diff --git a/.gitignore b/.gitignore index 06917fd..583db52 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,22 @@ -SOURCES/libgcrypt-1.8.5-hobbled.tar.xz +libgcrypt-1.4.5-hobbled.tar.bz2 +/libgcrypt-1.4.6-hobbled.tar.bz2 +/libgcrypt-1.5.0-hobbled.tar.bz2 +/libgcrypt-1.5.1-hobbled.tar.xz +/libgcrypt-1.5.2-hobbled.tar.xz +/libgcrypt-1.5.3-hobbled.tar.xz +/libgcrypt-1.6.1-hobbled.tar.xz +/libgcrypt-1.6.2-hobbled.tar.xz +/libgcrypt-1.6.3-hobbled.tar.xz +/libgcrypt-1.6.4-hobbled.tar.xz +/libgcrypt-1.6.5-hobbled.tar.xz +/libgcrypt-1.6.6-hobbled.tar.xz +/libgcrypt-1.7.3-hobbled.tar.xz +/libgcrypt-1.7.5-hobbled.tar.xz +/libgcrypt-1.7.6-hobbled.tar.xz +/libgcrypt-1.7.7-hobbled.tar.xz +/libgcrypt-1.7.8-hobbled.tar.xz +/libgcrypt-1.8.0-hobbled.tar.xz +/libgcrypt-1.8.1-hobbled.tar.xz +/libgcrypt-1.8.2-hobbled.tar.xz +/libgcrypt-1.8.3-hobbled.tar.xz /libgcrypt-1.8.5-hobbled.tar.xz diff --git a/hobble-libgcrypt b/hobble-libgcrypt old mode 100755 new mode 100644 diff --git a/libgcrypt-1.9.3-CVE-2021-33560.patch b/libgcrypt-1.9.3-CVE-2021-33560.patch deleted file mode 100644 index 2161840..0000000 --- a/libgcrypt-1.9.3-CVE-2021-33560.patch +++ /dev/null @@ -1,100 +0,0 @@ -commit 3462280f2e23e16adf3ed5176e0f2413d8861320 -Author: NIIBE Yutaka -Date: Fri May 21 11:15:07 2021 +0900 - - cipher: Fix ElGamal encryption for other implementations. - - * cipher/elgamal.c (gen_k): Remove support of smaller K. - (do_encrypt): Never use smaller K. - (sign): Folllow the change of gen_k. - - -- - - Cherry-pick master commit of: - 632d80ef30e13de6926d503aa697f92b5dbfbc5e - - This change basically reverts encryption changes in two commits: - - 74386120dad6b3da62db37f7044267c8ef34689b - 78531373a342aeb847950f404343a05e36022065 - - Use of smaller K for ephemeral key in ElGamal encryption is only good, - when we can guarantee that recipient's key is generated by our - implementation (or compatible). - - For detail, please see: - - Luca De Feo, Bertram Poettering, Alessandro Sorniotti, - "On the (in)security of ElGamal in OpenPGP"; - in the proceedings of CCS'2021. - - CVE-id: CVE-2021-33560 - GnuPG-bug-id: 5328 - Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti - Signed-off-by: NIIBE Yutaka - -diff --git a/cipher/elgamal.c b/cipher/elgamal.c -index 9835122f..eead4502 100644 ---- a/cipher/elgamal.c -+++ b/cipher/elgamal.c -@@ -66,7 +66,7 @@ static const char *elg_names[] = - - - static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); --static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); -+static gcry_mpi_t gen_k (gcry_mpi_t p); - static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, - gcry_mpi_t **factors); - static int check_secret_key (ELG_secret_key *sk); -@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) - - /**************** - * Generate a random secret exponent k from prime p, so that k is -- * relatively prime to p-1. With SMALL_K set, k will be selected for -- * better encryption performance - this must never be used signing! -+ * relatively prime to p-1. - */ - static gcry_mpi_t --gen_k( gcry_mpi_t p, int small_k ) -+gen_k( gcry_mpi_t p ) - { - gcry_mpi_t k = mpi_alloc_secure( 0 ); - gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); -@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k ) - unsigned int nbits, nbytes; - char *rndbuf = NULL; - -- if (small_k) -- { -- /* Using a k much lesser than p is sufficient for encryption and -- * it greatly improves the encryption performance. We use -- * Wiener's table and add a large safety margin. */ -- nbits = wiener_map( orig_nbits ) * 3 / 2; -- if( nbits >= orig_nbits ) -- BUG(); -- } -- else -- nbits = orig_nbits; -- -+ nbits = orig_nbits; - - nbytes = (nbits+7)/8; - if( DBG_CIPHER ) -@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) - * error code. - */ - -- k = gen_k( pkey->p, 1 ); -+ k = gen_k( pkey->p ); - mpi_powm (a, pkey->g, k, pkey->p); - - /* b = (y^k * input) mod p -@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) - * - */ - mpi_sub_ui(p_1, p_1, 1); -- k = gen_k( skey->p, 0 /* no small K ! */ ); -+ k = gen_k( skey->p ); - mpi_powm( a, skey->g, k, skey->p ); - mpi_mul(t, skey->x, a ); - mpi_subm(t, input, t, p_1 ); diff --git a/tests/.fmf/version b/tests/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/tests/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/tests/fips-selftest/Makefile b/tests/fips-selftest/Makefile new file mode 100644 index 0000000..2d243a9 --- /dev/null +++ b/tests/fips-selftest/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libgcrypt/Sanity/fips-selftest +# Description: FIPS mode initialization sanity +# Author: Tomas Mraz +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libgcrypt/Sanity/fips-selftest +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE gcry-fips-random.c + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Tomas Mraz " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: FIPS mode initialization sanity" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libgcrypt" >> $(METADATA) + @echo "Requires: make gcc libgcrypt-devel grub2" >> $(METADATA) + @echo "RhtsRequires: library(distribution/fips)" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHELServer6 -RHELServer7" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/fips-selftest/PURPOSE b/tests/fips-selftest/PURPOSE new file mode 100644 index 0000000..b612b00 --- /dev/null +++ b/tests/fips-selftest/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/libgcrypt/Sanity/fips-selftest +Description: FIPS mode initialization sanity +Author: Tomas Mraz diff --git a/tests/fips-selftest/gcry-fips-random.c b/tests/fips-selftest/gcry-fips-random.c new file mode 100644 index 0000000..052155b --- /dev/null +++ b/tests/fips-selftest/gcry-fips-random.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include + +static char zerobuf[64]; + +int main(int argc, char *argv[]) +{ + char rndbuf[64]; + + gcry_check_version("1.4.0"); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + + printf("FIPS_MODE: %d\n", gcry_control(GCRYCTL_FIPS_MODE_P, 0) != 0); + printf("OPERATIONAL: %d\n", gcry_control(GCRYCTL_OPERATIONAL_P, 0) != 0); + + /* a little rng test to do something */ + memset(rndbuf, '\0', sizeof rndbuf); + gcry_randomize (rndbuf, sizeof rndbuf, GCRY_STRONG_RANDOM); + if (memcmp(rndbuf, zerobuf, sizeof rndbuf) == 0) { + printf("BAD RANDOMIZE!\n"); + return 1; + } + return 0; +} diff --git a/tests/fips-selftest/runtest.sh b/tests/fips-selftest/runtest.sh new file mode 100755 index 0000000..7c08d5a --- /dev/null +++ b/tests/fips-selftest/runtest.sh @@ -0,0 +1,129 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/gnutls/Sanity/fips-without-etc-system-fips +# Description: FIPS mode without /etc/system-fips +# Author: Alexander Sosedkin +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE='libgcrypt' + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 'Creating tmp directory' + rlRun "cp gcry-fips-random.c $TmpDir/" + rlRun "pushd $TmpDir" + rlRun 'rlImport distribution/fips' + rlRun 'make CFLAGS="-g -O2 -Wall" LDFLAGS=-lgcrypt gcry-fips-random' + rlFileBackup "/etc/system-fips" + rlPhaseEnd + + + if [ $fipsMode == 'enabled' ]; then + rlPhaseStartTest "Check operation with FIPS $fipsMode" + rlRun -s './gcry-fips-random' + rlAssertGrep "FIPS_MODE: 1" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (corrupted hmac)" + hmacfile="$(ls /usr/lib*/.libgcrypt.so.??.hmac)" + rlFileBackup --namespace hmacfile $hmacfile + rlRun "sed -i 's/0/1/;s/1/2/;s/2/3/' $hmacfile" + rlRun -s './gcry-fips-random' 1-255 + rlFileRestore --namespace hmacfile + rlPhaseEnd + + if (rlIsRHEL && ! rlIsRHEL '<8.3') || (rlIsFedora && ! rlIsFedora '<33') || rlCheckRpm libgcrypt 1.8.5; then + rlPhaseStartTest 'RHEL >=8.3 or Fedora >=33 try removing /etc/system-fips' + # The file might disappear later completely so no need to error out + rlRun "mv /etc/system-fips /etc/system-fips.disabled || :" + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (no system-fips)" + rlRun -s './gcry-fips-random' + rlAssertGrep "FIPS_MODE: 1" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (no system-fips corrupted hmac)" + hmacfile="$(ls /usr/lib*/.libgcrypt.so.??.hmac)" + rlFileBackup --namespace hmacfile $hmacfile + rlRun "sed -i 's/0/1/;s/1/2/;s/2/3/' $hmacfile" + rlRun -s './gcry-fips-random' 1-255 + rlFileRestore --namespace hmacfile + rlPhaseEnd + fi + + elif [[ $fipsMode == 'disabled' ]]; then + + rlPhaseStartTest "Check operation with FIPS $fipsMode" + rlRun -s './gcry-fips-random' + rlAssertGrep "FIPS_MODE: 0" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (corrupted hmac)" + hmacfile="$(ls /usr/lib*/.libgcrypt.so.??.hmac)" + rlFileBackup --namespace hmacfile $hmacfile + rlRun "sed -i 's/0/1/;s/1/2/;s/2/3/' $hmacfile" + rlRun -s './gcry-fips-random' 0 + rlAssertGrep "FIPS_MODE: 0" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlFileRestore --namespace hmacfile + rlPhaseEnd + + if (rlIsRHEL && ! rlIsRHEL '<8.3') || (rlIsFedora && ! rlIsFedora '<33') || rlCheckRpm libgcrypt 1.8.5; then + rlPhaseStartTest 'RHEL >=8.3 or Fedora >=33 try removing /etc/system-fips' + # The file might disappear later completely so no need to error out + rlRun "mv /etc/system-fips /etc/system-fips.disabled || :" + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (no system-fips)" + rlRun -s './gcry-fips-random' + rlAssertGrep "FIPS_MODE: 0" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Check operation with FIPS $fipsMode (no system-fips corrupted hmac)" + hmacfile="$(ls /usr/lib*/.libgcrypt.so.??.hmac)" + rlFileBackup --namespace hmacfile $hmacfile + rlRun "sed -i 's/0/1/;s/1/2/;s/2/3/' $hmacfile" + rlRun -s './gcry-fips-random' 0 + rlAssertGrep "FIPS_MODE: 0" $rlRun_LOG + rlAssertGrep "OPERATIONAL: 1" $rlRun_LOG + rlFileRestore --namespace hmacfile + rlPhaseEnd + fi + fi + + rlPhaseStartCleanup + rlFileRestore + rlRun 'popd' + rlRun "rm -r $TmpDir" 0 'Removing tmp directory' + rlPhaseEnd +rlJournalEnd diff --git a/tests/provision.fmf b/tests/provision.fmf new file mode 100644 index 0000000..62a6eba --- /dev/null +++ b/tests/provision.fmf @@ -0,0 +1,5 @@ +--- + +standard-inventory-qcow2: + qemu: + m: 2G diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..90818a6 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,12 @@ +- hosts: localhost + tags: + - classic + - container + roles: + - role: standard-test-beakerlib + tests: + - fips-selftest + required_packages: + - make + - gcc-c++ + - libgcrypt-devel