import libgcrypt-1.8.5-4.el8
This commit is contained in:
parent
a449de636b
commit
96daea1e33
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libgcrypt-1.8.3-hobbled.tar.xz
|
||||
SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
e89427b41b148a28583825079d45a7a64234fdbf SOURCES/libgcrypt-1.8.3-hobbled.tar.xz
|
||||
1edcc623a15ed87ff832e021b4cb77fd94eb66c9 SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
||||
|
@ -1057,7 +1057,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
|
||||
if (!strcmp (name, "q.x") && ec->Q && ec->Q->x)
|
||||
return mpi_is_const (ec->Q->x) && !copy? ec->Q->x : mpi_copy (ec->Q->x);
|
||||
if (!strcmp (name, "q.y") && ec->Q && ec->Q->y)
|
||||
return mpi_is_const (ec->G->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
|
||||
return mpi_is_const (ec->Q->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
|
||||
|
||||
/* If the base point has been requested, return it in standard
|
||||
encoding. */
|
||||
|
@ -1,115 +0,0 @@
|
||||
diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c
|
||||
--- libgcrypt-1.8.0/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
|
||||
+++ libgcrypt-1.8.0/cipher/dsa.c 2017-08-15 15:10:39.551600227 +0200
|
||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- else
|
||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
||||
+ else if (!domain->p || !domain->q)
|
||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||
+ initial_seed.seed,
|
||||
+ initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen, NULL);
|
||||
+ else
|
||||
+ {
|
||||
+ /* Domain parameters p and q are given; use them. */
|
||||
+ prime_p = mpi_copy (domain->p);
|
||||
+ prime_q = mpi_copy (domain->q);
|
||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||
+ ec = 0;
|
||||
+ }
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
sexp_release (domainsexp);
|
||||
|
||||
- /* Check that all domain parameters are available. */
|
||||
- if (!domain.p || !domain.q || !domain.g)
|
||||
+ /* Check that p and q domain parameters are available. */
|
||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||
{
|
||||
_gcry_mpi_release (domain.p);
|
||||
_gcry_mpi_release (domain.q);
|
||||
_gcry_mpi_release (domain.g);
|
||||
- sexp_release (deriveparms);
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c
|
||||
--- libgcrypt-1.8.0/cipher/rsa.c.tests 2017-07-06 10:21:36.000000000 +0200
|
||||
+++ libgcrypt-1.8.0/cipher/rsa.c 2017-08-15 15:10:39.551600227 +0200
|
||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
|
||||
- if (e_value == 1) /* Alias for a secure value. */
|
||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||
diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c
|
||||
--- libgcrypt-1.8.0/tests/keygen.c.tests 2017-08-15 15:10:39.551600227 +0200
|
||||
+++ libgcrypt-1.8.0/tests/keygen.c 2017-08-15 15:16:05.433176171 +0200
|
||||
@@ -200,11 +200,11 @@ check_rsa_keys (void)
|
||||
|
||||
|
||||
if (verbose)
|
||||
- info ("creating 512 bit RSA key with e=257\n");
|
||||
+ info ("creating 1024 bit RSA key with e=257\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 3:257)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -225,11 +225,11 @@ check_rsa_keys (void)
|
||||
gcry_sexp_release (key);
|
||||
|
||||
if (verbose)
|
||||
- info ("creating 512 bit RSA key with default e\n");
|
||||
+ info ("creating 1024 bit RSA key with default e\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 1:0)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -309,12 +309,12 @@ check_dsa_keys (void)
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
- info ("creating 1536 bit DSA key\n");
|
||||
+ info ("creating 2048 bit DSA key\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (dsa\n"
|
||||
- " (nbits 4:1536)\n"
|
||||
- " (qbits 3:224)\n"
|
||||
+ " (nbits 4:2048)\n"
|
||||
+ " (qbits 3:256)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
||||
diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c
|
||||
--- libgcrypt-1.8.0/tests/pubkey.c.tests 2017-01-18 15:24:25.000000000 +0100
|
||||
+++ libgcrypt-1.8.0/tests/pubkey.c 2017-08-15 15:10:39.552600207 +0200
|
||||
@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||
" (use-fips186)"
|
||||
" (transient-key)"
|
||||
" (derive-parms"
|
||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||
0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
@ -1,196 +1,7 @@
|
||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-ctor libgcrypt-1.8.3/cipher/md.c
|
||||
--- libgcrypt-1.8.3/cipher/md.c.fips-ctor 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/cipher/md.c 2018-07-12 13:24:54.088403006 +0200
|
||||
@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||
|
||||
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||
{
|
||||
- _gcry_inactivate_fips_mode ("MD5 used");
|
||||
if (_gcry_enforced_fips_mode () )
|
||||
{
|
||||
- /* We should never get to here because we do not register
|
||||
- MD5 in enforced fips mode. But better throw an error. */
|
||||
err = GPG_ERR_DIGEST_ALGO;
|
||||
}
|
||||
}
|
||||
diff -up libgcrypt-1.8.3/src/fips.c.fips-ctor libgcrypt-1.8.3/src/fips.c
|
||||
--- libgcrypt-1.8.3/src/fips.c.fips-ctor 2018-07-12 13:24:54.075402698 +0200
|
||||
+++ libgcrypt-1.8.3/src/fips.c 2018-07-12 13:24:54.088403006 +0200
|
||||
@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
|
||||
|
||||
|
||||
|
||||
+/* Initialize the FSM lock - this function may only
|
||||
+ be called once and is intended to be run from the library
|
||||
+ constructor */
|
||||
+void
|
||||
+_gcry_initialize_fsm_lock (void)
|
||||
+{
|
||||
+ gpg_error_t err;
|
||||
+ /* Intitialize the lock to protect the FSM. */
|
||||
+ err = gpgrt_lock_init (&fsm_lock);
|
||||
+ if (err)
|
||||
+ {
|
||||
+ /* If that fails we can't do anything but abort the
|
||||
+ process. We need to use log_info so that the FSM won't
|
||||
+ get involved. */
|
||||
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
||||
+ gpg_strerror (err));
|
||||
+#ifdef HAVE_SYSLOG
|
||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
+ "creating FSM lock failed: %s - abort",
|
||||
+ gpg_strerror (err));
|
||||
+#endif /*HAVE_SYSLOG*/
|
||||
+ abort ();
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* Check whether the OS is in FIPS mode and record that in a module
|
||||
local variable. If FORCE is passed as true, fips mode will be
|
||||
enabled anyway. Note: This function is not thread-safe and should
|
||||
@@ -100,7 +125,6 @@ void
|
||||
_gcry_initialize_fips_mode (int force)
|
||||
{
|
||||
static int done;
|
||||
- gpg_error_t err;
|
||||
|
||||
/* Make sure we are not accidentally called twice. */
|
||||
if (done)
|
||||
@@ -179,24 +203,6 @@ _gcry_initialize_fips_mode (int force)
|
||||
/* Yes, we are in FIPS mode. */
|
||||
FILE *fp;
|
||||
|
||||
- /* Intitialize the lock to protect the FSM. */
|
||||
- err = gpgrt_lock_init (&fsm_lock);
|
||||
- if (err)
|
||||
- {
|
||||
- /* If that fails we can't do anything but abort the
|
||||
- process. We need to use log_info so that the FSM won't
|
||||
- get involved. */
|
||||
- log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
||||
- gpg_strerror (err));
|
||||
-#ifdef HAVE_SYSLOG
|
||||
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
- "creating FSM lock failed: %s - abort",
|
||||
- gpg_strerror (err));
|
||||
-#endif /*HAVE_SYSLOG*/
|
||||
- abort ();
|
||||
- }
|
||||
-
|
||||
-
|
||||
/* If the FIPS force files exists, is readable and has a number
|
||||
!= 0 on its first line, we enable the enforced fips mode. */
|
||||
fp = fopen (FIPS_FORCE_FILE, "r");
|
||||
@@ -359,16 +365,20 @@ _gcry_fips_is_operational (void)
|
||||
{
|
||||
int result;
|
||||
|
||||
- if (!fips_mode ())
|
||||
+ lock_fsm ();
|
||||
+ if (current_state == STATE_POWERON && !fips_mode ())
|
||||
+ /* If we are at this point in POWERON state it means the FIPS
|
||||
+ module installation was not completed. (/etc/system-fips
|
||||
+ is not present.) */
|
||||
result = 1;
|
||||
else
|
||||
{
|
||||
- lock_fsm ();
|
||||
- if (current_state == STATE_INIT)
|
||||
+ if (current_state == STATE_INIT || current_state == STATE_SELFTEST)
|
||||
{
|
||||
- /* If we are still in the INIT state, we need to run the
|
||||
- selftests so that the FSM can eventually get into
|
||||
- operational state. Given that we would need a 2-phase
|
||||
+ /* If we are still in the INIT (or SELFTEST) state,
|
||||
+ we need to run (or finish) the selftests so
|
||||
+ that the FSM can eventually get into operational
|
||||
+ state. Given that we would need a 2-phase
|
||||
initialization of libgcrypt, but that has traditionally
|
||||
not been enforced, we use this on demand self-test
|
||||
checking. Note that Proper applications would do the
|
||||
@@ -384,9 +394,11 @@ _gcry_fips_is_operational (void)
|
||||
lock_fsm ();
|
||||
}
|
||||
|
||||
- result = (current_state == STATE_OPERATIONAL);
|
||||
- unlock_fsm ();
|
||||
+ result = (current_state == STATE_OPERATIONAL) || !fips_mode ();
|
||||
+ /* We always run the selftests but ignore the result
|
||||
+ in non-FIPS mode. */
|
||||
}
|
||||
+ unlock_fsm ();
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -709,9 +721,25 @@ _gcry_fips_run_selftests (int extended)
|
||||
{
|
||||
enum module_states result = STATE_ERROR;
|
||||
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
||||
+ int in_poweron;
|
||||
|
||||
- if (fips_mode ())
|
||||
- fips_new_state (STATE_SELFTEST);
|
||||
+ lock_fsm ();
|
||||
+ in_poweron = (current_state == STATE_POWERON);
|
||||
+ unlock_fsm ();
|
||||
+
|
||||
+ fips_new_state (STATE_SELFTEST);
|
||||
+
|
||||
+ /* We first check the integrity of the binary.
|
||||
+ If run from the constructor we are in POWERON state,
|
||||
+ we return and finish the remaining selftests before
|
||||
+ real use of the library. It will be in the POWERON
|
||||
+ state meanwhile. */
|
||||
+ if (in_poweron)
|
||||
+ if (check_binary_integrity ())
|
||||
+ goto leave;
|
||||
+
|
||||
+ if (in_poweron)
|
||||
+ return 0;
|
||||
|
||||
if (run_cipher_selftests (extended))
|
||||
goto leave;
|
||||
@@ -730,18 +758,12 @@ _gcry_fips_run_selftests (int extended)
|
||||
if (run_pubkey_selftests (extended))
|
||||
goto leave;
|
||||
|
||||
- /* Now check the integrity of the binary. We do this this after
|
||||
- having checked the HMAC code. */
|
||||
- if (check_binary_integrity ())
|
||||
- goto leave;
|
||||
-
|
||||
/* All selftests passed. */
|
||||
result = STATE_OPERATIONAL;
|
||||
ec = 0;
|
||||
|
||||
leave:
|
||||
- if (fips_mode ())
|
||||
- fips_new_state (result);
|
||||
+ fips_new_state (result);
|
||||
|
||||
return ec;
|
||||
}
|
||||
@@ -797,6 +819,7 @@ fips_new_state (enum module_states new_s
|
||||
{
|
||||
case STATE_POWERON:
|
||||
if (new_state == STATE_INIT
|
||||
+ || new_state == STATE_SELFTEST
|
||||
|| new_state == STATE_ERROR
|
||||
|| new_state == STATE_FATALERROR)
|
||||
ok = 1;
|
||||
@@ -811,6 +834,8 @@ fips_new_state (enum module_states new_s
|
||||
|
||||
case STATE_SELFTEST:
|
||||
if (new_state == STATE_OPERATIONAL
|
||||
+ || new_state == STATE_INIT
|
||||
+ || new_state == STATE_SELFTEST
|
||||
|| new_state == STATE_ERROR
|
||||
|| new_state == STATE_FATALERROR)
|
||||
ok = 1;
|
||||
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/src/global.c 2018-07-17 19:15:43.933827112 +0200
|
||||
@@ -141,6 +141,29 @@ global_init (void)
|
||||
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
|
||||
@@ -141,6 +141,34 @@ global_init (void)
|
||||
}
|
||||
|
||||
|
||||
@ -202,25 +13,30 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||
+{
|
||||
+ int rv;
|
||||
+
|
||||
+ /* We always need the FSM lock to be functional. */
|
||||
+ _gcry_initialize_fsm_lock ();
|
||||
+
|
||||
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
+ if (rv < 0 && errno != ENOENT)
|
||||
+ rv = 0;
|
||||
+
|
||||
+ if (!rv)
|
||||
+ {
|
||||
+ /* We run the integrity check at this point. The remaining
|
||||
+ selftests are run before use of the library by application. */
|
||||
+ int no_secmem_save;
|
||||
+
|
||||
+ /* it should be always 0 at this point but let's keep on the safe side */
|
||||
+ no_secmem_save = no_secure_memory;
|
||||
+ no_secure_memory = 1;
|
||||
+ /* force selftests */
|
||||
+ global_init();
|
||||
+ _gcry_fips_run_selftests (0);
|
||||
+ if (!fips_mode())
|
||||
+ _gcry_random_close_fds ();
|
||||
+ no_secure_memory = no_secmem_save;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* This function is called by the macro fips_is_operational and makes
|
||||
sure that the minimal initialization has been done. This is far
|
||||
from a perfect solution and hides problems with an improper
|
||||
@@ -671,8 +694,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
|
||||
case GCRYCTL_FIPS_MODE_P:
|
||||
if (fips_mode ()
|
||||
@ -230,7 +46,7 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||
break;
|
||||
|
||||
@@ -749,9 +771,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
break;
|
||||
|
||||
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
||||
@ -242,15 +58,3 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||
_gcry_set_preferred_rng_type (0);
|
||||
_gcry_set_enforced_fips_mode ();
|
||||
}
|
||||
diff -up libgcrypt-1.8.3/src/g10lib.h.fips-ctor libgcrypt-1.8.3/src/g10lib.h
|
||||
--- libgcrypt-1.8.3/src/g10lib.h.fips-ctor 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/src/g10lib.h 2018-07-12 13:24:54.089403030 +0200
|
||||
@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||
|
||||
/*-- fips.c --*/
|
||||
|
||||
+void _gcry_initialize_fsm_lock (void);
|
||||
+
|
||||
void _gcry_initialize_fips_mode (int force);
|
||||
|
||||
int _gcry_fips_mode (void);
|
||||
|
@ -1,101 +0,0 @@
|
||||
diff -up libgcrypt-1.8.3/random/random.c.getrandom libgcrypt-1.8.3/random/random.c
|
||||
--- libgcrypt-1.8.3/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/random/random.c 2018-07-10 15:38:34.303855808 +0200
|
||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||
unsigned int result = 0;
|
||||
|
||||
fp = fopen (fname, "r");
|
||||
- if (!fp)
|
||||
- return result;
|
||||
+ if (!fp) /* We make only_urandom the default. */
|
||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||
|
||||
for (;;)
|
||||
{
|
||||
diff -up libgcrypt-1.8.3/random/random-csprng.c.getrandom libgcrypt-1.8.3/random/random-csprng.c
|
||||
--- libgcrypt-1.8.3/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/random/random-csprng.c 2018-06-14 16:31:04.731179208 +0200
|
||||
@@ -55,6 +55,10 @@
|
||||
#ifdef __MINGW32__
|
||||
#include <process.h>
|
||||
#endif
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
+# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
+#endif
|
||||
#include "g10lib.h"
|
||||
#include "random.h"
|
||||
#include "rand-internal.h"
|
||||
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||
enum random_origins, size_t, int);
|
||||
|
||||
#if USE_RNDLINUX
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ long ret;
|
||||
+ char buffer[1];
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret != -1 || errno != ENOSYS)
|
||||
+ {
|
||||
+ fnc = _gcry_rndlinux_gather_random;
|
||||
+ return fnc;
|
||||
+ }
|
||||
+ else
|
||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||
+#endif
|
||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||
{
|
||||
diff -up libgcrypt-1.8.3/random/rndlinux.c.getrandom libgcrypt-1.8.3/random/rndlinux.c
|
||||
--- libgcrypt-1.8.3/random/rndlinux.c.getrandom 2018-06-14 16:31:04.722178971 +0200
|
||||
+++ libgcrypt-1.8.3/random/rndlinux.c 2018-07-10 15:55:03.301075155 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <poll.h>
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
#endif
|
||||
|
||||
#include "types.h"
|
||||
@@ -204,6 +205,18 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
if (fd_urandom == -1)
|
||||
{
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ long ret;
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||
+ fd_urandom = -2;
|
||||
+ else
|
||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||
+#endif
|
||||
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||
ever_opened |= 2;
|
||||
}
|
||||
@@ -230,7 +243,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
* syscall and not a new device and thus we are not able to use
|
||||
* select(2) to have a timeout. */
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
- if (fd == fd_urandom)
|
||||
+ if (fd == -2)
|
||||
{
|
||||
long ret;
|
||||
size_t nbytes;
|
||||
@@ -246,9 +259,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
_gcry_post_syscall ();
|
||||
}
|
||||
while (ret == -1 && errno == EINTR);
|
||||
- if (ret == -1 && errno == ENOSYS)
|
||||
- ; /* The syscall is not supported - fallback to /dev/urandom. */
|
||||
- else
|
||||
+ if (1)
|
||||
{ /* The syscall is supported. Some sanity checks. */
|
||||
if (ret == -1)
|
||||
log_fatal ("unexpected error from getrandom: %s\n",
|
@ -1,12 +1,18 @@
|
||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
|
||||
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2018-11-01 15:40:36.051865535 +0100
|
||||
+++ libgcrypt-1.8.3/cipher/md.c 2019-06-03 11:50:21.435401753 +0200
|
||||
@@ -409,7 +409,7 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
|
||||
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||
}
|
||||
|
||||
|
||||
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||
+ if (!err && !spec->flags.fips && fips_mode ())
|
||||
{
|
||||
- _gcry_inactivate_fips_mode ("MD5 used");
|
||||
if (_gcry_enforced_fips_mode () )
|
||||
{
|
||||
- /* We should never get to here because we do not register
|
||||
- MD5 in enforced fips mode. But better throw an error. */
|
||||
err = GPG_ERR_DIGEST_ALGO;
|
||||
}
|
||||
}
|
||||
|
65
SOURCES/libgcrypt-1.8.4-fips-keygen.patch
Normal file
65
SOURCES/libgcrypt-1.8.4-fips-keygen.patch
Normal file
@ -0,0 +1,65 @@
|
||||
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
||||
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- else
|
||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
||||
+ else if (!domain->p || !domain->q)
|
||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||
+ initial_seed.seed,
|
||||
+ initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen, NULL);
|
||||
+ else
|
||||
+ {
|
||||
+ /* Domain parameters p and q are given; use them. */
|
||||
+ prime_p = mpi_copy (domain->p);
|
||||
+ prime_q = mpi_copy (domain->q);
|
||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||
+ ec = 0;
|
||||
+ }
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
sexp_release (domainsexp);
|
||||
|
||||
- /* Check that all domain parameters are available. */
|
||||
- if (!domain.p || !domain.q || !domain.g)
|
||||
+ /* Check that p and q domain parameters are available. */
|
||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||
{
|
||||
_gcry_mpi_release (domain.p);
|
||||
_gcry_mpi_release (domain.q);
|
||||
_gcry_mpi_release (domain.g);
|
||||
- sexp_release (deriveparms);
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
|
||||
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
|
||||
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||
|
||||
if (nbits < 1024 || (nbits & 0x1FF))
|
||||
return GPG_ERR_INV_VALUE;
|
||||
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||
+ if (fips_mode() && nbits < 2048)
|
||||
return GPG_ERR_INV_VALUE;
|
||||
|
||||
/* The random quality depends on the transient_key flag. */
|
||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
|
||||
- if (e_value == 1) /* Alias for a secure value. */
|
||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
184
SOURCES/libgcrypt-1.8.4-tests-fipsmode.patch
Normal file
184
SOURCES/libgcrypt-1.8.4-tests-fipsmode.patch
Normal file
@ -0,0 +1,184 @@
|
||||
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
|
||||
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
|
||||
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
|
||||
@@ -6964,7 +6964,7 @@ check_ciphers (void)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
|
||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
||||
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
||||
@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
|
||||
check_cfb_cipher ();
|
||||
check_ofb_cipher ();
|
||||
check_ccm_cipher ();
|
||||
- check_gcm_cipher ();
|
||||
- check_poly1305_cipher ();
|
||||
- check_ocb_cipher ();
|
||||
+ if (!in_fips_mode)
|
||||
+ {
|
||||
+ check_gcm_cipher ();
|
||||
+ check_poly1305_cipher ();
|
||||
+ check_ocb_cipher ();
|
||||
+ }
|
||||
check_xts_cipher ();
|
||||
- check_gost28147_cipher ();
|
||||
+ if (!in_fips_mode)
|
||||
+ {
|
||||
+ check_gost28147_cipher ();
|
||||
+ }
|
||||
check_stream_cipher ();
|
||||
check_stream_cipher_large_block ();
|
||||
|
||||
@@ -10001,7 +10007,7 @@ check_mac (void)
|
||||
show_mac_not_available (algos[i].algo);
|
||||
continue;
|
||||
}
|
||||
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
|
||||
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
|
||||
{
|
||||
if (verbose)
|
||||
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
|
||||
/* If we are in fips mode do some more tests. */
|
||||
gcry_md_hd_t md;
|
||||
|
||||
- /* First trigger a self-test. */
|
||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
||||
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
fail ("not in operational state after self-test\n");
|
||||
|
||||
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
|
||||
gcry_md_close (md);
|
||||
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
fail ("expected error state but still in operational state\n");
|
||||
- else
|
||||
- {
|
||||
- /* Now run a self-test and to get back into
|
||||
- operational state. */
|
||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
||||
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||
- fail ("did not reach operational after error "
|
||||
- "and self-test\n");
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
|
||||
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
|
||||
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
|
||||
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|
||||
|| (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
|
||||
continue;
|
||||
|
||||
- if (modes[modeidx].req_blocksize > 0
|
||||
- && blklen != modes[modeidx].req_blocksize)
|
||||
+ if ((modes[modeidx].req_blocksize > 0
|
||||
+ && blklen != modes[modeidx].req_blocksize)
|
||||
+ || (in_fips_mode
|
||||
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
||||
{
|
||||
printf (" %7s %7s", "-", "-" );
|
||||
continue;
|
||||
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
|
||||
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
|
||||
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
|
||||
return;
|
||||
|
||||
/* GCM has restrictions for block-size */
|
||||
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
|
||||
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
|
||||
return;
|
||||
|
||||
/* XTS has restrictions for block-size */
|
||||
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
|
||||
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
|
||||
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
||||
rc = gcry_sexp_new
|
||||
(&key_spec,
|
||||
"(genkey (dsa (transient-key)(domain"
|
||||
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
|
||||
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
|
||||
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
|
||||
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
|
||||
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
|
||||
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
|
||||
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
|
||||
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
|
||||
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
|
||||
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
||||
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
||||
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
||||
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
||||
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
||||
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
||||
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
||||
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
||||
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
||||
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
||||
+ " 2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
||||
+ " 7441a0a5#)"
|
||||
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
||||
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
||||
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
||||
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
|
||||
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
||||
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
||||
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
||||
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
||||
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
||||
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
||||
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
")))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||
" (use-fips186)"
|
||||
" (transient-key)"
|
||||
" (derive-parms"
|
||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||
0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
|
||||
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
|
||||
@@ -560,6 +560,9 @@ main (int argc, char **argv)
|
||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||
+ /* Curve25519 isn't supported in fips mode */
|
||||
+ if (gcry_fips_mode_active())
|
||||
+ return 77;
|
||||
|
||||
start_timer ();
|
||||
check_cv25519 ();
|
||||
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
|
||||
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
|
||||
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
|
||||
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
||||
xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
|
||||
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||
+ if (!gcry_fips_mode_active ())
|
||||
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||
|
||||
/* Libgcrypt prints a warning when the first overflow is allocated;
|
||||
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
||||
|
||||
|
||||
test_secmem ();
|
||||
- test_secmem_overflow ();
|
||||
+ if (!gcry_fips_mode_active ())
|
||||
+ test_secmem_overflow ();
|
||||
/* FIXME: We need to improve the tests, for example by registering
|
||||
* our own log handler and comparing the output of
|
||||
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */
|
@ -1,6 +1,6 @@
|
||||
diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndlinux.c
|
||||
--- libgcrypt-1.8.0/random/rndlinux.c.use-poll 2017-06-24 13:34:29.000000000 +0200
|
||||
+++ libgcrypt-1.8.0/random/rndlinux.c 2017-08-15 15:37:37.604629377 +0200
|
||||
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
|
||||
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
|
||||
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
@ -9,7 +9,7 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
# include <sys/syscall.h>
|
||||
#endif
|
||||
@@ -216,9 +217,8 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
return with something we will actually use 100ms. */
|
||||
while (length)
|
||||
{
|
||||
@ -18,9 +18,9 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
|
||||
int rc;
|
||||
+ struct pollfd pfd;
|
||||
|
||||
/* If we have a modern Linux kernel and we want to read from the
|
||||
* the non-blocking /dev/urandom, we first try to use the new
|
||||
@@ -276,36 +276,25 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
/* If we have a modern Linux kernel, we first try to use the new
|
||||
* getrandom syscall. That call guarantees that the kernel's
|
||||
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
any_need_entropy = 1;
|
||||
}
|
||||
|
8156
SOURCES/libgcrypt-1.8.5-aes-perf.patch
Normal file
8156
SOURCES/libgcrypt-1.8.5-aes-perf.patch
Normal file
File diff suppressed because it is too large
Load Diff
14
SOURCES/libgcrypt-1.8.5-build.patch
Normal file
14
SOURCES/libgcrypt-1.8.5-build.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -up libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S
|
||||
--- libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S 2020-01-30 17:26:12.026404286 +0100
|
||||
@@ -87,9 +87,8 @@ _gcry_poly1305_armv7_neon_init_ext:
|
||||
.Lpoly1305_init_ext_neon_local:
|
||||
stmfd sp!, {r4-r11, lr}
|
||||
sub sp, sp, #32
|
||||
- mov r14, r2
|
||||
+ mov r14, #-1
|
||||
and r2, r2, r2
|
||||
- moveq r14, #-1
|
||||
UNALIGNED_LDMIA4(r1, r2, r3, r4, r5)
|
||||
GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8)
|
||||
mov r6, r2
|
139
SOURCES/libgcrypt-1.8.5-fips-module.patch
Normal file
139
SOURCES/libgcrypt-1.8.5-fips-module.patch
Normal file
@ -0,0 +1,139 @@
|
||||
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
|
||||
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
|
||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
|
||||
@@ -35,10 +35,6 @@
|
||||
#include "hmac256.h"
|
||||
|
||||
|
||||
-/* The name of the file used to force libgcrypt into fips mode. */
|
||||
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||
-
|
||||
-
|
||||
/* The states of the finite state machine used in fips mode. */
|
||||
enum module_states
|
||||
{
|
||||
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
- /* For testing the system it is useful to override the system
|
||||
- provided detection of the FIPS mode and force FIPS mode using a
|
||||
- file. The filename is hardwired so that there won't be any
|
||||
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||
- actually used. The file itself may be empty. */
|
||||
- if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||
- {
|
||||
- gcry_assert (!no_fips_mode_required);
|
||||
- goto leave;
|
||||
- }
|
||||
-
|
||||
- /* Checking based on /proc file properties. */
|
||||
- {
|
||||
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||
- FILE *fp;
|
||||
- int saved_errno;
|
||||
-
|
||||
- fp = fopen (procfname, "r");
|
||||
- if (fp)
|
||||
- {
|
||||
- char line[256];
|
||||
-
|
||||
- if (fgets (line, sizeof line, fp) && atoi (line))
|
||||
- {
|
||||
- /* System is in fips mode. */
|
||||
- fclose (fp);
|
||||
- gcry_assert (!no_fips_mode_required);
|
||||
- goto leave;
|
||||
- }
|
||||
- fclose (fp);
|
||||
- }
|
||||
- else if ((saved_errno = errno) != ENOENT
|
||||
- && saved_errno != EACCES
|
||||
- && !access ("/proc/version", F_OK) )
|
||||
- {
|
||||
- /* Problem reading the fips file despite that we have the proc
|
||||
- file system. We better stop right away. */
|
||||
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||
- procfname, strerror (saved_errno));
|
||||
-#ifdef HAVE_SYSLOG
|
||||
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
- "reading `%s' failed: %s - abort",
|
||||
- procfname, strerror (saved_errno));
|
||||
-#endif /*HAVE_SYSLOG*/
|
||||
- abort ();
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/* Fips not not requested, set flag. */
|
||||
no_fips_mode_required = 1;
|
||||
|
||||
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
|
||||
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
|
||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
|
||||
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||
|
||||
/*-- fips.c --*/
|
||||
|
||||
+/* The name of the file used to force libgcrypt into fips mode. */
|
||||
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||
+
|
||||
void _gcry_initialize_fips_mode (int force);
|
||||
|
||||
int _gcry_fips_mode (void);
|
||||
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
|
||||
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
|
||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
|
||||
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
|
||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
if (rv < 0 && errno != ENOENT)
|
||||
rv = 0;
|
||||
+
|
||||
+ /* For testing the system it is useful to override the system
|
||||
+ provided detection of the FIPS mode and force FIPS mode using a
|
||||
+ file. The filename is hardwired so that there won't be any
|
||||
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||
+ actually used. The file itself may be empty. */
|
||||
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||
+ {
|
||||
+ rv = 0;
|
||||
+ force_fips_mode = 1;
|
||||
+ }
|
||||
+
|
||||
+ /* Checking based on /proc file properties. */
|
||||
+ {
|
||||
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||
+ FILE *fp;
|
||||
+ int saved_errno;
|
||||
+
|
||||
+ fp = fopen (procfname, "r");
|
||||
+ if (fp)
|
||||
+ {
|
||||
+ char line[256];
|
||||
+
|
||||
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
||||
+ {
|
||||
+ /* System is in fips mode. */
|
||||
+ rv = 0;
|
||||
+ force_fips_mode = 1;
|
||||
+ }
|
||||
+ fclose (fp);
|
||||
+ }
|
||||
+ else if ((saved_errno = errno) != ENOENT
|
||||
+ && saved_errno != EACCES
|
||||
+ && !access ("/proc/version", F_OK) )
|
||||
+ {
|
||||
+ /* Problem reading the fips file despite that we have the proc
|
||||
+ file system. We better stop right away. */
|
||||
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||
+ procfname, strerror (saved_errno));
|
||||
+#ifdef HAVE_SYSLOG
|
||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||
+ "reading `%s' failed: %s - abort",
|
||||
+ procfname, strerror (saved_errno));
|
||||
+#endif /*HAVE_SYSLOG*/
|
||||
+ abort ();
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (!rv)
|
||||
{
|
285
SOURCES/libgcrypt-1.8.5-getrandom.patch
Normal file
285
SOURCES/libgcrypt-1.8.5-getrandom.patch
Normal file
@ -0,0 +1,285 @@
|
||||
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
|
||||
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
|
||||
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
|
||||
|
||||
/*-- random-csprng.c --*/
|
||||
void _gcry_rngcsprng_initialize (int full);
|
||||
+void _gcry_rngcsprng_deinit (void);
|
||||
void _gcry_rngcsprng_close_fds (void);
|
||||
void _gcry_rngcsprng_dump_stats (void);
|
||||
void _gcry_rngcsprng_secure_alloc (void);
|
||||
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
|
||||
|
||||
/*-- random-drbg.c --*/
|
||||
void _gcry_rngdrbg_inititialize (int full);
|
||||
+void _gcry_rngdrbg_deinit (void);
|
||||
void _gcry_rngdrbg_close_fds (void);
|
||||
void _gcry_rngdrbg_dump_stats (void);
|
||||
int _gcry_rngdrbg_is_faked (void);
|
||||
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
|
||||
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
|
||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||
unsigned int result = 0;
|
||||
|
||||
fp = fopen (fname, "r");
|
||||
- if (!fp)
|
||||
- return result;
|
||||
+ if (!fp) /* We make only_urandom the default. */
|
||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||
|
||||
for (;;)
|
||||
{
|
||||
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
|
||||
}
|
||||
|
||||
|
||||
+/* Deinitialize this random subsystem. */
|
||||
+void
|
||||
+_gcry_random_deinit (void)
|
||||
+{
|
||||
+ if (fips_mode ())
|
||||
+ _gcry_rngdrbg_deinit ();
|
||||
+ else if (rng_types.standard)
|
||||
+ _gcry_rngcsprng_deinit ();
|
||||
+ else if (rng_types.fips)
|
||||
+ _gcry_rngdrbg_deinit ();
|
||||
+ else
|
||||
+ _gcry_rngcsprng_deinit ();
|
||||
+ /* not needed for system */
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* If possible close file descriptors used by the RNG. */
|
||||
void
|
||||
_gcry_random_close_fds (void)
|
||||
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
|
||||
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
|
||||
@@ -55,6 +55,10 @@
|
||||
#ifdef __MINGW32__
|
||||
#include <process.h>
|
||||
#endif
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
+# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
+#endif
|
||||
#include "g10lib.h"
|
||||
#include "random.h"
|
||||
#include "rand-internal.h"
|
||||
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
|
||||
}
|
||||
|
||||
|
||||
+void
|
||||
+_gcry_rngcsprng_deinit (void)
|
||||
+{
|
||||
+ lock_pool();
|
||||
+ pool_writepos = 0;
|
||||
+ pool_readpos = 0;
|
||||
+ pool_filled = 0;
|
||||
+ pool_filled_counter = 0;
|
||||
+ did_initial_extra_seeding = 0;
|
||||
+ pool_balance = 0;
|
||||
+ just_mixed = 0;
|
||||
+ unlock_pool();
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* Try to close the FDs of the random gather module. This is
|
||||
currently only implemented for rndlinux. */
|
||||
void
|
||||
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||
enum random_origins, size_t, int);
|
||||
|
||||
#if USE_RNDLINUX
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ long ret;
|
||||
+ char buffer[1];
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret != -1 || errno != ENOSYS)
|
||||
+ {
|
||||
+ fnc = _gcry_rndlinux_gather_random;
|
||||
+ return fnc;
|
||||
+ }
|
||||
+ else
|
||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||
+#endif
|
||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||
{
|
||||
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
|
||||
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
|
||||
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Deinitialize the DRBG invoked by the libgcrypt API
|
||||
+ * It will be automatically re-initialized on next call
|
||||
+ */
|
||||
+void
|
||||
+_gcry_rngdrbg_deinit (void)
|
||||
+{
|
||||
+ drbg_lock ();
|
||||
+ if (drbg_state)
|
||||
+ {
|
||||
+ drbg_uninstantiate (drbg_state);
|
||||
+ drbg_state = NULL;
|
||||
+ }
|
||||
+ drbg_unlock ();
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Backend handler function for GCRYCTL_DRBG_REINIT
|
||||
*
|
||||
* Select a different DRBG type and initialize it.
|
||||
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
|
||||
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
|
||||
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
|
||||
|
||||
void _gcry_set_preferred_rng_type (int type);
|
||||
void _gcry_random_initialize (int full);
|
||||
+void _gcry_random_deinit (void);
|
||||
void _gcry_random_close_fds (void);
|
||||
int _gcry_get_rng_type (int ignore_fips_mode);
|
||||
void _gcry_random_dump_stats(void);
|
||||
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
|
||||
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
|
||||
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <poll.h>
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
# include <sys/syscall.h>
|
||||
+# include <linux/random.h>
|
||||
#endif
|
||||
|
||||
#include "types.h"
|
||||
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
if (!add)
|
||||
{
|
||||
/* Special mode to close the descriptors. */
|
||||
- if (fd_random != -1)
|
||||
+ if (fd_random >= 0)
|
||||
{
|
||||
close (fd_random);
|
||||
fd_random = -1;
|
||||
}
|
||||
- if (fd_urandom != -1)
|
||||
+ if (fd_urandom >= 0)
|
||||
{
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
apid = getpid ();
|
||||
if (my_pid != apid)
|
||||
{
|
||||
- if (fd_random != -1)
|
||||
+ if (fd_random >= 0)
|
||||
{
|
||||
close (fd_random);
|
||||
fd_random = -1;
|
||||
}
|
||||
- if (fd_urandom != -1)
|
||||
+ if (fd_urandom >= 0)
|
||||
{
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
|
||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
|
||||
+ {
|
||||
+ long ret;
|
||||
+
|
||||
+ _gcry_pre_syscall ();
|
||||
+ ret = syscall (__NR_getrandom,
|
||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||
+ _gcry_post_syscall ();
|
||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||
+ {
|
||||
+ fd_urandom = -2;
|
||||
+ fd_random = -2;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
|
||||
{
|
||||
if (fd_random == -1)
|
||||
{
|
||||
@@ -255,6 +272,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
* syscall and not a new device and thus we are not able to use
|
||||
* select(2) to have a timeout. */
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||
+ if (fd == -2)
|
||||
{
|
||||
long ret;
|
||||
size_t nbytes;
|
||||
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
_gcry_post_syscall ();
|
||||
}
|
||||
while (ret == -1 && errno == EINTR);
|
||||
- if (ret == -1 && errno == ENOSYS)
|
||||
- ; /* The syscall is not supported - fallback to pulling from fd. */
|
||||
- else
|
||||
+ if (1)
|
||||
{ /* The syscall is supported. Some sanity checks. */
|
||||
if (ret == -1)
|
||||
log_fatal ("unexpected error from getrandom: %s\n",
|
||||
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
|
||||
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
|
||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
|
||||
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
|
||||
void _gcry_fips_noreturn (void);
|
||||
#define fips_noreturn() (_gcry_fips_noreturn ())
|
||||
|
||||
-
|
||||
+int _gcry_in_constructor (void);
|
||||
|
||||
#endif /* G10LIB_H */
|
||||
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
|
||||
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
|
||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
|
||||
@@ -145,10 +145,18 @@ global_init (void)
|
||||
#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||
#endif
|
||||
|
||||
+static int in_constructor = 0;
|
||||
+
|
||||
+int _gcry_in_constructor(void)
|
||||
+{
|
||||
+ return in_constructor;
|
||||
+}
|
||||
+
|
||||
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||
{
|
||||
int rv;
|
||||
|
||||
+ in_constructor = 1;
|
||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||
if (rv < 0 && errno != ENOENT)
|
||||
rv = 0;
|
||||
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
|
||||
/* force selftests */
|
||||
global_init();
|
||||
_gcry_fips_run_selftests (0);
|
||||
- if (!fips_mode())
|
||||
- _gcry_random_close_fds ();
|
||||
+ _gcry_random_close_fds ();
|
||||
+ _gcry_random_deinit ();
|
||||
no_secure_memory = no_secmem_save;
|
||||
}
|
||||
+
|
||||
+ in_constructor = 0;
|
||||
}
|
||||
|
||||
/* This function is called by the macro fips_is_operational and makes
|
348
SOURCES/libgcrypt-1.8.5-intel-cet.patch
Normal file
348
SOURCES/libgcrypt-1.8.5-intel-cet.patch
Normal file
@ -0,0 +1,348 @@
|
||||
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S 2020-01-23 15:36:44.148972045 +0100
|
||||
@@ -18,8 +18,9 @@
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
-#ifdef __x86_64
|
||||
#include <config.h>
|
||||
+
|
||||
+#ifdef __x86_64
|
||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
||||
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
|
||||
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S 2020-01-23 15:36:44.145972088 +0100
|
||||
@@ -18,8 +18,9 @@
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
-#ifdef __x86_64
|
||||
#include <config.h>
|
||||
+
|
||||
+#ifdef __x86_64
|
||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
||||
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
|
||||
diff -up libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S 2020-01-23 15:36:16.780250066 +0100
|
||||
@@ -48,6 +48,9 @@
|
||||
.globl _gcry_chacha20_amd64_avx2_blocks
|
||||
ELF(.type _gcry_chacha20_amd64_avx2_blocks,@function;)
|
||||
_gcry_chacha20_amd64_avx2_blocks:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lchacha_blocks_avx2_local:
|
||||
vzeroupper
|
||||
pushq %rbx
|
||||
diff -up libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S 2020-01-23 15:36:16.783250095 +0100
|
||||
@@ -41,6 +41,9 @@
|
||||
.globl _gcry_chacha20_amd64_sse2_blocks
|
||||
ELF(.type _gcry_chacha20_amd64_sse2_blocks,@function;)
|
||||
_gcry_chacha20_amd64_sse2_blocks:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lchacha_blocks_sse2_local:
|
||||
pushq %rbx
|
||||
pushq %rbp
|
||||
diff -up libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S 2020-01-23 15:36:16.784250105 +0100
|
||||
@@ -43,6 +43,9 @@
|
||||
.globl _gcry_poly1305_amd64_avx2_init_ext
|
||||
ELF(.type _gcry_poly1305_amd64_avx2_init_ext,@function;)
|
||||
_gcry_poly1305_amd64_avx2_init_ext:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_init_ext_avx2_local:
|
||||
xor %edx, %edx
|
||||
vzeroupper
|
||||
@@ -406,6 +409,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_init
|
||||
.globl _gcry_poly1305_amd64_avx2_blocks
|
||||
ELF(.type _gcry_poly1305_amd64_avx2_blocks,@function;)
|
||||
_gcry_poly1305_amd64_avx2_blocks:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_blocks_avx2_local:
|
||||
vzeroupper
|
||||
pushq %rbp
|
||||
@@ -732,6 +738,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_bloc
|
||||
.globl _gcry_poly1305_amd64_avx2_finish_ext
|
||||
ELF(.type _gcry_poly1305_amd64_avx2_finish_ext,@function;)
|
||||
_gcry_poly1305_amd64_avx2_finish_ext:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_finish_ext_avx2_local:
|
||||
vzeroupper
|
||||
pushq %rbp
|
||||
diff -up libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S 2020-01-23 15:36:16.787250134 +0100
|
||||
@@ -42,6 +42,9 @@
|
||||
.globl _gcry_poly1305_amd64_sse2_init_ext
|
||||
ELF(.type _gcry_poly1305_amd64_sse2_init_ext,@function;)
|
||||
_gcry_poly1305_amd64_sse2_init_ext:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_init_ext_x86_local:
|
||||
xor %edx, %edx
|
||||
pushq %r12
|
||||
@@ -288,6 +291,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_init
|
||||
.globl _gcry_poly1305_amd64_sse2_finish_ext
|
||||
ELF(.type _gcry_poly1305_amd64_sse2_finish_ext,@function;)
|
||||
_gcry_poly1305_amd64_sse2_finish_ext:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_finish_ext_x86_local:
|
||||
pushq %rbp
|
||||
movq %rsp, %rbp
|
||||
@@ -439,6 +445,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_fini
|
||||
.globl _gcry_poly1305_amd64_sse2_blocks
|
||||
ELF(.type _gcry_poly1305_amd64_sse2_blocks,@function;)
|
||||
_gcry_poly1305_amd64_sse2_blocks:
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
.Lpoly1305_blocks_x86_local:
|
||||
pushq %rbp
|
||||
movq %rsp, %rbp
|
||||
diff -up libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S
|
||||
--- libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S 2020-01-23 15:36:44.151972003 +0100
|
||||
@@ -18,8 +18,9 @@
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
-#ifdef __x86_64
|
||||
#include <config.h>
|
||||
+
|
||||
+#ifdef __x86_64
|
||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) && \
|
||||
defined(ENABLE_AVX2_SUPPORT)
|
||||
diff -up libgcrypt-1.8.5/configure.ac.intel-cet libgcrypt-1.8.5/configure.ac
|
||||
--- libgcrypt-1.8.5/configure.ac.intel-cet 2019-08-29 15:00:08.000000000 +0200
|
||||
+++ libgcrypt-1.8.5/configure.ac 2020-01-23 15:35:28.147774463 +0100
|
||||
@@ -95,6 +95,12 @@ AH_TOP([
|
||||
AH_BOTTOM([
|
||||
#define _GCRYPT_IN_LIBGCRYPT 1
|
||||
|
||||
+/* Add .note.gnu.property section for Intel CET in assembler sources
|
||||
+ when CET is enabled. */
|
||||
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
||||
+# include <cet.h>
|
||||
+#endif
|
||||
+
|
||||
/* If the configure check for endianness has been disabled, get it from
|
||||
OS macros. This is intended for making fat binary builds on OS X. */
|
||||
#ifdef DISABLED_ENDIAN_CHECK
|
||||
diff -up libgcrypt-1.8.5/mpi/config.links.intel-cet libgcrypt-1.8.5/mpi/config.links
|
||||
--- libgcrypt-1.8.5/mpi/config.links.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/mpi/config.links 2020-01-23 15:35:46.398952954 +0100
|
||||
@@ -382,6 +382,16 @@ if test x"$mpi_cpu_arch" = x ; then
|
||||
mpi_cpu_arch="unknown"
|
||||
fi
|
||||
|
||||
+# Add .note.gnu.property section for Intel CET in assembler sources
|
||||
+# when CET is enabled. */
|
||||
+if test x"$mpi_cpu_arch" = xx86 ; then
|
||||
+ cat <<EOF >> ./mpi/asm-syntax.h
|
||||
+
|
||||
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
||||
+# include <cet.h>
|
||||
+#endif
|
||||
+EOF
|
||||
+fi
|
||||
|
||||
# Make sysdep.h
|
||||
echo '/* created by config.links - do not edit */' >./mpi/sysdep.h
|
||||
diff -up libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-add1.S
|
||||
--- libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/mpi/i386/mpih-add1.S 2020-01-23 15:37:40.470175379 +0100
|
||||
@@ -52,6 +52,10 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
||||
movl 20(%esp),%edx /* s2_ptr */
|
||||
movl 24(%esp),%ecx /* size */
|
||||
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ pushl %ebx
|
||||
+#endif
|
||||
+
|
||||
movl %ecx,%eax
|
||||
shrl $3,%ecx /* compute count for unrolled loop */
|
||||
negl %eax
|
||||
@@ -63,6 +67,9 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
||||
subl %eax,%esi /* ... by a constant when we ... */
|
||||
subl %eax,%edx /* ... enter the loop */
|
||||
shrl $2,%eax /* restore previous value */
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
||||
+#endif
|
||||
#ifdef PIC
|
||||
/* Calculate start address in loop for PIC. Due to limitations in some
|
||||
assemblers, Loop-L0-3 cannot be put into the leal */
|
||||
@@ -75,29 +82,53 @@ L0: leal (%eax,%eax,8),%eax
|
||||
/* Calculate start address in loop for non-PIC. */
|
||||
leal (Loop - 3)(%eax,%eax,8),%eax
|
||||
#endif
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ addl %ebx,%eax /* Adjust for endbr32 */
|
||||
+#endif
|
||||
jmp *%eax /* jump into loop */
|
||||
ALIGN (3)
|
||||
Loop: movl (%esi),%eax
|
||||
adcl (%edx),%eax
|
||||
movl %eax,(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 4(%esi),%eax
|
||||
adcl 4(%edx),%eax
|
||||
movl %eax,4(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 8(%esi),%eax
|
||||
adcl 8(%edx),%eax
|
||||
movl %eax,8(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 12(%esi),%eax
|
||||
adcl 12(%edx),%eax
|
||||
movl %eax,12(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 16(%esi),%eax
|
||||
adcl 16(%edx),%eax
|
||||
movl %eax,16(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 20(%esi),%eax
|
||||
adcl 20(%edx),%eax
|
||||
movl %eax,20(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 24(%esi),%eax
|
||||
adcl 24(%edx),%eax
|
||||
movl %eax,24(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 28(%esi),%eax
|
||||
adcl 28(%edx),%eax
|
||||
movl %eax,28(%edi)
|
||||
@@ -110,6 +141,10 @@ Loop: movl (%esi),%eax
|
||||
sbbl %eax,%eax
|
||||
negl %eax
|
||||
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ popl %ebx
|
||||
+#endif
|
||||
+
|
||||
popl %esi
|
||||
popl %edi
|
||||
ret
|
||||
diff -up libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-sub1.S
|
||||
--- libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/mpi/i386/mpih-sub1.S 2020-01-23 15:37:40.472175351 +0100
|
||||
@@ -53,6 +53,10 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
||||
movl 20(%esp),%edx /* s2_ptr */
|
||||
movl 24(%esp),%ecx /* size */
|
||||
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ pushl %ebx
|
||||
+#endif
|
||||
+
|
||||
movl %ecx,%eax
|
||||
shrl $3,%ecx /* compute count for unrolled loop */
|
||||
negl %eax
|
||||
@@ -64,6 +68,9 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
||||
subl %eax,%esi /* ... by a constant when we ... */
|
||||
subl %eax,%edx /* ... enter the loop */
|
||||
shrl $2,%eax /* restore previous value */
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
||||
+#endif
|
||||
#ifdef PIC
|
||||
/* Calculate start address in loop for PIC. Due to limitations in some
|
||||
assemblers, Loop-L0-3 cannot be put into the leal */
|
||||
@@ -76,29 +83,53 @@ L0: leal (%eax,%eax,8),%eax
|
||||
/* Calculate start address in loop for non-PIC. */
|
||||
leal (Loop - 3)(%eax,%eax,8),%eax
|
||||
#endif
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ addl %ebx,%eax /* Adjust for endbr32 */
|
||||
+#endif
|
||||
jmp *%eax /* jump into loop */
|
||||
ALIGN (3)
|
||||
Loop: movl (%esi),%eax
|
||||
sbbl (%edx),%eax
|
||||
movl %eax,(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 4(%esi),%eax
|
||||
sbbl 4(%edx),%eax
|
||||
movl %eax,4(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 8(%esi),%eax
|
||||
sbbl 8(%edx),%eax
|
||||
movl %eax,8(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 12(%esi),%eax
|
||||
sbbl 12(%edx),%eax
|
||||
movl %eax,12(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 16(%esi),%eax
|
||||
sbbl 16(%edx),%eax
|
||||
movl %eax,16(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 20(%esi),%eax
|
||||
sbbl 20(%edx),%eax
|
||||
movl %eax,20(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 24(%esi),%eax
|
||||
sbbl 24(%edx),%eax
|
||||
movl %eax,24(%edi)
|
||||
+#ifdef _CET_ENDBR
|
||||
+ _CET_ENDBR
|
||||
+#endif
|
||||
movl 28(%esi),%eax
|
||||
sbbl 28(%edx),%eax
|
||||
movl %eax,28(%edi)
|
||||
@@ -111,6 +142,10 @@ Loop: movl (%esi),%eax
|
||||
sbbl %eax,%eax
|
||||
negl %eax
|
||||
|
||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||
+ popl %ebx
|
||||
+#endif
|
||||
+
|
||||
popl %esi
|
||||
popl %edi
|
||||
ret
|
158
SOURCES/libgcrypt-1.8.5-kdf-selftest.patch
Normal file
158
SOURCES/libgcrypt-1.8.5-kdf-selftest.patch
Normal file
@ -0,0 +1,158 @@
|
||||
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
|
||||
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/cipher/kdf.c 2020-06-15 18:14:26.494995669 +0200
|
||||
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
|
||||
leave:
|
||||
return ec;
|
||||
}
|
||||
+
|
||||
+
|
||||
+/* PBKDF2 selftests.
|
||||
+ * Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
|
||||
+ */
|
||||
+
|
||||
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
|
||||
+ * API. (passphrase,passphraselen) is the password to be derived,
|
||||
+ * (salt,saltlen) the salt for the key derivation,
|
||||
+ * iterations is the number of the kdf iterations,
|
||||
+ * and (expect,expectlen) the expected result. Returns NULL on
|
||||
+ * success or a string describing the failure. */
|
||||
+
|
||||
+static const char *
|
||||
+check_one (int algo,
|
||||
+ const void *passphrase, size_t passphraselen,
|
||||
+ const void *salt, size_t saltlen,
|
||||
+ unsigned long iterations,
|
||||
+ const void *expect, size_t expectlen)
|
||||
+{
|
||||
+ unsigned char key[512]; /* hardcoded to avoid allocation */
|
||||
+ size_t keysize = expectlen;
|
||||
+
|
||||
+ if (keysize > sizeof(key))
|
||||
+ return "invalid tests data";
|
||||
+
|
||||
+ if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
|
||||
+ algo, salt, saltlen, iterations,
|
||||
+ keysize, key))
|
||||
+ return "gcry_kdf_derive failed";
|
||||
+
|
||||
+ if (memcmp (key, expect, expectlen))
|
||||
+ return "does not match";
|
||||
+
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+static gpg_err_code_t
|
||||
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
|
||||
+{
|
||||
+ const char *what;
|
||||
+ const char *errtxt;
|
||||
+
|
||||
+ what = "Basic PBKDF2 SHA256";
|
||||
+ errtxt = check_one (GCRY_MD_SHA256,
|
||||
+ "password", 8,
|
||||
+ "salt", 4,
|
||||
+ 2,
|
||||
+ "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
|
||||
+ "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
|
||||
+ if (errtxt)
|
||||
+ goto failed;
|
||||
+
|
||||
+ if (extended)
|
||||
+ {
|
||||
+ what = "Extended PBKDF2 SHA256";
|
||||
+ errtxt = check_one (GCRY_MD_SHA256,
|
||||
+ "passwordPASSWORDpassword", 24,
|
||||
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
||||
+ 4096,
|
||||
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
|
||||
+ "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
|
||||
+ "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
|
||||
+ if (errtxt)
|
||||
+ goto failed;
|
||||
+ }
|
||||
+
|
||||
+ return 0; /* Succeeded. */
|
||||
+
|
||||
+ failed:
|
||||
+ if (report)
|
||||
+ report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
|
||||
+ return GPG_ERR_SELFTEST_FAILED;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
|
||||
+ reporting function REPORT. */
|
||||
+gpg_error_t
|
||||
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
|
||||
+{
|
||||
+ gcry_err_code_t ec = 0;
|
||||
+
|
||||
+ if (algo == GCRY_KDF_PBKDF2)
|
||||
+ {
|
||||
+ ec = run_pbkdf2_selftest (extended, report);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
|
||||
+ if (report)
|
||||
+ report ("kdf", algo, "module", "algorithm not available");
|
||||
+ }
|
||||
+ return gpg_error (ec);
|
||||
+}
|
||||
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
|
||||
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest 2020-06-15 18:03:25.785353036 +0200
|
||||
+++ libgcrypt-1.8.5/src/cipher-proto.h 2020-06-15 18:03:25.788353061 +0200
|
||||
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
|
||||
selftest_report_func_t report);
|
||||
gcry_error_t _gcry_cmac_selftest (int algo, int extended,
|
||||
selftest_report_func_t report);
|
||||
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
|
||||
+ selftest_report_func_t report);
|
||||
|
||||
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
|
||||
|
||||
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
|
||||
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest 2020-06-15 18:03:25.777352968 +0200
|
||||
+++ libgcrypt-1.8.5/src/fips.c 2020-06-15 18:08:40.651028096 +0200
|
||||
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
|
||||
return anyerr;
|
||||
}
|
||||
|
||||
+/* Run self-tests for all KDF algorithms. Return 0 on success. */
|
||||
+static int
|
||||
+run_kdf_selftests (int extended)
|
||||
+{
|
||||
+ static int algos[] =
|
||||
+ {
|
||||
+ GCRY_KDF_PBKDF2,
|
||||
+ 0
|
||||
+ };
|
||||
+ int idx;
|
||||
+ gpg_error_t err;
|
||||
+ int anyerr = 0;
|
||||
+
|
||||
+ for (idx=0; algos[idx]; idx++)
|
||||
+ {
|
||||
+ err = _gcry_kdf_selftest (algos[idx], extended, reporter);
|
||||
+ reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
|
||||
+ if (err)
|
||||
+ anyerr = 1;
|
||||
+ }
|
||||
+ return anyerr;
|
||||
+}
|
||||
+
|
||||
|
||||
/* Run self-tests for all required public key algorithms. Return 0 on
|
||||
success. */
|
||||
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
|
||||
if (run_mac_selftests (extended))
|
||||
goto leave;
|
||||
|
||||
+ if (run_kdf_selftests (extended))
|
||||
+ goto leave;
|
||||
+
|
||||
/* Run random tests before the pubkey tests because the latter
|
||||
require random. */
|
||||
if (run_random_selftests ())
|
@ -1,7 +1,7 @@
|
||||
diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
||||
--- libgcrypt-1.6.2/src/fips.c.use-fipscheck 2014-08-21 14:50:39.000000000 +0200
|
||||
+++ libgcrypt-1.6.2/src/fips.c 2014-09-26 11:42:20.999588282 +0200
|
||||
@@ -578,23 +578,50 @@ run_random_selftests (void)
|
||||
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
|
||||
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
|
||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
|
||||
@@ -581,23 +581,50 @@ run_random_selftests (void)
|
||||
return !!err;
|
||||
}
|
||||
|
||||
@ -57,7 +57,7 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
||||
key, strlen (key));
|
||||
if (dlen < 0)
|
||||
err = gpg_error_from_syserror ();
|
||||
@@ -602,7 +629,7 @@ check_binary_integrity (void)
|
||||
@@ -605,7 +632,7 @@ check_binary_integrity (void)
|
||||
err = gpg_error (GPG_ERR_INTERNAL);
|
||||
else
|
||||
{
|
||||
@ -66,7 +66,7 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
||||
if (!fname)
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
||||
@@ -611,7 +638,7 @@ check_binary_integrity (void)
|
||||
@@ -614,7 +641,7 @@ check_binary_integrity (void)
|
||||
char *p;
|
||||
|
||||
/* Prefix the basename with a dot. */
|
||||
@ -75,15 +75,15 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
||||
p = strrchr (fname, '/');
|
||||
if (p)
|
||||
p++;
|
||||
diff -up libgcrypt-1.6.2/src/Makefile.in.use-fipscheck libgcrypt-1.6.2/src/Makefile.in
|
||||
--- libgcrypt-1.6.2/src/Makefile.in.use-fipscheck 2014-08-21 15:14:08.000000000 +0200
|
||||
+++ libgcrypt-1.6.2/src/Makefile.in 2014-09-26 11:41:13.271059281 +0200
|
||||
@@ -449,7 +449,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
||||
diff -up libgcrypt-1.8.5/src/Makefile.am.use-fipscheck libgcrypt-1.8.5/src/Makefile.am
|
||||
--- libgcrypt-1.8.5/src/Makefile.am.use-fipscheck 2020-04-23 10:18:36.237764702 +0200
|
||||
+++ libgcrypt-1.8.5/src/Makefile.am 2020-04-23 10:19:03.186247455 +0200
|
||||
@@ -125,7 +125,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
||||
../cipher/libcipher.la \
|
||||
../random/librandom.la \
|
||||
../mpi/libmpi.la \
|
||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
||||
|
||||
|
||||
dumpsexp_SOURCES = dumpsexp.c
|
||||
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
|
@ -1,5 +1,5 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.8.3
|
||||
Version: 1.8.5
|
||||
Release: 4%{?dist}
|
||||
URL: http://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||
@ -18,13 +18,15 @@ Source6: t-mpi-point.c
|
||||
Source7: random.conf
|
||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||
# update on soname bump
|
||||
Patch2: libgcrypt-1.6.2-use-fipscheck.patch
|
||||
# fix tests in the FIPS mode, allow CAVS testing of DSA keygen
|
||||
Patch5: libgcrypt-1.8.0-tests.patch
|
||||
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
|
||||
# modify FIPS RSA and DSA keygen to comply with requirements
|
||||
Patch5: libgcrypt-1.8.4-fips-keygen.patch
|
||||
# fix the tests to work correctly in the FIPS mode
|
||||
Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
|
||||
# update the CAVS tests
|
||||
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
||||
# use poll instead of select when gathering randomness
|
||||
Patch11: libgcrypt-1.8.0-use-poll.patch
|
||||
Patch11: libgcrypt-1.8.4-use-poll.patch
|
||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
||||
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||
# fix tests to work with approved ECC
|
||||
@ -34,13 +36,23 @@ Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
||||
# Block some operations if in FIPS non-operational state
|
||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
||||
# Do not try to open /dev/urandom if getrandom() works
|
||||
Patch24: libgcrypt-1.8.3-getrandom.patch
|
||||
Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||
# CMAC selftest for FIPS POST
|
||||
Patch25: libgcrypt-1.8.3-cmac-selftest.patch
|
||||
# Continuous FIPS entropy test
|
||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||
# Intel CET support, in upstream master
|
||||
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||
# Fix build on ARMv7
|
||||
Patch29: libgcrypt-1.8.5-build.patch
|
||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||
# Backported AES performance improvements
|
||||
Patch31: libgcrypt-1.8.5-aes-perf.patch
|
||||
# FIPS selftest for PBKDF2
|
||||
Patch32: libgcrypt-1.8.5-kdf-selftest.patch
|
||||
|
||||
%define gcrylibdir %{_libdir}
|
||||
|
||||
@ -54,12 +66,11 @@ BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
|
||||
BuildRequires: fipscheck
|
||||
# This is needed only when patching the .texi doc.
|
||||
BuildRequires: texinfo
|
||||
Group: System Environment/Libraries
|
||||
BuildRequires: autoconf, automake, libtool
|
||||
|
||||
%package devel
|
||||
Summary: Development files for the %{name} package
|
||||
License: LGPLv2+ and GPLv2+
|
||||
Group: Development/Libraries
|
||||
Requires(pre): /sbin/install-info
|
||||
Requires(post): /sbin/install-info
|
||||
Requires: libgpg-error-devel
|
||||
@ -78,7 +89,8 @@ applications using libgcrypt.
|
||||
%setup -q
|
||||
%{SOURCE3}
|
||||
%patch2 -p1 -b .use-fipscheck
|
||||
%patch5 -p1 -b .tests
|
||||
%patch5 -p1 -b .fips-keygen
|
||||
%patch6 -p1 -b .tests-fipsmode
|
||||
%patch7 -p1 -b .cavs
|
||||
%patch11 -p1 -b .use-poll
|
||||
%patch13 -p1 -b .gccopt
|
||||
@ -89,11 +101,17 @@ applications using libgcrypt.
|
||||
%patch25 -p1 -b .cmac-selftest
|
||||
%patch26 -p1 -b .fips-enttest
|
||||
%patch27 -p1 -b .fips-enforce
|
||||
%patch28 -p1 -b .intel-cet
|
||||
%patch29 -p1 -b .build
|
||||
%patch30 -p1 -b .fips-module
|
||||
%patch31 -p1 -b .aes-perf
|
||||
%patch32 -p1 -b .kdf-selftest
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
cp %{SOURCE5} %{SOURCE6} tests/
|
||||
|
||||
%build
|
||||
autoreconf -f
|
||||
%configure --disable-static \
|
||||
%ifarch sparc64
|
||||
--disable-asm \
|
||||
@ -161,6 +179,9 @@ popd
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||
|
||||
# Drop the pkgconfig as it would require an updated libgpg-error
|
||||
rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libgcrypt.pc
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
@ -200,6 +221,15 @@ exit 0
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Mon Jun 15 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
|
||||
- add PBKDF2 selftest for FIPS POST
|
||||
|
||||
* Tue Apr 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
|
||||
- new upstream version 1.8.5
|
||||
- AES performance improvements backported from master branch
|
||||
- FIPS module is implicit with kernel FIPS flag
|
||||
- always run the FIPS selftests if FIPS module is installed
|
||||
|
||||
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
|
||||
- improve the continuous FIPS entropy test
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user