From 474b273f7d3c94b799a3dfe09f2723ded6b18cd4 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 4 Feb 2011 10:04:08 +0100 Subject: [PATCH] - fix a bug in the fips-186-3 dsa parameter generation code --- libgcrypt-1.4.5-tests.patch | 25 +++++++++++++++---------- libgcrypt.spec | 5 ++++- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/libgcrypt-1.4.5-tests.patch b/libgcrypt-1.4.5-tests.patch index c71f3a8..d2f0256 100644 --- a/libgcrypt-1.4.5-tests.patch +++ b/libgcrypt-1.4.5-tests.patch @@ -1,6 +1,6 @@ diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c --- libgcrypt-1.4.5/cipher/dsa.c.tests 2009-08-21 10:18:30.000000000 +0200 -+++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-01 18:04:56.000000000 +0100 ++++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-04 09:06:02.000000000 +0100 @@ -468,21 +468,20 @@ generate_fips186 (DSA_secret_key *sk, un &initial_seed.seedlen); } @@ -34,7 +34,7 @@ diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c goto leave; diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen.c --- libgcrypt-1.4.5/cipher/primegen.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-01 18:00:53.000000000 +0100 ++++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-04 09:06:34.000000000 +0100 @@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned gpg_err_code_t ec; unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */ @@ -53,7 +53,7 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen if (ec) goto leave; mpi_set_highbit (prime_q, qbits-1 ); -@@ -1782,7 +1782,7 @@ _gcry_generate_fips186_3_prime (unsigned +@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned if (seed_plus[i]) break; } @@ -62,6 +62,11 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen gcry_mpi_release (tmpval); tmpval = NULL; ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, +- digest, sizeof digest, NULL)); ++ digest, qbits/8, NULL)); + if (ec) + goto leave; + if (value_j == value_n) @@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned } @@ -78,7 +83,7 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen *r_q = prime_q; diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c --- libgcrypt-1.4.5/cipher/rsa.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-01 18:40:26.000000000 +0100 ++++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-04 09:06:02.000000000 +0100 @@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig *swapped = 0; @@ -89,8 +94,8 @@ diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */ diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/random-fips.c ---- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-01 12:31:00.000000000 +0100 -+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-01 12:31:00.000000000 +0100 +--- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-04 09:06:02.000000000 +0100 ++++ libgcrypt-1.4.5/random/random-fips.c 2011-02-04 09:06:02.000000000 +0100 @@ -691,6 +691,7 @@ get_random (void *buffer, size_t length, check_guards (rng_ctx); @@ -120,7 +125,7 @@ diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/rando if (x931_aes_driver (buffer, length, rng_ctx)) diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c --- libgcrypt-1.4.5/tests/ac.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/tests/ac.c 2011-02-01 12:49:14.000000000 +0100 ++++ libgcrypt-1.4.5/tests/ac.c 2011-02-04 09:06:02.000000000 +0100 @@ -150,6 +150,9 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); @@ -133,7 +138,7 @@ diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c /* No valuable keys are create, so we can speed up our RNG. */ diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c --- libgcrypt-1.4.5/tests/ac-data.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-01 12:49:54.000000000 +0100 ++++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-04 09:06:02.000000000 +0100 @@ -198,6 +198,9 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); @@ -146,7 +151,7 @@ diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schemes.c --- libgcrypt-1.4.5/tests/ac-schemes.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-01 12:49:41.000000000 +0100 ++++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-04 09:06:02.000000000 +0100 @@ -338,6 +338,9 @@ main (int argc, char **argv) if (! gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); @@ -159,7 +164,7 @@ diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schem diff -up libgcrypt-1.4.5/tests/keygen.c.tests libgcrypt-1.4.5/tests/keygen.c --- libgcrypt-1.4.5/tests/keygen.c.tests 2009-04-02 11:25:34.000000000 +0200 -+++ libgcrypt-1.4.5/tests/keygen.c 2011-02-01 18:19:56.000000000 +0100 ++++ libgcrypt-1.4.5/tests/keygen.c 2011-02-04 09:06:02.000000000 +0100 @@ -148,12 +148,12 @@ check_rsa_keys (void) } diff --git a/libgcrypt.spec b/libgcrypt.spec index a6ca1f6..88332bf 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,6 +1,6 @@ Name: libgcrypt Version: 1.4.5 -Release: 5%{?dist} +Release: 6%{?dist} URL: http://www.gnupg.org/ Source0: libgcrypt-%{version}-hobbled.tar.bz2 # The original libgcrypt sources now contain potentially patented ECC @@ -165,6 +165,9 @@ exit 0 %doc COPYING %changelog +* Thu Feb 4 2011 Tomas Mraz 1.4.5-6 +- fix a bug in the fips-186-3 dsa parameter generation code + * Tue Feb 1 2011 Tomas Mraz 1.4.5-5 - use /dev/urandom for seeding in the FIPS mode - make the tests to pass in the FIPS mode also fixing