diff --git a/hobble-libgcrypt b/hobble-libgcrypt index cc53cc1..3c76f73 100755 --- a/hobble-libgcrypt +++ b/hobble-libgcrypt @@ -9,3 +9,4 @@ set -e -x rm -f cipher/ecc-curves.c rm -f tests/curves.c rm -f tests/t-mpi-point.c +rm -f tests/keygrip.c diff --git a/keygrip.c b/keygrip.c new file mode 100644 index 0000000..56fbba8 --- /dev/null +++ b/keygrip.c @@ -0,0 +1,341 @@ +/* keygrip.c - verifies that keygrips are calculated as expected + * Copyright (C) 2005 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#define PGM "keygrip" +#include "t-common.h" + +static int repetitions; + + + +static void +print_hex (const char *text, const void *buf, size_t n) +{ + const unsigned char *p = buf; + + fputs (text, stdout); + for (; n; n--, p++) + printf ("%02X", *p); + putchar ('\n'); +} + + + + +static struct +{ + int algo; + const char *key; + const unsigned char grip[20]; +} key_grips[] = + { + { + GCRY_PK_RSA, + "(private-key" + " (rsa" + " (n #00B6B509596A9ECABC939212F891E656A626BA07DA8521A9CAD4C08E640C04052FBB87F424EF1A0275A48A9299AC9DB69ABE3D0124E6C756B1F7DFB9B842D6251AEA6EE85390495CADA73D671537FCE5850A932F32BAB60AB1AC1F852C1F83C625E7A7D70CDA9EF16D5C8E47739D77DF59261ABE8454807FF441E143FBD37F8545#)" + " (e #010001#)" + " (d #077AD3DE284245F4806A1B82B79E616FBDE821C82D691A65665E57B5FAD3F34E67F401E7BD2E28699E89D9C496CF821945AE83AC7A1231176A196BA6027E77D85789055D50404A7A2A95B1512F91F190BBAEF730ED550D227D512F89C0CDB31AC06FA9A19503DDF6B66D0B42B9691BFD6140EC1720FFC48AE00C34796DC899E5#)" + " (p #00D586C78E5F1B4BF2E7CD7A04CA091911706F19788B93E44EE20AAF462E8363E98A72253ED845CCBF2481BB351E8557C85BCFFF0DABDBFF8E26A79A0938096F27#)" + " (q #00DB0CDF60F26F2A296C88D6BF9F8E5BE45C0DDD713C96CC73EBCB48B061740943F21D2A93D6E42A7211E7F02A95DCED6C390A67AD21ECF739AE8A0CA46FF2EBB3#)" + " (u #33149195F16912DB20A48D020DBC3B9E3881B39D722BF79378F6340F43148A6E9FC5F53E2853B7387BA4443BA53A52FCA8173DE6E85B42F9783D4A7817D0680B#)))", + "\x32\xCF\xFA\x85\xB1\x79\x1F\xBB\x26\x14\xE9\x1A\xFD\xF3\xAF\xE3\x32\x08\x2E\x25" + }, + { + GCRY_PK_DSA, + " (public-key" + " (dsa" + " (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)" + " (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)" + " (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)" + " (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)))", + "\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10" + + }, + { + GCRY_PK_DSA, + "(private-key" + " (dsa" + " (p #0084E4C626E16005770BD9509ABF7354492E85B8C0060EFAAAEC617F725B592FAA59DF5460575F41022776A9718CE62EDD542AB73C7720869EBDBC834D174ADCD7136827DF51E2613545A25CA573BC502A61B809000B6E35F5EB7FD6F18C35678C23EA1C3638FB9CFDBA2800EE1B62F41A4479DE824F2834666FBF8DC5B53C2617#)" + " (q #00B0E6F710051002A9F425D98A677B18E0E5B038AB#)" + " (g #44370CEE0FE8609994183DBFEBA7EEA97D466838BCF65EFF506E35616DA93FA4E572A2F08886B74977BC00CA8CD3DBEA7AEB7DB8CBB180E6975E0D2CA76E023E6DE9F8CCD8826EBA2F72B8516532F6001DEFFAE76AA5E59E0FA33DBA3999B4E92D1703098CDEDCC416CF008801964084CDE1980132B2B78CB4CE9C15A559528B#)" + " (y #3D5DD14AFA2BF24A791E285B90232213D0E3BA74AB1109E768AED19639A322F84BB7D959E2BA92EF73DE4C7F381AA9F4053CFA3CD4527EF9043E304E5B95ED0A3A5A9D590AA641C13DB2B6E32B9B964A6A2C730DD3EA7C8E13F7A140AFF1A91CE375E9B9B960384779DC4EA180FA1F827C52288F366C0770A220F50D6D8FD6F6#)" + " (x #0087F9E91BFBCC1163DE71ED86D557708E32F8ADDE#)))", + "\x04\xA3\x4F\xA0\x2B\x03\x94\xD7\x32\xAD\xD5\x9B\x50\xAF\xDB\x5D\x57\x22\xA6\x10" + }, + { + GCRY_PK_ECDSA, + "(public-key" + " (ecdsa(flags param)" + " (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)" + " (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)" + " (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)" + " (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)" + " (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)" + " (h #000000000000000000000000000000000000000000000000000000000000000001#)" + " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))", + "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6" + }, + { + GCRY_PK_ECDSA, + "(public-key" + " (ecdsa(flags param)" + " (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)" + " (curve \"NIST P-256\")" + " (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)" + " (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)" + " (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)" + " (h #000000000000000000000000000000000000000000000000000000000000000001#)" + " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))", + "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6" + }, + { + GCRY_PK_ECDSA, + "(public-key" + " (ecdsa" + " (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)" + " (curve \"NIST P-256\")" + " (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)" + " (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)" + " (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)" + " (h #000000000000000000000000000000000000000000000000000000000000000001#)" + " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))", + "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6" + }, + { + GCRY_PK_ECDSA, + "(public-key" + " (ecdsa" + " (curve secp256r1)" + " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))", + "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6" + }, + { + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve secp256r1)" + " (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))", + "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6" + }, + { /* Ed25519 standard */ + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve Ed25519)" + " (q #04" + " 1CC662926E7EFF4982B7FB8B928E61CD74CCDD85277CC57196C3AD20B611085F" + " 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)" + " ))", + "\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8" + "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1" + }, + { /* Ed25519+EdDSA */ + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve Ed25519)(flags eddsa)" + " (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)" + " ))", + "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + }, + { /* Ed25519+EdDSA (with compression prefix) */ + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve Ed25519)(flags eddsa)" + " (q #40" + " 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)" + " ))", + "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + }, + { /* Ed25519+EdDSA (same but uncompressed)*/ + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve Ed25519)(flags eddsa)" + " (q #04" + " 629ad237d1ed04dcd4abe1711dd699a1cf51b1584c4de7a4ef8b8a640180b26f" + " 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)" + " ))", + "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + }, + { /* Cv25519 */ + GCRY_PK_ECC, + "(public-key" + " (ecc" + " (curve Curve25519)(flags djb-tweak)" + " (q #40" + " 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)" + " ))", + "\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39" + "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C" + }, + { /* Random key */ + GCRY_PK_RSA, + "(shadowed-private-key" + " (rsa" + " (n #00B493C79928398DA9D99AC0E949FE6EB62F683CB974FFFBFBC01066F5C9A89B" + " D3DC48EAD7C65F36EA943C2B2C865C26C4884FF9EDFDA8C99C855B737D77EEF6" + " B85DBC0CCEC0E900C1F89A6893A2A93E8B31028469B6927CEB2F08687E547C68" + " 6B0A2F7E50A194FF7AB7637E03DE0912EF7F6E5F1EC37625BD1620CCC2E7A564" + " 31E168CDAFBD1D9E61AE47A69A6FA03EF22F844528A710B2392F262B95A3078C" + " F321DC8325F92A5691EF69F34FD0DE0B22C79D29DC87723FCADE463829E8E5F7" + " D196D73D6C9C180F6A6A0DDBF7B9D8F7FA293C36163B12199EF6A1A95CAE4051" + " E3069C522CC6C4A7110F663A5DAD20F66C13A1674D050088208FAE4F33B3AB51" + " 03#)" + " (e #00010001#)" + " (shadowed t1-v1" + " (#D2760001240102000005000123350000# OPENPGP.1)" + ")))", + "\xE5\x6E\xE6\xEE\x5A\x2F\xDC\x3E\x98\x9D" + "\xFE\x49\xDA\xF5\x67\x43\xE3\x27\x28\x33" + } + }; + + +static void +check (void) +{ + unsigned char buf[20]; + unsigned char *ret; + gcry_error_t err; + gcry_sexp_t sexp; + unsigned int i; + int repn; + + for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++) + { + if (gcry_pk_test_algo (key_grips[i].algo)) + { + if (verbose) + fprintf (stderr, "algo %d not available; test skipped\n", + key_grips[i].algo); + continue; + } + err = gcry_sexp_sscan (&sexp, NULL, key_grips[i].key, + strlen (key_grips[i].key)); + if (err) + die ("scanning data %d failed: %s\n", i, gpg_strerror (err)); + + if (debug) + info ("check(%d): s-exp='%s'\n", i, key_grips[i].key); + + for (repn=0; repn < repetitions; repn++) + { + ret = gcry_pk_get_keygrip (sexp, buf); + if (!ret) + die ("gcry_pk_get_keygrip failed for %d\n", i); + + if ( memcmp (key_grips[i].grip, buf, sizeof (buf)) ) + { + print_hex ("keygrip: ", buf, sizeof buf); + die ("keygrip for %d does not match\n", i); + } + else if (debug && !repn) + print_hex ("keygrip: ", buf, sizeof buf); + } + + gcry_sexp_release (sexp); + } +} + + + +static void +progress_handler (void *cb_data, const char *what, int printchar, + int current, int total) +{ + (void)cb_data; + (void)what; + (void)current; + (void)total; + + putchar (printchar); +} + +int +main (int argc, char **argv) +{ + int last_argc = -1; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = 1; + debug = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--repetitions")) + { + argc--; argv++; + if (argc) + { + repetitions = atoi(*argv); + argc--; argv++; + } + } + } + + if (repetitions < 1) + repetitions = 1; + + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + + gcry_set_progress_handler (progress_handler, NULL); + + xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0)); + xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0)); + if (debug) + xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0)); + + check (); + + return 0; +} diff --git a/libgcrypt-1.9.2-coverity.patch b/libgcrypt-1.9.2-coverity.patch deleted file mode 100644 index 6673081..0000000 --- a/libgcrypt-1.9.2-coverity.patch +++ /dev/null @@ -1,55 +0,0 @@ -commit a8d6c6c1b258548260748eefba0532fd35c8ce47 -Author: NIIBE Yutaka -Date: Thu Apr 15 16:08:24 2021 +0900 - - cipher: Fix memory leaks for EdDSA. - - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Free the point Q. - (_gcry_ecc_eddsa_verify): Avoid memory leaks for points and MPIs. - - -- - - GnuPG-bug-id: 5385 - Co-authored-by: Jakub Jelen - Signed-off-by: NIIBE Yutaka - -diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c -index 2a1a8907..8b32545a 100644 ---- a/cipher/ecc-eddsa.c -+++ b/cipher/ecc-eddsa.c -@@ -641,7 +641,10 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) - ec->d = _gcry_mpi_set_opaque (NULL, dbuf, dlen*8); - rc = _gcry_ecc_eddsa_compute_h_d (&hash_d, ec); - if (rc) -- goto leave; -+ { -+ point_free (&Q); -+ goto leave; -+ } - - _gcry_mpi_set_buffer (a, hash_d, b, 0); - xfree (hash_d); -@@ -991,11 +994,6 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec, - if (!mpi_is_opaque (input) || !mpi_is_opaque (r_in) || !mpi_is_opaque (s_in)) - return GPG_ERR_INV_DATA; - -- point_init (&Ia); -- point_init (&Ib); -- h = mpi_new (0); -- s = mpi_new (0); -- - b = (ec->nbits+7)/8; - - if (ec->nbits == 255) -@@ -1005,6 +1003,11 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec, - else - return GPG_ERR_NOT_IMPLEMENTED; - -+ point_init (&Ia); -+ point_init (&Ib); -+ h = mpi_new (0); -+ s = mpi_new (0); -+ - /* Encode and check the public key. */ - rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0, - &encpk, &encpklen); diff --git a/libgcrypt-1.9.2-s390x-ocb.patch b/libgcrypt-1.9.2-s390x-ocb.patch deleted file mode 100644 index e7ff8e3..0000000 --- a/libgcrypt-1.9.2-s390x-ocb.patch +++ /dev/null @@ -1,253 +0,0 @@ -From 56da81ac47209dc41af08a129f5e0c15538261b2 Mon Sep 17 00:00:00 2001 -From: Jussi Kivilinna -Date: Thu, 25 Mar 2021 19:33:44 +0200 -Subject: [PATCH 1/3] tests/basic: add decryption check to - check_ocb_cipher_checksum - -* tests/basic.c (check_ocb_cipher_checksum): Add decryption. --- - -GnuPG-bug-id: T5356 -Signed-off-by: Jussi Kivilinna ---- - tests/basic.c | 32 +++++++++++++++++++++++++++++++- - 1 file changed, 31 insertions(+), 1 deletion(-) - -diff --git a/tests/basic.c b/tests/basic.c -index 9a7e33cc..b39b901a 100644 ---- a/tests/basic.c -+++ b/tests/basic.c -@@ -6800,9 +6800,10 @@ check_ocb_cipher_checksum (int algo, int keylen) - const size_t buflen = 128 * 16; - unsigned char *inbuf, *outbuf; - gpg_error_t err = 0; -- gcry_cipher_hd_t hde, hde2; -+ gcry_cipher_hd_t hde, hde2, hdd; - unsigned char tag[16]; - unsigned char tag2[16]; -+ unsigned char tag3[16]; - int i; - - inbuf = xmalloc(buflen); -@@ -6833,6 +6834,8 @@ check_ocb_cipher_checksum (int algo, int keylen) - err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0); - if (!err) - err = gcry_cipher_open (&hde2, algo, GCRY_CIPHER_MODE_OCB, 0); -+ if (!err) -+ err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0); - if (err) - { - fail ("cipher-ocb, gcry_cipher_open failed (checksum, algo %d): %s\n", -@@ -6843,24 +6846,30 @@ check_ocb_cipher_checksum (int algo, int keylen) - err = gcry_cipher_setkey (hde, key, keylen); - if (!err) - err = gcry_cipher_setkey (hde2, key, keylen); -+ if (!err) -+ err = gcry_cipher_setkey (hdd, key, keylen); - if (err) - { - fail ("cipher-ocb, gcry_cipher_setkey failed (checksum, algo %d): %s\n", - algo, gpg_strerror (err)); - gcry_cipher_close (hde); - gcry_cipher_close (hde2); -+ gcry_cipher_close (hdd); - goto out_free; - } - - err = gcry_cipher_setiv (hde, nonce, 12); - if (!err) - err = gcry_cipher_setiv (hde2, nonce, 12); -+ if (!err) -+ err = gcry_cipher_setiv (hdd, nonce, 12); - if (err) - { - fail ("cipher-ocb, gcry_cipher_setiv failed (checksum, algo %d): %s\n", - algo, gpg_strerror (err)); - gcry_cipher_close (hde); - gcry_cipher_close (hde2); -+ gcry_cipher_close (hdd); - goto out_free; - } - -@@ -6876,6 +6885,14 @@ check_ocb_cipher_checksum (int algo, int keylen) - if (!err) - err = gcry_cipher_encrypt (hde2, outbuf + i, 16, inbuf + i, 16); - } -+ if (!err) -+ { -+ err = gcry_cipher_final (hdd); -+ } -+ if (!err) -+ { -+ err = gcry_cipher_decrypt (hdd, outbuf, buflen, outbuf, buflen); -+ } - - if (err) - { -@@ -6883,6 +6900,7 @@ check_ocb_cipher_checksum (int algo, int keylen) - algo, gpg_strerror (err)); - gcry_cipher_close (hde); - gcry_cipher_close (hde2); -+ gcry_cipher_close (hdd); - goto out_free; - } - -@@ -6899,14 +6917,26 @@ check_ocb_cipher_checksum (int algo, int keylen) - fail ("cipher_ocb, gcry_cipher_gettag failed (checksum2, algo %d): %s\n", - algo, gpg_strerror (err)); - } -+ err = gcry_cipher_gettag (hdd, tag3, 16); -+ if (err) -+ { -+ fail ("cipher_ocb, gcry_cipher_gettag failed (checksum3, algo %d): %s\n", -+ algo, gpg_strerror (err)); -+ } - if (memcmp (tag, tag2, 16)) - { - mismatch (tag, 16, tag2, 16); - fail ("cipher-ocb, encrypt tag mismatch (checksum, algo %d)\n", algo); - } -+ if (memcmp (tag, tag3, 16)) -+ { -+ mismatch (tag, 16, tag3, 16); -+ fail ("cipher-ocb, decrypt tag mismatch (checksum, algo %d)\n", algo); -+ } - - gcry_cipher_close (hde); - gcry_cipher_close (hde2); -+ gcry_cipher_close (hdd); - - out_free: - xfree(inbuf); --- -2.27.0 - -From 21c273cecfd58408b8d3287f5bc8c246c3010313 Mon Sep 17 00:00:00 2001 -From: Jussi Kivilinna -Date: Thu, 25 Mar 2021 19:43:41 +0200 -Subject: [PATCH 2/3] tests/basic: OCB large buffer check: make input buffer - non-repeatable - -* tests/basic.c (check_ocb_cipher_largebuf_split): Use SHA1 to -initialize input buffer. -(check_ocb_cipher): Update largebuf test vectors. --- - -GnuPG-bug-id: T5356 -Signed-off-by: Jussi Kivilinna ---- - tests/basic.c | 36 +++++++++++++++++++++++------------- - 1 file changed, 23 insertions(+), 13 deletions(-) - -diff --git a/tests/basic.c b/tests/basic.c -index b39b901a..f9ada8ef 100644 ---- a/tests/basic.c -+++ b/tests/basic.c -@@ -6630,8 +6630,18 @@ check_ocb_cipher_largebuf_split (int algo, int keylen, const char *tagexpect, - return; - } - -- for (i = 0; i < buflen; i++) -- inbuf[i] = (unsigned int)(i + 181081) * 5039U; -+ for (i = 0; i < buflen; i += 16) -+ { -+ unsigned char hash[20]; -+ unsigned char ctr[4]; -+ -+ ctr[0] = (i >> 0) & 0xff; -+ ctr[1] = (i >> 8) & 0xff; -+ ctr[2] = (i >> 16) & 0xff; -+ ctr[3] = (i >> 24) & 0xff; -+ gcry_md_hash_buffer (GCRY_MD_SHA1, hash, ctr, sizeof(ctr)); -+ memcpy(inbuf + i, hash, 16); -+ } - - err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0); - if (!err) -@@ -7200,27 +7210,27 @@ check_ocb_cipher (void) - - /* Check large buffer encryption/decryption. */ - check_ocb_cipher_largebuf(GCRY_CIPHER_AES, 16, -- "\xc1\x5b\xf1\x80\xa4\xd5\xea\xfd\xae\x17\xa6\xcd\x6b\x10\xa8\xea"); -+ "\x4a\x00\x7f\x8d\xbe\x38\x32\x48\xb2\x2f\x7f\x27\xd8\x15\x7f\xb0"); - check_ocb_cipher_largebuf(GCRY_CIPHER_AES256, 32, -- "\x2b\xb7\x25\x6b\x77\xc7\xfb\x21\x5c\xc9\x6c\x36\x17\x1a\x1a\xd5"); -+ "\xec\xc5\xe9\x2b\x24\x91\xba\x64\xbc\xe3\x62\xb6\x83\x20\xad\xbd"); - check_ocb_cipher_largebuf(GCRY_CIPHER_CAMELLIA128, 16, -- "\xe0\xae\x3f\x29\x3a\xee\xd8\xe3\xf2\x20\xc1\xa2\xd8\x72\x12\xd9"); -+ "\xd5\xbd\x76\xec\x75\x4a\xab\x6c\x13\xec\x87\x95\x11\xd4\xf0\x3d"); - check_ocb_cipher_largebuf(GCRY_CIPHER_CAMELLIA192, 24, -- "\xd7\x98\x71\xcf\x19\x5c\xa3\x3d\x6c\xfc\xc9\xbe\x9f\x13\x6b\xbd"); -+ "\xde\xdd\x6b\xbf\xce\x15\x01\x39\x7c\xc5\x69\x19\x72\xa2\x67\x23"); - check_ocb_cipher_largebuf(GCRY_CIPHER_CAMELLIA256, 32, -- "\x03\xf6\xec\x1a\x0e\xae\x66\x24\x2b\xba\x26\x0f\xb3\xb3\x1f\xb9"); -+ "\x0c\xf3\xd5\x82\x20\x73\xee\x0f\xbd\x6b\x32\x38\xf9\x10\xef\xe5"); - check_ocb_cipher_largebuf(GCRY_CIPHER_TWOFISH, 16, -- "\x1c\xf9\xc7\xfc\x3a\x32\xac\xc7\x5e\x0a\xc2\x5c\x90\xd6\xf6\xf9"); -+ "\x54\x87\x68\xb6\x17\xe6\xd7\xa6\x76\x0d\x7e\x9f\x57\x8b\xec\x88"); - check_ocb_cipher_largebuf(GCRY_CIPHER_TWOFISH, 32, -- "\x53\x02\xc8\x0d\x4e\x9a\x44\x9e\x43\xd4\xaa\x06\x30\x93\xcc\x16"); -+ "\x0b\xc3\x93\x52\xfa\x97\x22\xe6\x88\x6e\x29\x4d\x77\x35\x48\x84"); - check_ocb_cipher_largebuf(GCRY_CIPHER_SERPENT128, 16, -- "\xd3\x64\xac\x40\x48\x88\x77\xe2\x41\x26\x4c\xde\x21\x29\x21\x8d"); -+ "\x7e\x49\x3b\xd6\xde\x6e\x9e\x53\x67\xcd\x00\xad\xc9\xd9\xa5\xbc"); - check_ocb_cipher_largebuf(GCRY_CIPHER_SERPENT192, 24, -- "\x99\xeb\x35\xb0\x62\x4e\x7b\xf1\x5e\x9f\xed\x32\x78\x90\x0b\xd0"); -+ "\x1e\x33\x0e\x06\xc8\x27\x6a\x0b\x41\x5e\x93\xae\x39\xf4\x50\x12"); - check_ocb_cipher_largebuf(GCRY_CIPHER_SERPENT256, 32, -- "\x71\x66\x2f\x68\xbf\xdd\xcc\xb1\xbf\x81\x56\x5f\x01\x73\xeb\x44"); -+ "\x6b\x4c\x3f\x8f\x77\x75\xf2\x4d\xaf\xde\x2c\x5f\x1a\x80\xb8\x4d"); - check_ocb_cipher_largebuf(GCRY_CIPHER_SM4, 16, -- "\x2c\x0b\x31\x0b\xf4\x71\x9b\x01\xf4\x18\x5d\xf1\xe9\x3d\xed\x6b"); -+ "\x3c\x32\x54\x5d\xc5\x17\xa1\x16\x3f\x8e\xc7\x1d\x8d\x8b\x2d\xb0"); - - /* Check that the AAD data is correctly buffered. */ - check_ocb_cipher_splitaad (); --- -2.27.0 - -From 68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad Mon Sep 17 00:00:00 2001 -From: Jussi Kivilinna -Date: Thu, 25 Mar 2021 19:52:23 +0200 -Subject: [PATCH 3/3] rijndael-s390x: fix checksum calculation in OCB - decryption - -* cipher/rijndael-s390x.c (aes_s390x_ocb_dec): Calculate checksum -after decryption instead of inlining. --- - -OCB decryption was missing checksum inlining in 64 block loop. - -GnuPG-bug-id: T5356 -Signed-off-by: Jussi Kivilinna ---- - cipher/rijndael-s390x.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/cipher/rijndael-s390x.c b/cipher/rijndael-s390x.c -index aea65c5a..c3da9fb2 100644 ---- a/cipher/rijndael-s390x.c -+++ b/cipher/rijndael-s390x.c -@@ -777,9 +777,7 @@ aes_s390x_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, - OCB_INPUT_4((n) + 12); - - #define OCB_OUTPUT(n) \ -- cipher_block_xor_1 (&blocks[n], outbuf + (n) * BLOCKSIZE, BLOCKSIZE); \ -- cipher_block_xor_1 (c->u_ctr.ctr, &blocks[n], BLOCKSIZE); \ -- cipher_block_cpy (outbuf + (n) * BLOCKSIZE, &blocks[n], BLOCKSIZE); -+ cipher_block_xor_1 (outbuf + (n) * BLOCKSIZE, &blocks[n], BLOCKSIZE); - - #define OCB_OUTPUT_4(n) \ - OCB_OUTPUT((n) + 0); OCB_OUTPUT((n) + 1); OCB_OUTPUT((n) + 2); \ -@@ -895,6 +893,8 @@ aes_s390x_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, - if (max_blocks_used) - wipememory (&blocks, max_blocks_used * BLOCKSIZE); - -+ aes_s390x_ocb_checksum (c->u_ctr.ctr, outbuf_arg, nblocks_arg); -+ - return 0; - } - --- -2.27.0 - diff --git a/libgcrypt.spec b/libgcrypt.spec index ed7666d..6868655 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,6 +1,6 @@ Name: libgcrypt -Version: 1.9.2 -Release: 3%{?dist} +Version: 1.9.3 +Release: 1%{?dist} URL: https://www.gnupg.org/ Source0: libgcrypt-%{version}-hobbled.tar.xz # The original libgcrypt sources now contain potentially patented ECC @@ -19,6 +19,7 @@ Source4: ecc-curves.c Source5: curves.c Source6: t-mpi-point.c Source7: random.conf +Source8: keygrip.c # make FIPS hmac compatible with fipscheck - non upstreamable # update on soname bump Patch2: libgcrypt-1.8.5-use-fipscheck.patch @@ -44,10 +45,6 @@ Patch26: libgcrypt-1.8.3-fips-enttest.patch Patch27: libgcrypt-1.8.3-md-fips-enforce.patch # FIPS module is redefined a little bit (implicit by kernel FIPS mode) Patch30: libgcrypt-1.8.5-fips-module.patch -# Unbreak gnupg2 build on s390x: https://dev.gnupg.org/T5356 -Patch31: libgcrypt-1.9.2-s390x-ocb.patch -# Coverity reported issues https://dev.gnupg.org/T5385 -Patch32: libgcrypt-1.9.2-coverity.patch %global gcrylibdir %{_libdir} %global gcrysoname libgcrypt.so.20 @@ -96,11 +93,9 @@ applications using libgcrypt. %patch26 -p1 -b .fips-enttest %patch27 -p1 -b .fips-enforce %patch30 -p1 -b .fips-module -%patch31 -p1 -b .s390x-ocb -%patch32 -p1 -b .coverity cp %{SOURCE4} cipher/ -cp %{SOURCE5} %{SOURCE6} tests/ +cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/ %build # This package has a configure test which uses ASMs, but does not link the @@ -207,6 +202,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf %license COPYING %changelog +* Tue Apr 20 2021 Jakub Jelen - 1.9.3-1 +- New upstream release (#1951325) + * Thu Apr 15 2021 Jakub Jelen - 1.9.2-3 - Fix issues reported by coverity