libgcrypt-1.10.0-1

This commit is contained in:
Jakub Jelen 2022-02-02 10:57:27 +01:00
parent aff6b907cf
commit 364af5a451
19 changed files with 277 additions and 4860 deletions

2
.gitignore vendored
View File

@ -28,3 +28,5 @@ libgcrypt-1.4.5-hobbled.tar.bz2
/libgcrypt-1.9.2-hobbled.tar.xz
/libgcrypt-1.9.3-hobbled.tar.xz
/libgcrypt-1.9.4-hobbled.tar.xz
/libgcrypt-1.10.0.tar.bz2
/libgcrypt-1.10.0.tar.bz2.sig

271
curves.c
View File

@ -1,271 +0,0 @@
/* curves.c - ECC curves regression tests
* Copyright (C) 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include "../src/gcrypt-int.h"
#define PGM "curves"
#include "t-common.h"
/* Number of curves defined in ../cipger/ecc-curves.c */
#define N_CURVES 20
/* A real world sample public key. */
static char const sample_key_1[] =
"(public-key\n"
" (ecdsa\n"
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)\n"
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)\n"
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)\n"
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
" ))";
static char const sample_key_1_curve[] = "NIST P-256";
static unsigned int sample_key_1_nbits = 256;
static void
list_curves (void)
{
int idx;
const char *name;
unsigned int nbits;
for (idx=0; (name = gcry_pk_get_curve (NULL, idx, &nbits)); idx++)
{
if (verbose)
printf ("%s - %u bits\n", name, nbits);
}
if (idx != N_CURVES)
fail ("expected %d curves but got %d\n", N_CURVES, idx);
if (gcry_pk_get_curve (NULL, -1, NULL))
fail ("curve iteration failed\n");
}
static void
check_matching (void)
{
gpg_error_t err;
gcry_sexp_t key;
const char *name;
unsigned int nbits;
err = gcry_sexp_new (&key, sample_key_1, 0, 1);
if (err)
die ("parsing s-expression string failed: %s\n", gpg_strerror (err));
name = gcry_pk_get_curve (key, 0, &nbits);
if (!name)
fail ("curve name not found for sample_key_1\n");
else if (strcmp (name, sample_key_1_curve))
fail ("expected curve name %s but got %s for sample_key_1\n",
sample_key_1_curve, name);
else if (nbits != sample_key_1_nbits)
fail ("expected curve size %u but got %u for sample_key_1\n",
sample_key_1_nbits, nbits);
gcry_sexp_release (key);
}
static void
check_get_params (void)
{
static struct {
int algo;
const char *name;
int error_expected;
} tv[] =
{
{ GCRY_PK_ECC, "Ed25519" },
{ GCRY_PK_ECC, "1.3.6.1.4.1.11591.15.1" },
{ GCRY_PK_ECC, "1.3.101.112" },
{ GCRY_PK_ECC, "Curve25519" },
{ GCRY_PK_ECC, "1.3.6.1.4.1.3029.1.5.1" },
{ GCRY_PK_ECC, "1.3.101.110" },
{ GCRY_PK_ECC, "X25519" },
{ GCRY_PK_ECC, "Ed448" },
{ GCRY_PK_ECC, "X448" },
{ GCRY_PK_ECC, "1.3.101.113" },
{ GCRY_PK_ECC, "1.3.101.111" },
{ GCRY_PK_ECC, "NIST P-192" },
{ GCRY_PK_ECC, "1.2.840.10045.3.1.1" },
{ GCRY_PK_ECC, "prime192v1" },
{ GCRY_PK_ECC, "secp192r1" },
{ GCRY_PK_ECC, "nistp192" },
{ GCRY_PK_ECC, "NIST P-224" },
{ GCRY_PK_ECC, "secp224r1" },
{ GCRY_PK_ECC, "1.3.132.0.33" },
{ GCRY_PK_ECC, "nistp224" },
{ GCRY_PK_ECC, "NIST P-256" },
{ GCRY_PK_ECC, "1.2.840.10045.3.1.7" },
{ GCRY_PK_ECC, "prime256v1" },
{ GCRY_PK_ECC, "secp256r1" },
{ GCRY_PK_ECC, "nistp256" },
{ GCRY_PK_ECC, "NIST P-384" },
{ GCRY_PK_ECC, "secp384r1" },
{ GCRY_PK_ECC, "1.3.132.0.34" },
{ GCRY_PK_ECC, "nistp384" },
{ GCRY_PK_ECC, "NIST P-521" },
{ GCRY_PK_ECC, "secp521r1" },
{ GCRY_PK_ECC, "1.3.132.0.35" },
{ GCRY_PK_ECC, "nistp521" },
{ GCRY_PK_ECC, "GOST2001-test" },
{ GCRY_PK_ECC, "1.2.643.2.2.35.0" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
{ GCRY_PK_ECC, "1.2.643.2.2.35.1" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
{ GCRY_PK_ECC, "1.2.643.2.2.35.2" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
{ GCRY_PK_ECC, "1.2.643.2.2.35.3" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-XchA" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-XchB" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
{ GCRY_PK_ECC, "1.2.643.2.2.36.0" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
{ GCRY_PK_ECC, "1.2.643.2.2.36.1" },
/* Noet that GOST2012-256-tc26-A" is only in the curve alias
* list but has no parameter entry. */
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.2" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-A" },
{ GCRY_PK_ECC, "GOST2012-256-tc26-B" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.3" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-B" },
{ GCRY_PK_ECC, "GOST2012-256-tc26-C" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.1.4" },
{ GCRY_PK_ECC, "GOST2001-CryptoPro-C" },
{ GCRY_PK_ECC, "GOST2012-256-tc26-D" },
{ GCRY_PK_ECC, "GOST2012-512-test" },
{ GCRY_PK_ECC, "GOST2012-test" },
{ GCRY_PK_ECC, "GOST2012-512-test" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.0" },
{ GCRY_PK_ECC, "GOST2012-512-tc26-A" },
{ GCRY_PK_ECC, "GOST2012-tc26-A" },
{ GCRY_PK_ECC, "GOST2012-512-tc26-B" },
{ GCRY_PK_ECC, "GOST2012-tc26-B" },
{ GCRY_PK_ECC, "GOST2012-512-tc26-A" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.1" },
{ GCRY_PK_ECC, "GOST2012-512-tc26-B" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.2" },
{ GCRY_PK_ECC, "GOST2012-512-tc26-C" },
{ GCRY_PK_ECC, "1.2.643.7.1.2.1.2.3" },
{ GCRY_PK_ECC, "secp256k1" },
{ GCRY_PK_ECC, "1.3.132.0.10" },
{ GCRY_PK_ECC, "sm2p256v1" },
{ GCRY_PK_ECC, "1.2.156.10197.1.301" },
/* Check also the ECC algo mapping. */
{ GCRY_PK_ECDSA, "Ed25519" },
{ GCRY_PK_EDDSA, "Ed25519" },
{ GCRY_PK_ECDH, "Ed25519" },
{ GCRY_PK_ECDSA, "Curve25519" },
{ GCRY_PK_EDDSA, "Curve25519" },
{ GCRY_PK_ECDH, "Curve25519" },
{ GCRY_PK_ECC, "NoSuchCurve", 1 },
{ GCRY_PK_RSA, "rsa", 1 },
{ GCRY_PK_ELG, "elg", 1 },
{ GCRY_PK_DSA, "dsa", 1 }
};
int idx;
gcry_sexp_t param;
const char *name;
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_1_curve);
if (!param)
fail ("error gerring parameters for `%s'\n", sample_key_1_curve);
name = gcry_pk_get_curve (param, 0, NULL);
if (!name)
fail ("get_param: curve name not found for sample_key_1\n");
else if (strcmp (name, sample_key_1_curve))
fail ("get_param: expected curve name %s but got %s for sample_key_1\n",
sample_key_1_curve, name);
gcry_sexp_release (param);
/* Some simple tests */
for (idx=0; idx < DIM (tv); idx++)
{
param = gcry_pk_get_param (tv[idx].algo, tv[idx].name);
if (!param)
{
if (!tv[idx].error_expected)
fail ("get_param: test %d (%s) failed\n", idx, tv[idx].name);
}
else
{
if (tv[idx].error_expected)
fail ("get_param: test %d (%s) failed (error expected)\n",
idx, tv[idx].name);
}
gcry_sexp_release (param);
}
}
int
main (int argc, char **argv)
{
if (argc > 1 && !strcmp (argv[1], "--verbose"))
verbose = 1;
else if (argc > 1 && !strcmp (argv[1], "--debug"))
verbose = debug = 1;
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
list_curves ();
check_matching ();
check_get_params ();
return error_count ? 1 : 0;
}

File diff suppressed because it is too large Load Diff

View File

@ -1,11 +0,0 @@
#!/bin/sh
# Quit out if anything fails.
set -e -x
# Clean out patent-or-otherwise-encumbered code.
# EC: ????????? ??/??/2015
rm -f cipher/ecc-curves.c
rm -f tests/curves.c
rm -f tests/keygrip.c

341
keygrip.c
View File

@ -1,341 +0,0 @@
/* keygrip.c - verifies that keygrips are calculated as expected
* Copyright (C) 2005 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <assert.h>
#define PGM "keygrip"
#include "t-common.h"
static int repetitions;
static void
print_hex (const char *text, const void *buf, size_t n)
{
const unsigned char *p = buf;
fputs (text, stdout);
for (; n; n--, p++)
printf ("%02X", *p);
putchar ('\n');
}
static struct
{
int algo;
const char *key;
const unsigned char grip[20];
} key_grips[] =
{
{
GCRY_PK_RSA,
"(private-key"
" (rsa"
" (n #00B6B509596A9ECABC939212F891E656A626BA07DA8521A9CAD4C08E640C04052FBB87F424EF1A0275A48A9299AC9DB69ABE3D0124E6C756B1F7DFB9B842D6251AEA6EE85390495CADA73D671537FCE5850A932F32BAB60AB1AC1F852C1F83C625E7A7D70CDA9EF16D5C8E47739D77DF59261ABE8454807FF441E143FBD37F8545#)"
" (e #010001#)"
" (d #077AD3DE284245F4806A1B82B79E616FBDE821C82D691A65665E57B5FAD3F34E67F401E7BD2E28699E89D9C496CF821945AE83AC7A1231176A196BA6027E77D85789055D50404A7A2A95B1512F91F190BBAEF730ED550D227D512F89C0CDB31AC06FA9A19503DDF6B66D0B42B9691BFD6140EC1720FFC48AE00C34796DC899E5#)"
" (p #00D586C78E5F1B4BF2E7CD7A04CA091911706F19788B93E44EE20AAF462E8363E98A72253ED845CCBF2481BB351E8557C85BCFFF0DABDBFF8E26A79A0938096F27#)"
" (q #00DB0CDF60F26F2A296C88D6BF9F8E5BE45C0DDD713C96CC73EBCB48B061740943F21D2A93D6E42A7211E7F02A95DCED6C390A67AD21ECF739AE8A0CA46FF2EBB3#)"
" (u #33149195F16912DB20A48D020DBC3B9E3881B39D722BF79378F6340F43148A6E9FC5F53E2853B7387BA4443BA53A52FCA8173DE6E85B42F9783D4A7817D0680B#)))",
"\x32\xCF\xFA\x85\xB1\x79\x1F\xBB\x26\x14\xE9\x1A\xFD\xF3\xAF\xE3\x32\x08\x2E\x25"
},
{
GCRY_PK_DSA,
" (public-key"
" (dsa"
" (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)"
" (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)"
" (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)"
" (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)))",
"\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10"
},
{
GCRY_PK_DSA,
"(private-key"
" (dsa"
" (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)"
" (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)"
" (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)"
" (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)"
" (x #0087F9E91BFBCC1163DE71ED86D557708E32F8ADDE#)))",
"\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10"
},
{
GCRY_PK_ECDSA,
"(public-key"
" (ecdsa(flags param)"
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)"
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
"(public-key"
" (ecdsa(flags param)"
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
" (curve \"NIST P-256\")"
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
"(public-key"
" (ecdsa"
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
" (curve \"NIST P-256\")"
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
"(public-key"
" (ecdsa"
" (curve secp256r1)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve secp256r1)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{ /* Ed25519 standard */
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve Ed25519)"
" (q #04"
" 1CC662926E7EFF4982B7FB8B928E61CD74CCDD85277CC57196C3AD20B611085F"
" 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)"
" ))",
"\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8"
"\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1"
},
{ /* Ed25519+EdDSA */
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve Ed25519)(flags eddsa)"
" (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
},
{ /* Ed25519+EdDSA (with compression prefix) */
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve Ed25519)(flags eddsa)"
" (q #40"
" 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
},
{ /* Ed25519+EdDSA (same but uncompressed)*/
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve Ed25519)(flags eddsa)"
" (q #04"
" 629ad237d1ed04dcd4abe1711dd699a1cf51b1584c4de7a4ef8b8a640180b26f"
" 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
},
{ /* Cv25519 */
GCRY_PK_ECC,
"(public-key"
" (ecc"
" (curve Curve25519)(flags djb-tweak)"
" (q #40"
" 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)"
" ))",
"\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39"
"\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C"
},
{ /* Random key */
GCRY_PK_RSA,
"(shadowed-private-key"
" (rsa"
" (n #00B493C79928398DA9D99AC0E949FE6EB62F683CB974FFFBFBC01066F5C9A89B"
" D3DC48EAD7C65F36EA943C2B2C865C26C4884FF9EDFDA8C99C855B737D77EEF6"
" B85DBC0CCEC0E900C1F89A6893A2A93E8B31028469B6927CEB2F08687E547C68"
" 6B0A2F7E50A194FF7AB7637E03DE0912EF7F6E5F1EC37625BD1620CCC2E7A564"
" 31E168CDAFBD1D9E61AE47A69A6FA03EF22F844528A710B2392F262B95A3078C"
" F321DC8325F92A5691EF69F34FD0DE0B22C79D29DC87723FCADE463829E8E5F7"
" D196D73D6C9C180F6A6A0DDBF7B9D8F7FA293C36163B12199EF6A1A95CAE4051"
" E3069C522CC6C4A7110F663A5DAD20F66C13A1674D050088208FAE4F33B3AB51"
" 03#)"
" (e #00010001#)"
" (shadowed t1-v1"
" (#D2760001240102000005000123350000# OPENPGP.1)"
")))",
"\xE5\x6E\xE6\xEE\x5A\x2F\xDC\x3E\x98\x9D"
"\xFE\x49\xDA\xF5\x67\x43\xE3\x27\x28\x33"
}
};
static void
check (void)
{
unsigned char buf[20];
unsigned char *ret;
gcry_error_t err;
gcry_sexp_t sexp;
unsigned int i;
int repn;
for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++)
{
if (gcry_pk_test_algo (key_grips[i].algo))
{
if (verbose)
fprintf (stderr, "algo %d not available; test skipped\n",
key_grips[i].algo);
continue;
}
err = gcry_sexp_sscan (&sexp, NULL, key_grips[i].key,
strlen (key_grips[i].key));
if (err)
die ("scanning data %d failed: %s\n", i, gpg_strerror (err));
if (debug)
info ("check(%d): s-exp='%s'\n", i, key_grips[i].key);
for (repn=0; repn < repetitions; repn++)
{
ret = gcry_pk_get_keygrip (sexp, buf);
if (!ret)
die ("gcry_pk_get_keygrip failed for %d\n", i);
if ( memcmp (key_grips[i].grip, buf, sizeof (buf)) )
{
print_hex ("keygrip: ", buf, sizeof buf);
die ("keygrip for %d does not match\n", i);
}
else if (debug && !repn)
print_hex ("keygrip: ", buf, sizeof buf);
}
gcry_sexp_release (sexp);
}
}
static void
progress_handler (void *cb_data, const char *what, int printchar,
int current, int total)
{
(void)cb_data;
(void)what;
(void)current;
(void)total;
putchar (printchar);
}
int
main (int argc, char **argv)
{
int last_argc = -1;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose = 1;
debug = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--repetitions"))
{
argc--; argv++;
if (argc)
{
repetitions = atoi(*argv);
argc--; argv++;
}
}
}
if (repetitions < 1)
repetitions = 1;
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_set_progress_handler (progress_handler, NULL);
xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
check ();
return 0;
}

View File

@ -0,0 +1,239 @@
From d651e25be0bc0c11f4d3d7c72be8cfbbe82b3874 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Sep 2021 18:39:00 +0200
Subject: [PATCH] Allow building libgcrypt without Brainpool curves
* README: Document possibility to build without brainpool curves
* cipher/ecc-curves.c: Conditionalize brainpool curves definitions
* configure.ac: Implement possibility to build without brainpool curves
* tests/curves.c: Skip brainpool curves if they are not built-in
* tests/keygrip.c: Skip brainpool curves if they are not built-in
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
README | 3 +++
cipher/ecc-curves.c | 4 ++++
configure.ac | 13 +++++++++++++
tests/curves.c | 46 ++++++++++++++++++++++++++++++---------------
tests/keygrip.c | 2 ++
5 files changed, 53 insertions(+), 15 deletions(-)
diff --git a/README b/README
index 436b6cd4..1044109c 100644
--- a/README
+++ b/README
@@ -127,6 +127,9 @@
the list used with the current build the program
tests/version may be used.
+ --disable-brainpool
+ Do not build in support for Brainpool curves.
+
--disable-endian-check
Don't let configure test for the endianness but
try to use the OS provided macros at compile
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 7c86e12c..8fd95a9c 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -77,6 +77,7 @@ static const struct
{ "NIST P-521", "1.3.132.0.35" },
{ "NIST P-521", "nistp521" }, /* rfc5656. */
+#ifdef ENABLE_BRAINPOOL
{ "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
{ "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
{ "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
@@ -84,6 +85,7 @@ static const struct
{ "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
+#endif /* ENABLE_BRAINPOOL */
{ "GOST2001-test", "1.2.643.2.2.35.0" },
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
@@ -297,6 +299,7 @@ static const ecc_domain_parms_t domain_parms[] =
1
},
+#ifdef ENABLE_BRAINPOOL
{ "brainpoolP160r1", 160, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
@@ -391,6 +394,7 @@ static const ecc_domain_parms_t domain_parms[] =
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
1
},
+#endif /* ENABLE_BRAINPOOL */
{
"GOST2001-test", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
diff --git a/configure.ac b/configure.ac
index 6efbf139..f4ac1887 100644
--- a/configure.ac
+++ b/configure.ac
@@ -614,6 +614,14 @@ AC_ARG_WITH(fips-module-version,
AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
[Define FIPS module version for certification])
+# Implementation of the --disable-brainpool switch.
+AC_MSG_CHECKING([whether we want to disable the use of brainpool curves])
+AC_ARG_ENABLE(brainpool,
+ AS_HELP_STRING([--disable-brainpool],
+ [Disable the brainpool curves]),
+ use_brainpool="$enableval",use_brainpool=yes)
+AC_MSG_RESULT($use_brainpool)
+
# Implementation of the --disable-jent-support switch.
AC_MSG_CHECKING([whether jitter entropy support is requested])
AC_ARG_ENABLE(jent-support,
@@ -2466,6 +2474,10 @@ if test x"$ppccryptosupport" = xyes ; then
AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1,
[Enable support for POWER 8 (PowerISA 2.07) crypto extension.])
fi
+if test x"$use_brainpool" = xyes ; then
+ AC_DEFINE(ENABLE_BRAINPOOL, 1,
+ [Enable support for the brainpool curves.])
+fi
if test x"$jentsupport" = xyes ; then
AC_DEFINE(ENABLE_JENT_SUPPORT, 1,
[Enable support for the jitter entropy collector.])
@@ -3296,6 +3308,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests])
GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs])
GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers])
GCRY_MSG_SHOW([Random number generator: ],[$random])
+GCRY_MSG_SHOW([Enabled Brainpool curves: ],[$use_brainpool])
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
diff --git a/tests/curves.c b/tests/curves.c
index 3c738171..8eb79565 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -33,7 +33,11 @@
#include "t-common.h"
/* Number of curves defined in ../cipher/ecc-curves.c */
-#define N_CURVES 27
+#ifdef ENABLE_BRAINPOOL
+# define N_CURVES 27
+#else
+# define N_CURVES 20
+#endif
/* A real world sample public key. */
static char const sample_key_1[] =
@@ -52,6 +56,7 @@ static char const sample_key_1[] =
static char const sample_key_1_curve[] = "NIST P-256";
static unsigned int sample_key_1_nbits = 256;
+#ifdef ENABLE_BRAINPOOL
/* A made up sample public key. */
static char const sample_key_2[] =
"(public-key\n"
@@ -68,6 +73,7 @@ static char const sample_key_2[] =
" ))";
static char const sample_key_2_curve[] = "brainpoolP160r1";
static unsigned int sample_key_2_nbits = 160;
+#endif /* ENABLE_BRAINPOOL */
static int in_fips_mode;
@@ -113,6 +119,7 @@ check_matching (void)
gcry_sexp_release (key);
+#ifdef ENABLE_BRAINPOOL
if (!in_fips_mode)
{
err = gcry_sexp_new (&key, sample_key_2, 0, 1);
@@ -130,6 +137,7 @@ check_matching (void)
gcry_sexp_release (key);
}
+#endif /* ENABLE_BRAINPOOL */
}
#define TEST_ERROR_EXPECTED (1 << 0)
@@ -185,20 +193,26 @@ check_get_params (void)
{ GCRY_PK_ECC, "1.3.132.0.35" },
{ GCRY_PK_ECC, "nistp521" },
- { GCRY_PK_ECC, "brainpoolP160r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP192r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP224r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP256r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP320r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP384r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", TEST_NOFIPS },
- { GCRY_PK_ECC, "brainpoolP512r1", TEST_NOFIPS },
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", TEST_NOFIPS },
+#ifdef ENABLE_BRAINPOOL
+# define BRAINPOOL_FLAGS TEST_NOFIPS
+#else
+# define BRAINPOOL_FLAGS TEST_ERROR_EXPECTED
+#endif /* ENABLE_BRAINPOOL */
+ { GCRY_PK_ECC, "brainpoolP160r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP192r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP224r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP256r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP320r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP384r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "brainpoolP512r1", BRAINPOOL_FLAGS },
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", BRAINPOOL_FLAGS },
+#undef BRAINPOOL_ERROR_EXPECTED
{ GCRY_PK_ECC, "GOST2001-test", TEST_NOFIPS },
{ GCRY_PK_ECC, "1.2.643.2.2.35.0", TEST_NOFIPS },
@@ -282,6 +296,7 @@ check_get_params (void)
gcry_sexp_release (param);
+#ifdef ENABLE_BRAINPOOL
if (!in_fips_mode)
{
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
@@ -297,6 +312,7 @@ check_get_params (void)
gcry_sexp_release (param);
}
+#endif /* ENABLE_BRAINPOOL */
/* Some simple tests */
for (idx=0; idx < DIM (tv); idx++)
diff --git a/tests/keygrip.c b/tests/keygrip.c
index 49bd71bc..fc4c17be 100644
--- a/tests/keygrip.c
+++ b/tests/keygrip.c
@@ -149,6 +149,7 @@ static struct
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
+#ifdef ENABLE_BRAINPOOL
{
GCRY_PK_ECC,
"(public-key"
@@ -197,6 +198,7 @@ static struct
"\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
1
},
+#endif /*ENABLE_BRAINPOOL */
{ /* Ed25519 standard */
GCRY_PK_ECC,
"(public-key"
--
2.34.1

View File

@ -1,104 +0,0 @@
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra = 1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- xfree (tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ xfree (tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (extra == 1)
*s++ = 0;
else if (extra)
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
-
- if (buffer && n > len)
- return GPG_ERR_TOO_SHORT;
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return GPG_ERR_TOO_SHORT;
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
if (!tmp)
return gpg_err_code_from_syserror ();
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (negative)
return GPG_ERR_INV_ARG;
- if (buffer && n+2 > len)
- return GPG_ERR_TOO_SHORT;
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return GPG_ERR_TOO_SHORT;
+
s[0] = nbits >> 8;
s[1] = nbits;
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra=1;
}
- if (buffer && n+4 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + negative + 1 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + negative + 1 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (negative)
*s++ = '-';
if (extra)

View File

@ -1,73 +0,0 @@
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
@@ -141,6 +141,34 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ int no_secmem_save;
+
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ /* force selftests */
+ global_init();
+ _gcry_fips_run_selftests (0);
+ if (!fips_mode())
+ _gcry_random_close_fds ();
+ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!_gcry_global_any_init_done)
+ if (fips_mode ())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}
diff --git a/tests/t-secmem.c b/tests/t-secmem.c
index 2b769134..1d33bbfd 100644
--- a/tests/t-secmem.c
+++ b/tests/t-secmem.c
@@ -54,7 +54,7 @@ test_secmem (void)
/* Allocating another 2k should fail for the default 16k pool. */
b = gcry_malloc_secure (chunk_size*4);
- if (b)
+ if (b && !gcry_fips_mode_active ())
fail ("allocation did not fail as expected\n");
for (i=0; i < DIM(a); i++)

View File

@ -1,37 +0,0 @@
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
}
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
+ if (!err && !spec->flags.fips && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 7a48e98a..48309b9a 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1104,6 +1104,13 @@ check_pbkdf2 (void)
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].c, tv[tvidx].dklen, outbuf);
+ if (gcry_fips_mode_active() && tvidx > 6)
+ {
+ if (!err)
+ fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
+ tvidx, gpg_strerror (err));
+ continue;
+ }
if (err)
fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))

View File

@ -1,64 +0,0 @@
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
+ else if (!domain->p || !domain->q)
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits < 2048)
return GPG_ERR_INV_VALUE;
/* The random quality depends on the transient_key flag. */
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */

View File

@ -1,77 +0,0 @@
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#if defined(__APPLE__) && defined(__MACH__)
#include <Availability.h>
#ifdef __MAC_10_11
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
/* If we have a modern operating system, we first try to use the new
* getentropy function. That call guarantees that the kernel's
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
any_need_entropy = 1;
}
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ _gcry_pre_syscall ();
+ rc = poll(&pfd, 1, delay);
+ _gcry_post_syscall ();
+ if (!rc)
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- _gcry_pre_syscall ();
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
- _gcry_post_syscall ();
- if (!rc)
- {
- any_need_entropy = 1;
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
- {
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
- we have ever blocked. */
- continue;
- }
+ any_need_entropy = 1;
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
+ we have ever blocked. */
+ continue;
}
do

View File

@ -1,139 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
@@ -35,10 +35,6 @@
#include "hmac256.h"
-/* The name of the file used to force libgcrypt into fips mode. */
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
-
-
/* The states of the finite state machine used in fips mode. */
enum module_states
{
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
- /* For testing the system it is useful to override the system
- provided detection of the FIPS mode and force FIPS mode using a
- file. The filename is hardwired so that there won't be any
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
- actually used. The file itself may be empty. */
- if ( !access (FIPS_FORCE_FILE, F_OK) )
- {
- gcry_assert (!_gcry_no_fips_mode_required);
- goto leave;
- }
-
- /* Checking based on /proc file properties. */
- {
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
- FILE *fp;
- int saved_errno;
-
- fp = fopen (procfname, "r");
- if (fp)
- {
- char line[256];
-
- if (fgets (line, sizeof line, fp) && atoi (line))
- {
- /* System is in fips mode. */
- fclose (fp);
- gcry_assert (!_gcry_no_fips_mode_required);
- goto leave;
- }
- fclose (fp);
- }
- else if ((saved_errno = errno) != ENOENT
- && saved_errno != EACCES
- && !access ("/proc/version", F_OK) )
- {
- /* Problem reading the fips file despite that we have the proc
- file system. We better stop right away. */
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
- procfname, strerror (saved_errno));
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
- "reading `%s' failed: %s - abort",
- procfname, strerror (saved_errno));
-#endif /*HAVE_SYSLOG*/
- abort ();
- }
- }
-
/* Fips not not requested, set flag. */
_gcry_no_fips_mode_required = 1;
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
/*-- fips.c --*/
+/* The name of the file used to force libgcrypt into fips mode. */
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
+
extern int _gcry_no_fips_mode_required;
void _gcry_initialize_fips_mode (int force);
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
+
+ /* For testing the system it is useful to override the system
+ provided detection of the FIPS mode and force FIPS mode using a
+ file. The filename is hardwired so that there won't be any
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
+ actually used. The file itself may be empty. */
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
+ {
+ rv = 0;
+ force_fips_mode = 1;
+ }
+
+ /* Checking based on /proc file properties. */
+ {
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
+ FILE *fp;
+ int saved_errno;
+
+ fp = fopen (procfname, "r");
+ if (fp)
+ {
+ char line[256];
+
+ if (fgets (line, sizeof line, fp) && atoi (line))
+ {
+ /* System is in fips mode. */
+ rv = 0;
+ force_fips_mode = 1;
+ }
+ fclose (fp);
+ }
+ else if ((saved_errno = errno) != ENOENT
+ && saved_errno != EACCES
+ && !access ("/proc/version", F_OK) )
+ {
+ /* Problem reading the fips file despite that we have the proc
+ file system. We better stop right away. */
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
+ procfname, strerror (saved_errno));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "reading `%s' failed: %s - abort",
+ procfname, strerror (saved_errno));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+ }
if (!rv)
{

View File

@ -1,277 +0,0 @@
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
/*-- random-csprng.c --*/
void _gcry_rngcsprng_initialize (int full);
+void _gcry_rngcsprng_deinit (void);
void _gcry_rngcsprng_close_fds (void);
void _gcry_rngcsprng_dump_stats (void);
void _gcry_rngcsprng_secure_alloc (void);
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
/*-- random-drbg.c --*/
void _gcry_rngdrbg_inititialize (int full);
+void _gcry_rngdrbg_deinit (void);
void _gcry_rngdrbg_close_fds (void);
void _gcry_rngdrbg_dump_stats (void);
int _gcry_rngdrbg_is_faked (void);
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
}
+/* Deinitialize this random subsystem. */
+void
+_gcry_random_deinit (void)
+{
+ if (fips_mode ())
+ _gcry_rngdrbg_deinit ();
+ else if (rng_types.standard)
+ _gcry_rngcsprng_deinit ();
+ else if (rng_types.fips)
+ _gcry_rngdrbg_deinit ();
+ else
+ _gcry_rngcsprng_deinit ();
+ /* not needed for system */
+}
+
+
/* If possible close file descriptors used by the RNG. */
void
_gcry_random_close_fds (void)
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
}
+void
+_gcry_rngcsprng_deinit (void)
+{
+ lock_pool();
+ pool_writepos = 0;
+ pool_readpos = 0;
+ pool_filled = 0;
+ pool_filled_counter = 0;
+ did_initial_extra_seeding = 0;
+ pool_balance = 0;
+ just_mixed = 0;
+ unlock_pool();
+}
+
+
/* Try to close the FDs of the random gather module. This is
currently only implemented for rndlinux. */
void
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
}
/*
+ * Deinitialize the DRBG invoked by the libgcrypt API
+ * It will be automatically re-initialized on next call
+ */
+void
+_gcry_rngdrbg_deinit (void)
+{
+ drbg_lock ();
+ if (drbg_state)
+ {
+ drbg_uninstantiate (drbg_state);
+ drbg_state = NULL;
+ }
+ drbg_unlock ();
+}
+
+/*
* Backend handler function for GCRYCTL_DRBG_REINIT
*
* Select a different DRBG type and initialize it.
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
void _gcry_set_preferred_rng_type (int type);
void _gcry_random_initialize (int full);
+void _gcry_random_deinit (void);
void _gcry_random_close_fds (void);
int _gcry_get_rng_type (int ignore_fips_mode);
void _gcry_random_dump_stats(void);
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
@@ -35,6 +35,7 @@
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
#ifdef HAVE_SYSCALL
# include <sys/syscall.h>
+# include <linux/random.h>
# ifdef __NR_getrandom
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
# endif
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
if (!add)
{
/* Special mode to close the descriptors. */
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
apid = getpid ();
if (my_pid != apid)
{
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
+ {
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ {
+ fd_urandom = -2;
+ fd_random = -2;
+ }
+ }
+#endif
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
{
if (fd_random == -1)
{
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* getentropy is not supported - fallback to pulling from fd. */
- else
+ if (1)
{ /* getentropy is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getentropy: %s\n",
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
-
+int _gcry_in_constructor (void);
#endif /* G10LIB_H */
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
@@ -145,10 +145,18 @@ global_init (void)
#define FIPS_MODULE_PATH "/etc/system-fips"
#endif
+static int in_constructor = 0;
+
+int _gcry_in_constructor(void)
+{
+ return in_constructor;
+}
+
void __attribute__ ((constructor)) _gcry_global_constructor (void)
{
int rv;
+ in_constructor = 1;
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
/* force selftests */
global_init();
_gcry_fips_run_selftests (0);
- if (!fips_mode())
- _gcry_random_close_fds ();
+ _gcry_random_close_fds ();
+ _gcry_random_deinit ();
no_secure_memory = no_secmem_save;
}
+
+ in_constructor = 0;
}
/* This function is called by the macro fips_is_operational and makes

View File

@ -1,34 +0,0 @@
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 27 Apr 2021 09:08:41 -0700
Subject: [PATCH] Always include <config.h> in cipher assembly codes
* cipher/poly1305-s390x.S: Always include <config.h>.
When Intel CET is enabled, we need to include <cet.h> in assembly codes
to mark Intel CET support even if it is empty. We should always include
<config.h> in cipher assembly codes so that they will be marked for
Intel CET support when compiling for x86-64 and i686.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
cipher/poly1305-s390x.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
index 844245f6..28bed560 100644
--- a/cipher/poly1305-s390x.S
+++ b/cipher/poly1305-s390x.S
@@ -18,8 +18,8 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#include <config.h>
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#if defined(HAVE_GCC_INLINE_ASM_S390X)
#include "asm-poly1305-s390x.h"
--
GitLab

View File

@ -1,77 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
@@ -581,23 +581,50 @@ run_random_selftests (void)
return !!err;
}
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -605,7 +632,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -614,7 +641,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;

File diff suppressed because it is too large Load Diff

View File

@ -1,46 +1,11 @@
Name: libgcrypt
Version: 1.9.4
Release: 2%{?dist}
Version: 1.10.0
Release: 1%{?dist}
URL: https://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
# cipher support. We have to remove it in the tarball we ship with
# the hobble-libgcrypt script.
# (We replace it with RH approved ECC in Source4-5)
# rm -rf libgcrypt-x.y.z # make sure there are no leftover files
# tar -xf libgcrypt-x.y.z.tar.bz2
# pushd libgcrypt-x.y.z && ../hobble-libgcrypt && popd
# tar -cvJf libgcrypt-x.y.z-hobbled.tar.xz libgcrypt-x.y.z
#Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2
#Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: wk@g10code.com
Source3: hobble-libgcrypt
# Approved ECC support
Source4: ecc-curves.c
Source5: curves.c
Source7: random.conf
Source8: keygrip.c
# make FIPS hmac compatible with fipscheck - non upstreamable
# update on soname bump
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
# modify FIPS RSA and DSA keygen to comply with requirements
Patch5: libgcrypt-1.8.4-fips-keygen.patch
# fix the tests to work correctly in the FIPS mode
Patch6: libgcrypt-1.9.3-fips-tests.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.8.4-use-poll.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.8.3-fips-ctor.patch
# Do not try to open /dev/urandom if getrandom() works
Patch24: libgcrypt-1.8.5-getrandom.patch
# Disable non-approved FIPS hashes in the enforced FIPS mode
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
# Missing Intel CET support in the library (#1954049)
Patch28: libgcrypt-1.8.5-intel-cet.patch
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
Patch30: libgcrypt-1.8.5-fips-module.patch
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
%global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20
@ -76,20 +41,7 @@ applications using libgcrypt.
%prep
%setup -q
%{SOURCE3}
%patch2 -p1 -b .use-fipscheck
%patch5 -p1 -b .fips-keygen
%patch6 -p1 -b .tests-fipsmode
%patch11 -p1 -b .use-poll
%patch13 -p1 -b .gccopt
%patch18 -p1 -b .fips-ctor
%patch24 -p1 -b .getrandom
%patch27 -p1 -b .fips-enforce
%patch28 -p1 -b .intel-cet
%patch30 -p1 -b .fips-module
cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE8} tests/
%patch1 -p1
%build
# This package has a configure test which uses ASMs, but does not link the
@ -101,29 +53,48 @@ cp %{SOURCE5} %{SOURCE8} tests/
# F34, so we use it here explicitly
%define _lto_cflags -flto=auto -ffat-lto-objects
grep "Red Hat" /etc/system-release && \
export FIPS_SWITCH="--with-fips-module-version=RHEL%{?rhel}-%{name}-%{version}-$(date +%Y%m%d)"
grep "Fedora" /etc/system-release && \
export FIPS_SWITCH="--with-fips-module-version=Fedora%{?fedora}-%{name}-%{version}-$(date +%Y%m%d)"
grep "CentOS" /etc/system-release && \
export FIPS_SWITCH="--with-fips-module-version=CentOS%{?centos}-%{name}-%{version}-$(date +%Y%m%d)"
# should be all algorithms except SM3 and SM4
export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
autoreconf -f
%configure --disable-static \
%ifarch sparc64
--disable-asm \
%endif
--enable-noexecstack \
--enable-hmac-binary-check \
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
--disable-O-flag-munging
--enable-hmac-binary-check=%{hmackey} \
--disable-brainpool \
--enable-digests="$DIGESTS" \
--enable-ciphers="$CIPHERS" \
$FIPS_SWITCH
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
%make_build
%check
src/hmac256 %{hmackey} src/.libs/%{gcrysoname} | cut -f1 -d ' ' >src/.libs/.%{gcrysoname}.hmac
make check
# try in faked FIPS mode too
LIBGCRYPT_FORCE_FIPS_MODE=1 make check
# Add generation of HMAC checksums of the final stripped binaries
%define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
src/hmac256 %{hmackey} $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname} | cut -f1 -d ' ' >$RPM_BUILD_ROOT%{gcrylibdir}/.%{gcrysoname}.hmac \
dd if=/dev/zero of=%{libpath}.hmac bs=32 count=1 \
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath} %{libpath}.empty \
src/hmac256 --binary %{hmackey} %{libpath}.empty > %{libpath}.hmac \
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath}.empty %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac %{libpath}.empty
%{nil}
%install
@ -168,16 +139,13 @@ popd
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
# that _someone_ owns it.
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%ldconfig_scriptlets
%files
%dir /etc/gcrypt
%config(noreplace) /etc/gcrypt/random.conf
%{gcrylibdir}/libgcrypt.so.*.*
%{gcrylibdir}/%{gcrysoname}
%{gcrylibdir}/.%{gcrysoname}.hmac
%license COPYING.LIB
%doc AUTHORS NEWS THANKS
@ -196,6 +164,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%license COPYING
%changelog
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
- New upstream release (#2049322)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

View File

@ -1,4 +0,0 @@
# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/
only-urandom
# Keep jitter entropy generator enabled (should do no harm)
#disable-jent

View File

@ -1 +1,2 @@
SHA512 (libgcrypt-1.9.4-hobbled.tar.xz) = 80b1b2159ec3c7795450037d76d81b737f2734f1cff72c8aa6ac8c1a5654ece4fce0aabfbed0cce99d123747831db135df0d040f67081052cb2363bf52f5d4e6
SHA512 (libgcrypt-1.10.0.tar.bz2) = 785c2e14272308956bb6adcea9567c4097edf103122e18cd3907fb42a110a48a5d59c0057f05a438acd7f221c70c7f7ff87e176bd6d7ed99d16e847f9d7be087
SHA512 (libgcrypt-1.10.0.tar.bz2.sig) = 75201612225b206faaae284297e92d1b25dcaf0665bcf1f4c5cc9a3a750a803063d0f7bd0af556dbe419f1276c953ce047554fd18a144a90085a42a7ec885168