rpms/libgcrypt
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import libgcrypt-1.8.3-4.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 11:24:32 -05:00 committed by Stepan Oksanichenko
parent 92e181f4ad
commit a449de636b
2 changed files with 94 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
SOURCES/libgcrypt-1.8.3-fips-enttest.patch
View File

@ -1,16 +1,37 @@
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100 --- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-03 13:19:44.035516400 +0200 +++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
@@ -610,6 +610,8 @@ drbg_get_entropy (drbg_state_t drbg, uns @@ -317,6 +317,7 @@ struct drbg_state_s
unsigned char *ctr_null; /* CTR mode zero buffer */
int seeded:1; /* DRBG fully seeded? */
int pr:1; /* Prediction resistance enabled? */
+ int ent_primed:1; /* Previous entropy data primed? */
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
* process which did the initialization so that we can detect a fork.
* The volatile modifier is required so that the compiler does not
@@ -324,6 +325,7 @@ struct drbg_state_s
pid_t seed_init_pid;
const struct drbg_state_ops_s *d_ops;
const struct drbg_core_s *core;
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
struct drbg_test_data_s *test_data;
};
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
size_t len) size_t len)
{ {
int rc = 0; int rc = 0;
+ static unsigned char oldhash[64] = { 0 };
+ unsigned char newhash[64]; + unsigned char newhash[64];
/* Perform testing as defined in 11.3.2 */ /* Perform testing as defined in 11.3.2 */
if (drbg->test_data && drbg->test_data->fail_seed_source) if (drbg->test_data && drbg->test_data->fail_seed_source)
@@ -634,6 +636,17 @@ drbg_get_entropy (drbg_state_t drbg, uns return -1;
+redo:
read_cb_buffer = buffer;
read_cb_size = len;
read_cb_len = 0;
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
#else #else
rc = -1; rc = -1;
#endif #endif
@ -20,11 +41,73 @@ diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/rando
+ */ + */
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len); + _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
+ +
+ if (memcmp (newhash, oldhash, sizeof (oldhash)) == 0) + if (!drbg->ent_primed)
+ return -1; /* continous entropy test failed */ + {
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+ drbg->ent_primed = 1;
+ goto redo;
+ }
+ +
+ memcpy (oldhash, newhash, sizeof (oldhash)); + if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
+ {
+ fips_signal_error ("Entropy source failed the continuous test");
+ return -1; /* continuous entropy test failed */
+ }
+
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+ +
return rc; return rc;
} }
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
}
else
{
+ int nonce = 0;
/* Gather entropy equal to the security strength of the DRBG.
* With a derivation function, a nonce is required in addition
* to the entropy. A nonce must be at least 1/2 of the security
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
* of the strength. The consideration of a nonce is only
- * applicable during initial seeding. */
+ * applicable during initial seeding.
+ * To avoid pulling different length of data from entropy
+ * source, we use 2 * strength for initial seeding. */
entropylen = drbg_sec_strength (drbg->core->flags);
if (!entropylen)
return GPG_ERR_GENERAL;
if (0 == reseed)
- /* make sure we round up strength/2 in
- * case it is not divisible by 2 */
- entropylen = ((entropylen + 1) / 2) * 3;
+ {
+ nonce = 1;
+ }
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
- entropy = xcalloc_secure (1, entropylen);
+ entropy = xcalloc_secure (nonce + 1, entropylen);
if (!entropy)
return GPG_ERR_ENOMEM;
ret = drbg_get_entropy (drbg, entropy, entropylen);
if (ret)
goto out;
+ if (nonce)
+ {
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
+ if (ret)
+ goto out;
+ /* make sure we round up strength/2 in
+ * case it is not divisible by 2 */
+ entropylen = 2 * entropylen;
+ }
drbg_string_fill (&data1, entropy, entropylen);
}
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
drbg->core = &drbg_cores[coreref];
drbg->pr = pr;
drbg->seeded = 0;
+ drbg->ent_primed = 0;
if (drbg->core->flags & DRBG_HMAC)
drbg->d_ops = &drbg_hmac_ops;
else if (drbg->core->flags & DRBG_HASH_MASK)

5
SPECS/libgcrypt.spec
View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.8.3 Version: 1.8.3
Release: 3%{?dist} Release: 4%{?dist}
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -200,6 +200,9 @@ exit 0
%license COPYING %license COPYING
%changelog %changelog
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
- improve the continuous FIPS entropy test
* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-3 * Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-3
- add CMAC selftest for FIPS POST - add CMAC selftest for FIPS POST
- add continuous FIPS entropy test - add continuous FIPS entropy test