patch
# use poll instead of select when gathering randomness # use poll instead of select when gathering randomness
Patch11: libgcrypt-1.6.1-use-poll.patch Patch11: libgcrypt-1.7.3-use-poll.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288) # slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
# fix tests to work with approved ECC # fix tests to work with approved ECC
Patch14: libgcrypt-1.6.1-ecc-test-fix.patch Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
# Replace the FIPS RNG with DRBG
Patch15: libgcrypt-1.6.2-drbg.patch
# Run the FIPS mode initialization in the shared library constructor # Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.6.2-fips-ctor.patch Patch18: libgcrypt-1.6.2-fips-ctor.patch
# Make it possible to run the test suite in the FIPS mode # Block some operations if in FIPS non-operational state
Patch19: libgcrypt-1.6.2-fips-test.patch Patch22: libgcrypt-1.7.3-fips-reqs.patch
# Make the FIPS RSA keygen to be FIPS 186-4 compliant
Patch20: libgcrypt-1.6.3-rsa-fips-keygen.patch
# update the selftests for new FIPS requirements
Patch22: libgcrypt-1.6.2-fips-reqs.patch
# do not use strict aliasing for bufhelp functions # do not use strict aliasing for bufhelp functions
Patch23: libgcrypt-1.6.3-aliasing.patch Patch23: libgcrypt-1.7.3-aliasing.patch
# use only urandom if /dev/random cannot be opened # use only urandom if /dev/random cannot be opened
Patch24: libgcrypt-1.6.3-urandom-only.patch Patch24: libgcrypt-1.6.3-urandom-only.patch
@ -86,19 +79,15 @@ applications using libgcrypt.
%patch5 -p1 -b .tests %patch5 -p1 -b .tests
%patch6 -p1 -b .cfgrandom %patch6 -p1 -b .cfgrandom
%patch7 -p1 -b .cavs %patch7 -p1 -b .cavs
%patch9 -p1 -b .leak
%patch11 -p1 -b .use-poll %patch11 -p1 -b .use-poll
%patch13 -p1 -b .gccopt %patch13 -p1 -b .gccopt
%patch14 -p1 -b .eccfix %patch14 -p1 -b .eccfix
%patch15 -p1 -b .drbg
%patch18 -p1 -b .fips-ctor %patch18 -p1 -b .fips-ctor
%patch19 -p1 -b .fips-test
%patch20 -p1 -b .fips-keygen
%patch22 -p1 -b .fips-reqs %patch22 -p1 -b .fips-reqs
%patch23 -p1 -b .aliasing %patch23 -p1 -b .aliasing
%patch24 -p1 -b .urandom-only %patch24 -p1 -b .urandom-only
cp %{SOURCE4} cipher/ cp %{SOURCE4} %{SOURCE7} cipher/
cp %{SOURCE5} %{SOURCE6} tests/ cp %{SOURCE5} %{SOURCE6} tests/
%build %build
@ -208,6 +197,9 @@ exit 0
%license COPYING %license COPYING
%changelog %changelog
* Wed Nov 23 2016 Tomáš Mráz <tmraz@redhat.com> 1.7.3-1
- new upstream version 1.7.3
* Wed Aug 17 2016 Tomáš Mráz <tmraz@redhat.com> 1.6.6-1 * Wed Aug 17 2016 Tomáš Mráz <tmraz@redhat.com> 1.6.6-1
- new upstream version with important security fix (CVE-2016-6316) - new upstream version with important security fix (CVE-2016-6316)

2
sources
View File

@ -1 +1 @@
67edcc4715a8c239eac70a931e49660d libgcrypt-1.6.6-hobbled.tar.xz 8ed4255c512e382eba465330c2a939dc libgcrypt-1.7.3-hobbled.tar.xz

81
t-mpi-point.c
View File

@ -57,8 +57,20 @@ static struct
const char *a, *b; /* The coefficients. */ const char *a, *b; /* The coefficients. */
const char *n; /* The order of the base point. */ const char *n; /* The order of the base point. */
const char *g_x, *g_y; /* Base point. */ const char *g_x, *g_y; /* Base point. */
const char *h; /* Cofactor. */
} test_curve[] = } test_curve[] =
{ {
{
"NIST P-224",
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
"0x01"
},
{ {
"NIST P-256", "NIST P-256",
"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff", "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
@ -67,7 +79,8 @@ static struct
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
"0x01"
}, },
{ {
"NIST P-384", "NIST P-384",
@ -83,7 +96,8 @@ static struct
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38" "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
"5502f25dbf55296c3a545e3872760ab7", "5502f25dbf55296c3a545e3872760ab7",
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0" "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f" "0a60b1ce1d7e819d7a431d7c90ea0e5f",
"0x01"
}, },
{ {
"NIST P-521", "NIST P-521",
@ -99,18 +113,20 @@ static struct
"0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d" "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
"baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
"0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6" "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
"0x01"
}, },
{ {
"Ed25519", "Ed25519",
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A", "0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A", "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658" "0x6666666666666666666666666666666666666666666666666666666666666658",
"0x08"
}, },
{ NULL, NULL, NULL, NULL, NULL } { NULL, NULL, NULL, NULL, NULL, NULL }
}; };
/* A sample public key for NIST P-256. */ /* A sample public key for NIST P-256. */
@ -414,28 +430,18 @@ context_alloc (void)
gcry_mpi_release (a); gcry_mpi_release (a);
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
p = gcry_mpi_set_ui (NULL, 0); p = NULL;
a = gcry_mpi_set_ui (NULL, 0); a = gcry_mpi_set_ui (NULL, 0);
err = ec_p_new (&ctx, p, a); err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (1)\n"); fail ("ec_p_new: bad parameter detection failed (1)\n");
gcry_mpi_set_ui (p, 1);
err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (2)\n");
gcry_mpi_release (p);
p = NULL;
err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (3)\n");
gcry_mpi_release (a); gcry_mpi_release (a);
a = NULL; a = NULL;
err = ec_p_new (&ctx, p, a); err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (4)\n"); fail ("ec_p_new: bad parameter detection failed (2)\n");
} }
@ -523,6 +529,17 @@ context_param (void)
show ("checking standard curves\n"); show ("checking standard curves\n");
for (idx=0; test_curve[idx].desc; idx++) for (idx=0; test_curve[idx].desc; idx++)
{ {
/* P-192 and Ed25519 are not supported in fips mode */
if (gcry_fips_mode_active())
{
if (!strcmp(test_curve[idx].desc, "NIST P-192")
|| !strcmp(test_curve[idx].desc, "Ed25519"))
{
show("skipping %s in fips mode\n", test_curve[idx].desc );
continue;
}
}
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc); err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
if (err) if (err)
@ -546,6 +563,8 @@ context_param (void)
if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y, if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y,
test_curve[idx].desc, ctx)) test_curve[idx].desc, ctx))
continue; continue;
if (get_and_cmp_mpi ("h", test_curve[idx].h, test_curve[idx].desc, ctx))
continue;
} }
@ -616,6 +635,10 @@ context_param (void)
gcry_sexp_release (sexp); gcry_sexp_release (sexp);
} }
/* Skipping Ed25519 if in FIPS mode (it isn't supported) */
if (gcry_fips_mode_active())
goto cleanup;
show ("checking sample public key (Ed25519)\n"); show ("checking sample public key (Ed25519)\n");
q = hex2mpi (sample_ed25519_q); q = hex2mpi (sample_ed25519_q);
gcry_sexp_release (keyparam); gcry_sexp_release (keyparam);
@ -703,6 +726,7 @@ context_param (void)
} }
cleanup:
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
gcry_sexp_release (keyparam); gcry_sexp_release (keyparam);
} }
@ -804,6 +828,14 @@ basic_ec_math (void)
} }
/* This is the same as basic_ec_math but uses more advanced
features. */
static void
basic_ec_math_simplified (void)
{
}
/* Check the math used with Twisted Edwards curves. */ /* Check the math used with Twisted Edwards curves. */
static void static void
twistededwards_math (void) twistededwards_math (void)
@ -963,7 +995,14 @@ main (int argc, char **argv)
context_alloc (); context_alloc ();
context_param (); context_param ();
basic_ec_math (); basic_ec_math ();
twistededwards_math ();
/* The tests are for P-192 and ed25519 which are not supported in
FIPS mode. */
if (!gcry_fips_mode_active())
{
basic_ec_math_simplified ();
twistededwards_math ();
}
show ("All tests completed. Errors: %d\n", error_count); show ("All tests completed. Errors: %d\n", error_count);
return error_count ? 1 : 0; return error_count ? 1 : 0;