import libgcrypt-1.10.0-2.el9
This commit is contained in:
parent
e4c1129733
commit
6c9c7c3e05
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libgcrypt-1.9.3-hobbled.tar.xz
|
||||
SOURCES/libgcrypt-1.10.0.tar.bz2
|
||||
|
@ -1 +1 @@
|
||||
76e27b73d816c2b9c86990536a34f813a5689193 SOURCES/libgcrypt-1.9.3-hobbled.tar.xz
|
||||
363feb8187f6c59b6b10721af6a94558db8ec3af SOURCES/libgcrypt-1.10.0.tar.bz2
|
||||
|
140
SOURCES/curves.c
140
SOURCES/curves.c
@ -1,140 +0,0 @@
|
||||
/* curves.c - ECC curves regression tests
|
||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of Libgcrypt.
|
||||
*
|
||||
* Libgcrypt is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation; either version 2.1 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* Libgcrypt is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "../src/gcrypt-int.h"
|
||||
|
||||
|
||||
#define PGM "curves"
|
||||
#include "t-common.h"
|
||||
|
||||
/* Number of curves defined in ../cipger/ecc-curves.c */
|
||||
#define N_CURVES 19
|
||||
|
||||
/* A real world sample public key. */
|
||||
static char const sample_key_1[] =
|
||||
"(public-key\n"
|
||||
" (ecdsa\n"
|
||||
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)\n"
|
||||
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)\n"
|
||||
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)\n"
|
||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
|
||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
|
||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
|
||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
|
||||
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
|
||||
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
|
||||
" ))";
|
||||
static char const sample_key_1_curve[] = "NIST P-256";
|
||||
static unsigned int sample_key_1_nbits = 256;
|
||||
|
||||
static void
|
||||
list_curves (void)
|
||||
{
|
||||
int idx;
|
||||
const char *name;
|
||||
unsigned int nbits;
|
||||
|
||||
for (idx=0; (name = gcry_pk_get_curve (NULL, idx, &nbits)); idx++)
|
||||
{
|
||||
if (verbose)
|
||||
printf ("%s - %u bits\n", name, nbits);
|
||||
}
|
||||
if (idx != N_CURVES)
|
||||
fail ("expected %d curves but got %d\n", N_CURVES, idx);
|
||||
if (gcry_pk_get_curve (NULL, -1, NULL))
|
||||
fail ("curve iteration failed\n");
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
check_matching (void)
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t key;
|
||||
const char *name;
|
||||
unsigned int nbits;
|
||||
|
||||
err = gcry_sexp_new (&key, sample_key_1, 0, 1);
|
||||
if (err)
|
||||
die ("parsing s-expression string failed: %s\n", gpg_strerror (err));
|
||||
name = gcry_pk_get_curve (key, 0, &nbits);
|
||||
if (!name)
|
||||
fail ("curve name not found for sample_key_1\n");
|
||||
else if (strcmp (name, sample_key_1_curve))
|
||||
fail ("expected curve name %s but got %s for sample_key_1\n",
|
||||
sample_key_1_curve, name);
|
||||
else if (nbits != sample_key_1_nbits)
|
||||
fail ("expected curve size %u but got %u for sample_key_1\n",
|
||||
sample_key_1_nbits, nbits);
|
||||
|
||||
gcry_sexp_release (key);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
check_get_params (void)
|
||||
{
|
||||
gcry_sexp_t param;
|
||||
const char *name;
|
||||
|
||||
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_1_curve);
|
||||
if (!param)
|
||||
fail ("error gerring parameters for `%s'\n", sample_key_1_curve);
|
||||
|
||||
name = gcry_pk_get_curve (param, 0, NULL);
|
||||
if (!name)
|
||||
fail ("get_param: curve name not found for sample_key_1\n");
|
||||
else if (strcmp (name, sample_key_1_curve))
|
||||
fail ("get_param: expected curve name %s but got %s for sample_key_1\n",
|
||||
sample_key_1_curve, name);
|
||||
|
||||
gcry_sexp_release (param);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
if (argc > 1 && !strcmp (argv[1], "--verbose"))
|
||||
verbose = 1;
|
||||
else if (argc > 1 && !strcmp (argv[1], "--debug"))
|
||||
verbose = debug = 1;
|
||||
|
||||
if (!gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
|
||||
xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
if (debug)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
|
||||
list_curves ();
|
||||
check_matching ();
|
||||
check_get_params ();
|
||||
|
||||
return error_count ? 1 : 0;
|
||||
}
|
1467
SOURCES/ecc-curves.c
1467
SOURCES/ecc-curves.c
File diff suppressed because it is too large
Load Diff
@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Quit out if anything fails.
|
||||
set -e -x
|
||||
|
||||
# Clean out patent-or-otherwise-encumbered code.
|
||||
# EC: ????????? ??/??/2015
|
||||
|
||||
rm -f cipher/ecc-curves.c
|
||||
rm -f tests/curves.c
|
||||
rm -f tests/t-mpi-point.c
|
||||
rm -f tests/keygrip.c
|
@ -1,341 +0,0 @@
|
||||
/* keygrip.c - verifies that keygrips are calculated as expected
|
||||
* Copyright (C) 2005 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of Libgcrypt.
|
||||
*
|
||||
* Libgcrypt is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation; either version 2.1 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* Libgcrypt is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <assert.h>
|
||||
|
||||
#define PGM "keygrip"
|
||||
#include "t-common.h"
|
||||
|
||||
static int repetitions;
|
||||
|
||||
|
||||
|
||||
static void
|
||||
print_hex (const char *text, const void *buf, size_t n)
|
||||
{
|
||||
const unsigned char *p = buf;
|
||||
|
||||
fputs (text, stdout);
|
||||
for (; n; n--, p++)
|
||||
printf ("%02X", *p);
|
||||
putchar ('\n');
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
static struct
|
||||
{
|
||||
int algo;
|
||||
const char *key;
|
||||
const unsigned char grip[20];
|
||||
} key_grips[] =
|
||||
{
|
||||
{
|
||||
GCRY_PK_RSA,
|
||||
"(private-key"
|
||||
" (rsa"
|
||||
" (n #00B6B509596A9ECABC939212F891E656A626BA07DA8521A9CAD4C08E640C04052FBB87F424EF1A0275A48A9299AC9DB69ABE3D0124E6C756B1F7DFB9B842D6251AEA6EE85390495CADA73D671537FCE5850A932F32BAB60AB1AC1F852C1F83C625E7A7D70CDA9EF16D5C8E47739D77DF59261ABE8454807FF441E143FBD37F8545#)"
|
||||
" (e #010001#)"
|
||||
" (d #077AD3DE284245F4806A1B82B79E616FBDE821C82D691A65665E57B5FAD3F34E67F401E7BD2E28699E89D9C496CF821945AE83AC7A1231176A196BA6027E77D85789055D50404A7A2A95B1512F91F190BBAEF730ED550D227D512F89C0CDB31AC06FA9A19503DDF6B66D0B42B9691BFD6140EC1720FFC48AE00C34796DC899E5#)"
|
||||
" (p #00D586C78E5F1B4BF2E7CD7A04CA091911706F19788B93E44EE20AAF462E8363E98A72253ED845CCBF2481BB351E8557C85BCFFF0DABDBFF8E26A79A0938096F27#)"
|
||||
" (q #00DB0CDF60F26F2A296C88D6BF9F8E5BE45C0DDD713C96CC73EBCB48B061740943F21D2A93D6E42A7211E7F02A95DCED6C390A67AD21ECF739AE8A0CA46FF2EBB3#)"
|
||||
" (u #33149195F16912DB20A48D020DBC3B9E3881B39D722BF79378F6340F43148A6E9FC5F53E2853B7387BA4443BA53A52FCA8173DE6E85B42F9783D4A7817D0680B#)))",
|
||||
"\x32\xCF\xFA\x85\xB1\x79\x1F\xBB\x26\x14\xE9\x1A\xFD\xF3\xAF\xE3\x32\x08\x2E\x25"
|
||||
},
|
||||
{
|
||||
GCRY_PK_DSA,
|
||||
" (public-key"
|
||||
" (dsa"
|
||||
" (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)"
|
||||
" (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)"
|
||||
" (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)"
|
||||
" (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)))",
|
||||
"\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10"
|
||||
|
||||
},
|
||||
{
|
||||
GCRY_PK_DSA,
|
||||
"(private-key"
|
||||
" (dsa"
|
||||
" (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)"
|
||||
" (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)"
|
||||
" (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)"
|
||||
" (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)"
|
||||
" (x #0087F9E91BFBCC1163DE71ED86D557708E32F8ADDE#)))",
|
||||
"\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10"
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECDSA,
|
||||
"(public-key"
|
||||
" (ecdsa(flags param)"
|
||||
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
|
||||
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)"
|
||||
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
|
||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
|
||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
|
||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECDSA,
|
||||
"(public-key"
|
||||
" (ecdsa(flags param)"
|
||||
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
|
||||
" (curve \"NIST P-256\")"
|
||||
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
|
||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
|
||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
|
||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECDSA,
|
||||
"(public-key"
|
||||
" (ecdsa"
|
||||
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)"
|
||||
" (curve \"NIST P-256\")"
|
||||
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)"
|
||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)"
|
||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
|
||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECDSA,
|
||||
"(public-key"
|
||||
" (ecdsa"
|
||||
" (curve secp256r1)"
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve secp256r1)"
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
{ /* Ed25519 standard */
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve Ed25519)"
|
||||
" (q #04"
|
||||
" 1CC662926E7EFF4982B7FB8B928E61CD74CCDD85277CC57196C3AD20B611085F"
|
||||
" 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)"
|
||||
" ))",
|
||||
"\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8"
|
||||
"\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1"
|
||||
},
|
||||
{ /* Ed25519+EdDSA */
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve Ed25519)(flags eddsa)"
|
||||
" (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
},
|
||||
{ /* Ed25519+EdDSA (with compression prefix) */
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve Ed25519)(flags eddsa)"
|
||||
" (q #40"
|
||||
" 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
},
|
||||
{ /* Ed25519+EdDSA (same but uncompressed)*/
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve Ed25519)(flags eddsa)"
|
||||
" (q #04"
|
||||
" 629ad237d1ed04dcd4abe1711dd699a1cf51b1584c4de7a4ef8b8a640180b26f"
|
||||
" 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
"\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
},
|
||||
{ /* Cv25519 */
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
" (ecc"
|
||||
" (curve Curve25519)(flags djb-tweak)"
|
||||
" (q #40"
|
||||
" 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)"
|
||||
" ))",
|
||||
"\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39"
|
||||
"\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C"
|
||||
},
|
||||
{ /* Random key */
|
||||
GCRY_PK_RSA,
|
||||
"(shadowed-private-key"
|
||||
" (rsa"
|
||||
" (n #00B493C79928398DA9D99AC0E949FE6EB62F683CB974FFFBFBC01066F5C9A89B"
|
||||
" D3DC48EAD7C65F36EA943C2B2C865C26C4884FF9EDFDA8C99C855B737D77EEF6"
|
||||
" B85DBC0CCEC0E900C1F89A6893A2A93E8B31028469B6927CEB2F08687E547C68"
|
||||
" 6B0A2F7E50A194FF7AB7637E03DE0912EF7F6E5F1EC37625BD1620CCC2E7A564"
|
||||
" 31E168CDAFBD1D9E61AE47A69A6FA03EF22F844528A710B2392F262B95A3078C"
|
||||
" F321DC8325F92A5691EF69F34FD0DE0B22C79D29DC87723FCADE463829E8E5F7"
|
||||
" D196D73D6C9C180F6A6A0DDBF7B9D8F7FA293C36163B12199EF6A1A95CAE4051"
|
||||
" E3069C522CC6C4A7110F663A5DAD20F66C13A1674D050088208FAE4F33B3AB51"
|
||||
" 03#)"
|
||||
" (e #00010001#)"
|
||||
" (shadowed t1-v1"
|
||||
" (#D2760001240102000005000123350000# OPENPGP.1)"
|
||||
")))",
|
||||
"\xE5\x6E\xE6\xEE\x5A\x2F\xDC\x3E\x98\x9D"
|
||||
"\xFE\x49\xDA\xF5\x67\x43\xE3\x27\x28\x33"
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
static void
|
||||
check (void)
|
||||
{
|
||||
unsigned char buf[20];
|
||||
unsigned char *ret;
|
||||
gcry_error_t err;
|
||||
gcry_sexp_t sexp;
|
||||
unsigned int i;
|
||||
int repn;
|
||||
|
||||
for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++)
|
||||
{
|
||||
if (gcry_pk_test_algo (key_grips[i].algo))
|
||||
{
|
||||
if (verbose)
|
||||
fprintf (stderr, "algo %d not available; test skipped\n",
|
||||
key_grips[i].algo);
|
||||
continue;
|
||||
}
|
||||
err = gcry_sexp_sscan (&sexp, NULL, key_grips[i].key,
|
||||
strlen (key_grips[i].key));
|
||||
if (err)
|
||||
die ("scanning data %d failed: %s\n", i, gpg_strerror (err));
|
||||
|
||||
if (debug)
|
||||
info ("check(%d): s-exp='%s'\n", i, key_grips[i].key);
|
||||
|
||||
for (repn=0; repn < repetitions; repn++)
|
||||
{
|
||||
ret = gcry_pk_get_keygrip (sexp, buf);
|
||||
if (!ret)
|
||||
die ("gcry_pk_get_keygrip failed for %d\n", i);
|
||||
|
||||
if ( memcmp (key_grips[i].grip, buf, sizeof (buf)) )
|
||||
{
|
||||
print_hex ("keygrip: ", buf, sizeof buf);
|
||||
die ("keygrip for %d does not match\n", i);
|
||||
}
|
||||
else if (debug && !repn)
|
||||
print_hex ("keygrip: ", buf, sizeof buf);
|
||||
}
|
||||
|
||||
gcry_sexp_release (sexp);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
static void
|
||||
progress_handler (void *cb_data, const char *what, int printchar,
|
||||
int current, int total)
|
||||
{
|
||||
(void)cb_data;
|
||||
(void)what;
|
||||
(void)current;
|
||||
(void)total;
|
||||
|
||||
putchar (printchar);
|
||||
}
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
int last_argc = -1;
|
||||
|
||||
if (argc)
|
||||
{ argc--; argv++; }
|
||||
|
||||
while (argc && last_argc != argc )
|
||||
{
|
||||
last_argc = argc;
|
||||
if (!strcmp (*argv, "--"))
|
||||
{
|
||||
argc--; argv++;
|
||||
break;
|
||||
}
|
||||
else if (!strcmp (*argv, "--verbose"))
|
||||
{
|
||||
verbose = 1;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strcmp (*argv, "--debug"))
|
||||
{
|
||||
verbose = 1;
|
||||
debug = 1;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strcmp (*argv, "--repetitions"))
|
||||
{
|
||||
argc--; argv++;
|
||||
if (argc)
|
||||
{
|
||||
repetitions = atoi(*argv);
|
||||
argc--; argv++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (repetitions < 1)
|
||||
repetitions = 1;
|
||||
|
||||
if (!gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
|
||||
gcry_set_progress_handler (progress_handler, NULL);
|
||||
|
||||
xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
if (debug)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
|
||||
|
||||
check ();
|
||||
|
||||
return 0;
|
||||
}
|
239
SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
Normal file
239
SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
Normal file
@ -0,0 +1,239 @@
|
||||
From d651e25be0bc0c11f4d3d7c72be8cfbbe82b3874 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 10 Sep 2021 18:39:00 +0200
|
||||
Subject: [PATCH] Allow building libgcrypt without Brainpool curves
|
||||
|
||||
* README: Document possibility to build without brainpool curves
|
||||
* cipher/ecc-curves.c: Conditionalize brainpool curves definitions
|
||||
* configure.ac: Implement possibility to build without brainpool curves
|
||||
* tests/curves.c: Skip brainpool curves if they are not built-in
|
||||
* tests/keygrip.c: Skip brainpool curves if they are not built-in
|
||||
|
||||
--
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
README | 3 +++
|
||||
cipher/ecc-curves.c | 4 ++++
|
||||
configure.ac | 13 +++++++++++++
|
||||
tests/curves.c | 46 ++++++++++++++++++++++++++++++---------------
|
||||
tests/keygrip.c | 2 ++
|
||||
5 files changed, 53 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/README b/README
|
||||
index 436b6cd4..1044109c 100644
|
||||
--- a/README
|
||||
+++ b/README
|
||||
@@ -127,6 +127,9 @@
|
||||
the list used with the current build the program
|
||||
tests/version may be used.
|
||||
|
||||
+ --disable-brainpool
|
||||
+ Do not build in support for Brainpool curves.
|
||||
+
|
||||
--disable-endian-check
|
||||
Don't let configure test for the endianness but
|
||||
try to use the OS provided macros at compile
|
||||
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
|
||||
index 7c86e12c..8fd95a9c 100644
|
||||
--- a/cipher/ecc-curves.c
|
||||
+++ b/cipher/ecc-curves.c
|
||||
@@ -77,6 +77,7 @@ static const struct
|
||||
{ "NIST P-521", "1.3.132.0.35" },
|
||||
{ "NIST P-521", "nistp521" }, /* rfc5656. */
|
||||
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
{ "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
|
||||
{ "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
|
||||
{ "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
|
||||
@@ -84,6 +85,7 @@ static const struct
|
||||
{ "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
|
||||
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
|
||||
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
|
||||
{ "GOST2001-test", "1.2.643.2.2.35.0" },
|
||||
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
|
||||
@@ -297,6 +299,7 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
1
|
||||
},
|
||||
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
{ "brainpoolP160r1", 160, 0,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
"0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
|
||||
@@ -391,6 +394,7 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
|
||||
1
|
||||
},
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
{
|
||||
"GOST2001-test", 256, 0,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 6efbf139..f4ac1887 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -614,6 +614,14 @@ AC_ARG_WITH(fips-module-version,
|
||||
AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
|
||||
[Define FIPS module version for certification])
|
||||
|
||||
+# Implementation of the --disable-brainpool switch.
|
||||
+AC_MSG_CHECKING([whether we want to disable the use of brainpool curves])
|
||||
+AC_ARG_ENABLE(brainpool,
|
||||
+ AS_HELP_STRING([--disable-brainpool],
|
||||
+ [Disable the brainpool curves]),
|
||||
+ use_brainpool="$enableval",use_brainpool=yes)
|
||||
+AC_MSG_RESULT($use_brainpool)
|
||||
+
|
||||
# Implementation of the --disable-jent-support switch.
|
||||
AC_MSG_CHECKING([whether jitter entropy support is requested])
|
||||
AC_ARG_ENABLE(jent-support,
|
||||
@@ -2466,6 +2474,10 @@ if test x"$ppccryptosupport" = xyes ; then
|
||||
AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1,
|
||||
[Enable support for POWER 8 (PowerISA 2.07) crypto extension.])
|
||||
fi
|
||||
+if test x"$use_brainpool" = xyes ; then
|
||||
+ AC_DEFINE(ENABLE_BRAINPOOL, 1,
|
||||
+ [Enable support for the brainpool curves.])
|
||||
+fi
|
||||
if test x"$jentsupport" = xyes ; then
|
||||
AC_DEFINE(ENABLE_JENT_SUPPORT, 1,
|
||||
[Enable support for the jitter entropy collector.])
|
||||
@@ -3296,6 +3308,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests])
|
||||
GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs])
|
||||
GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers])
|
||||
GCRY_MSG_SHOW([Random number generator: ],[$random])
|
||||
+GCRY_MSG_SHOW([Enabled Brainpool curves: ],[$use_brainpool])
|
||||
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
|
||||
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
|
||||
GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
|
||||
diff --git a/tests/curves.c b/tests/curves.c
|
||||
index 3c738171..8eb79565 100644
|
||||
--- a/tests/curves.c
|
||||
+++ b/tests/curves.c
|
||||
@@ -33,7 +33,11 @@
|
||||
#include "t-common.h"
|
||||
|
||||
/* Number of curves defined in ../cipher/ecc-curves.c */
|
||||
-#define N_CURVES 27
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
+# define N_CURVES 27
|
||||
+#else
|
||||
+# define N_CURVES 20
|
||||
+#endif
|
||||
|
||||
/* A real world sample public key. */
|
||||
static char const sample_key_1[] =
|
||||
@@ -52,6 +56,7 @@ static char const sample_key_1[] =
|
||||
static char const sample_key_1_curve[] = "NIST P-256";
|
||||
static unsigned int sample_key_1_nbits = 256;
|
||||
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
/* A made up sample public key. */
|
||||
static char const sample_key_2[] =
|
||||
"(public-key\n"
|
||||
@@ -68,6 +73,7 @@ static char const sample_key_2[] =
|
||||
" ))";
|
||||
static char const sample_key_2_curve[] = "brainpoolP160r1";
|
||||
static unsigned int sample_key_2_nbits = 160;
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
|
||||
static int in_fips_mode;
|
||||
|
||||
@@ -113,6 +119,7 @@ check_matching (void)
|
||||
|
||||
gcry_sexp_release (key);
|
||||
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
if (!in_fips_mode)
|
||||
{
|
||||
err = gcry_sexp_new (&key, sample_key_2, 0, 1);
|
||||
@@ -130,6 +137,7 @@ check_matching (void)
|
||||
|
||||
gcry_sexp_release (key);
|
||||
}
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
}
|
||||
|
||||
#define TEST_ERROR_EXPECTED (1 << 0)
|
||||
@@ -185,20 +193,26 @@ check_get_params (void)
|
||||
{ GCRY_PK_ECC, "1.3.132.0.35" },
|
||||
{ GCRY_PK_ECC, "nistp521" },
|
||||
|
||||
- { GCRY_PK_ECC, "brainpoolP160r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP192r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP224r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP256r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP320r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP384r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "brainpoolP512r1", TEST_NOFIPS },
|
||||
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", TEST_NOFIPS },
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
+# define BRAINPOOL_FLAGS TEST_NOFIPS
|
||||
+#else
|
||||
+# define BRAINPOOL_FLAGS TEST_ERROR_EXPECTED
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
+ { GCRY_PK_ECC, "brainpoolP160r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP192r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP224r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP256r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP320r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP384r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "brainpoolP512r1", BRAINPOOL_FLAGS },
|
||||
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", BRAINPOOL_FLAGS },
|
||||
+#undef BRAINPOOL_ERROR_EXPECTED
|
||||
|
||||
{ GCRY_PK_ECC, "GOST2001-test", TEST_NOFIPS },
|
||||
{ GCRY_PK_ECC, "1.2.643.2.2.35.0", TEST_NOFIPS },
|
||||
@@ -282,6 +296,7 @@ check_get_params (void)
|
||||
|
||||
gcry_sexp_release (param);
|
||||
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
if (!in_fips_mode)
|
||||
{
|
||||
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
|
||||
@@ -297,6 +312,7 @@ check_get_params (void)
|
||||
|
||||
gcry_sexp_release (param);
|
||||
}
|
||||
+#endif /* ENABLE_BRAINPOOL */
|
||||
|
||||
/* Some simple tests */
|
||||
for (idx=0; idx < DIM (tv); idx++)
|
||||
diff --git a/tests/keygrip.c b/tests/keygrip.c
|
||||
index 49bd71bc..fc4c17be 100644
|
||||
--- a/tests/keygrip.c
|
||||
+++ b/tests/keygrip.c
|
||||
@@ -149,6 +149,7 @@ static struct
|
||||
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||
},
|
||||
+#ifdef ENABLE_BRAINPOOL
|
||||
{
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
@@ -197,6 +198,7 @@ static struct
|
||||
"\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
|
||||
1
|
||||
},
|
||||
+#endif /*ENABLE_BRAINPOOL */
|
||||
{ /* Ed25519 standard */
|
||||
GCRY_PK_ECC,
|
||||
"(public-key"
|
||||
--
|
||||
2.34.1
|
||||
|
BIN
SOURCES/libgcrypt-1.10.0.tar.bz2.sig
Normal file
BIN
SOURCES/libgcrypt-1.10.0.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,104 +0,0 @@
|
||||
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
|
||||
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
|
||||
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
|
||||
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||
extra = 1;
|
||||
}
|
||||
|
||||
- if (buffer && n > len)
|
||||
- {
|
||||
- /* The provided buffer is too short. */
|
||||
- xfree (tmp);
|
||||
- return GPG_ERR_TOO_SHORT;
|
||||
- }
|
||||
if (buffer)
|
||||
{
|
||||
unsigned char *s = buffer;
|
||||
|
||||
+ if (n > len)
|
||||
+ {
|
||||
+ /* The provided buffer is too short. */
|
||||
+ xfree (tmp);
|
||||
+ return GPG_ERR_TOO_SHORT;
|
||||
+ }
|
||||
if (extra == 1)
|
||||
*s++ = 0;
|
||||
else if (extra)
|
||||
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||
/* Note: We ignore the sign for this format. */
|
||||
/* FIXME: for performance reasons we should put this into
|
||||
mpi_aprint because we can then use the buffer directly. */
|
||||
-
|
||||
- if (buffer && n > len)
|
||||
- return GPG_ERR_TOO_SHORT;
|
||||
if (buffer)
|
||||
{
|
||||
unsigned char *tmp;
|
||||
|
||||
+ if (n > len)
|
||||
+ return GPG_ERR_TOO_SHORT;
|
||||
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
|
||||
if (!tmp)
|
||||
return gpg_err_code_from_syserror ();
|
||||
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||
if (negative)
|
||||
return GPG_ERR_INV_ARG;
|
||||
|
||||
- if (buffer && n+2 > len)
|
||||
- return GPG_ERR_TOO_SHORT;
|
||||
-
|
||||
if (buffer)
|
||||
{
|
||||
unsigned char *tmp;
|
||||
unsigned char *s = buffer;
|
||||
|
||||
+ if (n+2 > len)
|
||||
+ return GPG_ERR_TOO_SHORT;
|
||||
+
|
||||
s[0] = nbits >> 8;
|
||||
s[1] = nbits;
|
||||
|
||||
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||
extra=1;
|
||||
}
|
||||
|
||||
- if (buffer && n+4 > len)
|
||||
- {
|
||||
- xfree(tmp);
|
||||
- return GPG_ERR_TOO_SHORT;
|
||||
- }
|
||||
-
|
||||
if (buffer)
|
||||
{
|
||||
unsigned char *s = buffer;
|
||||
|
||||
+ if (n+4 > len)
|
||||
+ {
|
||||
+ xfree(tmp);
|
||||
+ return GPG_ERR_TOO_SHORT;
|
||||
+ }
|
||||
+
|
||||
*s++ = n >> 24;
|
||||
*s++ = n >> 16;
|
||||
*s++ = n >> 8;
|
||||
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||
if (!n || (*tmp & 0x80))
|
||||
extra = 2;
|
||||
|
||||
- if (buffer && 2*n + extra + negative + 1 > len)
|
||||
- {
|
||||
- xfree(tmp);
|
||||
- return GPG_ERR_TOO_SHORT;
|
||||
- }
|
||||
if (buffer)
|
||||
{
|
||||
unsigned char *s = buffer;
|
||||
|
||||
+ if (2*n + extra + negative + 1 > len)
|
||||
+ {
|
||||
+ xfree(tmp);
|
||||
+ return GPG_ERR_TOO_SHORT;
|
||||
+ }
|
||||
if (negative)
|
||||
*s++ = '-';
|
||||
if (extra)
|
@ -1,122 +0,0 @@
|
||||
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
|
||||
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
|
||||
@@ -1412,7 +1412,7 @@ ecc_bench (int iterations, int print_hea
|
||||
{
|
||||
#if USE_ECC
|
||||
gpg_error_t err;
|
||||
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
|
||||
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
|
||||
"gost256", "gost512" };
|
||||
int testno;
|
||||
|
||||
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
|
||||
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
|
||||
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
|
||||
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
|
||||
" ))"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "(private-key"
|
||||
- " (ecdsa"
|
||||
- " (curve \"NIST P-192\")"
|
||||
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
|
||||
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
|
||||
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
|
||||
- " ))"
|
||||
- },
|
||||
- {
|
||||
"ECDSA, 224 bits (prime field)",
|
||||
"(private-key"
|
||||
" (ecdsa"
|
||||
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
|
||||
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"sample\"",
|
||||
- "sha1", "sample",
|
||||
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
|
||||
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
|
||||
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"sample\"",
|
||||
- "sha224", "sample",
|
||||
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
|
||||
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
|
||||
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"sample\"",
|
||||
- "sha256", "sample",
|
||||
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
|
||||
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
|
||||
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"sample\"",
|
||||
- "sha384", "sample",
|
||||
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
|
||||
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
|
||||
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"sample\"",
|
||||
- "sha512", "sample",
|
||||
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
|
||||
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
|
||||
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"test\"",
|
||||
- "sha1", "test",
|
||||
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
|
||||
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
|
||||
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"test\"",
|
||||
- "sha224", "test",
|
||||
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
|
||||
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
|
||||
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"test\"",
|
||||
- "sha256", "test",
|
||||
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
|
||||
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
|
||||
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"test\"",
|
||||
- "sha384", "test",
|
||||
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
|
||||
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
|
||||
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"test\"",
|
||||
- "sha512", "test",
|
||||
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
|
||||
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
|
||||
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
|
||||
- },
|
||||
-
|
||||
-
|
||||
-
|
||||
- {
|
||||
"ECDSA, 224 bits (prime field)",
|
||||
"With SHA-1, message = \"sample\"",
|
||||
"sha1", "sample",
|
File diff suppressed because it is too large
Load Diff
@ -1,60 +0,0 @@
|
||||
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
|
||||
@@ -141,6 +141,34 @@ global_init (void)
|
||||
}
|
||||
|
||||
|
||||
+#ifndef FIPS_MODULE_PATH
|
||||
+#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||
+#endif
|
||||
+
|
||||
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||
+{
|
||||
+ int rv;
|
||||
+
|
||||
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
+ if (rv < 0 && errno != ENOENT)
|
||||
+ rv = 0;
|
||||
+
|
||||
+ if (!rv)
|
||||
+ {
|
||||
+ int no_secmem_save;
|
||||
+
|
||||
+ /* it should be always 0 at this point but let's keep on the safe side */
|
||||
+ no_secmem_save = no_secure_memory;
|
||||
+ no_secure_memory = 1;
|
||||
+ /* force selftests */
|
||||
+ global_init();
|
||||
+ _gcry_fips_run_selftests (0);
|
||||
+ if (!fips_mode())
|
||||
+ _gcry_random_close_fds ();
|
||||
+ no_secure_memory = no_secmem_save;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* This function is called by the macro fips_is_operational and makes
|
||||
sure that the minimal initialization has been done. This is far
|
||||
from a perfect solution and hides problems with an improper
|
||||
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
|
||||
case GCRYCTL_FIPS_MODE_P:
|
||||
if (fips_mode ()
|
||||
- && !_gcry_is_fips_mode_inactive ()
|
||||
- && !no_secure_memory)
|
||||
+ && !_gcry_is_fips_mode_inactive ())
|
||||
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||
break;
|
||||
|
||||
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
break;
|
||||
|
||||
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
||||
- if (!_gcry_global_any_init_done)
|
||||
+ if (fips_mode ())
|
||||
{
|
||||
- /* Not yet initialized at all. Set the enforced fips mode flag */
|
||||
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
|
||||
_gcry_set_preferred_rng_type (0);
|
||||
_gcry_set_enforced_fips_mode ();
|
||||
}
|
@ -1,113 +0,0 @@
|
||||
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
|
||||
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
|
||||
@@ -317,6 +317,7 @@ struct drbg_state_s
|
||||
gcry_cipher_hd_t ctr_handle; /* CTR mode cipher handle */
|
||||
int seeded:1; /* DRBG fully seeded? */
|
||||
int pr:1; /* Prediction resistance enabled? */
|
||||
+ int ent_primed:1; /* Previous entropy data primed? */
|
||||
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
|
||||
* process which did the initialization so that we can detect a fork.
|
||||
* The volatile modifier is required so that the compiler does not
|
||||
@@ -324,6 +325,7 @@ struct drbg_state_s
|
||||
pid_t seed_init_pid;
|
||||
const struct drbg_state_ops_s *d_ops;
|
||||
const struct drbg_core_s *core;
|
||||
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
|
||||
struct drbg_test_data_s *test_data;
|
||||
};
|
||||
|
||||
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
||||
size_t len)
|
||||
{
|
||||
int rc = 0;
|
||||
+ unsigned char newhash[64];
|
||||
|
||||
/* Perform testing as defined in 11.3.2 */
|
||||
if (drbg->test_data && drbg->test_data->fail_seed_source)
|
||||
return -1;
|
||||
|
||||
+redo:
|
||||
read_cb_buffer = buffer;
|
||||
read_cb_size = len;
|
||||
read_cb_len = 0;
|
||||
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
||||
#else
|
||||
rc = -1;
|
||||
#endif
|
||||
+
|
||||
+ /* to avoid storing the actual entropy obtained for indefinite
|
||||
+ time, we just store the SHA-512 hash of the entropy gathered
|
||||
+ */
|
||||
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
|
||||
+
|
||||
+ if (!drbg->ent_primed)
|
||||
+ {
|
||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
||||
+ drbg->ent_primed = 1;
|
||||
+ goto redo;
|
||||
+ }
|
||||
+
|
||||
+ if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
|
||||
+ {
|
||||
+ fips_signal_error ("Entropy source failed the continuous test");
|
||||
+ return -1; /* continuous entropy test failed */
|
||||
+ }
|
||||
+
|
||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
||||
+
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
|
||||
}
|
||||
else
|
||||
{
|
||||
+ int nonce = 0;
|
||||
/* Gather entropy equal to the security strength of the DRBG.
|
||||
* With a derivation function, a nonce is required in addition
|
||||
* to the entropy. A nonce must be at least 1/2 of the security
|
||||
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
|
||||
* of the strength. The consideration of a nonce is only
|
||||
- * applicable during initial seeding. */
|
||||
+ * applicable during initial seeding.
|
||||
+ * To avoid pulling different length of data from entropy
|
||||
+ * source, we use 2 * strength for initial seeding. */
|
||||
entropylen = drbg_sec_strength (drbg->core->flags);
|
||||
if (!entropylen)
|
||||
return GPG_ERR_GENERAL;
|
||||
if (0 == reseed)
|
||||
- /* make sure we round up strength/2 in
|
||||
- * case it is not divisible by 2 */
|
||||
- entropylen = ((entropylen + 1) / 2) * 3;
|
||||
+ {
|
||||
+ nonce = 1;
|
||||
+ }
|
||||
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
|
||||
- entropy = xcalloc_secure (1, entropylen);
|
||||
+ entropy = xcalloc_secure (nonce + 1, entropylen);
|
||||
if (!entropy)
|
||||
return GPG_ERR_ENOMEM;
|
||||
ret = drbg_get_entropy (drbg, entropy, entropylen);
|
||||
if (ret)
|
||||
goto out;
|
||||
+ if (nonce)
|
||||
+ {
|
||||
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
|
||||
+ if (ret)
|
||||
+ goto out;
|
||||
+ /* make sure we round up strength/2 in
|
||||
+ * case it is not divisible by 2 */
|
||||
+ entropylen = 2 * entropylen;
|
||||
+ }
|
||||
drbg_string_fill (&data1, entropy, entropylen);
|
||||
}
|
||||
|
||||
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
|
||||
drbg->core = &drbg_cores[coreref];
|
||||
drbg->pr = pr;
|
||||
drbg->seeded = 0;
|
||||
+ drbg->ent_primed = 0;
|
||||
if (drbg->core->flags & DRBG_HMAC)
|
||||
drbg->d_ops = &drbg_hmac_ops;
|
||||
else if (drbg->core->flags & DRBG_HASH_MASK)
|
@ -1,18 +0,0 @@
|
||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
|
||||
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
|
||||
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||
}
|
||||
|
||||
|
||||
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||
+ if (!err && !spec->flags.fips && fips_mode ())
|
||||
{
|
||||
- _gcry_inactivate_fips_mode ("MD5 used");
|
||||
if (_gcry_enforced_fips_mode () )
|
||||
{
|
||||
- /* We should never get to here because we do not register
|
||||
- MD5 in enforced fips mode. But better throw an error. */
|
||||
err = GPG_ERR_DIGEST_ALGO;
|
||||
}
|
||||
}
|
@ -1,64 +0,0 @@
|
||||
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
||||
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
||||
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- else
|
||||
+ else if (!domain->p || !domain->q)
|
||||
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||
initial_seed.seed,
|
||||
initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen, NULL);
|
||||
+ else
|
||||
+ {
|
||||
+ /* Domain parameters p and q are given; use them. */
|
||||
+ prime_p = mpi_copy (domain->p);
|
||||
+ prime_q = mpi_copy (domain->q);
|
||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||
+ ec = 0;
|
||||
+ }
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
sexp_release (domainsexp);
|
||||
|
||||
- /* Check that all domain parameters are available. */
|
||||
- if (!domain.p || !domain.q || !domain.g)
|
||||
+ /* Check that p and q domain parameters are available. */
|
||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||
{
|
||||
_gcry_mpi_release (domain.p);
|
||||
_gcry_mpi_release (domain.q);
|
||||
_gcry_mpi_release (domain.g);
|
||||
- sexp_release (deriveparms);
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
|
||||
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
|
||||
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||
|
||||
if (nbits < 1024 || (nbits & 0x1FF))
|
||||
return GPG_ERR_INV_VALUE;
|
||||
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||
+ if (fips_mode() && nbits < 2048)
|
||||
return GPG_ERR_INV_VALUE;
|
||||
|
||||
/* The random quality depends on the transient_key flag. */
|
||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
|
||||
- if (e_value == 1) /* Alias for a secure value. */
|
||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
@ -1,185 +0,0 @@
|
||||
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
|
||||
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
|
||||
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
|
||||
@@ -6964,7 +6964,7 @@ check_ciphers (void)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_EAX, 0);
|
||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
||||
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
||||
@@ -7010,12 +7010,18 @@ check_cipher_modes(void)
|
||||
check_cfb_cipher ();
|
||||
check_ofb_cipher ();
|
||||
check_ccm_cipher ();
|
||||
- check_gcm_cipher ();
|
||||
- check_poly1305_cipher ();
|
||||
- check_ocb_cipher ();
|
||||
+ if (!in_fips_mode)
|
||||
+ {
|
||||
+ check_gcm_cipher ();
|
||||
+ check_poly1305_cipher ();
|
||||
+ check_ocb_cipher ();
|
||||
+ }
|
||||
check_xts_cipher ();
|
||||
check_eax_cipher ();
|
||||
- check_gost28147_cipher ();
|
||||
+ if (!in_fips_mode)
|
||||
+ {
|
||||
+ check_gost28147_cipher ();
|
||||
+ }
|
||||
check_stream_cipher ();
|
||||
check_stream_cipher_large_block ();
|
||||
|
||||
@@ -10001,7 +10007,7 @@ check_mac (void)
|
||||
show_mac_not_available (algos[i].algo);
|
||||
continue;
|
||||
}
|
||||
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
|
||||
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
|
||||
{
|
||||
if (verbose)
|
||||
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
|
||||
/* If we are in fips mode do some more tests. */
|
||||
gcry_md_hd_t md;
|
||||
|
||||
- /* First trigger a self-test. */
|
||||
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
|
||||
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
fail ("not in operational state after self-test\n");
|
||||
|
||||
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
|
||||
gcry_md_close (md);
|
||||
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
fail ("expected error state but still in operational state\n");
|
||||
- else
|
||||
- {
|
||||
- /* Now run a self-test and to get back into
|
||||
- operational state. */
|
||||
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
|
||||
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
- fail ("did not reach operational after error "
|
||||
- "and self-test\n");
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
|
||||
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
|
||||
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
|
||||
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|
||||
&& algo != GCRY_CIPHER_CHACHA20)
|
||||
continue;
|
||||
|
||||
- if (modes[modeidx].req_blocksize > 0
|
||||
- && blklen != modes[modeidx].req_blocksize)
|
||||
+ if ((modes[modeidx].req_blocksize > 0
|
||||
+ && blklen != modes[modeidx].req_blocksize)
|
||||
+ || (in_fips_mode
|
||||
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
||||
{
|
||||
printf (" %7s %7s", "-", "-" );
|
||||
continue;
|
||||
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
|
||||
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
|
||||
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
|
||||
return;
|
||||
|
||||
/* GCM has restrictions for block-size */
|
||||
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
|
||||
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
|
||||
return;
|
||||
|
||||
/* XTS has restrictions for block-size */
|
||||
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
|
||||
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
|
||||
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
||||
rc = gcry_sexp_new
|
||||
(&key_spec,
|
||||
"(genkey (dsa (transient-key)(domain"
|
||||
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
|
||||
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
|
||||
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
|
||||
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
|
||||
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
|
||||
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
|
||||
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
|
||||
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
|
||||
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
|
||||
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
||||
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
||||
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
||||
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
||||
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
||||
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
||||
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
||||
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
||||
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
||||
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
||||
+ " 2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
||||
+ " 7441a0a5#)"
|
||||
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
||||
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
||||
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
||||
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
|
||||
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
||||
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
||||
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
||||
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
||||
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
||||
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
||||
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
")))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||
" (use-fips186)"
|
||||
" (transient-key)"
|
||||
" (derive-parms"
|
||||
- " (seed #f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
|
||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||
0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
|
||||
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
|
||||
@@ -560,6 +560,9 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
+ /* Curve25519 isn't supported in fips mode */
|
||||
+ if (gcry_fips_mode_active())
|
||||
+ return 77;
|
||||
|
||||
start_timer ();
|
||||
check_cv25519 ();
|
||||
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
|
||||
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
|
||||
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0));
|
||||
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||
+ if (!gcry_fips_mode_active ())
|
||||
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
|
||||
/* Libgcrypt prints a warning when the first overflow is allocated;
|
||||
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
||||
|
||||
|
||||
test_secmem ();
|
||||
- test_secmem_overflow ();
|
||||
+ if (!gcry_fips_mode_active ())
|
||||
+ test_secmem_overflow ();
|
||||
/* FIXME: We need to improve the tests, for example by registering
|
||||
* our own log handler and comparing the output of
|
||||
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */
|
@ -1,77 +0,0 @@
|
||||
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
|
||||
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
|
||||
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
+#include <poll.h>
|
||||
#if defined(__APPLE__) && defined(__MACH__)
|
||||
#include <Availability.h>
|
||||
#ifdef __MAC_10_11
|
||||
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
return with something we will actually use 100ms. */
|
||||
while (length)
|
||||
{
|
||||
- fd_set rfds;
|
||||
- struct timeval tv;
|
||||
int rc;
|
||||
+ struct pollfd pfd;
|
||||
|
||||
/* If we have a modern operating system, we first try to use the new
|
||||
* getentropy function. That call guarantees that the kernel's
|
||||
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
any_need_entropy = 1;
|
||||
}
|
||||
|
||||
- /* If the system has no limit on the number of file descriptors
|
||||
- and we encounter an fd which is larger than the fd_set size,
|
||||
- we don't use the select at all. The select code is only used
|
||||
- to emit progress messages. A better solution would be to
|
||||
- fall back to poll() if available. */
|
||||
-#ifdef FD_SETSIZE
|
||||
- if (fd < FD_SETSIZE)
|
||||
-#endif
|
||||
+ pfd.fd = fd;
|
||||
+ pfd.events = POLLIN;
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ rc = poll(&pfd, 1, delay);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (!rc)
|
||||
{
|
||||
- FD_ZERO(&rfds);
|
||||
- FD_SET(fd, &rfds);
|
||||
- tv.tv_sec = delay;
|
||||
- tv.tv_usec = delay? 0 : 100000;
|
||||
- _gcry_pre_syscall ();
|
||||
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
|
||||
- _gcry_post_syscall ();
|
||||
- if (!rc)
|
||||
- {
|
||||
- any_need_entropy = 1;
|
||||
- delay = 3; /* Use 3 seconds henceforth. */
|
||||
- continue;
|
||||
- }
|
||||
- else if( rc == -1 )
|
||||
- {
|
||||
- log_error ("select() error: %s\n", strerror(errno));
|
||||
- if (!delay)
|
||||
- delay = 1; /* Use 1 second if we encounter an error before
|
||||
- we have ever blocked. */
|
||||
- continue;
|
||||
- }
|
||||
+ any_need_entropy = 1;
|
||||
+ delay = 3000; /* Use 3 seconds henceforth. */
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if( rc == -1 )
|
||||
+ {
|
||||
+ log_error ("poll() error: %s\n", strerror(errno));
|
||||
+ if (!delay)
|
||||
+ delay = 1000; /* Use 1 second if we encounter an error before
|
||||
+ we have ever blocked. */
|
||||
+ continue;
|
||||
}
|
||||
|
||||
do
|
@ -1,139 +0,0 @@
|
||||
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
|
||||
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
|
||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
|
||||
@@ -35,10 +35,6 @@
|
||||
#include "hmac256.h"
|
||||
|
||||
|
||||
-/* The name of the file used to force libgcrypt into fips mode. */
|
||||
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||
-
|
||||
-
|
||||
/* The states of the finite state machine used in fips mode. */
|
||||
enum module_states
|
||||
{
|
||||
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
- /* For testing the system it is useful to override the system
|
||||
- provided detection of the FIPS mode and force FIPS mode using a
|
||||
- file. The filename is hardwired so that there won't be any
|
||||
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||
- actually used. The file itself may be empty. */
|
||||
- if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||
- {
|
||||
- gcry_assert (!_gcry_no_fips_mode_required);
|
||||
- goto leave;
|
||||
- }
|
||||
-
|
||||
- /* Checking based on /proc file properties. */
|
||||
- {
|
||||
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||
- FILE *fp;
|
||||
- int saved_errno;
|
||||
-
|
||||
- fp = fopen (procfname, "r");
|
||||
- if (fp)
|
||||
- {
|
||||
- char line[256];
|
||||
-
|
||||
- if (fgets (line, sizeof line, fp) && atoi (line))
|
||||
- {
|
||||
- /* System is in fips mode. */
|
||||
- fclose (fp);
|
||||
- gcry_assert (!_gcry_no_fips_mode_required);
|
||||
- goto leave;
|
||||
- }
|
||||
- fclose (fp);
|
||||
- }
|
||||
- else if ((saved_errno = errno) != ENOENT
|
||||
- && saved_errno != EACCES
|
||||
- && !access ("/proc/version", F_OK) )
|
||||
- {
|
||||
- /* Problem reading the fips file despite that we have the proc
|
||||
- file system. We better stop right away. */
|
||||
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||
- procfname, strerror (saved_errno));
|
||||
-#ifdef HAVE_SYSLOG
|
||||
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
- "reading `%s' failed: %s - abort",
|
||||
- procfname, strerror (saved_errno));
|
||||
-#endif /*HAVE_SYSLOG*/
|
||||
- abort ();
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/* Fips not not requested, set flag. */
|
||||
_gcry_no_fips_mode_required = 1;
|
||||
|
||||
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
|
||||
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
|
||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
|
||||
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||
|
||||
/*-- fips.c --*/
|
||||
|
||||
+/* The name of the file used to force libgcrypt into fips mode. */
|
||||
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||
+
|
||||
extern int _gcry_no_fips_mode_required;
|
||||
|
||||
void _gcry_initialize_fips_mode (int force);
|
||||
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
|
||||
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
|
||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
|
||||
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
|
||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
if (rv < 0 && errno != ENOENT)
|
||||
rv = 0;
|
||||
+
|
||||
+ /* For testing the system it is useful to override the system
|
||||
+ provided detection of the FIPS mode and force FIPS mode using a
|
||||
+ file. The filename is hardwired so that there won't be any
|
||||
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||
+ actually used. The file itself may be empty. */
|
||||
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||
+ {
|
||||
+ rv = 0;
|
||||
+ force_fips_mode = 1;
|
||||
+ }
|
||||
+
|
||||
+ /* Checking based on /proc file properties. */
|
||||
+ {
|
||||
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||
+ FILE *fp;
|
||||
+ int saved_errno;
|
||||
+
|
||||
+ fp = fopen (procfname, "r");
|
||||
+ if (fp)
|
||||
+ {
|
||||
+ char line[256];
|
||||
+
|
||||
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
||||
+ {
|
||||
+ /* System is in fips mode. */
|
||||
+ rv = 0;
|
||||
+ force_fips_mode = 1;
|
||||
+ }
|
||||
+ fclose (fp);
|
||||
+ }
|
||||
+ else if ((saved_errno = errno) != ENOENT
|
||||
+ && saved_errno != EACCES
|
||||
+ && !access ("/proc/version", F_OK) )
|
||||
+ {
|
||||
+ /* Problem reading the fips file despite that we have the proc
|
||||
+ file system. We better stop right away. */
|
||||
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||
+ procfname, strerror (saved_errno));
|
||||
+#ifdef HAVE_SYSLOG
|
||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
+ "reading `%s' failed: %s - abort",
|
||||
+ procfname, strerror (saved_errno));
|
||||
+#endif /*HAVE_SYSLOG*/
|
||||
+ abort ();
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (!rv)
|
||||
{
|
@ -1,277 +0,0 @@
|
||||
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
|
||||
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
|
||||
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
|
||||
|
||||
/*-- random-csprng.c --*/
|
||||
void _gcry_rngcsprng_initialize (int full);
|
||||
+void _gcry_rngcsprng_deinit (void);
|
||||
void _gcry_rngcsprng_close_fds (void);
|
||||
void _gcry_rngcsprng_dump_stats (void);
|
||||
void _gcry_rngcsprng_secure_alloc (void);
|
||||
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
|
||||
|
||||
/*-- random-drbg.c --*/
|
||||
void _gcry_rngdrbg_inititialize (int full);
|
||||
+void _gcry_rngdrbg_deinit (void);
|
||||
void _gcry_rngdrbg_close_fds (void);
|
||||
void _gcry_rngdrbg_dump_stats (void);
|
||||
int _gcry_rngdrbg_is_faked (void);
|
||||
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
|
||||
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
|
||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||
unsigned int result = 0;
|
||||
|
||||
fp = fopen (fname, "r");
|
||||
- if (!fp)
|
||||
- return result;
|
||||
+ if (!fp) /* We make only_urandom the default. */
|
||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||
|
||||
for (;;)
|
||||
{
|
||||
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
|
||||
}
|
||||
|
||||
|
||||
+/* Deinitialize this random subsystem. */
|
||||
+void
|
||||
+_gcry_random_deinit (void)
|
||||
+{
|
||||
+ if (fips_mode ())
|
||||
+ _gcry_rngdrbg_deinit ();
|
||||
+ else if (rng_types.standard)
|
||||
+ _gcry_rngcsprng_deinit ();
|
||||
+ else if (rng_types.fips)
|
||||
+ _gcry_rngdrbg_deinit ();
|
||||
+ else
|
||||
+ _gcry_rngcsprng_deinit ();
|
||||
+ /* not needed for system */
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* If possible close file descriptors used by the RNG. */
|
||||
void
|
||||
_gcry_random_close_fds (void)
|
||||
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
|
||||
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
|
||||
@@ -55,6 +55,10 @@
|
||||
#ifdef __MINGW32__
|
||||
#include <process.h>
|
||||
#endif
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
+# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
+#endif
|
||||
#include "g10lib.h"
|
||||
#include "random.h"
|
||||
#include "rand-internal.h"
|
||||
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
|
||||
}
|
||||
|
||||
|
||||
+void
|
||||
+_gcry_rngcsprng_deinit (void)
|
||||
+{
|
||||
+ lock_pool();
|
||||
+ pool_writepos = 0;
|
||||
+ pool_readpos = 0;
|
||||
+ pool_filled = 0;
|
||||
+ pool_filled_counter = 0;
|
||||
+ did_initial_extra_seeding = 0;
|
||||
+ pool_balance = 0;
|
||||
+ just_mixed = 0;
|
||||
+ unlock_pool();
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* Try to close the FDs of the random gather module. This is
|
||||
currently only implemented for rndlinux. */
|
||||
void
|
||||
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||
enum random_origins, size_t, int);
|
||||
|
||||
#if USE_RNDLINUX
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ long ret;
|
||||
+ char buffer[1];
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret != -1 || errno != ENOSYS)
|
||||
+ {
|
||||
+ fnc = _gcry_rndlinux_gather_random;
|
||||
+ return fnc;
|
||||
+ }
|
||||
+ else
|
||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||
+#endif
|
||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||
{
|
||||
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
|
||||
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
|
||||
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Deinitialize the DRBG invoked by the libgcrypt API
|
||||
+ * It will be automatically re-initialized on next call
|
||||
+ */
|
||||
+void
|
||||
+_gcry_rngdrbg_deinit (void)
|
||||
+{
|
||||
+ drbg_lock ();
|
||||
+ if (drbg_state)
|
||||
+ {
|
||||
+ drbg_uninstantiate (drbg_state);
|
||||
+ drbg_state = NULL;
|
||||
+ }
|
||||
+ drbg_unlock ();
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Backend handler function for GCRYCTL_DRBG_REINIT
|
||||
*
|
||||
* Select a different DRBG type and initialize it.
|
||||
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
|
||||
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
|
||||
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
|
||||
|
||||
void _gcry_set_preferred_rng_type (int type);
|
||||
void _gcry_random_initialize (int full);
|
||||
+void _gcry_random_deinit (void);
|
||||
void _gcry_random_close_fds (void);
|
||||
int _gcry_get_rng_type (int ignore_fips_mode);
|
||||
void _gcry_random_dump_stats(void);
|
||||
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
|
||||
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
|
||||
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
|
||||
#ifdef HAVE_SYSCALL
|
||||
# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
# ifdef __NR_getrandom
|
||||
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
|
||||
# endif
|
||||
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
if (!add)
|
||||
{
|
||||
/* Special mode to close the descriptors. */
|
||||
- if (fd_random != -1)
|
||||
+ if (fd_random >= 0)
|
||||
{
|
||||
close (fd_random);
|
||||
fd_random = -1;
|
||||
}
|
||||
- if (fd_urandom != -1)
|
||||
+ if (fd_urandom >= 0)
|
||||
{
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
apid = getpid ();
|
||||
if (my_pid != apid)
|
||||
{
|
||||
- if (fd_random != -1)
|
||||
+ if (fd_random >= 0)
|
||||
{
|
||||
close (fd_random);
|
||||
fd_random = -1;
|
||||
}
|
||||
- if (fd_urandom != -1)
|
||||
+ if (fd_urandom >= 0)
|
||||
{
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
|
||||
+ {
|
||||
+ long ret;
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||
+ {
|
||||
+ fd_urandom = -2;
|
||||
+ fd_random = -2;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
|
||||
{
|
||||
if (fd_random == -1)
|
||||
{
|
||||
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
_gcry_post_syscall ();
|
||||
}
|
||||
while (ret == -1 && errno == EINTR);
|
||||
- if (ret == -1 && errno == ENOSYS)
|
||||
- ; /* getentropy is not supported - fallback to pulling from fd. */
|
||||
- else
|
||||
+ if (1)
|
||||
{ /* getentropy is supported. Some sanity checks. */
|
||||
if (ret == -1)
|
||||
log_fatal ("unexpected error from getentropy: %s\n",
|
||||
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
|
||||
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
|
||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
|
||||
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
|
||||
void _gcry_fips_noreturn (void);
|
||||
#define fips_noreturn() (_gcry_fips_noreturn ())
|
||||
|
||||
-
|
||||
+int _gcry_in_constructor (void);
|
||||
|
||||
#endif /* G10LIB_H */
|
||||
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
|
||||
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
|
||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
|
||||
@@ -145,10 +145,18 @@ global_init (void)
|
||||
#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||
#endif
|
||||
|
||||
+static int in_constructor = 0;
|
||||
+
|
||||
+int _gcry_in_constructor(void)
|
||||
+{
|
||||
+ return in_constructor;
|
||||
+}
|
||||
+
|
||||
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||
{
|
||||
int rv;
|
||||
|
||||
+ in_constructor = 1;
|
||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
if (rv < 0 && errno != ENOENT)
|
||||
rv = 0;
|
||||
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
|
||||
/* force selftests */
|
||||
global_init();
|
||||
_gcry_fips_run_selftests (0);
|
||||
- if (!fips_mode())
|
||||
- _gcry_random_close_fds ();
|
||||
+ _gcry_random_close_fds ();
|
||||
+ _gcry_random_deinit ();
|
||||
no_secure_memory = no_secmem_save;
|
||||
}
|
||||
+
|
||||
+ in_constructor = 0;
|
||||
}
|
||||
|
||||
/* This function is called by the macro fips_is_operational and makes
|
@ -1,34 +0,0 @@
|
||||
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Tue, 27 Apr 2021 09:08:41 -0700
|
||||
Subject: [PATCH] Always include <config.h> in cipher assembly codes
|
||||
|
||||
* cipher/poly1305-s390x.S: Always include <config.h>.
|
||||
|
||||
When Intel CET is enabled, we need to include <cet.h> in assembly codes
|
||||
to mark Intel CET support even if it is empty. We should always include
|
||||
<config.h> in cipher assembly codes so that they will be marked for
|
||||
Intel CET support when compiling for x86-64 and i686.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
cipher/poly1305-s390x.S | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
|
||||
index 844245f6..28bed560 100644
|
||||
--- a/cipher/poly1305-s390x.S
|
||||
+++ b/cipher/poly1305-s390x.S
|
||||
@@ -18,8 +18,8 @@
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||
#include <config.h>
|
||||
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||
#if defined(HAVE_GCC_INLINE_ASM_S390X)
|
||||
|
||||
#include "asm-poly1305-s390x.h"
|
||||
--
|
||||
GitLab
|
||||
|
@ -1,77 +0,0 @@
|
||||
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
|
||||
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
|
||||
@@ -581,23 +581,50 @@ run_random_selftests (void)
|
||||
return !!err;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_HMAC_BINARY_CHECK
|
||||
+static int
|
||||
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
|
||||
+{
|
||||
+ Dl_info info;
|
||||
+ void *dl, *sym;
|
||||
+ int rv = -1;
|
||||
+
|
||||
+ dl = dlopen(libname, RTLD_LAZY);
|
||||
+ if (dl == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ sym = dlsym(dl, symbolname);
|
||||
+
|
||||
+ if (sym != NULL && dladdr(sym, &info)) {
|
||||
+ strncpy(path, info.dli_fname, pathlen-1);
|
||||
+ path[pathlen-1] = '\0';
|
||||
+ rv = 0;
|
||||
+ }
|
||||
+
|
||||
+ dlclose(dl);
|
||||
+
|
||||
+ return rv;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/* Run an integrity check on the binary. Returns 0 on success. */
|
||||
static int
|
||||
check_binary_integrity (void)
|
||||
{
|
||||
#ifdef ENABLE_HMAC_BINARY_CHECK
|
||||
gpg_error_t err;
|
||||
- Dl_info info;
|
||||
+ char libpath[4096];
|
||||
unsigned char digest[32];
|
||||
int dlen;
|
||||
char *fname = NULL;
|
||||
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
|
||||
-
|
||||
- if (!dladdr ("gcry_check_version", &info))
|
||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||
+
|
||||
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
||||
{
|
||||
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
|
||||
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
|
||||
key, strlen (key));
|
||||
if (dlen < 0)
|
||||
err = gpg_error_from_syserror ();
|
||||
@@ -605,7 +632,7 @@ check_binary_integrity (void)
|
||||
err = gpg_error (GPG_ERR_INTERNAL);
|
||||
else
|
||||
{
|
||||
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
||||
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
|
||||
if (!fname)
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
||||
@@ -614,7 +641,7 @@ check_binary_integrity (void)
|
||||
char *p;
|
||||
|
||||
/* Prefix the basename with a dot. */
|
||||
- strcpy (fname, info.dli_fname);
|
||||
+ strcpy (fname, libpath);
|
||||
p = strrchr (fname, '/');
|
||||
if (p)
|
||||
p++;
|
@ -1,100 +0,0 @@
|
||||
commit 3462280f2e23e16adf3ed5176e0f2413d8861320
|
||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Fri May 21 11:15:07 2021 +0900
|
||||
|
||||
cipher: Fix ElGamal encryption for other implementations.
|
||||
|
||||
* cipher/elgamal.c (gen_k): Remove support of smaller K.
|
||||
(do_encrypt): Never use smaller K.
|
||||
(sign): Folllow the change of gen_k.
|
||||
|
||||
--
|
||||
|
||||
Cherry-pick master commit of:
|
||||
632d80ef30e13de6926d503aa697f92b5dbfbc5e
|
||||
|
||||
This change basically reverts encryption changes in two commits:
|
||||
|
||||
74386120dad6b3da62db37f7044267c8ef34689b
|
||||
78531373a342aeb847950f404343a05e36022065
|
||||
|
||||
Use of smaller K for ephemeral key in ElGamal encryption is only good,
|
||||
when we can guarantee that recipient's key is generated by our
|
||||
implementation (or compatible).
|
||||
|
||||
For detail, please see:
|
||||
|
||||
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
|
||||
"On the (in)security of ElGamal in OpenPGP";
|
||||
in the proceedings of CCS'2021.
|
||||
|
||||
CVE-id: CVE-2021-33560
|
||||
GnuPG-bug-id: 5328
|
||||
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
|
||||
index 9835122f..eead4502 100644
|
||||
--- a/cipher/elgamal.c
|
||||
+++ b/cipher/elgamal.c
|
||||
@@ -66,7 +66,7 @@ static const char *elg_names[] =
|
||||
|
||||
|
||||
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
|
||||
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
|
||||
+static gcry_mpi_t gen_k (gcry_mpi_t p);
|
||||
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
|
||||
gcry_mpi_t **factors);
|
||||
static int check_secret_key (ELG_secret_key *sk);
|
||||
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
|
||||
|
||||
/****************
|
||||
* Generate a random secret exponent k from prime p, so that k is
|
||||
- * relatively prime to p-1. With SMALL_K set, k will be selected for
|
||||
- * better encryption performance - this must never be used signing!
|
||||
+ * relatively prime to p-1.
|
||||
*/
|
||||
static gcry_mpi_t
|
||||
-gen_k( gcry_mpi_t p, int small_k )
|
||||
+gen_k( gcry_mpi_t p )
|
||||
{
|
||||
gcry_mpi_t k = mpi_alloc_secure( 0 );
|
||||
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
|
||||
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
|
||||
unsigned int nbits, nbytes;
|
||||
char *rndbuf = NULL;
|
||||
|
||||
- if (small_k)
|
||||
- {
|
||||
- /* Using a k much lesser than p is sufficient for encryption and
|
||||
- * it greatly improves the encryption performance. We use
|
||||
- * Wiener's table and add a large safety margin. */
|
||||
- nbits = wiener_map( orig_nbits ) * 3 / 2;
|
||||
- if( nbits >= orig_nbits )
|
||||
- BUG();
|
||||
- }
|
||||
- else
|
||||
- nbits = orig_nbits;
|
||||
-
|
||||
+ nbits = orig_nbits;
|
||||
|
||||
nbytes = (nbits+7)/8;
|
||||
if( DBG_CIPHER )
|
||||
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
|
||||
* error code.
|
||||
*/
|
||||
|
||||
- k = gen_k( pkey->p, 1 );
|
||||
+ k = gen_k( pkey->p );
|
||||
mpi_powm (a, pkey->g, k, pkey->p);
|
||||
|
||||
/* b = (y^k * input) mod p
|
||||
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
|
||||
*
|
||||
*/
|
||||
mpi_sub_ui(p_1, p_1, 1);
|
||||
- k = gen_k( skey->p, 0 /* no small K ! */ );
|
||||
+ k = gen_k( skey->p );
|
||||
mpi_powm( a, skey->g, k, skey->p );
|
||||
mpi_mul(t, skey->x, a );
|
||||
mpi_subm(t, input, t, p_1 );
|
@ -1,13 +0,0 @@
|
||||
diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
|
||||
--- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips 2021-06-25 11:55:55.843819137 +0200
|
||||
+++ libgcrypt-1.8.5/src/hwfeatures.c 2021-06-25 11:56:00.925895390 +0200
|
||||
@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
|
||||
{
|
||||
hw_features = 0;
|
||||
|
||||
- if (fips_mode ())
|
||||
- return; /* Hardware support is not to be evaluated. */
|
||||
-
|
||||
parse_hwf_deny_file ();
|
||||
|
||||
#if defined (HAVE_CPU_ARCH_X86)
|
@ -1,4 +0,0 @@
|
||||
# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/
|
||||
only-urandom
|
||||
# Keep jitter entropy generator enabled (should do no harm)
|
||||
#disable-jent
|
File diff suppressed because it is too large
Load Diff
@ -1,59 +1,28 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.9.3
|
||||
Release: 5%{?dist}
|
||||
URL: https://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||
# The original libgcrypt sources now contain potentially patented ECC
|
||||
# cipher support. We have to remove it in the tarball we ship with
|
||||
# the hobble-libgcrypt script.
|
||||
# (We replace it with RH approved ECC in Source4-5)
|
||||
# rm -rf libgcrypt-x.y.z # make sure there are no leftover files
|
||||
# tar -xf libgcrypt-x.y.z.tar.bz2
|
||||
# pushd libgcrypt-x.y.z && ../hobble-libgcrypt && popd
|
||||
# tar -cvJf libgcrypt-x.y.z-hobbled.tar.xz libgcrypt-x.y.z
|
||||
#Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2
|
||||
#Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig
|
||||
Source2: wk@g10code.com
|
||||
Source3: hobble-libgcrypt
|
||||
# Approved ECC support
|
||||
Source4: ecc-curves.c
|
||||
Source5: curves.c
|
||||
Source6: t-mpi-point.c
|
||||
Source7: random.conf
|
||||
Source8: keygrip.c
|
||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||
# update on soname bump
|
||||
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
|
||||
# modify FIPS RSA and DSA keygen to comply with requirements
|
||||
Patch5: libgcrypt-1.8.4-fips-keygen.patch
|
||||
# fix the tests to work correctly in the FIPS mode
|
||||
Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
|
||||
# update the CAVS tests
|
||||
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
||||
# use poll instead of select when gathering randomness
|
||||
Patch11: libgcrypt-1.8.4-use-poll.patch
|
||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
||||
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||
# fix tests to work with approved ECC
|
||||
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
|
||||
# Run the FIPS mode initialization in the shared library constructor
|
||||
Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
||||
# Do not try to open /dev/urandom if getrandom() works
|
||||
Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||
# Continuous FIPS entropy test
|
||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||
# Missing Intel CET support in the library (#1954049)
|
||||
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||
# Fix for CVE-2021-33560
|
||||
Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch
|
||||
# We can use HW optimizations in FIPS (#1990059)
|
||||
Patch32: libgcrypt-1.9.3-fips-hwfeatures.patch
|
||||
# This is taken from gnutls.spec
|
||||
%define srpmhash() %{lua:
|
||||
local files = rpm.expand("%_specdir/libgcrypt.spec")
|
||||
for i, p in ipairs(patches) do
|
||||
files = files.." "..p
|
||||
end
|
||||
for i, p in ipairs(sources) do
|
||||
files = files.." "..p
|
||||
end
|
||||
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
|
||||
local hash = sha256sum:read("*a")
|
||||
sha256sum:close()
|
||||
print(string.sub(hash, 0, 16))
|
||||
}
|
||||
|
||||
|
||||
Name: libgcrypt
|
||||
Version: 1.10.0
|
||||
Release: 2%{?dist}
|
||||
URL: https://www.gnupg.org/
|
||||
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
|
||||
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
||||
Source2: wk@g10code.com
|
||||
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
|
||||
|
||||
%global gcrylibdir %{_libdir}
|
||||
%global gcrysoname libgcrypt.so.20
|
||||
%global hmackey orboDeJITITejsirpADONivirpUkvarP
|
||||
@ -88,25 +57,7 @@ applications using libgcrypt.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%{SOURCE3}
|
||||
%patch2 -p1 -b .use-fipscheck
|
||||
%patch5 -p1 -b .fips-keygen
|
||||
%patch6 -p1 -b .tests-fipsmode
|
||||
%patch7 -p1 -b .cavs
|
||||
%patch11 -p1 -b .use-poll
|
||||
%patch13 -p1 -b .gccopt
|
||||
%patch14 -p1 -b .eccfix
|
||||
%patch18 -p1 -b .fips-ctor
|
||||
%patch24 -p1 -b .getrandom
|
||||
%patch26 -p1 -b .fips-enttest
|
||||
%patch27 -p1 -b .fips-enforce
|
||||
%patch28 -p1 -b .intel-cet
|
||||
%patch30 -p1 -b .fips-module
|
||||
%patch31 -p1 -b .CVE-2021-33560
|
||||
%patch32 -p1 -b .hw-fips
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
# This package has a configure test which uses ASMs, but does not link the
|
||||
@ -118,29 +69,44 @@ cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/
|
||||
# F34, so we use it here explicitly
|
||||
%define _lto_cflags -flto=auto -ffat-lto-objects
|
||||
|
||||
# should be all algorithms except SM3 and SM4
|
||||
export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
|
||||
export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
|
||||
|
||||
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
|
||||
export FIPS_MODULE_NAME="$OS_NAME $OS_VERSION_ID %name"
|
||||
|
||||
autoreconf -f
|
||||
%configure --disable-static \
|
||||
%ifarch sparc64
|
||||
--disable-asm \
|
||||
%endif
|
||||
--enable-noexecstack \
|
||||
--enable-hmac-binary-check \
|
||||
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
|
||||
--disable-O-flag-munging
|
||||
--enable-hmac-binary-check=%{hmackey} \
|
||||
--disable-brainpool \
|
||||
--enable-digests="$DIGESTS" \
|
||||
--enable-ciphers="$CIPHERS" \
|
||||
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
|
||||
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
|
||||
%make_build
|
||||
|
||||
%check
|
||||
src/hmac256 %{hmackey} src/.libs/%{gcrysoname} | cut -f1 -d ' ' >src/.libs/.%{gcrysoname}.hmac
|
||||
|
||||
make check
|
||||
# try in faked FIPS mode too
|
||||
LIBGCRYPT_FORCE_FIPS_MODE=1 make check
|
||||
|
||||
# Add generation of HMAC checksums of the final stripped binaries
|
||||
%define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
src/hmac256 %{hmackey} $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname} | cut -f1 -d ' ' >$RPM_BUILD_ROOT%{gcrylibdir}/.%{gcrysoname}.hmac \
|
||||
dd if=/dev/zero of=%{libpath}.hmac bs=32 count=1 \
|
||||
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath} %{libpath}.empty \
|
||||
src/hmac256 --binary %{hmackey} %{libpath}.empty > %{libpath}.hmac \
|
||||
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath}.empty %{libpath}.new \
|
||||
mv -f %{libpath}.new %{libpath} \
|
||||
rm -f %{libpath}.hmac %{libpath}.empty
|
||||
%{nil}
|
||||
|
||||
%install
|
||||
@ -185,16 +151,13 @@ popd
|
||||
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
||||
# that _someone_ owns it.
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%files
|
||||
%dir /etc/gcrypt
|
||||
%config(noreplace) /etc/gcrypt/random.conf
|
||||
%{gcrylibdir}/libgcrypt.so.*.*
|
||||
%{gcrylibdir}/%{gcrysoname}
|
||||
%{gcrylibdir}/.%{gcrysoname}.hmac
|
||||
%license COPYING.LIB
|
||||
%doc AUTHORS NEWS THANKS
|
||||
|
||||
@ -213,6 +176,23 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Thu Feb 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-2
|
||||
- Systematic FIPS module name with other FIPS modules
|
||||
|
||||
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
|
||||
- Final release (#2026636)
|
||||
|
||||
* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.3
|
||||
- Fix broken soname in the previous beta
|
||||
|
||||
* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.2
|
||||
- Provide compat soname symlink as the new release is backward compatible
|
||||
|
||||
* Wed Jan 26 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.1
|
||||
- New upstream pre-release (#2026636)
|
||||
- Upstream all patches
|
||||
- Implement FIPS 140-3 support
|
||||
|
||||
* Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5
|
||||
- Allow HW optimizations in FIPS mode (#1990059)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user