- fix a bug in the fips-186-3 dsa parameter generation code
This commit is contained in:
Tomas Mraz
parent
16991a5be4
commit
474b273f7d
@ -1,6 +1,6 @@
|
|||||||
diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
|
diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
|
||||||
--- libgcrypt-1.4.5/cipher/dsa.c.tests 2009-08-21 10:18:30.000000000 +0200
|
--- libgcrypt-1.4.5/cipher/dsa.c.tests 2009-08-21 10:18:30.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-01 18:04:56.000000000 +0100
|
+++ libgcrypt-1.4.5/cipher/dsa.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -468,21 +468,20 @@ generate_fips186 (DSA_secret_key *sk, un
|
@@ -468,21 +468,20 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||||
&initial_seed.seedlen);
|
&initial_seed.seedlen);
|
||||||
}
|
}
|
||||||
@ -34,7 +34,7 @@ diff -up libgcrypt-1.4.5/cipher/dsa.c.tests libgcrypt-1.4.5/cipher/dsa.c
|
|||||||
goto leave;
|
goto leave;
|
||||||
diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen.c
|
diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen.c
|
||||||
--- libgcrypt-1.4.5/cipher/primegen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/cipher/primegen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-01 18:00:53.000000000 +0100
|
+++ libgcrypt-1.4.5/cipher/primegen.c 2011-02-04 09:06:34.000000000 +0100
|
||||||
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
gpg_err_code_t ec;
|
gpg_err_code_t ec;
|
||||||
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
||||||
@ -53,7 +53,7 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen
|
|||||||
if (ec)
|
if (ec)
|
||||||
goto leave;
|
goto leave;
|
||||||
mpi_set_highbit (prime_q, qbits-1 );
|
mpi_set_highbit (prime_q, qbits-1 );
|
||||||
@@ -1782,7 +1782,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
if (seed_plus[i])
|
if (seed_plus[i])
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -62,6 +62,11 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen
|
|||||||
|
|
||||||
gcry_mpi_release (tmpval); tmpval = NULL;
|
gcry_mpi_release (tmpval); tmpval = NULL;
|
||||||
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
||||||
|
- digest, sizeof digest, NULL));
|
||||||
|
+ digest, qbits/8, NULL));
|
||||||
|
if (ec)
|
||||||
|
goto leave;
|
||||||
|
if (value_j == value_n)
|
||||||
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,7 +83,7 @@ diff -up libgcrypt-1.4.5/cipher/primegen.c.tests libgcrypt-1.4.5/cipher/primegen
|
|||||||
*r_q = prime_q;
|
*r_q = prime_q;
|
||||||
diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
|
diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
|
||||||
--- libgcrypt-1.4.5/cipher/rsa.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/cipher/rsa.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-01 18:40:26.000000000 +0100
|
+++ libgcrypt-1.4.5/cipher/rsa.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
*swapped = 0;
|
*swapped = 0;
|
||||||
@ -89,8 +94,8 @@ diff -up libgcrypt-1.4.5/cipher/rsa.c.tests libgcrypt-1.4.5/cipher/rsa.c
|
|||||||
|
|
||||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||||
diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/random-fips.c
|
diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/random-fips.c
|
||||||
--- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-01 12:31:00.000000000 +0100
|
--- libgcrypt-1.4.5/random/random-fips.c.tests 2011-02-04 09:06:02.000000000 +0100
|
||||||
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-01 12:31:00.000000000 +0100
|
+++ libgcrypt-1.4.5/random/random-fips.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
|
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
|
||||||
|
|
||||||
check_guards (rng_ctx);
|
check_guards (rng_ctx);
|
||||||
@ -120,7 +125,7 @@ diff -up libgcrypt-1.4.5/random/random-fips.c.tests libgcrypt-1.4.5/random/rando
|
|||||||
if (x931_aes_driver (buffer, length, rng_ctx))
|
if (x931_aes_driver (buffer, length, rng_ctx))
|
||||||
diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
|
diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
|
||||||
--- libgcrypt-1.4.5/tests/ac.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/tests/ac.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/tests/ac.c 2011-02-01 12:49:14.000000000 +0100
|
+++ libgcrypt-1.4.5/tests/ac.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -150,6 +150,9 @@ main (int argc, char **argv)
|
@@ -150,6 +150,9 @@ main (int argc, char **argv)
|
||||||
if (!gcry_check_version (GCRYPT_VERSION))
|
if (!gcry_check_version (GCRYPT_VERSION))
|
||||||
die ("version mismatch\n");
|
die ("version mismatch\n");
|
||||||
@ -133,7 +138,7 @@ diff -up libgcrypt-1.4.5/tests/ac.c.tests libgcrypt-1.4.5/tests/ac.c
|
|||||||
/* No valuable keys are create, so we can speed up our RNG. */
|
/* No valuable keys are create, so we can speed up our RNG. */
|
||||||
diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
|
diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
|
||||||
--- libgcrypt-1.4.5/tests/ac-data.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/tests/ac-data.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-01 12:49:54.000000000 +0100
|
+++ libgcrypt-1.4.5/tests/ac-data.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -198,6 +198,9 @@ main (int argc, char **argv)
|
@@ -198,6 +198,9 @@ main (int argc, char **argv)
|
||||||
if (!gcry_check_version (GCRYPT_VERSION))
|
if (!gcry_check_version (GCRYPT_VERSION))
|
||||||
die ("version mismatch\n");
|
die ("version mismatch\n");
|
||||||
@ -146,7 +151,7 @@ diff -up libgcrypt-1.4.5/tests/ac-data.c.tests libgcrypt-1.4.5/tests/ac-data.c
|
|||||||
|
|
||||||
diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schemes.c
|
diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schemes.c
|
||||||
--- libgcrypt-1.4.5/tests/ac-schemes.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/tests/ac-schemes.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-01 12:49:41.000000000 +0100
|
+++ libgcrypt-1.4.5/tests/ac-schemes.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -338,6 +338,9 @@ main (int argc, char **argv)
|
@@ -338,6 +338,9 @@ main (int argc, char **argv)
|
||||||
if (! gcry_check_version (GCRYPT_VERSION))
|
if (! gcry_check_version (GCRYPT_VERSION))
|
||||||
die ("version mismatch\n");
|
die ("version mismatch\n");
|
||||||
@ -159,7 +164,7 @@ diff -up libgcrypt-1.4.5/tests/ac-schemes.c.tests libgcrypt-1.4.5/tests/ac-schem
|
|||||||
|
|
||||||
diff -up libgcrypt-1.4.5/tests/keygen.c.tests libgcrypt-1.4.5/tests/keygen.c
|
diff -up libgcrypt-1.4.5/tests/keygen.c.tests libgcrypt-1.4.5/tests/keygen.c
|
||||||
--- libgcrypt-1.4.5/tests/keygen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
--- libgcrypt-1.4.5/tests/keygen.c.tests 2009-04-02 11:25:34.000000000 +0200
|
||||||
+++ libgcrypt-1.4.5/tests/keygen.c 2011-02-01 18:19:56.000000000 +0100
|
+++ libgcrypt-1.4.5/tests/keygen.c 2011-02-04 09:06:02.000000000 +0100
|
||||||
@@ -148,12 +148,12 @@ check_rsa_keys (void)
|
@@ -148,12 +148,12 @@ check_rsa_keys (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.4.5
|
Version: 1.4.5
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
URL: http://www.gnupg.org/
|
URL: http://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.bz2
|
Source0: libgcrypt-%{version}-hobbled.tar.bz2
|
||||||
# The original libgcrypt sources now contain potentially patented ECC
|
# The original libgcrypt sources now contain potentially patented ECC
|
||||||
@ -165,6 +165,9 @@ exit 0
|
|||||||
%doc COPYING
|
%doc COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
|
||||||
|
- fix a bug in the fips-186-3 dsa parameter generation code
|
||||||
|
|
||||||
* Tue Feb 1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
|
* Tue Feb 1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
|
||||||
- use /dev/urandom for seeding in the FIPS mode
|
- use /dev/urandom for seeding in the FIPS mode
|
||||||
- make the tests to pass in the FIPS mode also fixing
|
- make the tests to pass in the FIPS mode also fixing
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user