import libgcrypt-1.10.0-9.el9_1
This commit is contained in:
parent
9a2a596d3b
commit
c45d41ea55
@ -48,4 +48,30 @@ index c98247d8..aee5bffb 100644
|
|||||||
|
|
||||||
--
|
--
|
||||||
2.37.1
|
2.37.1
|
||||||
|
commit 02718ade6ab5eee38169c2102097166770a2456d
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu Oct 20 16:33:11 2022 +0200
|
||||||
|
|
||||||
|
visiblity: Check the HMAC key length in FIPS mode
|
||||||
|
|
||||||
|
---
|
||||||
|
* src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS
|
||||||
|
mode also in the md_ API.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/src/visibility.c b/src/visibility.c
|
||||||
|
index 150b197d..73db3dea 100644
|
||||||
|
--- a/src/visibility.c
|
||||||
|
+++ b/src/visibility.c
|
||||||
|
@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
|
||||||
|
{
|
||||||
|
if (!fips_is_operational ())
|
||||||
|
return gpg_error (fips_not_operational ());
|
||||||
|
+
|
||||||
|
+ if (fips_mode () && keylen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
return gpg_error (_gcry_md_setkey (hd, key, keylen));
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -1,151 +0,0 @@
|
|||||||
From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 17 Aug 2022 09:01:44 +0200
|
|
||||||
Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode
|
|
||||||
|
|
||||||
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
|
|
||||||
in FIPS mode for encryption
|
|
||||||
* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
|
|
||||||
decryption
|
|
||||||
---
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
cipher/pubkey-util.c | 5 ++++-
|
|
||||||
cipher/rsa.c | 3 ++-
|
|
||||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
|
|
||||||
index 4953caf3..244dd5d4 100644
|
|
||||||
--- a/cipher/pubkey-util.c
|
|
||||||
+++ b/cipher/pubkey-util.c
|
|
||||||
@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
|
|
||||||
const void * value;
|
|
||||||
size_t valuelen;
|
|
||||||
|
|
||||||
- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
||||||
+ /* The RSA OAEP encryption requires some more assurances in FIPS */
|
|
||||||
+ if (fips_mode ())
|
|
||||||
+ rc = GPG_ERR_INV_FLAG;
|
|
||||||
+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
||||||
rc = GPG_ERR_INV_OBJ;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
|
||||||
index 96dba090..87f57b55 100644
|
|
||||||
--- a/cipher/rsa.c
|
|
||||||
+++ b/cipher/rsa.c
|
|
||||||
@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
|
||||||
rc = GPG_ERR_INV_DATA;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
- if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
|
|
||||||
+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 ||
|
|
||||||
+ ctx.encoding == PUBKEY_ENC_OAEP))
|
|
||||||
{
|
|
||||||
rc = GPG_ERR_INV_FLAG;
|
|
||||||
goto leave;
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
||||||
|
|
||||||
From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 17 Aug 2022 10:31:19 +0200
|
|
||||||
Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode
|
|
||||||
|
|
||||||
* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
|
|
||||||
to fail in FIPS mode
|
|
||||||
* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
|
|
||||||
mode
|
|
||||||
---
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/basic.c | 14 +++++++++-----
|
|
||||||
tests/pkcs1v2.c | 13 +++++++++++++
|
|
||||||
2 files changed, 22 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/basic.c b/tests/basic.c
|
|
||||||
index 26980e15..b4102c9f 100644
|
|
||||||
--- a/tests/basic.c
|
|
||||||
+++ b/tests/basic.c
|
|
||||||
@@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
"(flags oaep)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags oaep)\n (hash-algo sha1)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
"(flags oaep)(hash-algo sha1)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
"(flags oaep)(hash-algo sha1)(label \"test\")",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
|
|
||||||
" (value #11223344556677889900AA#)\n"
|
|
||||||
@@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
"(flags oaep)(hash-algo sha1)(label \"test\")",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ 0,
|
|
||||||
"(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
|
|
||||||
NULL,
|
|
||||||
@@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
"(flags pkcs1)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
|
|
||||||
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS },
|
|
||||||
{ 0,
|
|
||||||
"(data\n (flags pss)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
|
|
||||||
index 6c7f3d81..2fd495d5 100644
|
|
||||||
--- a/tests/pkcs1v2.c
|
|
||||||
+++ b/tests/pkcs1v2.c
|
|
||||||
@@ -186,11 +186,24 @@ check_oaep (void)
|
|
||||||
err = gcry_pk_encrypt (&ciph, plain, pub_key);
|
|
||||||
if (err)
|
|
||||||
{
|
|
||||||
+ if (in_fips_mode)
|
|
||||||
+ {
|
|
||||||
+ gcry_sexp_release (plain);
|
|
||||||
+ plain = NULL;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
show_sexp ("plain:\n", ciph);
|
|
||||||
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
+ if (in_fips_mode)
|
|
||||||
+ {
|
|
||||||
+ fail ("The OAEP encryption unexpectedly worked in FIPS mode\n");
|
|
||||||
+ gcry_sexp_release (plain);
|
|
||||||
+ plain = NULL;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr,
|
|
||||||
tbl[tno].m[mno].desc))
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -1,219 +0,0 @@
|
|||||||
From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Fri, 1 Apr 2022 18:29:08 +0200
|
|
||||||
Subject: [PATCH 1/3] Do not allow PKCS #1.5 padding for encryption in FIPS
|
|
||||||
|
|
||||||
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
|
|
||||||
padding for encryption in FIPS mode
|
|
||||||
* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
|
|
||||||
--
|
|
||||||
|
|
||||||
GnuPG-bug-id: 5918
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
cipher/pubkey-util.c | 5 ++++-
|
|
||||||
cipher/rsa.c | 5 +++++
|
|
||||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
|
|
||||||
index 68defea6..4953caf3 100644
|
|
||||||
--- a/cipher/pubkey-util.c
|
|
||||||
+++ b/cipher/pubkey-util.c
|
|
||||||
@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
|
|
||||||
void *random_override = NULL;
|
|
||||||
size_t random_override_len = 0;
|
|
||||||
|
|
||||||
- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
||||||
+ /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
|
|
||||||
+ if (fips_mode ())
|
|
||||||
+ rc = GPG_ERR_INV_FLAG;
|
|
||||||
+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
||||||
rc = GPG_ERR_INV_OBJ;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
|
||||||
index 771413b3..c6319b67 100644
|
|
||||||
--- a/cipher/rsa.c
|
|
||||||
+++ b/cipher/rsa.c
|
|
||||||
@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
|
||||||
rc = GPG_ERR_INV_DATA;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
|
|
||||||
+ {
|
|
||||||
+ rc = GPG_ERR_INV_FLAG;
|
|
||||||
+ goto leave;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Extract the key. */
|
|
||||||
rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From 299e2f93415984919181e0ee651719bbf83bdd2f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Fri, 1 Apr 2022 18:31:05 +0200
|
|
||||||
Subject: [PATCH 2/3] tests: Replace custom bit with more generic flags
|
|
||||||
|
|
||||||
* tests/basic.c (global): New flag FLAG_SPECIAL
|
|
||||||
(check_pubkey_crypt): Change to use bitfield flags
|
|
||||||
|
|
||||||
--
|
|
||||||
|
|
||||||
GnuPG-bug-id: 5918
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/basic.c | 19 ++++++++++---------
|
|
||||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/basic.c b/tests/basic.c
|
|
||||||
index a0ad33eb..1c6cb40b 100644
|
|
||||||
--- a/tests/basic.c
|
|
||||||
+++ b/tests/basic.c
|
|
||||||
@@ -55,11 +55,12 @@ typedef struct test_spec_pubkey
|
|
||||||
}
|
|
||||||
test_spec_pubkey_t;
|
|
||||||
|
|
||||||
-#define FLAG_CRYPT (1 << 0)
|
|
||||||
-#define FLAG_SIGN (1 << 1)
|
|
||||||
-#define FLAG_GRIP (1 << 2)
|
|
||||||
-#define FLAG_NOFIPS (1 << 3)
|
|
||||||
-#define FLAG_CFB8 (1 << 4)
|
|
||||||
+#define FLAG_CRYPT (1 << 0)
|
|
||||||
+#define FLAG_SIGN (1 << 1)
|
|
||||||
+#define FLAG_GRIP (1 << 2)
|
|
||||||
+#define FLAG_NOFIPS (1 << 3)
|
|
||||||
+#define FLAG_CFB8 (1 << 4)
|
|
||||||
+#define FLAG_SPECIAL (1 << 5)
|
|
||||||
|
|
||||||
static int in_fips_mode;
|
|
||||||
|
|
||||||
@@ -15558,7 +15559,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
int unpadded;
|
|
||||||
int encrypt_expected_rc;
|
|
||||||
int decrypt_expected_rc;
|
|
||||||
- int special;
|
|
||||||
+ int flags;
|
|
||||||
} datas[] =
|
|
||||||
{
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
@@ -15642,14 +15643,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
"(flags oaep)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- GPG_ERR_ENCODING_PROBLEM, 1 },
|
|
||||||
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags oaep)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
"(flags pkcs1)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- GPG_ERR_ENCODING_PROBLEM, 1 },
|
|
||||||
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
|
|
||||||
{ 0,
|
|
||||||
"(data\n (flags pss)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
@@ -15725,7 +15726,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
ciph = list;
|
|
||||||
}
|
|
||||||
rc = gcry_pk_decrypt (&plain, ciph, skey);
|
|
||||||
- if (!rc && datas[dataidx].special == 1)
|
|
||||||
+ if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
||||||
{
|
|
||||||
/* It may happen that OAEP formatted data which is
|
|
||||||
decrypted as pkcs#1 data returns a valid pkcs#1
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From f736f3c70182d9c948f9105eb769c47c5578df35 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Fri, 1 Apr 2022 18:34:42 +0200
|
|
||||||
Subject: [PATCH 3/3] tests: Expect the RSA PKCS #1.5 encryption to fail in
|
|
||||||
FIPS mode
|
|
||||||
|
|
||||||
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
|
|
||||||
fail in FIPS mode. Expect failure when wrong padding is selected
|
|
||||||
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
|
|
||||||
fail in FIPS mode
|
|
||||||
--
|
|
||||||
|
|
||||||
GnuPG-bug-id: 5918
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/basic.c | 11 +++++++----
|
|
||||||
tests/pkcs1v2.c | 14 +++++++++++++-
|
|
||||||
2 files changed, 20 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/basic.c b/tests/basic.c
|
|
||||||
index 1c6cb40b..85764591 100644
|
|
||||||
--- a/tests/basic.c
|
|
||||||
+++ b/tests/basic.c
|
|
||||||
@@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags pkcs1)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
"(flags pkcs1)",
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
- 0 },
|
|
||||||
+ 0,
|
|
||||||
+ FLAG_NOFIPS },
|
|
||||||
{ GCRY_PK_RSA,
|
|
||||||
"(data\n (flags oaep)\n"
|
|
||||||
" (value #11223344556677889900AA#))\n",
|
|
||||||
@@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
die ("converting data failed: %s\n", gpg_strerror (rc));
|
|
||||||
|
|
||||||
rc = gcry_pk_encrypt (&ciph, data, pkey);
|
|
||||||
- if (in_fips_mode && (flags & FLAG_NOFIPS))
|
|
||||||
+ if (in_fips_mode && ((flags & FLAG_NOFIPS) ||
|
|
||||||
+ (datas[dataidx].flags & FLAG_NOFIPS)))
|
|
||||||
{
|
|
||||||
if (!rc)
|
|
||||||
fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
|
|
||||||
@@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
||||||
ciph = list;
|
|
||||||
}
|
|
||||||
rc = gcry_pk_decrypt (&plain, ciph, skey);
|
|
||||||
- if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
||||||
+ if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
||||||
{
|
|
||||||
/* It may happen that OAEP formatted data which is
|
|
||||||
decrypted as pkcs#1 data returns a valid pkcs#1
|
|
||||||
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
|
|
||||||
index f26e779b..6c7f3d81 100644
|
|
||||||
--- a/tests/pkcs1v2.c
|
|
||||||
+++ b/tests/pkcs1v2.c
|
|
||||||
@@ -454,7 +454,19 @@ check_v15crypt (void)
|
|
||||||
gcry_free (seed);
|
|
||||||
|
|
||||||
err = gcry_pk_encrypt (&ciph, plain, pub_key);
|
|
||||||
- if (err)
|
|
||||||
+ if (in_fips_mode)
|
|
||||||
+ {
|
|
||||||
+ if (!err)
|
|
||||||
+ {
|
|
||||||
+ fail ("gcry_pk_encrypt should have failed in FIPS mode:\n");
|
|
||||||
+ }
|
|
||||||
+ gcry_sexp_release (plain);
|
|
||||||
+ plain = NULL;
|
|
||||||
+ gcry_sexp_release (ciph);
|
|
||||||
+ ciph = NULL;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ else if (err)
|
|
||||||
{
|
|
||||||
show_sexp ("plain:\n", ciph);
|
|
||||||
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
|
|||||||
index 7580873e..db4b09ed 100644
|
index 7580873e..db4b09ed 100644
|
||||||
--- a/random/rndgetentropy.c
|
--- a/random/rndgetentropy.c
|
||||||
+++ b/random/rndgetentropy.c
|
+++ b/random/rndgetentropy.c
|
||||||
@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
|
@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
|
||||||
|
* never blocking once the kernel is seeded. */
|
||||||
|
do
|
||||||
{
|
{
|
||||||
nbytes = length < sizeof (buffer)? length : sizeof (buffer);
|
- nbytes = length < sizeof (buffer)? length : sizeof (buffer);
|
||||||
_gcry_pre_syscall ();
|
_gcry_pre_syscall ();
|
||||||
- ret = getentropy (buffer, nbytes);
|
- ret = getentropy (buffer, nbytes);
|
||||||
+ if (fips_mode ())
|
+ if (fips_mode ())
|
||||||
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
|
+ {
|
||||||
|
+ /* The getrandom API returns maximum 32 B of strong entropy */
|
||||||
|
+ nbytes = length < 32 ? length : 32;
|
||||||
|
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
|
||||||
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ ret = getentropy (buffer, nbytes);
|
+ {
|
||||||
|
+ nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
|
||||||
|
+ ret = getentropy (buffer, nbytes);
|
||||||
|
+ }
|
||||||
_gcry_post_syscall ();
|
_gcry_post_syscall ();
|
||||||
}
|
}
|
||||||
while (ret == -1 && errno == EINTR);
|
while (ret == -1 && errno == EINTR);
|
||||||
|
55
SOURCES/libgcrypt-1.10.0-fips-indicator.patch
Normal file
55
SOURCES/libgcrypt-1.10.0-fips-indicator.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From c34c9e70055ee43e5ef257384fa15941f064e5a4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 15 Nov 2022 10:47:18 +0100
|
||||||
|
Subject: [PATCH] fips: Mark AES key wrapping as approved.
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as
|
||||||
|
approved.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5512
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/fips.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 6599121c..272aabae 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -367,6 +367,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||||
|
case GCRY_CIPHER_MODE_CCM:
|
||||||
|
case GCRY_CIPHER_MODE_GCM:
|
||||||
|
case GCRY_CIPHER_MODE_XTS:
|
||||||
|
+ case GCRY_CIPHER_MODE_AESWRAP:
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
default:
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
--
|
||||||
|
|
||||||
|
commit d6117b04e0e4d5d68df8fb731f618b0d5126ee14
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue Jan 17 14:39:34 2023 +0100
|
||||||
|
|
||||||
|
fips: Remove GCM mode from the allowed FIPS indicators
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_cipher): Do not mark GCM mode as FIPS
|
||||||
|
approved.
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 272aabae..774e7b4c 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -365,7 +365,6 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||||
|
case GCRY_CIPHER_MODE_OFB:
|
||||||
|
case GCRY_CIPHER_MODE_CTR:
|
||||||
|
case GCRY_CIPHER_MODE_CCM:
|
||||||
|
- case GCRY_CIPHER_MODE_GCM:
|
||||||
|
case GCRY_CIPHER_MODE_XTS:
|
||||||
|
case GCRY_CIPHER_MODE_AESWRAP:
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
--
|
1008
SOURCES/libgcrypt-1.10.0-fips-integrity.patch
Normal file
1008
SOURCES/libgcrypt-1.10.0-fips-integrity.patch
Normal file
File diff suppressed because it is too large
Load Diff
158
SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
Normal file
158
SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
From 3c8b6c4a9cad59c5e1db5706f6774a3141b60210 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Thu, 17 Feb 2022 10:28:05 +0900
|
||||||
|
Subject: [PATCH] fips: Fix gen-note-integrity.sh script not to use cmp
|
||||||
|
utility.
|
||||||
|
|
||||||
|
* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
|
||||||
|
or 64-bit machine.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5835
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
src/gen-note-integrity.sh | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
|
||||||
|
index 969fdca6..878d7095 100755
|
||||||
|
--- a/src/gen-note-integrity.sh
|
||||||
|
+++ b/src/gen-note-integrity.sh
|
||||||
|
@@ -73,9 +73,9 @@ FILE=.libs/libgcrypt.so
|
||||||
|
#
|
||||||
|
# Fixup the ELF header to clean up section information
|
||||||
|
#
|
||||||
|
-printf '%b' '\002' > 2.bin
|
||||||
|
-dd ibs=1 skip=4 count=1 if=$FILE status=none > class-byte.bin
|
||||||
|
-if cmp class-byte.bin 2.bin; then
|
||||||
|
+BYTE002=$(printf '%b' '\002')
|
||||||
|
+CLASS_BYTE=$(dd ibs=1 skip=4 count=1 if=$FILE status=none)
|
||||||
|
+if test "$CLASS_BYTE" = "$BYTE002"; then
|
||||||
|
CLASS=64
|
||||||
|
HEADER_SIZE=64
|
||||||
|
else
|
||||||
|
@@ -112,4 +112,4 @@ END { print offset}")
|
||||||
|
dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
|
||||||
|
| ./hmac256 --stdkey --binary
|
||||||
|
|
||||||
|
-rm -f 2.bin class-byte.bin header-fixed.bin
|
||||||
|
+rm -f header-fixed.bin
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
|
||||||
|
From 052c5ef4cea56772b7015e36f231fa0bcbf91410 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Thu, 17 Feb 2022 11:21:35 +0900
|
||||||
|
Subject: [PATCH] fips: Clarify what to be hashed for the integrity check.
|
||||||
|
|
||||||
|
* src/fips.c (get_file_offset): Compute the maximum offset
|
||||||
|
of segments.
|
||||||
|
* src/gen-note-integrity.sh: Likewise.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
The result is same (in current format of ELF program).
|
||||||
|
Semantics is more clear. It hashes:
|
||||||
|
|
||||||
|
- From the start of shared library file,
|
||||||
|
- fixed up the ELF header to exclude link-time information,
|
||||||
|
- up to the last segment.
|
||||||
|
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
src/fips.c | 20 +++++++++-----------
|
||||||
|
src/gen-note-integrity.sh | 20 ++++++++++++++------
|
||||||
|
2 files changed, 23 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index d798d577..89f8204b 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -595,7 +595,7 @@ run_random_selftests (void)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* In the ELF file opened as FP, fill the ELF header to the pointer
|
||||||
|
- * EHDR_P, determine the offset of last loadable segment in R_OFFSET.
|
||||||
|
+ * EHDR_P, determine the maximum offset of segments in R_OFFSET.
|
||||||
|
* Also, find the section which contains the hmac value and return it
|
||||||
|
* in HMAC. Rewinds FP to the beginning on success.
|
||||||
|
*/
|
||||||
|
@@ -624,24 +624,22 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
|
||||||
|
if (fseek (fp, ehdr_p->e_phoff, SEEK_SET) != 0)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
- /* Iterate over the program headers, determine the last loadable
|
||||||
|
- segment. */
|
||||||
|
+ /* Iterate over the program headers, determine the last offset of
|
||||||
|
+ segments. */
|
||||||
|
for (i = 0; i < ehdr_p->e_phnum; i++)
|
||||||
|
{
|
||||||
|
+ unsigned long off;
|
||||||
|
+
|
||||||
|
if (fread (&phdr, sizeof (phdr), 1, fp) != 1)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
- if (phdr.p_type == PT_PHDR)
|
||||||
|
- continue;
|
||||||
|
-
|
||||||
|
- if (phdr.p_type != PT_LOAD)
|
||||||
|
- break;
|
||||||
|
-
|
||||||
|
- off_segment = phdr.p_offset + phdr.p_filesz;
|
||||||
|
+ off = phdr.p_offset + phdr.p_filesz;
|
||||||
|
+ if (off_segment < off)
|
||||||
|
+ off_segment = off;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!off_segment)
|
||||||
|
- /* The segment not found in the file */
|
||||||
|
+ /* No segment found in the file */
|
||||||
|
return gpg_error (GPG_ERR_INV_OBJ);
|
||||||
|
|
||||||
|
/* The section header entry size should match the size of the shdr struct */
|
||||||
|
diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
|
||||||
|
index 878d7095..50071bf5 100755
|
||||||
|
--- a/src/gen-note-integrity.sh
|
||||||
|
+++ b/src/gen-note-integrity.sh
|
||||||
|
@@ -95,21 +95,29 @@ else
|
||||||
|
dd ibs=1 count=6 if=/dev/zero status=none
|
||||||
|
fi > header-fixed.bin
|
||||||
|
|
||||||
|
-# Compute the end of loadable segment.
|
||||||
|
+#
|
||||||
|
+# Compute the end of segments, and emit the COUNT to read
|
||||||
|
+# (For each segment in program headers, calculate the offset
|
||||||
|
+# and select the maximum)
|
||||||
|
#
|
||||||
|
# This require computation in hexadecimal, and GNU awk needs
|
||||||
|
# --non-decimal-data option
|
||||||
|
#
|
||||||
|
-OFFSET=$($READELF --wide --program-headers $FILE | \
|
||||||
|
- $AWK $AWK_OPTION "/^ LOAD/ { offset=\$2+\$5-$HEADER_SIZE }\
|
||||||
|
-END { print offset}")
|
||||||
|
+COUNT=$($READELF --wide --program-headers $FILE | \
|
||||||
|
+ $AWK $AWK_OPTION \
|
||||||
|
+"BEGIN { max_offset=0 }
|
||||||
|
+/^\$/ { if (program_headers_start) program_headers_end=1 }
|
||||||
|
+(program_headers_start && !program_headers_end) { offset = \$2 + \$5 }
|
||||||
|
+(max_offset < offset) { max_offset = offset }
|
||||||
|
+/^ Type/ { program_headers_start=1 }
|
||||||
|
+END { print max_offset- $HEADER_SIZE }")
|
||||||
|
|
||||||
|
#
|
||||||
|
-# Feed the header fixed and loadable segments to HMAC256
|
||||||
|
+# Feed the header fixed and all segments to HMAC256
|
||||||
|
# to generate hmac hash of the FILE
|
||||||
|
#
|
||||||
|
(cat header-fixed.bin; \
|
||||||
|
- dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
|
||||||
|
+ dd ibs=1 skip=$HEADER_SIZE count=$COUNT if=$FILE status=none) \
|
||||||
|
| ./hmac256 --stdkey --binary
|
||||||
|
|
||||||
|
rm -f header-fixed.bin
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
|
129
SOURCES/libgcrypt-1.10.0-fips-kdf.patch
Normal file
129
SOURCES/libgcrypt-1.10.0-fips-kdf.patch
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
Date: Tue, 27 Sep 2022 13:31:05 +0900
|
||||||
|
Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in
|
||||||
|
FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 81523320..67c60df8 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* Check minimum key size */
|
||||||
|
+ if (fips_mode () && dklen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
|
||||||
|
/* Step 2 */
|
||||||
|
l = ((dklen - 1)/ hlen) + 1;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 4 Oct 2022 12:44:54 +0200
|
||||||
|
Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode
|
||||||
|
|
||||||
|
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
|
||||||
|
verify it fails in FIPS mode
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/t-kdf.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
|
||||||
|
index c0192d7b..716fb53e 100644
|
||||||
|
--- a/tests/t-kdf.c
|
||||||
|
+++ b/tests/t-kdf.c
|
||||||
|
@@ -909,6 +909,14 @@ check_pbkdf2 (void)
|
||||||
|
"\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
"\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ "password", 8,
|
||||||
|
+ "salt", 4,
|
||||||
|
+ GCRY_MD_SHA1,
|
||||||
|
+ 1,
|
||||||
|
+ 10, /* too short dklen for FIPS */
|
||||||
|
+ "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
"password", 8,
|
||||||
|
"salt", 4,
|
||||||
|
@@ -1109,7 +1117,7 @@ check_pbkdf2 (void)
|
||||||
|
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
|
||||||
|
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||||
|
tv[tvidx].c, tv[tvidx].dklen, outbuf);
|
||||||
|
- if (in_fips_mode && tvidx > 6)
|
||||||
|
+ if (in_fips_mode && tvidx > 7)
|
||||||
|
{
|
||||||
|
if (!err)
|
||||||
|
fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
|
||||||
|
@@ -1118,7 +1126,7 @@ check_pbkdf2 (void)
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
- if (in_fips_mode && tv[tvidx].plen < 14)
|
||||||
|
+ if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14))
|
||||||
|
{
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
From f4a861f3e5ae82f278284061e4829c03edf9c3a7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 18 Nov 2022 09:49:50 +0900
|
||||||
|
Subject: [PATCH] pkdf2: Add checks for FIPS.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS.
|
||||||
|
Set bounds for salt length and iteration count in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6039
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index d22584da..823c744e 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
|
||||||
|
+ if (fips_mode () && passphraselen < 8)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
+ /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
|
||||||
|
+ if (fips_mode () && saltlen < 16)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
+ /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
|
||||||
|
+ if (fips_mode () && iterations < 1000)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
/* Check minimum key size */
|
||||||
|
if (fips_mode () && dklen < 14)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
55
SOURCES/libgcrypt-1.10.0-fips-keygen.patch
Normal file
55
SOURCES/libgcrypt-1.10.0-fips-keygen.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From cd30ed3c0d715aa0c58a32a29cfb1476163a5b94 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Wed, 20 Apr 2022 15:09:41 +0900
|
||||||
|
Subject: [PATCH] cipher: Change the bounds for RSA key generation round.
|
||||||
|
|
||||||
|
* cipher/rsa.c (generate_fips): Use 10 for p, 20 for q.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Constants from FIPS 186-5-draft.
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5919
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index 486a34f0..771413b3 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -476,7 +476,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
|
||||||
|
retry:
|
||||||
|
/* generate p and q */
|
||||||
|
- for (i = 0; i < 5 * pbits; i++)
|
||||||
|
+ for (i = 0; i < 10 * pbits; i++)
|
||||||
|
{
|
||||||
|
ploop:
|
||||||
|
if (!testparms)
|
||||||
|
@@ -506,10 +506,10 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
else if (testparms)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (i >= 5 * pbits)
|
||||||
|
+ if (i >= 10 * pbits)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- for (i = 0; i < 5 * pbits; i++)
|
||||||
|
+ for (i = 0; i < 20 * pbits; i++)
|
||||||
|
{
|
||||||
|
qloop:
|
||||||
|
if (!testparms)
|
||||||
|
@@ -555,7 +555,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
else if (testparms)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (i >= 5 * pbits)
|
||||||
|
+ if (i >= 20 * pbits)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (testparms)
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
109
SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
Normal file
109
SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
From bf1e62e59200b2046680d1d3d1599facc88cfe63 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 29 Nov 2022 14:04:59 +0100
|
||||||
|
Subject: [PATCH] rsa: Prevent usage of long salt in FIPS mode
|
||||||
|
|
||||||
|
* cipher/rsa-common.c (_gcry_rsa_pss_encode): Prevent usage of large
|
||||||
|
salt lengths
|
||||||
|
(_gcry_rsa_pss_verify): Ditto.
|
||||||
|
* tests/basic.c (check_pubkey_sign): Check longer salt length fails in
|
||||||
|
FIPS mode
|
||||||
|
* tests/t-rsa-pss.c (one_test_sexp): Fix function name in error message
|
||||||
|
---
|
||||||
|
cipher/rsa-common.c | 14 ++++++++++++++
|
||||||
|
tests/basic.c | 19 ++++++++++++++++++-
|
||||||
|
tests/t-rsa-pss.c | 2 +-
|
||||||
|
3 files changed, 33 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
|
||||||
|
index 233ddb2d..61cd60a4 100644
|
||||||
|
--- a/cipher/rsa-common.c
|
||||||
|
+++ b/cipher/rsa-common.c
|
||||||
|
@@ -809,6 +809,13 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
|
||||||
|
hlen = _gcry_md_get_algo_dlen (algo);
|
||||||
|
gcry_assert (hlen); /* We expect a valid ALGO here. */
|
||||||
|
|
||||||
|
+ /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
|
||||||
|
+ if (fips_mode () && saltlen > hlen)
|
||||||
|
+ {
|
||||||
|
+ rc = GPG_ERR_INV_ARG;
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Allocate a help buffer and setup some pointers. */
|
||||||
|
buflen = 8 + hlen + saltlen + (emlen - hlen - 1);
|
||||||
|
buf = xtrymalloc (buflen);
|
||||||
|
@@ -950,6 +957,13 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, int hashed_already,
|
||||||
|
hlen = _gcry_md_get_algo_dlen (algo);
|
||||||
|
gcry_assert (hlen); /* We expect a valid ALGO here. */
|
||||||
|
|
||||||
|
+ /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
|
||||||
|
+ if (fips_mode () && saltlen > hlen)
|
||||||
|
+ {
|
||||||
|
+ rc = GPG_ERR_INV_ARG;
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Allocate a help buffer and setup some pointers.
|
||||||
|
This buffer is used for two purposes:
|
||||||
|
+------------------------------+-------+
|
||||||
|
diff --git a/tests/basic.c b/tests/basic.c
|
||||||
|
index 77e2fd93..429bd237 100644
|
||||||
|
--- a/tests/basic.c
|
||||||
|
+++ b/tests/basic.c
|
||||||
|
@@ -16602,6 +16602,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
const char *data;
|
||||||
|
int algo;
|
||||||
|
int expected_rc;
|
||||||
|
+ int flags;
|
||||||
|
} datas[] =
|
||||||
|
{
|
||||||
|
{ "(data\n (flags pkcs1)\n"
|
||||||
|
@@ -16672,6 +16673,22 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
" (random-override #4253647587980912233445566778899019283747#))\n",
|
||||||
|
GCRY_PK_RSA,
|
||||||
|
0 },
|
||||||
|
+ { "(data\n (flags pss)\n"
|
||||||
|
+ " (hash-algo sha256)\n"
|
||||||
|
+ " (value #11223344556677889900AABBCCDDEEFF#)\n"
|
||||||
|
+ " (salt-length 2:32)\n"
|
||||||
|
+ " (random-override #42536475879809122334455667788990192837465564738291"
|
||||||
|
+ "00122334455667#))\n",
|
||||||
|
+ GCRY_PK_RSA,
|
||||||
|
+ 0 },
|
||||||
|
+ { "(data\n (flags pss)\n"
|
||||||
|
+ " (hash-algo sha256)\n"
|
||||||
|
+ " (value #11223344556677889900AABBCCDDEEFF#)\n"
|
||||||
|
+ " (salt-length 2:33)\n"
|
||||||
|
+ " (random-override #42536475879809122334455667788990192837465564738291"
|
||||||
|
+ "0012233445566778#))\n",
|
||||||
|
+ GCRY_PK_RSA,
|
||||||
|
+ 0, FLAG_NOFIPS },
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -16695,7 +16712,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||||
|
|
||||||
|
rc = gcry_pk_sign (&sig, hash, skey);
|
||||||
|
- if (in_fips_mode && (flags & FLAG_NOFIPS))
|
||||||
|
+ if (in_fips_mode && (flags & FLAG_NOFIPS || datas[dataidx].flags & FLAG_NOFIPS))
|
||||||
|
{
|
||||||
|
if (!rc)
|
||||||
|
fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
|
||||||
|
diff --git a/tests/t-rsa-pss.c b/tests/t-rsa-pss.c
|
||||||
|
index c5f90116..82dd54b3 100644
|
||||||
|
--- a/tests/t-rsa-pss.c
|
||||||
|
+++ b/tests/t-rsa-pss.c
|
||||||
|
@@ -340,7 +340,7 @@ one_test_sexp (const char *n, const char *e, const char *d,
|
||||||
|
snprintf (p, 3, "%02x", out[i]);
|
||||||
|
if (strcmp (sig_string, s))
|
||||||
|
{
|
||||||
|
- fail ("gcry_pkhash_sign failed: %s",
|
||||||
|
+ fail ("gcry_pk_hash_sign failed: %s",
|
||||||
|
"wrong value returned");
|
||||||
|
info (" expected: '%s'", s);
|
||||||
|
info (" got: '%s'", sig_string);
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
@ -921,3 +921,279 @@ index 78c26f2f..9d14a474 100644
|
|||||||
|
|
||||||
--
|
--
|
||||||
2.37.1
|
2.37.1
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
ACVP testing uses the test-parms option to specify p and q to be checked
|
||||||
|
for primality. When test-parms is specified, generate_fips() always
|
||||||
|
returns keys with p=q=0. These keys then fail the pairwise consistency
|
||||||
|
test, because they cannot be used to successfully sign a message and
|
||||||
|
verify the signature.
|
||||||
|
|
||||||
|
Skip the PCT when test-parms is specified.
|
||||||
|
|
||||||
|
Add a regression test to check that this functionality continues to work
|
||||||
|
in the future.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang at redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 5 +-
|
||||||
|
tests/Makefile.am | 2 +-
|
||||||
|
tests/t-rsa-testparm.c | 130 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 135 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/t-rsa-testparm.c
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index 87f57b55..1a935d80 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -1218,6 +1218,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
int flags = 0;
|
||||||
|
gcry_sexp_t l1;
|
||||||
|
gcry_sexp_t swap_info = NULL;
|
||||||
|
+ int testparms = 0;
|
||||||
|
|
||||||
|
memset (&sk, 0, sizeof sk);
|
||||||
|
|
||||||
|
@@ -1274,6 +1275,8 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
}
|
||||||
|
deriveparms = (genparms? sexp_find_token (genparms, "test-parms", 0)
|
||||||
|
/**/ : NULL);
|
||||||
|
+ if (deriveparms)
|
||||||
|
+ testparms = 1;
|
||||||
|
|
||||||
|
/* Generate. */
|
||||||
|
if (deriveparms || fips_mode ())
|
||||||
|
@@ -1311,7 +1314,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
mpi_free (sk.u);
|
||||||
|
sexp_release (swap_info);
|
||||||
|
|
||||||
|
- if (!ec && fips_mode () && test_keys_fips (*r_skey))
|
||||||
|
+ if (!ec && !testparms && fips_mode () && test_keys_fips (*r_skey))
|
||||||
|
{
|
||||||
|
sexp_release (*r_skey); *r_skey = NULL;
|
||||||
|
fips_signal_error ("self-test after key generation failed");
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index f65725bc..302d923b 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -28,7 +28,7 @@ tests_bin = \
|
||||||
|
t-mpi-bit t-mpi-point curves t-lock \
|
||||||
|
prime basic keygen pubkey hmac hashtest t-kdf keygrip \
|
||||||
|
fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 \
|
||||||
|
- t-dsa t-ecdsa t-rsa-pss t-rsa-15 \
|
||||||
|
+ t-dsa t-ecdsa t-rsa-pss t-rsa-15 t-rsa-testparm \
|
||||||
|
t-ed25519 t-cv25519 t-x448 t-ed448
|
||||||
|
|
||||||
|
tests_bin_last = benchmark bench-slope
|
||||||
|
diff --git a/tests/t-rsa-testparm.c b/tests/t-rsa-testparm.c
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..65617855
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/t-rsa-testparm.c
|
||||||
|
@@ -0,0 +1,130 @@
|
||||||
|
+/* t-rsa-testparm.c - Check the RSA Key Generation test-parm parameter
|
||||||
|
+ * Copyright (C) 2022 g10 Code GmbH
|
||||||
|
+ *
|
||||||
|
+ * This file is part of Libgcrypt.
|
||||||
|
+ *
|
||||||
|
+ * Libgcrypt is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU Lesser General Public License as
|
||||||
|
+ * published by the Free Software Foundation; either version 2.1 of
|
||||||
|
+ * the License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * Libgcrypt is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU Lesser General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Lesser General Public License
|
||||||
|
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_CONFIG_H
|
||||||
|
+#include <config.h>
|
||||||
|
+#endif
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <gcrypt.h>
|
||||||
|
+
|
||||||
|
+#include "stopwatch.h"
|
||||||
|
+
|
||||||
|
+#define PGM "t-rsa-testparm"
|
||||||
|
+#include "t-common.h"
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+check_rsa_testparm ()
|
||||||
|
+{
|
||||||
|
+ gpg_error_t err;
|
||||||
|
+ gcry_sexp_t keyspec = NULL;
|
||||||
|
+ gcry_sexp_t key = NULL;
|
||||||
|
+ const char *sexp = "(genkey (rsa (nbits \"2048\") (test-parms "
|
||||||
|
+ "(e \"65537\")"
|
||||||
|
+ "(p #00bbccabcee15d343944a47e492d4b1f4de79633e20cbb46f7d2d6813392a807ad048"
|
||||||
|
+ "cf77528edd19f77e7453f25173b9dcb70423afa2037aae147b81a33d541fc58f875ef"
|
||||||
|
+ "f1e852ab55e2e09a3debfbc151b3b0d17fef6f74d81fca14fbae531418e211ef81859"
|
||||||
|
+ "2af70de5cec3b92795cc3578572bf456099cd8727150e523261#)"
|
||||||
|
+ "(q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc34ecc563d587f166b52d42bfbe2"
|
||||||
|
+ "2bbc095b0b8426a2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b63481322911e"
|
||||||
|
+ "bbd7014db83aa051e0ca2dbf302b75cd37f2ae8df90e134226e92f6353a284b28bb30"
|
||||||
|
+ "af0bbf925b345b955328379866ebac11d55bc80fe84f105d415#)"
|
||||||
|
+ ")))";
|
||||||
|
+
|
||||||
|
+ info ("Checking RSA KeyGen test-parm parameter.\n");
|
||||||
|
+
|
||||||
|
+ err = gcry_sexp_build (&keyspec, NULL, sexp);
|
||||||
|
+ if (err)
|
||||||
|
+ {
|
||||||
|
+ fail ("error building SEXP for test: %s", gpg_strerror (err));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ err = gcry_pk_genkey (&key, keyspec);
|
||||||
|
+ if (err)
|
||||||
|
+ {
|
||||||
|
+ fail ("gcry_pk_genkey failed for test: %s", gpg_strerror (err));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+leave:
|
||||||
|
+ if (key)
|
||||||
|
+ gcry_sexp_release (key);
|
||||||
|
+ if (keyspec)
|
||||||
|
+ gcry_sexp_release (keyspec);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+main (int argc, char **argv)
|
||||||
|
+{
|
||||||
|
+ int last_argc = -1;
|
||||||
|
+
|
||||||
|
+ if (argc)
|
||||||
|
+ { argc--; argv++; }
|
||||||
|
+
|
||||||
|
+ while (argc && last_argc != argc )
|
||||||
|
+ {
|
||||||
|
+ last_argc = argc;
|
||||||
|
+ if (!strcmp (*argv, "--"))
|
||||||
|
+ {
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--help"))
|
||||||
|
+ {
|
||||||
|
+ fputs ("usage: " PGM " [options]\n"
|
||||||
|
+ "Options:\n"
|
||||||
|
+ " --verbose print timings etc.\n"
|
||||||
|
+ " --debug flyswatter\n",
|
||||||
|
+ stdout);
|
||||||
|
+ exit (0);
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--verbose"))
|
||||||
|
+ {
|
||||||
|
+ verbose++;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--debug"))
|
||||||
|
+ {
|
||||||
|
+ verbose += 2;
|
||||||
|
+ debug++;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
+ else if (!strncmp (*argv, "--", 2))
|
||||||
|
+ die ("unknown option '%s'", *argv);
|
||||||
|
+
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||||
|
+ if (!gcry_check_version (GCRYPT_VERSION))
|
||||||
|
+ die ("version mismatch\n");
|
||||||
|
+ if (debug)
|
||||||
|
+ xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 0xffffffff, 0));
|
||||||
|
+
|
||||||
|
+ start_timer ();
|
||||||
|
+ check_rsa_testparm ();
|
||||||
|
+ stop_timer ();
|
||||||
|
+
|
||||||
|
+ info ("All tests completed in %s. Errors: %d\n",
|
||||||
|
+ elapsed_time (1), error_count);
|
||||||
|
+ return !!error_count;
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
From 149f6f8654fdeaf7aa1ff8ac3d00d7454c0e6eff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Wed, 5 Oct 2022 16:50:08 +0200
|
||||||
|
Subject: [PATCH] fips: Mark gcry_pk_encrypt/decrypt function non-approved
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify
|
||||||
|
function names and add gcry_pk_encrypt and gcry_pk_decrypt.
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/fips.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 9a524ea4..6599121c 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -395,8 +395,10 @@ _gcry_fips_indicator_function (va_list arg_ptr)
|
||||||
|
{
|
||||||
|
const char *function = va_arg (arg_ptr, const char *);
|
||||||
|
|
||||||
|
- if (strcmp (function, "gcry_sign") == 0 ||
|
||||||
|
- strcmp (function, "gcry_verify") == 0)
|
||||||
|
+ if (strcmp (function, "gcry_pk_sign") == 0 ||
|
||||||
|
+ strcmp (function, "gcry_pk_verify") == 0 ||
|
||||||
|
+ strcmp (function, "gcry_pk_encrypt") == 0 ||
|
||||||
|
+ strcmp (function, "gcry_pk_decrypt") == 0)
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
From f91a0ab12d242815f74bf26c6076e9cf7a790023 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu, 6 Oct 2022 09:30:24 +0200
|
||||||
|
Subject: [PATCH] cipher: Do not run RSA encryption selftest by default
|
||||||
|
|
||||||
|
* cipher/rsa.c (selftests_rsa): Skip encryption selftest as this
|
||||||
|
operation is not claimed as part of the certification.
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index 56dde3d1..df4af94b 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -2169,10 +2169,13 @@ selftests_rsa (selftest_report_func_t report, int extended)
|
||||||
|
if (errtxt)
|
||||||
|
goto failed;
|
||||||
|
|
||||||
|
- what = "encrypt";
|
||||||
|
- errtxt = selftest_encr_2048 (pkey, skey);
|
||||||
|
- if (errtxt)
|
||||||
|
- goto failed;
|
||||||
|
+ if (extended)
|
||||||
|
+ {
|
||||||
|
+ what = "encrypt";
|
||||||
|
+ errtxt = selftest_encr_2048 (pkey, skey);
|
||||||
|
+ if (errtxt)
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
sexp_release (pkey);
|
||||||
|
sexp_release (skey);
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
139
SOURCES/libgcrypt-1.10.0-fips-x931.patch
Normal file
139
SOURCES/libgcrypt-1.10.0-fips-x931.patch
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
From 06ea5b5332ffdb44a0a394d766be8989bcb6a95c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 6 Dec 2022 10:03:47 +0900
|
||||||
|
Subject: [PATCH] fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
|
||||||
|
|
||||||
|
* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
|
||||||
|
in FIPS mode.
|
||||||
|
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
|
||||||
|
(check_run): Skip checking X9.31 keys in FIPS mode.
|
||||||
|
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
|
||||||
|
the X9.31 keygen.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 5 +++++
|
||||||
|
doc/gcrypt.texi | 41 ++++++++++++++++++++++++++++++++++++-----
|
||||||
|
tests/pubkey.c | 15 +++++++++++++--
|
||||||
|
3 files changed, 54 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index df4af94b..45523e6b 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -1256,6 +1256,11 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
|
||||||
|
{
|
||||||
|
int swapped;
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ sexp_release (deriveparms);
|
||||||
|
+ return GPG_ERR_INV_SEXP;
|
||||||
|
+ }
|
||||||
|
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
|
||||||
|
sexp_release (deriveparms);
|
||||||
|
if (!ec && swapped)
|
||||||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||||||
|
index d0372f3e..e845a4dd 100644
|
||||||
|
--- a/doc/gcrypt.texi
|
||||||
|
+++ b/doc/gcrypt.texi
|
||||||
|
@@ -2699,8 +2699,7 @@ achieve fastest ECC key generation.
|
||||||
|
Force the use of the ANSI X9.31 key generation algorithm instead of
|
||||||
|
the default algorithm. This flag is only meaningful for RSA key
|
||||||
|
generation and usually not required. Note that this algorithm is
|
||||||
|
-implicitly used if either @code{derive-parms} is given or Libgcrypt is
|
||||||
|
-in FIPS mode.
|
||||||
|
+implicitly used if either @code{derive-parms} is given.
|
||||||
|
|
||||||
|
@item use-fips186
|
||||||
|
@cindex FIPS 186
|
||||||
|
@@ -3310,9 +3309,9 @@ This is currently only implemented for RSA and DSA keys. It is not
|
||||||
|
allowed to use this together with a @code{domain} specification. If
|
||||||
|
given, it is used to derive the keys using the given parameters.
|
||||||
|
|
||||||
|
-If given for an RSA key the X9.31 key generation algorithm is used
|
||||||
|
-even if libgcrypt is not in FIPS mode. If given for a DSA key, the
|
||||||
|
-FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||||||
|
+If given for an RSA key, the X9.31 key generation algorithm is used.
|
||||||
|
+If given for a DSA key, the FIPS 186 algorithm is used even if
|
||||||
|
+libgcrypt is not in FIPS mode.
|
||||||
|
|
||||||
|
@example
|
||||||
|
(genkey
|
||||||
|
@@ -3342,6 +3341,38 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||||||
|
(seed @var{seed-mpi}))))
|
||||||
|
@end example
|
||||||
|
|
||||||
|
+@item test-parms @var{list}
|
||||||
|
+This is currently only implemented for RSA keys. If given, the
|
||||||
|
+libgcrypt will not generate parameter, but tests whether the p,q is
|
||||||
|
+probably prime. Returns key with zeroes.
|
||||||
|
+
|
||||||
|
+The FIPS key generation algorithm is used even if libgcrypt is not
|
||||||
|
+in FIPS mode.
|
||||||
|
+
|
||||||
|
+@example
|
||||||
|
+(genkey
|
||||||
|
+ (rsa
|
||||||
|
+ (nbits 4:1024)
|
||||||
|
+ (rsa-use-e 1:3)
|
||||||
|
+ (test-parms
|
||||||
|
+ (e "65537")
|
||||||
|
+ (p #00bbccabcee15d343944a47e492d4b1f4de79633e2
|
||||||
|
+ 0cbb46f7d2d6813392a807ad048cf77528edd19f77
|
||||||
|
+ e7453f25173b9dcb70423afa2037aae147b81a33d5
|
||||||
|
+ 41fc58f875eff1e852ab55e2e09a3debfbc151b3b0
|
||||||
|
+ d17fef6f74d81fca14fbae531418e211ef818592af
|
||||||
|
+ 70de5cec3b92795cc3578572bf456099cd8727150e
|
||||||
|
+ 523261#)
|
||||||
|
+ (q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc
|
||||||
|
+ 34ecc563d587f166b52d42bfbe22bbc095b0b8426a
|
||||||
|
+ 2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b
|
||||||
|
+ 63481322911ebbd7014db83aa051e0ca2dbf302b75
|
||||||
|
+ cd37f2ae8df90e134226e92f6353a284b28bb30af0
|
||||||
|
+ bbf925b345b955328379866ebac11d55bc80fe84f1
|
||||||
|
+ 05d415#)
|
||||||
|
+
|
||||||
|
+@end example
|
||||||
|
+
|
||||||
|
|
||||||
|
@item flags @var{flaglist}
|
||||||
|
This is preferred way to define flags. @var{flaglist} may contain any
|
||||||
|
diff --git a/tests/pubkey.c b/tests/pubkey.c
|
||||||
|
index bc44f3a5..2669b41a 100644
|
||||||
|
--- a/tests/pubkey.c
|
||||||
|
+++ b/tests/pubkey.c
|
||||||
|
@@ -430,7 +430,17 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
|
||||||
|
rc = gcry_pk_genkey (&key, key_spec);
|
||||||
|
gcry_sexp_release (key_spec);
|
||||||
|
if (rc)
|
||||||
|
- die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||||||
|
+ {
|
||||||
|
+ if (in_fips_mode)
|
||||||
|
+ {
|
||||||
|
+ if (verbose)
|
||||||
|
+ fprintf (stderr, "The X9.31 RSA keygen is not available in FIPS modee.\n");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||||||
|
+ }
|
||||||
|
+ else if (in_fips_mode)
|
||||||
|
+ die ("generating X9.31 RSA key unexpected worked in FIPS mode\n");
|
||||||
|
|
||||||
|
if (verbose > 1)
|
||||||
|
show_sexp ("generated RSA (X9.31) key:\n", key);
|
||||||
|
@@ -777,7 +787,8 @@ check_run (void)
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr, "Checking generated RSA key (X9.31).\n");
|
||||||
|
get_keys_x931_new (&pkey, &skey);
|
||||||
|
- check_keys (pkey, skey, 800, 0);
|
||||||
|
+ if (!in_fips_mode)
|
||||||
|
+ check_keys (pkey, skey, 800, 0);
|
||||||
|
gcry_sexp_release (pkey);
|
||||||
|
gcry_sexp_release (skey);
|
||||||
|
pkey = skey = NULL;
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
621
SOURCES/libgcrypt-1.10.0-sha3-large.patch
Normal file
621
SOURCES/libgcrypt-1.10.0-sha3-large.patch
Normal file
@ -0,0 +1,621 @@
|
|||||||
|
From 2c1bb2f34f2812888f75c476037afae6d9e21798 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 23 Sep 2022 18:39:20 +0200
|
||||||
|
Subject: [PATCH] keccak: Use size_t to avoid integer overflow
|
||||||
|
|
||||||
|
Any input to the SHA3 functions > 4GB was giving wrong result when it
|
||||||
|
was invoked in one-shot, while working correctly when it was fed by
|
||||||
|
chunks. It turned out that the calculation in the `keccak_write`
|
||||||
|
overflows the `unsigned int` type (`nlanes * 8` does not fit 32b when
|
||||||
|
the `inlen` > 4GB).
|
||||||
|
|
||||||
|
* cipher/keccak-armv7-neon.S: Fix function name in comment and change
|
||||||
|
parameter type to size_t
|
||||||
|
* cipher/keccak.c (keccak_ops_t): Change absorb function signature to
|
||||||
|
use size_t
|
||||||
|
(keccak_absorb_lanes64_avx512): Change nlanes type to size_t
|
||||||
|
(_gcry_keccak_absorb_lanes64_armv7_neon): Ditto.
|
||||||
|
(keccak_absorb_lanes64_armv7_neon): Ditto.
|
||||||
|
(keccak_absorb_lanes32bi): Ditto.
|
||||||
|
(keccak_absorb_lanes32bi_bmi2): Ditto.
|
||||||
|
(keccak_write): Change nlanes variable to use size_t and avoid
|
||||||
|
overflow when calculating count.
|
||||||
|
* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change
|
||||||
|
nlanes argument to use size_t.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/keccak-armv7-neon.S | 10 +++++-----
|
||||||
|
cipher/keccak.c | 20 ++++++++++----------
|
||||||
|
cipher/keccak_permute_64.h | 2 +-
|
||||||
|
3 files changed, 16 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S
|
||||||
|
index 0bec8d50..28a284a1 100644
|
||||||
|
--- a/cipher/keccak-armv7-neon.S
|
||||||
|
+++ b/cipher/keccak-armv7-neon.S
|
||||||
|
@@ -467,11 +467,11 @@ _gcry_keccak_permute_armv7_neon:
|
||||||
|
.ltorg
|
||||||
|
.size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon;
|
||||||
|
|
||||||
|
-@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4
|
||||||
|
-@ int pos, @r1
|
||||||
|
-@ const byte *lanes, @r2
|
||||||
|
-@ unsigned int nlanes, @r3
|
||||||
|
-@ int blocklanes) @ r5 callable from C
|
||||||
|
+@//unsigned _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, @r4
|
||||||
|
+@ int pos, @r1
|
||||||
|
+@ const byte *lanes, @r2
|
||||||
|
+@ size_t nlanes, @r3
|
||||||
|
+@ int blocklanes) @ r5 callable from C
|
||||||
|
.p2align 3
|
||||||
|
.global _gcry_keccak_absorb_lanes64_armv7_neon
|
||||||
|
.type _gcry_keccak_absorb_lanes64_armv7_neon,%function;
|
||||||
|
diff --git a/cipher/keccak.c b/cipher/keccak.c
|
||||||
|
index e7e42473..6c385f71 100644
|
||||||
|
--- a/cipher/keccak.c
|
||||||
|
+++ b/cipher/keccak.c
|
||||||
|
@@ -131,7 +131,7 @@ typedef struct
|
||||||
|
{
|
||||||
|
unsigned int (*permute)(KECCAK_STATE *hd);
|
||||||
|
unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes);
|
||||||
|
+ size_t nlanes, int blocklanes);
|
||||||
|
unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf,
|
||||||
|
unsigned int outlen);
|
||||||
|
} keccak_ops_t;
|
||||||
|
@@ -513,7 +513,7 @@ static const keccak_ops_t keccak_avx512_64_ops =
|
||||||
|
unsigned int _gcry_keccak_permute_armv7_neon(u64 *state);
|
||||||
|
unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos,
|
||||||
|
const byte *lanes,
|
||||||
|
- unsigned int nlanes,
|
||||||
|
+ size_t nlanes,
|
||||||
|
int blocklanes);
|
||||||
|
|
||||||
|
static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
|
||||||
|
@@ -523,7 +523,7 @@ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
if (blocklanes < 0)
|
||||||
|
{
|
||||||
|
@@ -571,7 +571,7 @@ static const keccak_ops_t keccak_armv7_neon_64_ops =
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
@@ -653,7 +653,7 @@ keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
@@ -873,7 +873,8 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
|
||||||
|
const byte *inbuf = inbuf_arg;
|
||||||
|
unsigned int nburn, burn = 0;
|
||||||
|
unsigned int count, i;
|
||||||
|
- unsigned int pos, nlanes;
|
||||||
|
+ unsigned int pos;
|
||||||
|
+ size_t nlanes;
|
||||||
|
|
||||||
|
#ifdef USE_S390X_CRYPTO
|
||||||
|
if (ctx->kimd_func)
|
||||||
|
@@ -918,8 +919,7 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
|
||||||
|
burn = nburn > burn ? nburn : burn;
|
||||||
|
inlen -= nlanes * 8;
|
||||||
|
inbuf += nlanes * 8;
|
||||||
|
- count += nlanes * 8;
|
||||||
|
- count = count % bsize;
|
||||||
|
+ count = ((size_t) count + nlanes * 8) % bsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inlen)
|
||||||
|
diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h
|
||||||
|
index b28c871e..45ef462f 100644
|
||||||
|
--- a/cipher/keccak_permute_64.h
|
||||||
|
+++ b/cipher/keccak_permute_64.h
|
||||||
|
@@ -292,7 +292,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
From 910dcbcef36e1cd3de3dde192d829a1513273e14 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
Date: Sun, 25 Sep 2022 22:23:22 +0300
|
||||||
|
Subject: [PATCH] tests/hashtest: add hugeblock & disable-hwf options and 6 gig
|
||||||
|
test vectors
|
||||||
|
|
||||||
|
* .gitignore: Add 'tests/hashtest-6g'.
|
||||||
|
* configure.ac: Add 'tests/hashtest-6g'.
|
||||||
|
* tests/Makefile: Add 'hashtest-6g'.
|
||||||
|
* tests/hashtest-6g.in: New.
|
||||||
|
* tests/hashtest-256g.in: Add SHA3-512 to algos.
|
||||||
|
* tests/hashtest.c (use_hugeblock): New.
|
||||||
|
(testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and
|
||||||
|
whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3,
|
||||||
|
BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24.
|
||||||
|
(run_longtest); Use huge 5 GiB pattern block when requested.
|
||||||
|
(main): Add '--hugeblock' and '--disable-hwf' options.
|
||||||
|
* tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'.
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
---
|
||||||
|
.gitignore | 1 +
|
||||||
|
configure.ac | 1 +
|
||||||
|
tests/Makefile.am | 9 +-
|
||||||
|
tests/hashtest-256g.in | 2 +-
|
||||||
|
tests/hashtest-6g.in | 7 ++
|
||||||
|
tests/hashtest.c | 249 +++++++++++++++++++++++++++++++++++++++--
|
||||||
|
tests/testdrv.c | 7 +-
|
||||||
|
7 files changed, 261 insertions(+), 15 deletions(-)
|
||||||
|
create mode 100644 tests/hashtest-6g.in
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index c8f24dcc..c39257b5 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -3511,6 +3511,7 @@ src/libgcrypt.pc
|
||||||
|
src/versioninfo.rc
|
||||||
|
tests/Makefile
|
||||||
|
])
|
||||||
|
+AC_CONFIG_FILES([tests/hashtest-6g], [chmod +x tests/hashtest-6g])
|
||||||
|
AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g])
|
||||||
|
AC_CONFIG_FILES([tests/basic-disable-all-hwf], [chmod +x tests/basic-disable-all-hwf])
|
||||||
|
AC_OUTPUT
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 302d923b..75aa5cf7 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -44,13 +44,14 @@ tests_bin_last = benchmark bench-slope
|
||||||
|
|
||||||
|
tests_sh = basic-disable-all-hwf
|
||||||
|
|
||||||
|
-tests_sh_last = hashtest-256g
|
||||||
|
+tests_sh_last = hashtest-6g hashtest-256g
|
||||||
|
|
||||||
|
TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last)
|
||||||
|
|
||||||
|
# Force sequential run of some tests.
|
||||||
|
bench-slope.log: benchmark.log
|
||||||
|
-hashtest-256g.log: bench-slope.log
|
||||||
|
+hashtest-6g.log: bench-slope.log
|
||||||
|
+hashtest-256g.log: hashtest-6g.log
|
||||||
|
|
||||||
|
|
||||||
|
TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1
|
||||||
|
@@ -76,8 +77,8 @@ CLEANFILES = testdrv-build
|
||||||
|
EXTRA_DIST = README rsa-16k.key \
|
||||||
|
pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \
|
||||||
|
t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \
|
||||||
|
- t-rsa-pss.inp stopwatch.h hashtest-256g.in sha3-224.h \
|
||||||
|
- sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
|
||||||
|
+ t-rsa-pss.inp stopwatch.h hashtest-6g.in hashtest-256g.in \
|
||||||
|
+ sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
|
||||||
|
basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
|
||||||
|
|
||||||
|
LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
|
||||||
|
diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in
|
||||||
|
index a52b8692..44b69897 100755
|
||||||
|
--- a/tests/hashtest-256g.in
|
||||||
|
+++ b/tests/hashtest-256g.in
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
-algos="SHA1 SHA256 SHA512 SM3"
|
||||||
|
+algos="SHA1 SHA256 SHA512 SHA3-512 SM3"
|
||||||
|
|
||||||
|
test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
|
||||||
|
echo " now running 256 GiB tests for $algos - this takes looong"
|
||||||
|
diff --git a/tests/hashtest-6g.in b/tests/hashtest-6g.in
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..b3f3e2ff
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hashtest-6g.in
|
||||||
|
@@ -0,0 +1,7 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+
|
||||||
|
+algos="SHA1 SHA256 SHA512 SHA3-512 SM3 BLAKE2S_256 BLAKE2B_512 CRC32 CRC24RFC2440"
|
||||||
|
+
|
||||||
|
+test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
|
||||||
|
+echo " now running 6 GiB tests for $algos - this can take long"
|
||||||
|
+exec ./hashtest@EXEEXT@ --hugeblock --gigs 6 $algos
|
||||||
|
diff --git a/tests/hashtest.c b/tests/hashtest.c
|
||||||
|
index 4c9704f3..9389e50c 100644
|
||||||
|
--- a/tests/hashtest.c
|
||||||
|
+++ b/tests/hashtest.c
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
#define PGM "hashtest"
|
||||||
|
#include "t-common.h"
|
||||||
|
|
||||||
|
+static int use_hugeblock;
|
||||||
|
static int missing_test_vectors;
|
||||||
|
|
||||||
|
static struct {
|
||||||
|
@@ -113,6 +114,169 @@ static struct {
|
||||||
|
{ GCRY_MD_SM3, 256, +64,
|
||||||
|
"ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" },
|
||||||
|
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, -64,
|
||||||
|
+ "8a3d4f712275e8e8da70c76501cce364c75f8dd09748be58cf63c9ce38d62627" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, -1,
|
||||||
|
+ "0c01c9ad1e60e27dc889f2c9034a949ca8b9a9dc90dd99be64963af306d47b92" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +0,
|
||||||
|
+ "f8c43d5c4bad93aca702c8c466987c5ac5e640a29b37dd9904252ff27b2348a0" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +1,
|
||||||
|
+ "24c34b167b4eea1a7eb7d572ff3cf669a9856ea91bb112e9ef2ccd4b1aceccb4" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +64,
|
||||||
|
+ "2f8d754f98e2d4ed7744389f89d0bdb9b770c9fa215b8badd3129ea1364af867" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, -64,
|
||||||
|
+ "36d32ae4deeacab4119401c52e2aec5545675bd2dce4f67871ddc73671a05f94"
|
||||||
|
+ "e8332c2a31f32f5601878606a571aa7b43029dac3ae71cf9ef141d05651dc4bf" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, -1,
|
||||||
|
+ "b5dc439f51664a6c9cbc87e2de98ce608ac4064a779e5140909d75d2120c9b2a"
|
||||||
|
+ "a1d4ae7be9c1ba97025be91ddcfbe42c791c3231cffbfa4b5368ba18f9590e1b" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +0,
|
||||||
|
+ "c413d011ba9abbf118dd96bfc827f5fd94493d8350df9f7aff834faace5adba2"
|
||||||
|
+ "0c3037069dfb2c81718ffc7b418ce1c1320d334b6fe8cddfb5d2dd19eb530853" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +1,
|
||||||
|
+ "b6dfb821f1c8167fb33995c29485010da56abd539c3d04ab9c222844301b8bba"
|
||||||
|
+ "6f57a48e45a748e40847084b93f26706aae82212550671c736becffcc6fb1496" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +64,
|
||||||
|
+ "8c21316a4a02044e302d503d0fe669d905c40d9d80ecd5aafc8e30f1df06736f"
|
||||||
|
+ "51fdaf6002160bb8fe4e868eaad9623fc5ecdd728bcbfee4a19b386503710f48" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, -64,
|
||||||
|
+ "aabf62344c1aa82d2dc7605f339b3571d540f1f320f97e6a8c0229645ee61f1f"
|
||||||
|
+ "da796acde2f96caa1c56eb2c2f9a6029a6242ad690479def66feac44334cc3af" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, -1,
|
||||||
|
+ "9a35ec14aa9cefd40e04295d45d39f3111a98c2d76d90c54a7d2b8f2f5b9302b"
|
||||||
|
+ "79663eab6b6674625c3ae3e4b5dbb3b0a2f5b2f49a7a59cd1723e2b16a3efea2" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +0,
|
||||||
|
+ "818ad31a5110b6217cc6ffa099d554aaadc9566bf5291e104a5d58b21d51ae4d"
|
||||||
|
+ "c216c6de888d1359066c584e24e6606f530a3fce80ef78aed8564de4a28801c8" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +1,
|
||||||
|
+ "298805f5fc68488712427c1bcb27581d91aa04337c1c6b4657489ed3d239bb8b"
|
||||||
|
+ "c70ef654065d380ac1f5596aca5cb59e6da8044b5a067e32ea4cd94ca606f9f3" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +64,
|
||||||
|
+ "7bd35c3bee621bc0fb8907904b3b84d6cf4fae4c22cc64fbc744c8c5c8de806d"
|
||||||
|
+ "0f11a27892d531dc907426597737762c83e3ddcdc62f50d16d130aaefaeec436" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA1, 6, -64,
|
||||||
|
+ "eeee82d952403313bd63d6d7c8e342df0a1eea77" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, -1,
|
||||||
|
+ "8217b9f987d67db5880bcfff1d6763a6514d629f" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +0,
|
||||||
|
+ "2b38aa63c05668217e5331320a4aee0adad7fc3b" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +1,
|
||||||
|
+ "f3222de4d0704554cff0a537bc95b30f15daa94f" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +64,
|
||||||
|
+ "b3bdd8065bb92d8208d55d28fad2281c6fbf2601" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA256, 6, -64,
|
||||||
|
+ "a2d5add5be904b70d6ef9bcd5feb9c6cfc2be0799732a122d9eccb576ff5a922" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, -1,
|
||||||
|
+ "88293b7e0e5a47fdef1148c6e510f95272770db6b5296958380209ba57db7a5d" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +0,
|
||||||
|
+ "ccee8e8dfc366eba67471e49c45057b0041be0d2206c6de1aa765ce07ecfc434" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +1,
|
||||||
|
+ "f4a89e92b38e0e61ee17079dc31411de06cfe1f77c83095ae1a2e7aa0205d94b" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +64,
|
||||||
|
+ "338708608c2356ed2927a85b08fe745223c6140243fb3a87f309e12b31b946a8" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA512, 6, -64,
|
||||||
|
+ "658f52850932633c00b2f1d65b874c540ab84e2c0fe84a8a6c35f8e90e6f6a9c"
|
||||||
|
+ "2f7e0ccca5064783562a42ad8f47eab48687aaf6998b04ee94441e82c14e834d" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, -1,
|
||||||
|
+ "9ead6d66b46a3a72d77c7990874cfebc1575e5bfda6026430d76b3db6cc62d52"
|
||||||
|
+ "4ca0dd2674b9c24208b2e780d75542572eee8df6724acadcc23a03eed8f82f0a" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +0,
|
||||||
|
+ "03e4549eb28bd0fb1606c321f1498503b5e889bec8d799cf0688567c7f8ac0d9"
|
||||||
|
+ "a7ec4e84d1d729d6a359797656e286617c3ef82abb51991bb576aaf05f7b6573" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +1,
|
||||||
|
+ "ffe52f6385ccde6fa7d45845787d8f9993fdcb5833fb58b13c424a84e39ea50f"
|
||||||
|
+ "52d40e254fe667cb0104ffe3837dc8d0eee3c81721cb8eac10d5851dfb1f91db" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +64,
|
||||||
|
+ "4a19da3d5eaaa79ac1eaff5e4062f23ee56573411f8d302f7bf3c6da8779bd00"
|
||||||
|
+ "a936e9ad7f535597a49162ed308b0cced7724667f97a1bb24540152fcfe3ec95" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, -64,
|
||||||
|
+ "a99f2913d3beb9b45273402e30daa4d25c7a5e9eb8cf6039996eb2292a45c04c"
|
||||||
|
+ "b9e3a1a187f71920626f465ed6cf7dc34047ec5578e05516374bb9c56683903a" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, -1,
|
||||||
|
+ "fca50bde79c55e5fc4c9d97e66eb5cfacef7032395848731e645ca42f07f8d38"
|
||||||
|
+ "be1d593727c2a82b9a9bc058ebc9744971f867fa920cfa902023448243ac017b" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +0,
|
||||||
|
+ "c61bb345c0a553edaa89fd38114ac9799b6d307ba8e3cde53552ad4c77cfe4b7"
|
||||||
|
+ "2671d82c1519c8e7b23153a9268e2939239564fc7c2060608aa42955e938840d" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +1,
|
||||||
|
+ "502a83d8d1b977312806382a45c1cc9c0e7db437ca962e37eb181754d59db686"
|
||||||
|
+ "14d91df286d510411adf69f7c9befc1027bdc0c33a48a5dd6ae0957b9061e7ca" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +64,
|
||||||
|
+ "207bfb83ae788ddd4531188567f0892bbddbbc88d69bc196b2357bee3e668706"
|
||||||
|
+ "c27f832ecb50e9ae5b63e9f384bdc37373958d4a14f3825146d2f6b1a65d8e51" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SM3, 6, -64,
|
||||||
|
+ "41d96d19cef4c942b0f5f4cdc3e1afe440dc62c0bc103a2c0e9eee9e1733a74a" },
|
||||||
|
+ { GCRY_MD_SM3, 6, -1,
|
||||||
|
+ "b7689cc4ef6c7dc795b9e5e6998e5cc3dc1daec02bc1181cdbef8d6812b4957a" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +0,
|
||||||
|
+ "c6eae4a82052423cf98017bde4dee8769947c66120a1a2ff79f0f0dc945a3272" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +1,
|
||||||
|
+ "f6590f161fee11529585c7a9dfc725f8b81951e49b616844097a3dbdc9ffdbec" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +64,
|
||||||
|
+ "f3277fa90c47afe5e4fc52374aadf8e96bc29c2b5a7a4ebf5d704245ada837ea" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, -64,
|
||||||
|
+ "0f3c17610777c34d40a0d11a93d5e5ed444ce16edefebabd0bc8e30392d5c2db" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, -1,
|
||||||
|
+ "92cbcf142c45de9d64da9791c51dce4e32b58f74d9f3d201b1ea74deac765f51" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +0,
|
||||||
|
+ "b20702cb5a0bee2ab104f38eb513429589310a7edde81dd1f40043be7d16d0de" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +1,
|
||||||
|
+ "bfc17dc74930989841da05aac08402bf0dcb4a597b17c52402a516ea7e541cdf" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +64,
|
||||||
|
+ "d85588cdf5a00bec1327da02f22f1a10b68dd9d6b730f30a3aa65af3a51c1722" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, -64,
|
||||||
|
+ "30b6015f94524861b04b83f0455be10a993460e0f8f0fd755fc3d0270b0c7d00"
|
||||||
|
+ "039a6e01684ce0689ce4ef70932bd19a676acf4b4ea521c30337d2f445fc2055" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, -1,
|
||||||
|
+ "49abef820ad7fc5e6ed9b63acddce639a69dcd749b0798b140216649bc3b927c"
|
||||||
|
+ "637dbe1cb39a41bbafe7f8b675401ccdcf69a7fba227ae4cda5cd28b9ff36776" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +0,
|
||||||
|
+ "4182a7307a89391b78af9dbc3ba1e8d643708abbed5919086aa6e2bc65ae9597"
|
||||||
|
+ "e40229450c86ac5d3117b006427dd0131f5ae4c1a1d64c81420d2731536c81d8" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +1,
|
||||||
|
+ "33c0d9e65b1b18e9556134a08c1e725c19155bbf6ed4349d7d6d678f1827fef3"
|
||||||
|
+ "74b6e3381471f3d3fff7ffbcb9474ce9038143b99e25cd5f8afbb336313d4648" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +64,
|
||||||
|
+ "d2d7f388611af78a2ea40b06f99993cff156afd25cbc47695bdb567d4d35b992"
|
||||||
|
+ "0ff8c325c359a2bdeddf54ececc671ac7b981031e90a7d63d6e0415ec4484282" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, -64,
|
||||||
|
+ "247707d1f9cf31b90ee68527144b1c20ad5ce96293bdccd1a81c8f40bc9df10c"
|
||||||
|
+ "e7441ac3b3097162d6fbf4d4b67b8fa09de451e2d920f16aad78c47ab00cb833" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, -1,
|
||||||
|
+ "af49e4a553bdbec1fdafc41713029e0fb1666894753c0ab3ecb280fc5af6eff8"
|
||||||
|
+ "253120745a229d7a8b5831711e4fd16ed0741258504d8a47e2b42aa2f1886968" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +0,
|
||||||
|
+ "f269ffa424bc2aad2da654f01783fc9b2b431219f2b05784d718da0935e78792"
|
||||||
|
+ "9207b000ebbfb63dfdcc8adf8e5bd321d9616c1b8357430b9be6cb4640df8609" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +1,
|
||||||
|
+ "52b77eb13129151b69b63c09abb655dc9cb046cafd4cbf7d4a82ae04b61ef9e6"
|
||||||
|
+ "531dde04cae7c5ab400ed8ee8da2e3f490d177289b2b3aa29b12b292954b902c" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +64,
|
||||||
|
+ "60a950c92f3f08abbc81c41c86ce0463679ffd5ab420e988e15b210615b454ae"
|
||||||
|
+ "69607d14a1806fa44aacf8c926fbdcee998af46f56e0c642d3fb4ee54c8fb917" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_CRC32, 6, -64, "20739052" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, -1, "971a5a74" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +0, "bf48113c" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +1, "c7678ad5" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +64, "1efa7255" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, -64, "747e81" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, -1, "deb97d" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +0, "7d5bea" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +1, "acc351" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +64, "9d9032" },
|
||||||
|
+
|
||||||
|
{ 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -251,12 +415,38 @@ run_longtest (int algo, int gigs)
|
||||||
|
gcry_md_hd_t hd_post = NULL;
|
||||||
|
gcry_md_hd_t hd_post2 = NULL;
|
||||||
|
char pattern[1024];
|
||||||
|
- int i, g;
|
||||||
|
+ char *hugepattern = NULL;
|
||||||
|
+ size_t hugesize;
|
||||||
|
+ size_t hugegigs;
|
||||||
|
+ int i, g, gppos, gptot;
|
||||||
|
const unsigned char *digest;
|
||||||
|
unsigned int digestlen;
|
||||||
|
|
||||||
|
memset (pattern, 'a', sizeof pattern);
|
||||||
|
|
||||||
|
+ if (use_hugeblock)
|
||||||
|
+ {
|
||||||
|
+ hugegigs = 5;
|
||||||
|
+ if (sizeof(size_t) >= 8)
|
||||||
|
+ {
|
||||||
|
+ hugesize = hugegigs*1024*1024*1024;
|
||||||
|
+ hugepattern = malloc(hugesize);
|
||||||
|
+ if (hugepattern != NULL)
|
||||||
|
+ memset(hugepattern, 'a', hugesize);
|
||||||
|
+ else
|
||||||
|
+ show_note ("failed to allocate %d GiB huge pattern block: %s",
|
||||||
|
+ hugegigs, strerror(errno));
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ show_note ("cannot allocate %d GiB huge pattern block on 32-bit system",
|
||||||
|
+ hugegigs);
|
||||||
|
+ }
|
||||||
|
+ if (hugepattern == NULL)
|
||||||
|
+ {
|
||||||
|
+ hugegigs = 0;
|
||||||
|
+ hugesize = 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
err = gcry_md_open (&hd, algo, 0);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
@@ -267,9 +457,17 @@ run_longtest (int algo, int gigs)
|
||||||
|
|
||||||
|
digestlen = gcry_md_get_algo_dlen (algo);
|
||||||
|
|
||||||
|
-
|
||||||
|
- for (g=0; g < gigs; g++)
|
||||||
|
+ gppos = 0;
|
||||||
|
+ gptot = 0;
|
||||||
|
+ for (g=0; g < gigs; )
|
||||||
|
{
|
||||||
|
+ if (gppos >= 16)
|
||||||
|
+ {
|
||||||
|
+ gptot += 16;
|
||||||
|
+ gppos -= 16;
|
||||||
|
+ show_note ("%d GiB so far hashed with %s", gptot,
|
||||||
|
+ gcry_md_algo_name (algo));
|
||||||
|
+ }
|
||||||
|
if (g == gigs - 1)
|
||||||
|
{
|
||||||
|
for (i = 0; i < 1024*1023; i++)
|
||||||
|
@@ -283,16 +481,24 @@ run_longtest (int algo, int gigs)
|
||||||
|
die ("gcry_md_copy failed for %s (%d): %s",
|
||||||
|
gcry_md_algo_name (algo), algo, gpg_strerror (err));
|
||||||
|
gcry_md_write (hd, pattern, sizeof pattern);
|
||||||
|
+ g++;
|
||||||
|
+ gppos++;
|
||||||
|
+ }
|
||||||
|
+ else if (hugepattern != NULL && gigs - g > hugegigs)
|
||||||
|
+ {
|
||||||
|
+ gcry_md_write (hd, hugepattern, hugesize);
|
||||||
|
+ g += hugegigs;
|
||||||
|
+ gppos += hugegigs;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for (i = 0; i < 1024*1024; i++)
|
||||||
|
gcry_md_write (hd, pattern, sizeof pattern);
|
||||||
|
+ g++;
|
||||||
|
+ gppos++;
|
||||||
|
}
|
||||||
|
- if (g && !(g % 16))
|
||||||
|
- show_note ("%d GiB so far hashed with %s", g, gcry_md_algo_name (algo));
|
||||||
|
}
|
||||||
|
- if (g >= 16)
|
||||||
|
+ if (g >= 16 && gppos)
|
||||||
|
show_note ("%d GiB hashed with %s", g, gcry_md_algo_name (algo));
|
||||||
|
|
||||||
|
err = gcry_md_copy (&hd_post, hd);
|
||||||
|
@@ -335,6 +541,8 @@ run_longtest (int algo, int gigs)
|
||||||
|
gcry_md_close (hd_pre2);
|
||||||
|
gcry_md_close (hd_post);
|
||||||
|
gcry_md_close (hd_post2);
|
||||||
|
+
|
||||||
|
+ free(hugepattern);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -361,9 +569,12 @@ main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
fputs ("usage: " PGM " [options] [algos]\n"
|
||||||
|
"Options:\n"
|
||||||
|
- " --verbose print timings etc.\n"
|
||||||
|
- " --debug flyswatter\n"
|
||||||
|
- " --gigs N Run a test on N GiB\n",
|
||||||
|
+ " --verbose print timings etc.\n"
|
||||||
|
+ " --debug flyswatter\n"
|
||||||
|
+ " --hugeblock Use 5 GiB pattern block\n"
|
||||||
|
+ " --gigs N Run a test on N GiB\n"
|
||||||
|
+ " --disable-hwf <features> Disable hardware acceleration feature(s)\n"
|
||||||
|
+ " for benchmarking.\n",
|
||||||
|
stdout);
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
@@ -378,6 +589,11 @@ main (int argc, char **argv)
|
||||||
|
debug++;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
+ else if (!strcmp (*argv, "--hugeblock"))
|
||||||
|
+ {
|
||||||
|
+ use_hugeblock = 1;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
else if (!strcmp (*argv, "--gigs"))
|
||||||
|
{
|
||||||
|
argc--; argv++;
|
||||||
|
@@ -387,6 +603,21 @@ main (int argc, char **argv)
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ else if (!strcmp (*argv, "--disable-hwf"))
|
||||||
|
+ {
|
||||||
|
+ argc--;
|
||||||
|
+ argv++;
|
||||||
|
+ if (argc)
|
||||||
|
+ {
|
||||||
|
+ if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ PGM
|
||||||
|
+ ": unknown hardware feature `%s' - option ignored\n",
|
||||||
|
+ *argv);
|
||||||
|
+ argc--;
|
||||||
|
+ argv++;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
else if (!strncmp (*argv, "--", 2))
|
||||||
|
die ("unknown option '%s'", *argv);
|
||||||
|
}
|
||||||
|
diff --git a/tests/testdrv.c b/tests/testdrv.c
|
||||||
|
index 0ccde326..bfca4c23 100644
|
||||||
|
--- a/tests/testdrv.c
|
||||||
|
+++ b/tests/testdrv.c
|
||||||
|
@@ -78,7 +78,12 @@ static struct {
|
||||||
|
{ "t-ed448" },
|
||||||
|
{ "benchmark" },
|
||||||
|
{ "bench-slope" },
|
||||||
|
- { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SM3",
|
||||||
|
+ { "hashtest-6g", "hashtest", "--hugeblock --gigs 6 SHA1 SHA256 SHA512 "
|
||||||
|
+ "SHA3-512 SM3 BLAKE2S_256 "
|
||||||
|
+ "BLAKE2B_512 CRC32 "
|
||||||
|
+ "CRC24RFC2440",
|
||||||
|
+ LONG_RUNNING },
|
||||||
|
+ { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SHA3-512 SM3",
|
||||||
|
LONG_RUNNING },
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
From 567bc62e1c3046594088de7209fee7c545ece1e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 30 Sep 2022 14:54:14 +0200
|
||||||
|
Subject: [PATCH] tests: Avoid memory leak
|
||||||
|
|
||||||
|
* tests/hashtest.c (run_longtest): Avoid memory leak on error
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/hashtest.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/tests/hashtest.c b/tests/hashtest.c
|
||||||
|
index 9389e50c..379f7c40 100644
|
||||||
|
--- a/tests/hashtest.c
|
||||||
|
+++ b/tests/hashtest.c
|
||||||
|
@@ -452,6 +452,7 @@ run_longtest (int algo, int gigs)
|
||||||
|
{
|
||||||
|
fail ("gcry_md_open failed for %s (%d): %s",
|
||||||
|
gcry_md_algo_name (algo), algo, gpg_strerror (err));
|
||||||
|
+ free(hugepattern);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -16,19 +16,41 @@ print(string.sub(hash, 0, 16))
|
|||||||
|
|
||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.10.0
|
Version: 1.10.0
|
||||||
Release: 5%{?dist}
|
Release: 9%{?dist}
|
||||||
URL: https://www.gnupg.org/
|
URL: https://www.gnupg.org/
|
||||||
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
|
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
|
||||||
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
||||||
Source2: wk@g10code.com
|
Source2: wk@g10code.com
|
||||||
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
|
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
|
||||||
Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
|
|
||||||
Patch3: libgcrypt-1.10.0-ppc-hwf.patch
|
Patch3: libgcrypt-1.10.0-ppc-hwf.patch
|
||||||
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
|
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
|
||||||
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
|
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
|
||||||
Patch6: libgcrypt-1.10.0-fips-getrandom.patch
|
Patch6: libgcrypt-1.10.0-fips-getrandom.patch
|
||||||
|
# https://dev.gnupg.org/T6127
|
||||||
|
# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
|
||||||
Patch7: libgcrypt-1.10.0-fips-selftest.patch
|
Patch7: libgcrypt-1.10.0-fips-selftest.patch
|
||||||
Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
|
# https://dev.gnupg.org/T6217
|
||||||
|
Patch9: libgcrypt-1.10.0-sha3-large.patch
|
||||||
|
# https://dev.gnupg.org/T5919
|
||||||
|
Patch10: libgcrypt-1.10.0-fips-keygen.patch
|
||||||
|
# https://dev.gnupg.org/T6219
|
||||||
|
# f4a861f3e5ae82f278284061e4829c03edf9c3a7
|
||||||
|
Patch11: libgcrypt-1.10.0-fips-kdf.patch
|
||||||
|
# c34c9e70055ee43e5ef257384fa15941f064e5a4
|
||||||
|
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/13
|
||||||
|
Patch12: libgcrypt-1.10.0-fips-indicator.patch
|
||||||
|
# beb5d6df5c5785db7c32a24a5d2a351cb964bfbc
|
||||||
|
# 521500624b4b11538d206137205e2a511dad7072
|
||||||
|
# 9dcf9305962b90febdf2d7cc73b49feadbf6a01f
|
||||||
|
# a340e980388243ceae6df57d101036f3f2a955be
|
||||||
|
Patch13: libgcrypt-1.10.0-fips-integrity.patch
|
||||||
|
# 3c8b6c4a9cad59c5e1db5706f6774a3141b60210
|
||||||
|
# 052c5ef4cea56772b7015e36f231fa0bcbf91410
|
||||||
|
Patch14: libgcrypt-1.10.0-fips-integrity2.patch
|
||||||
|
# 06ea5b5332ffdb44a0a394d766be8989bcb6a95c
|
||||||
|
Patch15: libgcrypt-1.10.0-fips-x931.patch
|
||||||
|
# bf1e62e59200b2046680d1d3d1599facc88cfe63
|
||||||
|
Patch16: libgcrypt-1.10.0-fips-rsa-pss.patch
|
||||||
|
|
||||||
%global gcrylibdir %{_libdir}
|
%global gcrylibdir %{_libdir}
|
||||||
%global gcrysoname libgcrypt.so.20
|
%global gcrysoname libgcrypt.so.20
|
||||||
@ -65,13 +87,19 @@ applications using libgcrypt.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch9 -p1
|
||||||
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
%patch12 -p1
|
||||||
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
%patch15 -p1
|
||||||
|
%patch16 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# This package has a configure test which uses ASMs, but does not link the
|
# This package has a configure test which uses ASMs, but does not link the
|
||||||
@ -98,6 +126,7 @@ autoreconf -f
|
|||||||
--enable-noexecstack \
|
--enable-noexecstack \
|
||||||
--enable-hmac-binary-check=%{hmackey} \
|
--enable-hmac-binary-check=%{hmackey} \
|
||||||
--disable-brainpool \
|
--disable-brainpool \
|
||||||
|
--disable-jent-support \
|
||||||
--enable-digests="$DIGESTS" \
|
--enable-digests="$DIGESTS" \
|
||||||
--enable-ciphers="$CIPHERS" \
|
--enable-ciphers="$CIPHERS" \
|
||||||
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
|
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
|
||||||
@ -115,12 +144,12 @@ LIBGCRYPT_FORCE_FIPS_MODE=1 make check
|
|||||||
%{?__debug_package:%{__debug_install_post}} \
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
%{__arch_install_post} \
|
%{__arch_install_post} \
|
||||||
%{__os_install_post} \
|
%{__os_install_post} \
|
||||||
dd if=/dev/zero of=%{libpath}.hmac bs=32 count=1 \
|
cd src \
|
||||||
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath} %{libpath}.empty \
|
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
|
||||||
src/hmac256 --binary %{hmackey} %{libpath}.empty > %{libpath}.hmac \
|
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
|
||||||
objcopy --update-section .rodata1=%{libpath}.hmac %{libpath}.empty %{libpath}.new \
|
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
|
||||||
mv -f %{libpath}.new %{libpath} \
|
mv -f %{libpath}.new %{libpath} \
|
||||||
rm -f %{libpath}.hmac %{libpath}.empty
|
rm -f %{libpath}.hmac
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -190,6 +219,30 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 24 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-9
|
||||||
|
- Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode
|
||||||
|
- Do not allow large salt lengths with RSA-PSS padding
|
||||||
|
- Disable X9.31 key generation in FIPS mode
|
||||||
|
- Update the FIPS integrity checking code to upstream version
|
||||||
|
- Update cipher modes FIPS indicators for AES WRAP and GCM
|
||||||
|
- Disable jitter entropy generator
|
||||||
|
|
||||||
|
* Thu Oct 20 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-8
|
||||||
|
- Fix unneeded PBKDF2 passphrase length limitation in FIPS mode
|
||||||
|
- Enforce HMAC key lengths in MD API in FIPS mode
|
||||||
|
|
||||||
|
* Thu Oct 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-7
|
||||||
|
- Properly enforce KDF limits in FIPS mode (#2130275)
|
||||||
|
- Fix memory leak in large digest test (#2129150)
|
||||||
|
- Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275)
|
||||||
|
- Skip RSA encryption/decryption selftest in FIPS mode (#2130275)
|
||||||
|
|
||||||
|
* Tue Sep 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-6
|
||||||
|
- Fix SHA3 digests with large inputs (#2129150)
|
||||||
|
- Fix FIPS RSA PCT (#2128455)
|
||||||
|
- Fix RSA FIPS Keygen that non-deterministically fails (#2130275)
|
||||||
|
- Get max 32B from getrandom in FIPS mode (#2130275)
|
||||||
|
|
||||||
* Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5
|
* Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5
|
||||||
- Allow signature verification with smaller RSA keys (#2083846)
|
- Allow signature verification with smaller RSA keys (#2083846)
|
||||||
- Allow short salt for KDF (#2114870)
|
- Allow short salt for KDF (#2114870)
|
||||||
|
Loading…
Reference in New Issue
Block a user