Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
3
.gitignore
vendored
3
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
SOURCES/libgcrypt-1.10.0.tar.bz2
|
||||||
|
SOURCES/libgcrypt-1.10.0.tar.bz2.sig
|
||||||
|
@ -1 +1,2 @@
|
|||||||
1edcc623a15ed87ff832e021b4cb77fd94eb66c9 SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
363feb8187f6c59b6b10721af6a94558db8ec3af SOURCES/libgcrypt-1.10.0.tar.bz2
|
||||||
|
061e31906b3f2647ddd30fb60777d66165b70205 SOURCES/libgcrypt-1.10.0.tar.bz2.sig
|
||||||
|
144
SOURCES/curves.c
144
SOURCES/curves.c
@ -1,144 +0,0 @@
|
|||||||
/* curves.c - ECC curves regression tests
|
|
||||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
|
||||||
*
|
|
||||||
* This file is part of Libgcrypt.
|
|
||||||
*
|
|
||||||
* Libgcrypt is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Lesser General Public License as
|
|
||||||
* published by the Free Software Foundation; either version 2.1 of
|
|
||||||
* the License, or (at your option) any later version.
|
|
||||||
*
|
|
||||||
* Libgcrypt is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Lesser General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Lesser General Public
|
|
||||||
* License along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifdef HAVE_CONFIG_H
|
|
||||||
#include <config.h>
|
|
||||||
#endif
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
|
|
||||||
#include "../src/gcrypt-int.h"
|
|
||||||
|
|
||||||
|
|
||||||
#define PGM "curves"
|
|
||||||
#include "t-common.h"
|
|
||||||
|
|
||||||
/* Number of curves defined in ../cipger/ecc.c */
|
|
||||||
#define N_CURVES 14
|
|
||||||
|
|
||||||
/* A real world sample public key. */
|
|
||||||
static char const sample_key_1[] =
|
|
||||||
"(public-key\n"
|
|
||||||
" (ecdsa\n"
|
|
||||||
" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)\n"
|
|
||||||
" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)\n"
|
|
||||||
" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)\n"
|
|
||||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
|
|
||||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
|
|
||||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
|
|
||||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
|
|
||||||
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
|
|
||||||
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
|
|
||||||
" ))";
|
|
||||||
static char const sample_key_1_curve[] = "NIST P-256";
|
|
||||||
static unsigned int sample_key_1_nbits = 256;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
list_curves (void)
|
|
||||||
{
|
|
||||||
int idx;
|
|
||||||
const char *name;
|
|
||||||
unsigned int nbits;
|
|
||||||
|
|
||||||
for (idx=0; (name = gcry_pk_get_curve (NULL, idx, &nbits)); idx++)
|
|
||||||
{
|
|
||||||
if (verbose)
|
|
||||||
printf ("%s - %u bits\n", name, nbits);
|
|
||||||
}
|
|
||||||
if (idx != N_CURVES)
|
|
||||||
fail ("expected %d curves but got %d\n", N_CURVES, idx);
|
|
||||||
if (gcry_pk_get_curve (NULL, -1, NULL))
|
|
||||||
fail ("curve iteration failed\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
check_matching (void)
|
|
||||||
{
|
|
||||||
gpg_error_t err;
|
|
||||||
gcry_sexp_t key;
|
|
||||||
const char *name;
|
|
||||||
unsigned int nbits;
|
|
||||||
|
|
||||||
err = gcry_sexp_new (&key, sample_key_1, 0, 1);
|
|
||||||
if (err)
|
|
||||||
die ("parsing s-expression string failed: %s\n", gpg_strerror (err));
|
|
||||||
name = gcry_pk_get_curve (key, 0, &nbits);
|
|
||||||
if (!name)
|
|
||||||
fail ("curve name not found for sample_key_1\n");
|
|
||||||
else if (strcmp (name, sample_key_1_curve))
|
|
||||||
fail ("expected curve name %s but got %s for sample_key_1\n",
|
|
||||||
sample_key_1_curve, name);
|
|
||||||
else if (nbits != sample_key_1_nbits)
|
|
||||||
fail ("expected curve size %u but got %u for sample_key_1\n",
|
|
||||||
sample_key_1_nbits, nbits);
|
|
||||||
|
|
||||||
gcry_sexp_release (key);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
check_get_params (void)
|
|
||||||
{
|
|
||||||
gcry_sexp_t param;
|
|
||||||
const char *name;
|
|
||||||
|
|
||||||
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_1_curve);
|
|
||||||
if (!param)
|
|
||||||
fail ("error gerring parameters for `%s'\n", sample_key_1_curve);
|
|
||||||
|
|
||||||
name = gcry_pk_get_curve (param, 0, NULL);
|
|
||||||
if (!name)
|
|
||||||
fail ("get_param: curve name not found for sample_key_1\n");
|
|
||||||
else if (strcmp (name, sample_key_1_curve))
|
|
||||||
fail ("get_param: expected curve name %s but got %s for sample_key_1\n",
|
|
||||||
sample_key_1_curve, name);
|
|
||||||
|
|
||||||
gcry_sexp_release (param);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int
|
|
||||||
main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
if (argc > 1 && !strcmp (argv[1], "--verbose"))
|
|
||||||
verbose = 1;
|
|
||||||
else if (argc > 1 && !strcmp (argv[1], "--debug"))
|
|
||||||
verbose = debug = 1;
|
|
||||||
|
|
||||||
if (!gcry_check_version (GCRYPT_VERSION))
|
|
||||||
die ("version mismatch\n");
|
|
||||||
|
|
||||||
xgcry_control (GCRYCTL_DISABLE_SECMEM, 0);
|
|
||||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
if (debug)
|
|
||||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
|
|
||||||
list_curves ();
|
|
||||||
check_matching ();
|
|
||||||
check_get_params ();
|
|
||||||
|
|
||||||
return error_count ? 1 : 0;
|
|
||||||
}
|
|
1207
SOURCES/ecc-curves.c
1207
SOURCES/ecc-curves.c
File diff suppressed because it is too large
Load Diff
@ -1,11 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Quit out if anything fails.
|
|
||||||
set -e -x
|
|
||||||
|
|
||||||
# Clean out patent-or-otherwise-encumbered code.
|
|
||||||
# EC: ????????? ??/??/2015
|
|
||||||
|
|
||||||
rm -f cipher/ecc-curves.c
|
|
||||||
rm -f tests/curves.c
|
|
||||||
rm -f tests/t-mpi-point.c
|
|
77
SOURCES/libgcrypt-1.10.0-allow-short-salt.patch
Normal file
77
SOURCES/libgcrypt-1.10.0-allow-short-salt.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
From 58c92098d053aae7c78cc42bdd7c80c13efc89bb Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Fri, 24 Jun 2022 08:59:31 +0900
|
||||||
|
Subject: [PATCH] hmac,hkdf: Allow use of shorter salt for HKDF.
|
||||||
|
|
||||||
|
* cipher/md.c (prepare_macpads): Move the check to...
|
||||||
|
* src/visibility.c (gcry_mac_setkey): ... here.
|
||||||
|
* tests/t-kdf.c (check_hkdf): No failure is expected.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6039
|
||||||
|
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
cipher/md.c | 3 ---
|
||||||
|
src/visibility.c | 3 +++
|
||||||
|
tests/t-kdf.c | 12 +-----------
|
||||||
|
3 files changed, 4 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/md.c b/cipher/md.c
|
||||||
|
index 4f4fc9bf..34336b5c 100644
|
||||||
|
--- a/cipher/md.c
|
||||||
|
+++ b/cipher/md.c
|
||||||
|
@@ -903,9 +903,6 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
|
||||||
|
{
|
||||||
|
GcryDigestEntry *r;
|
||||||
|
|
||||||
|
- if (fips_mode () && keylen < 14)
|
||||||
|
- return GPG_ERR_INV_VALUE;
|
||||||
|
-
|
||||||
|
if (!a->ctx->list)
|
||||||
|
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
|
||||||
|
|
||||||
|
diff --git a/src/visibility.c b/src/visibility.c
|
||||||
|
index c98247d8..aee5bffb 100644
|
||||||
|
--- a/src/visibility.c
|
||||||
|
+++ b/src/visibility.c
|
||||||
|
@@ -946,6 +946,9 @@ gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
|
||||||
|
if (!fips_is_operational ())
|
||||||
|
return gpg_error (fips_not_operational ());
|
||||||
|
|
||||||
|
+ if (fips_mode () && keylen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
return gpg_error (_gcry_mac_setkey (hd, key, keylen));
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
commit 02718ade6ab5eee38169c2102097166770a2456d
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu Oct 20 16:33:11 2022 +0200
|
||||||
|
|
||||||
|
visiblity: Check the HMAC key length in FIPS mode
|
||||||
|
|
||||||
|
---
|
||||||
|
* src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS
|
||||||
|
mode also in the md_ API.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/src/visibility.c b/src/visibility.c
|
||||||
|
index 150b197d..73db3dea 100644
|
||||||
|
--- a/src/visibility.c
|
||||||
|
+++ b/src/visibility.c
|
||||||
|
@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
|
||||||
|
{
|
||||||
|
if (!fips_is_operational ())
|
||||||
|
return gpg_error (fips_not_operational ());
|
||||||
|
+
|
||||||
|
+ if (fips_mode () && keylen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
return gpg_error (_gcry_md_setkey (hd, key, keylen));
|
||||||
|
}
|
||||||
|
|
70
SOURCES/libgcrypt-1.10.0-allow-small-RSA-verify.patch
Normal file
70
SOURCES/libgcrypt-1.10.0-allow-small-RSA-verify.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From ca2afc9fb64d9a9b2f8930ba505d9ab6c8a57667 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu, 12 May 2022 10:56:47 +0200
|
||||||
|
Subject: [PATCH] cipher: Allow verification of small RSA signatures in FIPS
|
||||||
|
mode
|
||||||
|
|
||||||
|
* cipher/rsa.c (rsa_check_keysize): Formatting.
|
||||||
|
(rsa_check_verify_keysize): New function.
|
||||||
|
(rsa_verify): Allow using smaller keys for verification.
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5975
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 26 ++++++++++++++++++++++++--
|
||||||
|
1 file changed, 24 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index c6319b67..9f2b36e8 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -352,13 +352,35 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
static gpg_err_code_t
|
||||||
|
rsa_check_keysize (unsigned int nbits)
|
||||||
|
{
|
||||||
|
- if (fips_mode() && nbits < 2048)
|
||||||
|
+ if (fips_mode () && nbits < 2048)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+/* Check the RSA key length is acceptable for signature verification
|
||||||
|
+ *
|
||||||
|
+ * FIPS allows signature verification with RSA keys of size
|
||||||
|
+ * 1024, 1280, 1536 and 1792 in legacy mode, but this is up to the
|
||||||
|
+ * calling application to decide if the signature is legacy and
|
||||||
|
+ * should be accepted.
|
||||||
|
+ */
|
||||||
|
+static gpg_err_code_t
|
||||||
|
+rsa_check_verify_keysize (unsigned int nbits)
|
||||||
|
+{
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ if ((nbits >= 1024 && (nbits % 256) == 0) || nbits >= 2048)
|
||||||
|
+ return GPG_ERR_NO_ERROR;
|
||||||
|
+
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return GPG_ERR_NO_ERROR;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/****************
|
||||||
|
* Generate a key pair with a key of size NBITS.
|
||||||
|
* USE_E = 0 let Libcgrypt decide what exponent to use.
|
||||||
|
@@ -1602,7 +1624,7 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
||||||
|
gcry_mpi_t result = NULL;
|
||||||
|
unsigned int nbits = rsa_get_nbits (keyparms);
|
||||||
|
|
||||||
|
- rc = rsa_check_keysize (nbits);
|
||||||
|
+ rc = rsa_check_verify_keysize (nbits);
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
239
SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
Normal file
239
SOURCES/libgcrypt-1.10.0-disable-brainpool.patch
Normal file
@ -0,0 +1,239 @@
|
|||||||
|
From d651e25be0bc0c11f4d3d7c72be8cfbbe82b3874 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 10 Sep 2021 18:39:00 +0200
|
||||||
|
Subject: [PATCH] Allow building libgcrypt without Brainpool curves
|
||||||
|
|
||||||
|
* README: Document possibility to build without brainpool curves
|
||||||
|
* cipher/ecc-curves.c: Conditionalize brainpool curves definitions
|
||||||
|
* configure.ac: Implement possibility to build without brainpool curves
|
||||||
|
* tests/curves.c: Skip brainpool curves if they are not built-in
|
||||||
|
* tests/keygrip.c: Skip brainpool curves if they are not built-in
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
README | 3 +++
|
||||||
|
cipher/ecc-curves.c | 4 ++++
|
||||||
|
configure.ac | 13 +++++++++++++
|
||||||
|
tests/curves.c | 46 ++++++++++++++++++++++++++++++---------------
|
||||||
|
tests/keygrip.c | 2 ++
|
||||||
|
5 files changed, 53 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/README b/README
|
||||||
|
index 436b6cd4..1044109c 100644
|
||||||
|
--- a/README
|
||||||
|
+++ b/README
|
||||||
|
@@ -127,6 +127,9 @@
|
||||||
|
the list used with the current build the program
|
||||||
|
tests/version may be used.
|
||||||
|
|
||||||
|
+ --disable-brainpool
|
||||||
|
+ Do not build in support for Brainpool curves.
|
||||||
|
+
|
||||||
|
--disable-endian-check
|
||||||
|
Don't let configure test for the endianness but
|
||||||
|
try to use the OS provided macros at compile
|
||||||
|
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
|
||||||
|
index 7c86e12c..8fd95a9c 100644
|
||||||
|
--- a/cipher/ecc-curves.c
|
||||||
|
+++ b/cipher/ecc-curves.c
|
||||||
|
@@ -77,6 +77,7 @@ static const struct
|
||||||
|
{ "NIST P-521", "1.3.132.0.35" },
|
||||||
|
{ "NIST P-521", "nistp521" }, /* rfc5656. */
|
||||||
|
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
{ "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
|
||||||
|
{ "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
|
||||||
|
{ "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
|
||||||
|
@@ -84,6 +85,7 @@ static const struct
|
||||||
|
{ "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
|
||||||
|
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
|
||||||
|
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
|
||||||
|
{ "GOST2001-test", "1.2.643.2.2.35.0" },
|
||||||
|
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
|
||||||
|
@@ -297,6 +299,7 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||||
|
1
|
||||||
|
},
|
||||||
|
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
{ "brainpoolP160r1", 160, 0,
|
||||||
|
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||||
|
"0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
|
||||||
|
@@ -391,6 +394,7 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||||
|
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
|
||||||
|
1
|
||||||
|
},
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
{
|
||||||
|
"GOST2001-test", 256, 0,
|
||||||
|
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 6efbf139..f4ac1887 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -614,6 +614,14 @@ AC_ARG_WITH(fips-module-version,
|
||||||
|
AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
|
||||||
|
[Define FIPS module version for certification])
|
||||||
|
|
||||||
|
+# Implementation of the --disable-brainpool switch.
|
||||||
|
+AC_MSG_CHECKING([whether we want to disable the use of brainpool curves])
|
||||||
|
+AC_ARG_ENABLE(brainpool,
|
||||||
|
+ AS_HELP_STRING([--disable-brainpool],
|
||||||
|
+ [Disable the brainpool curves]),
|
||||||
|
+ use_brainpool="$enableval",use_brainpool=yes)
|
||||||
|
+AC_MSG_RESULT($use_brainpool)
|
||||||
|
+
|
||||||
|
# Implementation of the --disable-jent-support switch.
|
||||||
|
AC_MSG_CHECKING([whether jitter entropy support is requested])
|
||||||
|
AC_ARG_ENABLE(jent-support,
|
||||||
|
@@ -2466,6 +2474,10 @@ if test x"$ppccryptosupport" = xyes ; then
|
||||||
|
AC_DEFINE(ENABLE_PPC_CRYPTO_SUPPORT,1,
|
||||||
|
[Enable support for POWER 8 (PowerISA 2.07) crypto extension.])
|
||||||
|
fi
|
||||||
|
+if test x"$use_brainpool" = xyes ; then
|
||||||
|
+ AC_DEFINE(ENABLE_BRAINPOOL, 1,
|
||||||
|
+ [Enable support for the brainpool curves.])
|
||||||
|
+fi
|
||||||
|
if test x"$jentsupport" = xyes ; then
|
||||||
|
AC_DEFINE(ENABLE_JENT_SUPPORT, 1,
|
||||||
|
[Enable support for the jitter entropy collector.])
|
||||||
|
@@ -3296,6 +3308,7 @@ GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests])
|
||||||
|
GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs])
|
||||||
|
GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers])
|
||||||
|
GCRY_MSG_SHOW([Random number generator: ],[$random])
|
||||||
|
+GCRY_MSG_SHOW([Enabled Brainpool curves: ],[$use_brainpool])
|
||||||
|
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
|
||||||
|
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
|
||||||
|
GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
|
||||||
|
diff --git a/tests/curves.c b/tests/curves.c
|
||||||
|
index 3c738171..8eb79565 100644
|
||||||
|
--- a/tests/curves.c
|
||||||
|
+++ b/tests/curves.c
|
||||||
|
@@ -33,7 +33,11 @@
|
||||||
|
#include "t-common.h"
|
||||||
|
|
||||||
|
/* Number of curves defined in ../cipher/ecc-curves.c */
|
||||||
|
-#define N_CURVES 27
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
+# define N_CURVES 27
|
||||||
|
+#else
|
||||||
|
+# define N_CURVES 20
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* A real world sample public key. */
|
||||||
|
static char const sample_key_1[] =
|
||||||
|
@@ -52,6 +56,7 @@ static char const sample_key_1[] =
|
||||||
|
static char const sample_key_1_curve[] = "NIST P-256";
|
||||||
|
static unsigned int sample_key_1_nbits = 256;
|
||||||
|
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
/* A made up sample public key. */
|
||||||
|
static char const sample_key_2[] =
|
||||||
|
"(public-key\n"
|
||||||
|
@@ -68,6 +73,7 @@ static char const sample_key_2[] =
|
||||||
|
" ))";
|
||||||
|
static char const sample_key_2_curve[] = "brainpoolP160r1";
|
||||||
|
static unsigned int sample_key_2_nbits = 160;
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
|
||||||
|
static int in_fips_mode;
|
||||||
|
|
||||||
|
@@ -113,6 +119,7 @@ check_matching (void)
|
||||||
|
|
||||||
|
gcry_sexp_release (key);
|
||||||
|
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
if (!in_fips_mode)
|
||||||
|
{
|
||||||
|
err = gcry_sexp_new (&key, sample_key_2, 0, 1);
|
||||||
|
@@ -130,6 +137,7 @@ check_matching (void)
|
||||||
|
|
||||||
|
gcry_sexp_release (key);
|
||||||
|
}
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
}
|
||||||
|
|
||||||
|
#define TEST_ERROR_EXPECTED (1 << 0)
|
||||||
|
@@ -185,20 +193,26 @@ check_get_params (void)
|
||||||
|
{ GCRY_PK_ECC, "1.3.132.0.35" },
|
||||||
|
{ GCRY_PK_ECC, "nistp521" },
|
||||||
|
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP160r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP192r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP224r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP256r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP320r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP384r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "brainpoolP512r1", TEST_NOFIPS },
|
||||||
|
- { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", TEST_NOFIPS },
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
+# define BRAINPOOL_FLAGS TEST_NOFIPS
|
||||||
|
+#else
|
||||||
|
+# define BRAINPOOL_FLAGS TEST_ERROR_EXPECTED
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP160r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP192r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.3", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP224r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.5", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP256r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.7", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP320r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.9", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP384r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.11", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "brainpoolP512r1", BRAINPOOL_FLAGS },
|
||||||
|
+ { GCRY_PK_ECC, "1.3.36.3.3.2.8.1.1.13", BRAINPOOL_FLAGS },
|
||||||
|
+#undef BRAINPOOL_ERROR_EXPECTED
|
||||||
|
|
||||||
|
{ GCRY_PK_ECC, "GOST2001-test", TEST_NOFIPS },
|
||||||
|
{ GCRY_PK_ECC, "1.2.643.2.2.35.0", TEST_NOFIPS },
|
||||||
|
@@ -282,6 +296,7 @@ check_get_params (void)
|
||||||
|
|
||||||
|
gcry_sexp_release (param);
|
||||||
|
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
if (!in_fips_mode)
|
||||||
|
{
|
||||||
|
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
|
||||||
|
@@ -297,6 +312,7 @@ check_get_params (void)
|
||||||
|
|
||||||
|
gcry_sexp_release (param);
|
||||||
|
}
|
||||||
|
+#endif /* ENABLE_BRAINPOOL */
|
||||||
|
|
||||||
|
/* Some simple tests */
|
||||||
|
for (idx=0; idx < DIM (tv); idx++)
|
||||||
|
diff --git a/tests/keygrip.c b/tests/keygrip.c
|
||||||
|
index 49bd71bc..fc4c17be 100644
|
||||||
|
--- a/tests/keygrip.c
|
||||||
|
+++ b/tests/keygrip.c
|
||||||
|
@@ -149,6 +149,7 @@ static struct
|
||||||
|
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
|
||||||
|
"\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
|
||||||
|
},
|
||||||
|
+#ifdef ENABLE_BRAINPOOL
|
||||||
|
{
|
||||||
|
GCRY_PK_ECC,
|
||||||
|
"(public-key"
|
||||||
|
@@ -197,6 +198,7 @@ static struct
|
||||||
|
"\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
|
||||||
|
1
|
||||||
|
},
|
||||||
|
+#endif /*ENABLE_BRAINPOOL */
|
||||||
|
{ /* Ed25519 standard */
|
||||||
|
GCRY_PK_ECC,
|
||||||
|
"(public-key"
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
85
SOURCES/libgcrypt-1.10.0-fips-drbg.patch
Normal file
85
SOURCES/libgcrypt-1.10.0-fips-drbg.patch
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Wed, 1 Mar 2023 15:39:15 +0100
|
||||||
|
Subject: [PATCH] random: Remove unused SHA384 DRBGs.
|
||||||
|
|
||||||
|
* random/random-drbg.c (global): Remove unused SHA384-based defines.
|
||||||
|
(drbg_cores): Remove SHA384 configurations.
|
||||||
|
(drbg_sec_strength): Remove unused SHA384.
|
||||||
|
--
|
||||||
|
|
||||||
|
These are no longer allowed by FIPS and it looks like they were never
|
||||||
|
usable as they do not have any conversion from the string flags.
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6393
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
random/random-drbg.c | 13 ++-----------
|
||||||
|
1 file changed, 2 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/random/random-drbg.c b/random/random-drbg.c
|
||||||
|
index f1cfe286..af49a5a5 100644
|
||||||
|
--- a/random/random-drbg.c
|
||||||
|
+++ b/random/random-drbg.c
|
||||||
|
@@ -188,11 +188,9 @@
|
||||||
|
#define DRBG_HASHSHA1 ((u32)1<<4)
|
||||||
|
#define DRBG_HASHSHA224 ((u32)1<<5)
|
||||||
|
#define DRBG_HASHSHA256 ((u32)1<<6)
|
||||||
|
-#define DRBG_HASHSHA384 ((u32)1<<7)
|
||||||
|
#define DRBG_HASHSHA512 ((u32)1<<8)
|
||||||
|
#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
|
||||||
|
- | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
|
||||||
|
- | DRBG_HASHSHA512)
|
||||||
|
+ | DRBG_HASHSHA256 | DRBG_HASHSHA512)
|
||||||
|
/* type modifiers (A.3)*/
|
||||||
|
#define DRBG_HMAC ((u32)1<<12)
|
||||||
|
#define DRBG_SYM128 ((u32)1<<13)
|
||||||
|
@@ -211,23 +209,18 @@
|
||||||
|
#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
|
||||||
|
#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
|
||||||
|
#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
|
||||||
|
-#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
|
||||||
|
#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
|
||||||
|
#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
|
||||||
|
#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
|
||||||
|
-#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
|
||||||
|
#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
|
||||||
|
#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
|
||||||
|
| DRBG_HMAC)
|
||||||
|
#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
|
||||||
|
| DRBG_HMAC)
|
||||||
|
-#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
|
||||||
|
- | DRBG_HMAC)
|
||||||
|
#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
|
||||||
|
| DRBG_HMAC)
|
||||||
|
#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
|
||||||
|
#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
|
||||||
|
-#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
|
||||||
|
#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
|
||||||
|
|
||||||
|
|
||||||
|
@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {
|
||||||
|
/* Hash DRBGs */
|
||||||
|
{DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
|
||||||
|
{DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
|
||||||
|
- {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
|
||||||
|
{DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
|
||||||
|
/* HMAC DRBGs */
|
||||||
|
{DRBG_HASHSHA1 | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
|
||||||
|
{DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
|
||||||
|
- {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
|
||||||
|
{DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
|
||||||
|
/* block ciphers */
|
||||||
|
{DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
|
||||||
|
@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)
|
||||||
|
else if (flags & DRBG_SYM192)
|
||||||
|
return 24;
|
||||||
|
else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
|
||||||
|
- (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
|
||||||
|
+ (flags & DRBG_HASHSHA512))
|
||||||
|
return 32;
|
||||||
|
else
|
||||||
|
return 32;
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
50
SOURCES/libgcrypt-1.10.0-fips-getrandom.patch
Normal file
50
SOURCES/libgcrypt-1.10.0-fips-getrandom.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From 0a5e608b8b18d4f41e4d7434c6262bf11507f859 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 16 Aug 2022 15:30:43 +0200
|
||||||
|
Subject: [PATCH] random: Use getrandom (GRND_RANDOM) in FIPS mode
|
||||||
|
|
||||||
|
The SP800-90C (clarified in IG D.K.) requires the following when
|
||||||
|
different DRBGs are chained:
|
||||||
|
* the parent needs to be reseeded before generate operation
|
||||||
|
* the reseed & generate needs to be atomic
|
||||||
|
|
||||||
|
In RHEL, this is addressed by change in the kernel, that will do this
|
||||||
|
automatically, when the getentropy () is called with GRND_RANDOM flag.
|
||||||
|
|
||||||
|
* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use
|
||||||
|
GRND_RANDOM in FIPS Mode
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
random/rndgetentropy.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
|
||||||
|
index 7580873e..db4b09ed 100644
|
||||||
|
--- a/random/rndgetentropy.c
|
||||||
|
+++ b/random/rndgetentropy.c
|
||||||
|
@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
|
||||||
|
* never blocking once the kernel is seeded. */
|
||||||
|
do
|
||||||
|
{
|
||||||
|
- nbytes = length < sizeof (buffer)? length : sizeof (buffer);
|
||||||
|
_gcry_pre_syscall ();
|
||||||
|
- ret = getentropy (buffer, nbytes);
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ /* The getrandom API returns maximum 32 B of strong entropy */
|
||||||
|
+ nbytes = length < 32 ? length : 32;
|
||||||
|
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
|
||||||
|
+ ret = getentropy (buffer, nbytes);
|
||||||
|
+ }
|
||||||
|
_gcry_post_syscall ();
|
||||||
|
}
|
||||||
|
while (ret == -1 && errno == EINTR);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
277
SOURCES/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
Normal file
277
SOURCES/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
Normal file
@ -0,0 +1,277 @@
|
|||||||
|
From fd832687f36c1885d2388c55f7e8569184ba2593 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
Date: Thu, 16 Feb 2023 03:20:48 +0100
|
||||||
|
Subject: [PATCH] fips: Add explicit indicators for md and mac algorithms
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_mac): New function indicating
|
||||||
|
non-approved mac algorithms
|
||||||
|
(_gcry_fips_indicator_md): new functions indicating non-approved
|
||||||
|
message digest algorithms
|
||||||
|
* src/g10lib.h (_gcry_fips_indicator_mac): new function
|
||||||
|
(_gcry_fips_indicator_md): ditto
|
||||||
|
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_MD
|
||||||
|
* src/global.c (_gcry_vcontrol): Handle new FIPS indicators.
|
||||||
|
* doc/gcrypt.texi: Document the new option.
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
---
|
||||||
|
doc/gcrypt.texi | 13 +++++++++++++
|
||||||
|
src/fips.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
src/g10lib.h | 2 ++
|
||||||
|
src/gcrypt.h.in | 4 +++-
|
||||||
|
src/global.c | 14 ++++++++++++++
|
||||||
|
5 files changed, 83 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||||||
|
index e44c2f2e..462c5931 100644
|
||||||
|
--- a/doc/gcrypt.texi
|
||||||
|
+++ b/doc/gcrypt.texi
|
||||||
|
@@ -992,6 +992,19 @@ certification. If the function is approved, this function returns
|
||||||
|
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
|
||||||
|
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
|
||||||
|
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos
|
||||||
|
+
|
||||||
|
+Check if the given MAC is approved under the current FIPS 140-3
|
||||||
|
+certification. If the MAC is approved, this function returns
|
||||||
|
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
||||||
|
+is returned.
|
||||||
|
+
|
||||||
|
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
|
||||||
|
+
|
||||||
|
+Check if the given message digest algorithm is approved under the current
|
||||||
|
+FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||||
|
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
+
|
||||||
|
@end table
|
||||||
|
|
||||||
|
@end deftypefun
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 272aabae..8b3b3f04 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -377,6 +377,57 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+int
|
||||||
|
+_gcry_fips_indicator_mac (va_list arg_ptr)
|
||||||
|
+{
|
||||||
|
+ enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
|
||||||
|
+
|
||||||
|
+ switch (alg)
|
||||||
|
+ {
|
||||||
|
+ case GCRY_MAC_CMAC_AES:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA1:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA224:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA256:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA384:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA512:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA512_224:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA512_256:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA3_224:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA3_256:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA3_384:
|
||||||
|
+ case GCRY_MAC_HMAC_SHA3_512:
|
||||||
|
+ return GPG_ERR_NO_ERROR;
|
||||||
|
+ default:
|
||||||
|
+ return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+_gcry_fips_indicator_md (va_list arg_ptr)
|
||||||
|
+{
|
||||||
|
+ enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
|
||||||
|
+
|
||||||
|
+ switch (alg)
|
||||||
|
+ {
|
||||||
|
+ case GCRY_MD_SHA1:
|
||||||
|
+ case GCRY_MD_SHA224:
|
||||||
|
+ case GCRY_MD_SHA256:
|
||||||
|
+ case GCRY_MD_SHA384:
|
||||||
|
+ case GCRY_MD_SHA512:
|
||||||
|
+ case GCRY_MD_SHA512_224:
|
||||||
|
+ case GCRY_MD_SHA512_256:
|
||||||
|
+ case GCRY_MD_SHA3_224:
|
||||||
|
+ case GCRY_MD_SHA3_256:
|
||||||
|
+ case GCRY_MD_SHA3_384:
|
||||||
|
+ case GCRY_MD_SHA3_512:
|
||||||
|
+ case GCRY_MD_SHAKE128:
|
||||||
|
+ case GCRY_MD_SHAKE256:
|
||||||
|
+ return GPG_ERR_NO_ERROR;
|
||||||
|
+ default:
|
||||||
|
+ return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
||||||
|
{
|
||||||
|
diff --git a/src/g10lib.h b/src/g10lib.h
|
||||||
|
index 6be0ab21..86337eed 100644
|
||||||
|
--- a/src/g10lib.h
|
||||||
|
+++ b/src/g10lib.h
|
||||||
|
@@ -467,6 +467,8 @@ void _gcry_fips_signal_error (const char *srcfile,
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
||||||
|
+int _gcry_fips_indicator_mac (va_list arg_ptr);
|
||||||
|
+int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||||
|
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||||
|
int _gcry_fips_indicator_function (va_list arg_ptr);
|
||||||
|
|
||||||
|
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
|
||||||
|
index aba22bfc..54080d46 100644
|
||||||
|
--- a/src/gcrypt.h.in
|
||||||
|
+++ b/src/gcrypt.h.in
|
||||||
|
@@ -330,7 +330,9 @@ enum gcry_ctl_cmds
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
|
||||||
|
GCRYCTL_NO_FIPS_MODE = 83,
|
||||||
|
- GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84
|
||||||
|
+ GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
|
||||||
|
+ GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
||||||
|
+ GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Perform various operations defined by CMD. */
|
||||||
|
diff --git a/src/global.c b/src/global.c
|
||||||
|
index debf6194..d16d3709 100644
|
||||||
|
--- a/src/global.c
|
||||||
|
+++ b/src/global.c
|
||||||
|
@@ -791,6 +791,20 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
|
||||||
|
rc = _gcry_fips_indicator_cipher (arg_ptr);
|
||||||
|
break;
|
||||||
|
|
||||||
|
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
|
||||||
|
+ /* Get FIPS Service Indicator for a given message authentication code.
|
||||||
|
+ * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
|
||||||
|
+ * GPG_ERR_NOT_SUPPORTED otherwise */
|
||||||
|
+ rc = _gcry_fips_indicator_mac (arg_ptr);
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_MD:
|
||||||
|
+ /* Get FIPS Service Indicator for a given message digest. Returns
|
||||||
|
+ * GPG_ERR_NO_ERROR if algorithm is allowed or GPG_ERR_NOT_SUPPORTED
|
||||||
|
+ * otherwise */
|
||||||
|
+ rc = _gcry_fips_indicator_md (arg_ptr);
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
|
||||||
|
/* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
|
||||||
|
* if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
From 2d193a955d05b4b9caed2895cf25600add3484da Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
Date: Thu, 16 Feb 2023 03:21:26 +0100
|
||||||
|
Subject: [PATCH] fips: Unblock MD5 in fips mode but mark non-approved in
|
||||||
|
indicator.
|
||||||
|
|
||||||
|
* cipher/mac-hmac.c (_gcry_mac_type_spec_hmac_md5): allow in fips mode
|
||||||
|
* cipher/md5.c (_gcry_digest_spec_md5): allow in fips mode
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
---
|
||||||
|
cipher/mac-hmac.c | 2 +-
|
||||||
|
cipher/md5.c | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c
|
||||||
|
index f1ab568b..9fac77dc 100644
|
||||||
|
--- a/cipher/mac-hmac.c
|
||||||
|
+++ b/cipher/mac-hmac.c
|
||||||
|
@@ -1413,7 +1413,7 @@ const gcry_mac_spec_t _gcry_mac_type_spec_hmac_tiger1 = {
|
||||||
|
#endif
|
||||||
|
#if USE_MD5
|
||||||
|
const gcry_mac_spec_t _gcry_mac_type_spec_hmac_md5 = {
|
||||||
|
- GCRY_MAC_HMAC_MD5, {0, 0}, "HMAC_MD5",
|
||||||
|
+ GCRY_MAC_HMAC_MD5, {0, 1}, "HMAC_MD5",
|
||||||
|
&hmac_ops
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
diff --git a/cipher/md5.c b/cipher/md5.c
|
||||||
|
index 5457fc38..744a2cc1 100644
|
||||||
|
--- a/cipher/md5.c
|
||||||
|
+++ b/cipher/md5.c
|
||||||
|
@@ -314,7 +314,7 @@ static const gcry_md_oid_spec_t oid_spec_md5[] =
|
||||||
|
|
||||||
|
const gcry_md_spec_t _gcry_digest_spec_md5 =
|
||||||
|
{
|
||||||
|
- GCRY_MD_MD5, {0, 0},
|
||||||
|
+ GCRY_MD_MD5, {0, 1},
|
||||||
|
"MD5", asn, DIM (asn), oid_spec_md5, 16,
|
||||||
|
md5_init, _gcry_md_block_write, md5_final, md5_read, NULL,
|
||||||
|
NULL,
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
From f52f33389da3302f51b6b00451cf9fc7e7a7e277 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 6 Mar 2023 17:26:17 +0100
|
||||||
|
Subject: [PATCH] tests: Improve test coverage for FIPS service indicators
|
||||||
|
|
||||||
|
* tests/basic.c (check_digests): Check the FIPS indicators
|
||||||
|
(check_mac): Ditto.
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/basic.c | 13 +++++++++++++
|
||||||
|
1 file changed, 13 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/basic.c b/tests/basic.c
|
||||||
|
index 095bdc97..5d5ceac9 100644
|
||||||
|
--- a/tests/basic.c
|
||||||
|
+++ b/tests/basic.c
|
||||||
|
@@ -14086,6 +14086,7 @@ check_mac (void)
|
||||||
|
"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
|
||||||
|
{ 0 },
|
||||||
|
};
|
||||||
|
+ gcry_error_t err;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
@@ -15370,6 +15370,12 @@ check_digests (void)
|
||||||
|
{
|
||||||
|
if (in_fips_mode)
|
||||||
|
{
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, algos[i].md);
|
||||||
|
+ if (err == GPG_ERR_NO_ERROR)
|
||||||
|
+ {
|
||||||
|
+ fail ("algo %d, gcry_md_test_algo failed while it should"
|
||||||
|
+ " have worked in FIPS mode\n", algos[i].md);
|
||||||
|
+ }
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||||
|
algos[i].md);
|
||||||
|
@@ -16948,6 +16954,7 @@ check_mac (void)
|
||||||
|
#endif /* USE_GOST28147 */
|
||||||
|
{ 0 },
|
||||||
|
};
|
||||||
|
+ gcry_error_t err;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
@@ -16961,6 +16968,12 @@ check_mac (void)
|
||||||
|
{
|
||||||
|
if (in_fips_mode)
|
||||||
|
{
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MAC, algos[i].algo);
|
||||||
|
+ if (err == GPG_ERR_NO_ERROR)
|
||||||
|
+ {
|
||||||
|
+ fail ("algo %d, gcry_mac_test_algo failed while it should"
|
||||||
|
+ " have worked in FIPS mode\n", algos[i].algo);
|
||||||
|
+ }
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||||
|
algos[i].algo);
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
277
SOURCES/libgcrypt-1.10.0-fips-indicator-pk-flags.patch
Normal file
277
SOURCES/libgcrypt-1.10.0-fips-indicator-pk-flags.patch
Normal file
@ -0,0 +1,277 @@
|
|||||||
|
From 0c0268177666f6ce53c0a61e86c1c5bd2c53c0b0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 6 Mar 2023 15:57:40 +0100
|
||||||
|
Subject: [PATCH] fips: Explicitly allow only some PK flags
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit
|
||||||
|
FIPS indicator for public key algorithm flags
|
||||||
|
* src/g10lib.h (_gcry_fips_indicator_pk_flags): New.
|
||||||
|
* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New.
|
||||||
|
* src/global.c (_gcry_vcontrol): Handle the new option.
|
||||||
|
* doc/gcrypt.texi: Document new options.
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
doc/gcrypt.texi | 6 ++++++
|
||||||
|
src/fips.c | 15 +++++++++++++++
|
||||||
|
src/g10lib.h | 1 +
|
||||||
|
src/gcrypt.h.in | 3 ++-
|
||||||
|
src/global.c | 7 +++++++
|
||||||
|
5 files changed, 31 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||||||
|
index 462c5931..750b6718 100644
|
||||||
|
--- a/doc/gcrypt.texi
|
||||||
|
+++ b/doc/gcrypt.texi
|
||||||
|
@@ -1005,6 +1005,12 @@ Check if the given message digest algorithm is approved under the current
|
||||||
|
FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||||
|
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
|
||||||
|
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
||||||
|
+
|
||||||
|
+Check if the given public key operation flag is approved under the current
|
||||||
|
+FIPS 140-3 certification. If the flag is approved, this function returns
|
||||||
|
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
+
|
||||||
|
@end table
|
||||||
|
|
||||||
|
@end deftypefun
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 974ed833..cb547aa2 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -457,6 +457,21 @@ _gcry_fips_indicator_function (va_list arg_ptr)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+int
|
||||||
|
+_gcry_fips_indicator_pk_flags (va_list arg_ptr)
|
||||||
|
+{
|
||||||
|
+ const char *flag = va_arg (arg_ptr, const char *);
|
||||||
|
+
|
||||||
|
+ if (strcmp (flag, "param") == 0 ||
|
||||||
|
+ strcmp (flag, "raw") == 0 ||
|
||||||
|
+ strcmp (flag, "no-blinding") == 0 ||
|
||||||
|
+ strcmp (flag, "pss") == 0)
|
||||||
|
+ return GPG_ERR_NO_ERROR;
|
||||||
|
+
|
||||||
|
+ return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/* This is a test on whether the library is in the error or
|
||||||
|
operational state. */
|
||||||
|
int
|
||||||
|
diff --git a/src/g10lib.h b/src/g10lib.h
|
||||||
|
index 86337eed..acff2d6b 100644
|
||||||
|
--- a/src/g10lib.h
|
||||||
|
+++ b/src/g10lib.h
|
||||||
|
@@ -471,6 +471,7 @@ int _gcry_fips_indicator_mac (va_list arg_ptr);
|
||||||
|
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||||
|
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||||
|
int _gcry_fips_indicator_function (va_list arg_ptr);
|
||||||
|
+int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
|
||||||
|
|
||||||
|
int _gcry_fips_is_operational (void);
|
||||||
|
|
||||||
|
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
|
||||||
|
index 54080d46..121a2061 100644
|
||||||
|
--- a/src/gcrypt.h.in
|
||||||
|
+++ b/src/gcrypt.h.in
|
||||||
|
@@ -332,7 +332,8 @@ enum gcry_ctl_cmds
|
||||||
|
GCRYCTL_NO_FIPS_MODE = 83,
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
||||||
|
- GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86
|
||||||
|
+ GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
|
||||||
|
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Perform various operations defined by CMD. */
|
||||||
|
diff --git a/src/global.c b/src/global.c
|
||||||
|
index d16d3709..f39df422 100644
|
||||||
|
--- a/src/global.c
|
||||||
|
+++ b/src/global.c
|
||||||
|
@@ -818,6 +818,13 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
|
||||||
|
rc = _gcry_fips_indicator_function (arg_ptr);
|
||||||
|
break;
|
||||||
|
|
||||||
|
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS:
|
||||||
|
+ /* Get FIPS Service Indicator for a public key operation flags.
|
||||||
|
+ * Returns GPG_ERR_NO_ERROR if the flag is allowed to be used or
|
||||||
|
+ * GPG_ERR_NOT_SUPPORTED otherwise */
|
||||||
|
+ rc = _gcry_fips_indicator_pk_flags (arg_ptr);
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
|
||||||
|
rc = GPG_ERR_NOT_SUPPORTED;
|
||||||
|
break;
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
From 22a40df4c0210a671b331932a434f70b50354873 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 6 Mar 2023 16:05:07 +0100
|
||||||
|
Subject: [PATCH] fips: Explicitly disable overriding random in FIPS mode
|
||||||
|
|
||||||
|
* src/fips.c: (_gcry_fips_indicator_function): Mark using random
|
||||||
|
override non-approved in FIPS mode.
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/fips.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index cb547aa2..a7342030 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -450,7 +450,8 @@ _gcry_fips_indicator_function (va_list arg_ptr)
|
||||||
|
if (strcmp (function, "gcry_pk_sign") == 0 ||
|
||||||
|
strcmp (function, "gcry_pk_verify") == 0 ||
|
||||||
|
strcmp (function, "gcry_pk_encrypt") == 0 ||
|
||||||
|
- strcmp (function, "gcry_pk_decrypt") == 0)
|
||||||
|
+ strcmp (function, "gcry_pk_decrypt") == 0 ||
|
||||||
|
+ strcmp (function, "gcry_pk_random_override_new") == 0)
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
From 1c916b8c99ea0e30f1d81d606fd63b0c45657186 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Fri, 24 Mar 2023 13:12:56 +0900
|
||||||
|
Subject: [PATCH] fips: More elaborate way of getting FIPS pk flags indicators.
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string
|
||||||
|
in the S-expression.
|
||||||
|
* doc/gcrypt.texi: Add document for the FIPS service indicator
|
||||||
|
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6417
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
doc/gcrypt.texi | 42 +++++++++++++++++++++++++++++++++++++++---
|
||||||
|
src/fips.c | 41 +++++++++++++++++++++++++++++++++++++----
|
||||||
|
2 files changed, 76 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||||||
|
index 750b6718..752f64d6 100644
|
||||||
|
--- a/doc/gcrypt.texi
|
||||||
|
+++ b/doc/gcrypt.texi
|
||||||
|
@@ -1007,9 +1007,45 @@ FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||||
|
|
||||||
|
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
||||||
|
|
||||||
|
-Check if the given public key operation flag is approved under the current
|
||||||
|
-FIPS 140-3 certification. If the flag is approved, this function returns
|
||||||
|
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
+Check if the given public key operation flag or s-expression object name is
|
||||||
|
+approved under the current FIPS 140-3 certification. If the flag is
|
||||||
|
+approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||||
|
+
|
||||||
|
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||||
|
+
|
||||||
|
+For compound s-expression objects, if the object name is allowed, the user
|
||||||
|
+is responsible to check also the internal members. For example:
|
||||||
|
+
|
||||||
|
+@example
|
||||||
|
+ gcry_sexp_t s_sig = NULL;
|
||||||
|
+ gcry_md_hd_t hd = NULL;
|
||||||
|
+ gcry_sexp_t s_sk = NULL;
|
||||||
|
+ const char *data_tmpl = "(data(flags pss)(hash %s %b)(salt-length 1:0))";
|
||||||
|
+
|
||||||
|
+ if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_md_open") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, GCRY_MD_SHA512) &&
|
||||||
|
+ err = gcry_md_open (&hd, GCRY_MD_SHA512, 0))
|
||||||
|
+ @{
|
||||||
|
+ printf ("gcry_md_open failed: %s", gpg_strerror (err));
|
||||||
|
+ return;
|
||||||
|
+ @}
|
||||||
|
+ gcry_md_write (hd, buffer, buflen);
|
||||||
|
+
|
||||||
|
+ /* initialize the key in s_sk */
|
||||||
|
+
|
||||||
|
+ if (err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, "gcry_pk_hash_sign") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "data") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "flags") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "pss") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "hash") &&
|
||||||
|
+ err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS, "salt-length")
|
||||||
|
+ err = gcry_pk_hash_sign (&s_sig, data_tmpl, s_sk, hd, NULL))
|
||||||
|
+ @{
|
||||||
|
+ printf ("gcry_pk_hash_sign failed: %s", gpg_strerror (err));
|
||||||
|
+ return;
|
||||||
|
+ @}
|
||||||
|
+ /* ok */
|
||||||
|
+@end example
|
||||||
|
|
||||||
|
@end table
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index a7342030..669cfd0e 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -457,16 +457,49 @@ _gcry_fips_indicator_function (va_list arg_ptr)
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Note: the array should be sorted. */
|
||||||
|
+static const char *valid_string_in_sexp[] = {
|
||||||
|
+ "curve",
|
||||||
|
+ "d",
|
||||||
|
+ "data",
|
||||||
|
+ "e",
|
||||||
|
+ "ecdsa",
|
||||||
|
+ "flags",
|
||||||
|
+ "genkey",
|
||||||
|
+ "hash",
|
||||||
|
+ "n",
|
||||||
|
+ "nbits",
|
||||||
|
+ "pkcs1",
|
||||||
|
+ "private-key",
|
||||||
|
+ "pss",
|
||||||
|
+ "public-key",
|
||||||
|
+ "q",
|
||||||
|
+ "r",
|
||||||
|
+ "raw",
|
||||||
|
+ "rsa",
|
||||||
|
+ "rsa-use-e",
|
||||||
|
+ "s",
|
||||||
|
+ "salt-length",
|
||||||
|
+ "sig-val",
|
||||||
|
+ "value"
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+compare_string (const void *v1, const void *v2)
|
||||||
|
+{
|
||||||
|
+ const char * const *p_str1 = v1;
|
||||||
|
+ const char * const *p_str2 = v2;
|
||||||
|
+
|
||||||
|
+ return strcmp (*p_str1, *p_str2);
|
||||||
|
+}
|
||||||
|
|
||||||
|
int
|
||||||
|
_gcry_fips_indicator_pk_flags (va_list arg_ptr)
|
||||||
|
{
|
||||||
|
const char *flag = va_arg (arg_ptr, const char *);
|
||||||
|
|
||||||
|
- if (strcmp (flag, "param") == 0 ||
|
||||||
|
- strcmp (flag, "raw") == 0 ||
|
||||||
|
- strcmp (flag, "no-blinding") == 0 ||
|
||||||
|
- strcmp (flag, "pss") == 0)
|
||||||
|
+ if (bsearch (&flag, valid_string_in_sexp, DIM (valid_string_in_sexp),
|
||||||
|
+ sizeof (char *), compare_string))
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
55
SOURCES/libgcrypt-1.10.0-fips-indicator.patch
Normal file
55
SOURCES/libgcrypt-1.10.0-fips-indicator.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From c34c9e70055ee43e5ef257384fa15941f064e5a4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 15 Nov 2022 10:47:18 +0100
|
||||||
|
Subject: [PATCH] fips: Mark AES key wrapping as approved.
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as
|
||||||
|
approved.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5512
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/fips.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 6599121c..272aabae 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -367,6 +367,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||||
|
case GCRY_CIPHER_MODE_CCM:
|
||||||
|
case GCRY_CIPHER_MODE_GCM:
|
||||||
|
case GCRY_CIPHER_MODE_XTS:
|
||||||
|
+ case GCRY_CIPHER_MODE_AESWRAP:
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
default:
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
--
|
||||||
|
|
||||||
|
commit d6117b04e0e4d5d68df8fb731f618b0d5126ee14
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue Jan 17 14:39:34 2023 +0100
|
||||||
|
|
||||||
|
fips: Remove GCM mode from the allowed FIPS indicators
|
||||||
|
|
||||||
|
* src/fips.c (_gcry_fips_indicator_cipher): Do not mark GCM mode as FIPS
|
||||||
|
approved.
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 272aabae..774e7b4c 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -365,7 +365,6 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||||
|
case GCRY_CIPHER_MODE_OFB:
|
||||||
|
case GCRY_CIPHER_MODE_CTR:
|
||||||
|
case GCRY_CIPHER_MODE_CCM:
|
||||||
|
- case GCRY_CIPHER_MODE_GCM:
|
||||||
|
case GCRY_CIPHER_MODE_XTS:
|
||||||
|
case GCRY_CIPHER_MODE_AESWRAP:
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
--
|
1008
SOURCES/libgcrypt-1.10.0-fips-integrity.patch
Normal file
1008
SOURCES/libgcrypt-1.10.0-fips-integrity.patch
Normal file
File diff suppressed because it is too large
Load Diff
190
SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
Normal file
190
SOURCES/libgcrypt-1.10.0-fips-integrity2.patch
Normal file
@ -0,0 +1,190 @@
|
|||||||
|
From 3c8b6c4a9cad59c5e1db5706f6774a3141b60210 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Thu, 17 Feb 2022 10:28:05 +0900
|
||||||
|
Subject: [PATCH] fips: Fix gen-note-integrity.sh script not to use cmp
|
||||||
|
utility.
|
||||||
|
|
||||||
|
* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
|
||||||
|
or 64-bit machine.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5835
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
src/gen-note-integrity.sh | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
|
||||||
|
index 969fdca6..878d7095 100755
|
||||||
|
--- a/src/gen-note-integrity.sh
|
||||||
|
+++ b/src/gen-note-integrity.sh
|
||||||
|
@@ -73,9 +73,9 @@ FILE=.libs/libgcrypt.so
|
||||||
|
#
|
||||||
|
# Fixup the ELF header to clean up section information
|
||||||
|
#
|
||||||
|
-printf '%b' '\002' > 2.bin
|
||||||
|
-dd ibs=1 skip=4 count=1 if=$FILE status=none > class-byte.bin
|
||||||
|
-if cmp class-byte.bin 2.bin; then
|
||||||
|
+BYTE002=$(printf '%b' '\002')
|
||||||
|
+CLASS_BYTE=$(dd ibs=1 skip=4 count=1 if=$FILE status=none)
|
||||||
|
+if test "$CLASS_BYTE" = "$BYTE002"; then
|
||||||
|
CLASS=64
|
||||||
|
HEADER_SIZE=64
|
||||||
|
else
|
||||||
|
@@ -112,4 +112,4 @@ END { print offset}")
|
||||||
|
dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
|
||||||
|
| ./hmac256 --stdkey --binary
|
||||||
|
|
||||||
|
-rm -f 2.bin class-byte.bin header-fixed.bin
|
||||||
|
+rm -f header-fixed.bin
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
|
||||||
|
From 052c5ef4cea56772b7015e36f231fa0bcbf91410 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Thu, 17 Feb 2022 11:21:35 +0900
|
||||||
|
Subject: [PATCH] fips: Clarify what to be hashed for the integrity check.
|
||||||
|
|
||||||
|
* src/fips.c (get_file_offset): Compute the maximum offset
|
||||||
|
of segments.
|
||||||
|
* src/gen-note-integrity.sh: Likewise.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
The result is same (in current format of ELF program).
|
||||||
|
Semantics is more clear. It hashes:
|
||||||
|
|
||||||
|
- From the start of shared library file,
|
||||||
|
- fixed up the ELF header to exclude link-time information,
|
||||||
|
- up to the last segment.
|
||||||
|
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
src/fips.c | 20 +++++++++-----------
|
||||||
|
src/gen-note-integrity.sh | 20 ++++++++++++++------
|
||||||
|
2 files changed, 23 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index d798d577..89f8204b 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -595,7 +595,7 @@ run_random_selftests (void)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* In the ELF file opened as FP, fill the ELF header to the pointer
|
||||||
|
- * EHDR_P, determine the offset of last loadable segment in R_OFFSET.
|
||||||
|
+ * EHDR_P, determine the maximum offset of segments in R_OFFSET.
|
||||||
|
* Also, find the section which contains the hmac value and return it
|
||||||
|
* in HMAC. Rewinds FP to the beginning on success.
|
||||||
|
*/
|
||||||
|
@@ -624,24 +624,22 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
|
||||||
|
if (fseek (fp, ehdr_p->e_phoff, SEEK_SET) != 0)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
- /* Iterate over the program headers, determine the last loadable
|
||||||
|
- segment. */
|
||||||
|
+ /* Iterate over the program headers, determine the last offset of
|
||||||
|
+ segments. */
|
||||||
|
for (i = 0; i < ehdr_p->e_phnum; i++)
|
||||||
|
{
|
||||||
|
+ unsigned long off;
|
||||||
|
+
|
||||||
|
if (fread (&phdr, sizeof (phdr), 1, fp) != 1)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
- if (phdr.p_type == PT_PHDR)
|
||||||
|
- continue;
|
||||||
|
-
|
||||||
|
- if (phdr.p_type != PT_LOAD)
|
||||||
|
- break;
|
||||||
|
-
|
||||||
|
- off_segment = phdr.p_offset + phdr.p_filesz;
|
||||||
|
+ off = phdr.p_offset + phdr.p_filesz;
|
||||||
|
+ if (off_segment < off)
|
||||||
|
+ off_segment = off;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!off_segment)
|
||||||
|
- /* The segment not found in the file */
|
||||||
|
+ /* No segment found in the file */
|
||||||
|
return gpg_error (GPG_ERR_INV_OBJ);
|
||||||
|
|
||||||
|
/* The section header entry size should match the size of the shdr struct */
|
||||||
|
diff --git a/src/gen-note-integrity.sh b/src/gen-note-integrity.sh
|
||||||
|
index 878d7095..50071bf5 100755
|
||||||
|
--- a/src/gen-note-integrity.sh
|
||||||
|
+++ b/src/gen-note-integrity.sh
|
||||||
|
@@ -95,21 +95,29 @@ else
|
||||||
|
dd ibs=1 count=6 if=/dev/zero status=none
|
||||||
|
fi > header-fixed.bin
|
||||||
|
|
||||||
|
-# Compute the end of loadable segment.
|
||||||
|
+#
|
||||||
|
+# Compute the end of segments, and emit the COUNT to read
|
||||||
|
+# (For each segment in program headers, calculate the offset
|
||||||
|
+# and select the maximum)
|
||||||
|
#
|
||||||
|
# This require computation in hexadecimal, and GNU awk needs
|
||||||
|
# --non-decimal-data option
|
||||||
|
#
|
||||||
|
-OFFSET=$($READELF --wide --program-headers $FILE | \
|
||||||
|
- $AWK $AWK_OPTION "/^ LOAD/ { offset=\$2+\$5-$HEADER_SIZE }\
|
||||||
|
-END { print offset}")
|
||||||
|
+COUNT=$($READELF --wide --program-headers $FILE | \
|
||||||
|
+ $AWK $AWK_OPTION \
|
||||||
|
+"BEGIN { max_offset=0 }
|
||||||
|
+/^\$/ { if (program_headers_start) program_headers_end=1 }
|
||||||
|
+(program_headers_start && !program_headers_end) { offset = \$2 + \$5 }
|
||||||
|
+(max_offset < offset) { max_offset = offset }
|
||||||
|
+/^ Type/ { program_headers_start=1 }
|
||||||
|
+END { print max_offset- $HEADER_SIZE }")
|
||||||
|
|
||||||
|
#
|
||||||
|
-# Feed the header fixed and loadable segments to HMAC256
|
||||||
|
+# Feed the header fixed and all segments to HMAC256
|
||||||
|
# to generate hmac hash of the FILE
|
||||||
|
#
|
||||||
|
(cat header-fixed.bin; \
|
||||||
|
- dd ibs=1 skip=$HEADER_SIZE count=$OFFSET if=$FILE status=none) \
|
||||||
|
+ dd ibs=1 skip=$HEADER_SIZE count=$COUNT if=$FILE status=none) \
|
||||||
|
| ./hmac256 --stdkey --binary
|
||||||
|
|
||||||
|
rm -f header-fixed.bin
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
|
||||||
|
From 3fd3bb31597f80c76a94ea62e42d58d796beabf1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 20 Feb 2023 16:16:01 +0100
|
||||||
|
Subject: [PATCH] fips: Check return value from ftell
|
||||||
|
|
||||||
|
* src/fips.c (get_file_offset): Check return value of ftell to be able
|
||||||
|
to detect errors.
|
||||||
|
--
|
||||||
|
|
||||||
|
Originally reported by coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/fips.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/fips.c b/src/fips.c
|
||||||
|
index 272aabae..0d89b6da 100644
|
||||||
|
--- a/src/fips.c
|
||||||
|
+++ b/src/fips.c
|
||||||
|
@@ -681,6 +681,8 @@ get_file_offset (FILE *fp, ElfW (Ehdr) *ehdr_p,
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
off = ftell (fp);
|
||||||
|
+ if (off < 0)
|
||||||
|
+ return gpg_error_from_syserror ();
|
||||||
|
if (shdr.sh_type == SHT_NOTE && shdr.sh_flags == 0 && shdr.sh_size == 48)
|
||||||
|
{
|
||||||
|
const char header_of_the_note[] = {
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
187
SOURCES/libgcrypt-1.10.0-fips-kdf.patch
Normal file
187
SOURCES/libgcrypt-1.10.0-fips-kdf.patch
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
Date: Tue, 27 Sep 2022 13:31:05 +0900
|
||||||
|
Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in
|
||||||
|
FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 81523320..67c60df8 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* Check minimum key size */
|
||||||
|
+ if (fips_mode () && dklen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
|
||||||
|
/* Step 2 */
|
||||||
|
l = ((dklen - 1)/ hlen) + 1;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 4 Oct 2022 12:44:54 +0200
|
||||||
|
Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode
|
||||||
|
|
||||||
|
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
|
||||||
|
verify it fails in FIPS mode
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/t-kdf.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
|
||||||
|
index c0192d7b..716fb53e 100644
|
||||||
|
--- a/tests/t-kdf.c
|
||||||
|
+++ b/tests/t-kdf.c
|
||||||
|
@@ -909,6 +909,14 @@ check_pbkdf2 (void)
|
||||||
|
"\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
"\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ "password", 8,
|
||||||
|
+ "salt", 4,
|
||||||
|
+ GCRY_MD_SHA1,
|
||||||
|
+ 1,
|
||||||
|
+ 10, /* too short dklen for FIPS */
|
||||||
|
+ "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
"password", 8,
|
||||||
|
"salt", 4,
|
||||||
|
@@ -1109,7 +1117,7 @@ check_pbkdf2 (void)
|
||||||
|
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
|
||||||
|
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||||
|
tv[tvidx].c, tv[tvidx].dklen, outbuf);
|
||||||
|
- if (in_fips_mode && tvidx > 6)
|
||||||
|
+ if (in_fips_mode && tvidx > 7)
|
||||||
|
{
|
||||||
|
if (!err)
|
||||||
|
fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
|
||||||
|
@@ -1118,7 +1126,7 @@ check_pbkdf2 (void)
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
- if (in_fips_mode && tv[tvidx].plen < 14)
|
||||||
|
+ if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14))
|
||||||
|
{
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
From f4a861f3e5ae82f278284061e4829c03edf9c3a7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 18 Nov 2022 09:49:50 +0900
|
||||||
|
Subject: [PATCH] pkdf2: Add checks for FIPS.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS.
|
||||||
|
Set bounds for salt length and iteration count in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6039
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index d22584da..823c744e 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
|
||||||
|
+ if (fips_mode () && passphraselen < 8)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
+ /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
|
||||||
|
+ if (fips_mode () && saltlen < 16)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
+ /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
|
||||||
|
+ if (fips_mode () && iterations < 1000)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
/* Check minimum key size */
|
||||||
|
if (fips_mode () && dklen < 14)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
||||||
|
From f5fe94810f3099c9ccc2ca3a5891502922ab0576 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 28 Feb 2023 12:53:28 +0100
|
||||||
|
Subject: [PATCH] kdf: Update tests in regards to the allowed parameters in
|
||||||
|
FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (check_one): run selftests for more approved parameters
|
||||||
|
and check that wrong parameters correctly fail in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Fixes-commit: 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
|
||||||
|
GnuPG-bug-id: 5512
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 22 +++++++++++++++-------
|
||||||
|
1 file changed, 15 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 823c744e..12beec56 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -2059,17 +2059,25 @@ check_one (int algo, int hash_algo,
|
||||||
|
{
|
||||||
|
unsigned char key[512]; /* hardcoded to avoid allocation */
|
||||||
|
size_t keysize = expectlen;
|
||||||
|
-
|
||||||
|
- /* Skip test with shoter passphrase in FIPS mode. */
|
||||||
|
- if (fips_mode () && passphraselen < 14)
|
||||||
|
- return NULL;
|
||||||
|
+ int rv;
|
||||||
|
|
||||||
|
if (keysize > sizeof(key))
|
||||||
|
return "invalid tests data";
|
||||||
|
|
||||||
|
- if (_gcry_kdf_derive (passphrase, passphraselen, algo,
|
||||||
|
- hash_algo, salt, saltlen, iterations,
|
||||||
|
- keysize, key))
|
||||||
|
+ rv = _gcry_kdf_derive (passphrase, passphraselen, algo,
|
||||||
|
+ hash_algo, salt, saltlen, iterations,
|
||||||
|
+ keysize, key);
|
||||||
|
+ /* In fips mode we have special requirements for the input and
|
||||||
|
+ * output parameters */
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ if (rv && (passphraselen < 8 || saltlen < 16 ||
|
||||||
|
+ iterations < 1000 || expectlen < 14))
|
||||||
|
+ return NULL;
|
||||||
|
+ else if (rv)
|
||||||
|
+ return "gcry_kdf_derive unexpectedly failed in FIPS Mode";
|
||||||
|
+ }
|
||||||
|
+ else if (rv)
|
||||||
|
return "gcry_kdf_derive failed";
|
||||||
|
|
||||||
|
if (memcmp (key, expect, expectlen))
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
55
SOURCES/libgcrypt-1.10.0-fips-keygen.patch
Normal file
55
SOURCES/libgcrypt-1.10.0-fips-keygen.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From cd30ed3c0d715aa0c58a32a29cfb1476163a5b94 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Wed, 20 Apr 2022 15:09:41 +0900
|
||||||
|
Subject: [PATCH] cipher: Change the bounds for RSA key generation round.
|
||||||
|
|
||||||
|
* cipher/rsa.c (generate_fips): Use 10 for p, 20 for q.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Constants from FIPS 186-5-draft.
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5919
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index 486a34f0..771413b3 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -476,7 +476,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
|
||||||
|
retry:
|
||||||
|
/* generate p and q */
|
||||||
|
- for (i = 0; i < 5 * pbits; i++)
|
||||||
|
+ for (i = 0; i < 10 * pbits; i++)
|
||||||
|
{
|
||||||
|
ploop:
|
||||||
|
if (!testparms)
|
||||||
|
@@ -506,10 +506,10 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
else if (testparms)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (i >= 5 * pbits)
|
||||||
|
+ if (i >= 10 * pbits)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- for (i = 0; i < 5 * pbits; i++)
|
||||||
|
+ for (i = 0; i < 20 * pbits; i++)
|
||||||
|
{
|
||||||
|
qloop:
|
||||||
|
if (!testparms)
|
||||||
|
@@ -555,7 +555,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||||
|
else if (testparms)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (i >= 5 * pbits)
|
||||||
|
+ if (i >= 20 * pbits)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (testparms)
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
145
SOURCES/libgcrypt-1.10.0-fips-pct.patch
Normal file
145
SOURCES/libgcrypt-1.10.0-fips-pct.patch
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
From 2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Wed, 1 Mar 2023 15:42:29 +0100
|
||||||
|
Subject: [PATCH] ecc: Do not allow skipping tests in FIPS Mode.
|
||||||
|
|
||||||
|
* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests
|
||||||
|
in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
The new FIPS specification requires to run the PCT without any
|
||||||
|
exceptions.
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6394
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/ecc.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/ecc.c b/cipher/ecc.c
|
||||||
|
index 1e80200e..797f2368 100644
|
||||||
|
--- a/cipher/ecc.c
|
||||||
|
+++ b/cipher/ecc.c
|
||||||
|
@@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
log_debug ("ecgen result using Ed25519+EdDSA\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ())
|
||||||
|
+ if (fips_mode ())
|
||||||
|
test_keys_fips (*r_skey);
|
||||||
|
|
||||||
|
leave:
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
From 23a2d1285e35b2eb91bb422609eb1c965c8a9bf6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu, 2 Mar 2023 09:43:44 +0100
|
||||||
|
Subject: [PATCH] ecc: Make the PCT recoverable in FIPS mode and consistent
|
||||||
|
with RSA.
|
||||||
|
|
||||||
|
* cipher/ecc.c (test_keys_fips): Replace calls to log_fatal with
|
||||||
|
return code on error.
|
||||||
|
(ecc_generate): Signal error when PCT fails in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6397
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/ecc.c | 36 ++++++++++++++++++++++++++++--------
|
||||||
|
1 file changed, 28 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/ecc.c b/cipher/ecc.c
|
||||||
|
index 797f2368..19520db3 100644
|
||||||
|
--- a/cipher/ecc.c
|
||||||
|
+++ b/cipher/ecc.c
|
||||||
|
@@ -101,7 +101,7 @@ static void *progress_cb_data;
|
||||||
|
|
||||||
|
/* Local prototypes. */
|
||||||
|
static void test_keys (mpi_ec_t ec, unsigned int nbits);
|
||||||
|
-static void test_keys_fips (gcry_sexp_t skey);
|
||||||
|
+static int test_keys_fips (gcry_sexp_t skey);
|
||||||
|
static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
|
||||||
|
static unsigned int ecc_get_nbits (gcry_sexp_t parms);
|
||||||
|
|
||||||
|
@@ -308,9 +308,10 @@ test_keys (mpi_ec_t ec, unsigned int nbits)
|
||||||
|
/* We should get here only with the NIST curves as they are the only ones
|
||||||
|
* having the fips bit set in ecc_domain_parms_t struct so this is slightly
|
||||||
|
* simpler than the whole ecc_generate function */
|
||||||
|
-static void
|
||||||
|
+static int
|
||||||
|
test_keys_fips (gcry_sexp_t skey)
|
||||||
|
{
|
||||||
|
+ int result = -1; /* Default to failure */
|
||||||
|
gcry_md_hd_t hd = NULL;
|
||||||
|
const char *data_tmpl = "(data (flags rfc6979) (hash %s %b))";
|
||||||
|
gcry_sexp_t sig = NULL;
|
||||||
|
@@ -323,18 +324,27 @@ test_keys_fips (gcry_sexp_t skey)
|
||||||
|
/* Open MD context and feed the random data in */
|
||||||
|
rc = _gcry_md_open (&hd, GCRY_MD_SHA256, 0);
|
||||||
|
if (rc)
|
||||||
|
- log_fatal ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
|
||||||
|
+ {
|
||||||
|
+ log_error ("ECDSA operation: failed to initialize MD context: %s\n", gpg_strerror (rc));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
_gcry_md_write (hd, plaintext, sizeof(plaintext));
|
||||||
|
|
||||||
|
/* Sign the data */
|
||||||
|
rc = _gcry_pk_sign_md (&sig, data_tmpl, hd, skey, NULL);
|
||||||
|
if (rc)
|
||||||
|
- log_fatal ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
|
||||||
|
+ {
|
||||||
|
+ log_error ("ECDSA operation: signing failed: %s\n", gpg_strerror (rc));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Verify this signature. */
|
||||||
|
rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
|
||||||
|
if (rc)
|
||||||
|
- log_fatal ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
|
||||||
|
+ {
|
||||||
|
+ log_error ("ECDSA operation: verification failed: %s\n", gpg_strerror (rc));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Modify the data and check that the signing fails. */
|
||||||
|
_gcry_md_reset(hd);
|
||||||
|
@@ -342,10 +352,16 @@ test_keys_fips (gcry_sexp_t skey)
|
||||||
|
_gcry_md_write (hd, plaintext, sizeof(plaintext));
|
||||||
|
rc = _gcry_pk_verify_md (sig, data_tmpl, hd, skey, NULL);
|
||||||
|
if (rc != GPG_ERR_BAD_SIGNATURE)
|
||||||
|
- log_fatal ("ECDSA operation: signature verification worked on modified data\n");
|
||||||
|
+ {
|
||||||
|
+ log_error ("ECDSA operation: signature verification worked on modified data\n");
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
+ result = 0;
|
||||||
|
+leave:
|
||||||
|
_gcry_md_close (hd);
|
||||||
|
sexp_release (sig);
|
||||||
|
+ return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -677,8 +693,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
log_debug ("ecgen result using Ed25519+EdDSA\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (fips_mode ())
|
||||||
|
- test_keys_fips (*r_skey);
|
||||||
|
+ if (fips_mode () && test_keys_fips (*r_skey))
|
||||||
|
+ {
|
||||||
|
+ sexp_release (*r_skey); r_skey = NULL;
|
||||||
|
+ fips_signal_error ("self-test after key generation failed");
|
||||||
|
+ rc = GPG_ERR_SELFTEST_FAILED;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
leave:
|
||||||
|
mpi_free (public);
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
109
SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
Normal file
109
SOURCES/libgcrypt-1.10.0-fips-rsa-pss.patch
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
From bf1e62e59200b2046680d1d3d1599facc88cfe63 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 29 Nov 2022 14:04:59 +0100
|
||||||
|
Subject: [PATCH] rsa: Prevent usage of long salt in FIPS mode
|
||||||
|
|
||||||
|
* cipher/rsa-common.c (_gcry_rsa_pss_encode): Prevent usage of large
|
||||||
|
salt lengths
|
||||||
|
(_gcry_rsa_pss_verify): Ditto.
|
||||||
|
* tests/basic.c (check_pubkey_sign): Check longer salt length fails in
|
||||||
|
FIPS mode
|
||||||
|
* tests/t-rsa-pss.c (one_test_sexp): Fix function name in error message
|
||||||
|
---
|
||||||
|
cipher/rsa-common.c | 14 ++++++++++++++
|
||||||
|
tests/basic.c | 19 ++++++++++++++++++-
|
||||||
|
tests/t-rsa-pss.c | 2 +-
|
||||||
|
3 files changed, 33 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
|
||||||
|
index 233ddb2d..61cd60a4 100644
|
||||||
|
--- a/cipher/rsa-common.c
|
||||||
|
+++ b/cipher/rsa-common.c
|
||||||
|
@@ -809,6 +809,13 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
|
||||||
|
hlen = _gcry_md_get_algo_dlen (algo);
|
||||||
|
gcry_assert (hlen); /* We expect a valid ALGO here. */
|
||||||
|
|
||||||
|
+ /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
|
||||||
|
+ if (fips_mode () && saltlen > hlen)
|
||||||
|
+ {
|
||||||
|
+ rc = GPG_ERR_INV_ARG;
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Allocate a help buffer and setup some pointers. */
|
||||||
|
buflen = 8 + hlen + saltlen + (emlen - hlen - 1);
|
||||||
|
buf = xtrymalloc (buflen);
|
||||||
|
@@ -950,6 +957,13 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, int hashed_already,
|
||||||
|
hlen = _gcry_md_get_algo_dlen (algo);
|
||||||
|
gcry_assert (hlen); /* We expect a valid ALGO here. */
|
||||||
|
|
||||||
|
+ /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */
|
||||||
|
+ if (fips_mode () && saltlen > hlen)
|
||||||
|
+ {
|
||||||
|
+ rc = GPG_ERR_INV_ARG;
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Allocate a help buffer and setup some pointers.
|
||||||
|
This buffer is used for two purposes:
|
||||||
|
+------------------------------+-------+
|
||||||
|
diff --git a/tests/basic.c b/tests/basic.c
|
||||||
|
index 77e2fd93..429bd237 100644
|
||||||
|
--- a/tests/basic.c
|
||||||
|
+++ b/tests/basic.c
|
||||||
|
@@ -16602,6 +16602,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
const char *data;
|
||||||
|
int algo;
|
||||||
|
int expected_rc;
|
||||||
|
+ int flags;
|
||||||
|
} datas[] =
|
||||||
|
{
|
||||||
|
{ "(data\n (flags pkcs1)\n"
|
||||||
|
@@ -16672,6 +16673,22 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
" (random-override #4253647587980912233445566778899019283747#))\n",
|
||||||
|
GCRY_PK_RSA,
|
||||||
|
0 },
|
||||||
|
+ { "(data\n (flags pss)\n"
|
||||||
|
+ " (hash-algo sha256)\n"
|
||||||
|
+ " (value #11223344556677889900AABBCCDDEEFF#)\n"
|
||||||
|
+ " (salt-length 2:32)\n"
|
||||||
|
+ " (random-override #42536475879809122334455667788990192837465564738291"
|
||||||
|
+ "00122334455667#))\n",
|
||||||
|
+ GCRY_PK_RSA,
|
||||||
|
+ 0 },
|
||||||
|
+ { "(data\n (flags pss)\n"
|
||||||
|
+ " (hash-algo sha256)\n"
|
||||||
|
+ " (value #11223344556677889900AABBCCDDEEFF#)\n"
|
||||||
|
+ " (salt-length 2:33)\n"
|
||||||
|
+ " (random-override #42536475879809122334455667788990192837465564738291"
|
||||||
|
+ "0012233445566778#))\n",
|
||||||
|
+ GCRY_PK_RSA,
|
||||||
|
+ 0, FLAG_NOFIPS },
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -16695,7 +16712,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||||
|
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||||
|
|
||||||
|
rc = gcry_pk_sign (&sig, hash, skey);
|
||||||
|
- if (in_fips_mode && (flags & FLAG_NOFIPS))
|
||||||
|
+ if (in_fips_mode && (flags & FLAG_NOFIPS || datas[dataidx].flags & FLAG_NOFIPS))
|
||||||
|
{
|
||||||
|
if (!rc)
|
||||||
|
fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
|
||||||
|
diff --git a/tests/t-rsa-pss.c b/tests/t-rsa-pss.c
|
||||||
|
index c5f90116..82dd54b3 100644
|
||||||
|
--- a/tests/t-rsa-pss.c
|
||||||
|
+++ b/tests/t-rsa-pss.c
|
||||||
|
@@ -340,7 +340,7 @@ one_test_sexp (const char *n, const char *e, const char *d,
|
||||||
|
snprintf (p, 3, "%02x", out[i]);
|
||||||
|
if (strcmp (sig_string, s))
|
||||||
|
{
|
||||||
|
- fail ("gcry_pkhash_sign failed: %s",
|
||||||
|
+ fail ("gcry_pk_hash_sign failed: %s",
|
||||||
|
"wrong value returned");
|
||||||
|
info (" expected: '%s'", s);
|
||||||
|
info (" got: '%s'", sig_string);
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
1199
SOURCES/libgcrypt-1.10.0-fips-selftest.patch
Normal file
1199
SOURCES/libgcrypt-1.10.0-fips-selftest.patch
Normal file
File diff suppressed because it is too large
Load Diff
46
SOURCES/libgcrypt-1.10.0-fips-status-sign-verify.patch
Normal file
46
SOURCES/libgcrypt-1.10.0-fips-status-sign-verify.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 654d0dfa04993ebe28c0536d42f4bc6d87c28369 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Wed, 1 Mar 2023 17:14:00 +0100
|
||||||
|
Subject: [PATCH] visibility: Check FIPS operational status for MD+Sign
|
||||||
|
operation.
|
||||||
|
|
||||||
|
* src/visibility.c (gcry_pk_hash_sign): Check fips status before
|
||||||
|
calling the operation itself.
|
||||||
|
(gcry_pk_hash_verify): Ditto.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6396
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
src/visibility.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/visibility.c b/src/visibility.c
|
||||||
|
index 73db3dea..1f17e147 100644
|
||||||
|
--- a/src/visibility.c
|
||||||
|
+++ b/src/visibility.c
|
||||||
|
@@ -1050,6 +1050,11 @@ gcry_error_t
|
||||||
|
gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey,
|
||||||
|
gcry_md_hd_t hd, gcry_ctx_t ctx)
|
||||||
|
{
|
||||||
|
+ if (!fips_is_operational ())
|
||||||
|
+ {
|
||||||
|
+ *result = NULL;
|
||||||
|
+ return gpg_error (fips_not_operational ());
|
||||||
|
+ }
|
||||||
|
return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx));
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1065,6 +1070,8 @@ gcry_error_t
|
||||||
|
gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey,
|
||||||
|
gcry_md_hd_t hd, gcry_ctx_t ctx)
|
||||||
|
{
|
||||||
|
+ if (!fips_is_operational ())
|
||||||
|
+ return gpg_error (fips_not_operational ());
|
||||||
|
return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx));
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
139
SOURCES/libgcrypt-1.10.0-fips-x931.patch
Normal file
139
SOURCES/libgcrypt-1.10.0-fips-x931.patch
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
From 06ea5b5332ffdb44a0a394d766be8989bcb6a95c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 6 Dec 2022 10:03:47 +0900
|
||||||
|
Subject: [PATCH] fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
|
||||||
|
|
||||||
|
* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
|
||||||
|
in FIPS mode.
|
||||||
|
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
|
||||||
|
(check_run): Skip checking X9.31 keys in FIPS mode.
|
||||||
|
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
|
||||||
|
the X9.31 keygen.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 5 +++++
|
||||||
|
doc/gcrypt.texi | 41 ++++++++++++++++++++++++++++++++++++-----
|
||||||
|
tests/pubkey.c | 15 +++++++++++++--
|
||||||
|
3 files changed, 54 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index df4af94b..45523e6b 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -1256,6 +1256,11 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
|
||||||
|
{
|
||||||
|
int swapped;
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ sexp_release (deriveparms);
|
||||||
|
+ return GPG_ERR_INV_SEXP;
|
||||||
|
+ }
|
||||||
|
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
|
||||||
|
sexp_release (deriveparms);
|
||||||
|
if (!ec && swapped)
|
||||||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||||||
|
index d0372f3e..e845a4dd 100644
|
||||||
|
--- a/doc/gcrypt.texi
|
||||||
|
+++ b/doc/gcrypt.texi
|
||||||
|
@@ -2699,8 +2699,7 @@ achieve fastest ECC key generation.
|
||||||
|
Force the use of the ANSI X9.31 key generation algorithm instead of
|
||||||
|
the default algorithm. This flag is only meaningful for RSA key
|
||||||
|
generation and usually not required. Note that this algorithm is
|
||||||
|
-implicitly used if either @code{derive-parms} is given or Libgcrypt is
|
||||||
|
-in FIPS mode.
|
||||||
|
+implicitly used if either @code{derive-parms} is given.
|
||||||
|
|
||||||
|
@item use-fips186
|
||||||
|
@cindex FIPS 186
|
||||||
|
@@ -3310,9 +3309,9 @@ This is currently only implemented for RSA and DSA keys. It is not
|
||||||
|
allowed to use this together with a @code{domain} specification. If
|
||||||
|
given, it is used to derive the keys using the given parameters.
|
||||||
|
|
||||||
|
-If given for an RSA key the X9.31 key generation algorithm is used
|
||||||
|
-even if libgcrypt is not in FIPS mode. If given for a DSA key, the
|
||||||
|
-FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||||||
|
+If given for an RSA key, the X9.31 key generation algorithm is used.
|
||||||
|
+If given for a DSA key, the FIPS 186 algorithm is used even if
|
||||||
|
+libgcrypt is not in FIPS mode.
|
||||||
|
|
||||||
|
@example
|
||||||
|
(genkey
|
||||||
|
@@ -3342,6 +3341,38 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||||||
|
(seed @var{seed-mpi}))))
|
||||||
|
@end example
|
||||||
|
|
||||||
|
+@item test-parms @var{list}
|
||||||
|
+This is currently only implemented for RSA keys. If given, the
|
||||||
|
+libgcrypt will not generate parameter, but tests whether the p,q is
|
||||||
|
+probably prime. Returns key with zeroes.
|
||||||
|
+
|
||||||
|
+The FIPS key generation algorithm is used even if libgcrypt is not
|
||||||
|
+in FIPS mode.
|
||||||
|
+
|
||||||
|
+@example
|
||||||
|
+(genkey
|
||||||
|
+ (rsa
|
||||||
|
+ (nbits 4:1024)
|
||||||
|
+ (rsa-use-e 1:3)
|
||||||
|
+ (test-parms
|
||||||
|
+ (e "65537")
|
||||||
|
+ (p #00bbccabcee15d343944a47e492d4b1f4de79633e2
|
||||||
|
+ 0cbb46f7d2d6813392a807ad048cf77528edd19f77
|
||||||
|
+ e7453f25173b9dcb70423afa2037aae147b81a33d5
|
||||||
|
+ 41fc58f875eff1e852ab55e2e09a3debfbc151b3b0
|
||||||
|
+ d17fef6f74d81fca14fbae531418e211ef818592af
|
||||||
|
+ 70de5cec3b92795cc3578572bf456099cd8727150e
|
||||||
|
+ 523261#)
|
||||||
|
+ (q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc
|
||||||
|
+ 34ecc563d587f166b52d42bfbe22bbc095b0b8426a
|
||||||
|
+ 2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b
|
||||||
|
+ 63481322911ebbd7014db83aa051e0ca2dbf302b75
|
||||||
|
+ cd37f2ae8df90e134226e92f6353a284b28bb30af0
|
||||||
|
+ bbf925b345b955328379866ebac11d55bc80fe84f1
|
||||||
|
+ 05d415#)
|
||||||
|
+
|
||||||
|
+@end example
|
||||||
|
+
|
||||||
|
|
||||||
|
@item flags @var{flaglist}
|
||||||
|
This is preferred way to define flags. @var{flaglist} may contain any
|
||||||
|
diff --git a/tests/pubkey.c b/tests/pubkey.c
|
||||||
|
index bc44f3a5..2669b41a 100644
|
||||||
|
--- a/tests/pubkey.c
|
||||||
|
+++ b/tests/pubkey.c
|
||||||
|
@@ -430,7 +430,17 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
|
||||||
|
rc = gcry_pk_genkey (&key, key_spec);
|
||||||
|
gcry_sexp_release (key_spec);
|
||||||
|
if (rc)
|
||||||
|
- die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||||||
|
+ {
|
||||||
|
+ if (in_fips_mode)
|
||||||
|
+ {
|
||||||
|
+ if (verbose)
|
||||||
|
+ fprintf (stderr, "The X9.31 RSA keygen is not available in FIPS modee.\n");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||||||
|
+ }
|
||||||
|
+ else if (in_fips_mode)
|
||||||
|
+ die ("generating X9.31 RSA key unexpected worked in FIPS mode\n");
|
||||||
|
|
||||||
|
if (verbose > 1)
|
||||||
|
show_sexp ("generated RSA (X9.31) key:\n", key);
|
||||||
|
@@ -777,7 +787,8 @@ check_run (void)
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr, "Checking generated RSA key (X9.31).\n");
|
||||||
|
get_keys_x931_new (&pkey, &skey);
|
||||||
|
- check_keys (pkey, skey, 800, 0);
|
||||||
|
+ if (!in_fips_mode)
|
||||||
|
+ check_keys (pkey, skey, 800, 0);
|
||||||
|
gcry_sexp_release (pkey);
|
||||||
|
gcry_sexp_release (skey);
|
||||||
|
pkey = skey = NULL;
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
2249
SOURCES/libgcrypt-1.10.0-marvin.patch
Normal file
2249
SOURCES/libgcrypt-1.10.0-marvin.patch
Normal file
File diff suppressed because it is too large
Load Diff
156
SOURCES/libgcrypt-1.10.0-marvin2.patch
Normal file
156
SOURCES/libgcrypt-1.10.0-marvin2.patch
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
From f490ffd739f713fcf0be35b7fbbb8502dea40a0c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
Date: Sat, 3 Jun 2023 13:20:07 +0300
|
||||||
|
Subject: [PATCH] addm/subm/mulm: fix case when destination is same MPI as
|
||||||
|
divider
|
||||||
|
|
||||||
|
* mpi/mpi-add.c (_gcry_mpi_addm, _gcry_mpi_subm): Take copy of M when
|
||||||
|
W and M are the same MPI.
|
||||||
|
* mpi/mpi-mul.c (_gcry_mpi_mulm): Likewise.
|
||||||
|
* tests/mpitests.c (test_addm_subm_mulm): New.
|
||||||
|
(main): Run addm/subm/mulm test.
|
||||||
|
--
|
||||||
|
|
||||||
|
Reported-by: Guido Vranken <guidovranken@gmail.com>
|
||||||
|
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
---
|
||||||
|
mpi/mpi-add.c | 22 ++++++++++++++++++++
|
||||||
|
mpi/mpi-mul.c | 11 ++++++++++
|
||||||
|
tests/mpitests.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 86 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/mpi/mpi-add.c b/mpi/mpi-add.c
|
||||||
|
index 41dc3900..51dc71b7 100644
|
||||||
|
--- a/mpi/mpi-add.c
|
||||||
|
+++ b/mpi/mpi-add.c
|
||||||
|
@@ -227,13 +227,35 @@ _gcry_mpi_sub(gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
|
||||||
|
void
|
||||||
|
_gcry_mpi_addm( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
|
||||||
|
{
|
||||||
|
+ gcry_mpi_t temp_m = NULL;
|
||||||
|
+
|
||||||
|
+ if (w == m)
|
||||||
|
+ {
|
||||||
|
+ temp_m = mpi_copy (m);
|
||||||
|
+ m = temp_m;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
mpi_add (w, u, v);
|
||||||
|
mpi_mod (w, w, m);
|
||||||
|
+
|
||||||
|
+ if (temp_m)
|
||||||
|
+ mpi_free(temp_m);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
_gcry_mpi_subm( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
|
||||||
|
{
|
||||||
|
+ gcry_mpi_t temp_m = NULL;
|
||||||
|
+
|
||||||
|
+ if (w == m)
|
||||||
|
+ {
|
||||||
|
+ temp_m = mpi_copy (m);
|
||||||
|
+ m = temp_m;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
mpi_sub (w, u, v);
|
||||||
|
mpi_mod (w, w, m);
|
||||||
|
+
|
||||||
|
+ if (temp_m)
|
||||||
|
+ mpi_free(temp_m);
|
||||||
|
}
|
||||||
|
diff --git a/mpi/mpi-mul.c b/mpi/mpi-mul.c
|
||||||
|
index 60f1ca48..e8e57475 100644
|
||||||
|
--- a/mpi/mpi-mul.c
|
||||||
|
+++ b/mpi/mpi-mul.c
|
||||||
|
@@ -207,6 +207,17 @@ _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
|
||||||
|
void
|
||||||
|
_gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
|
||||||
|
{
|
||||||
|
+ gcry_mpi_t temp_m = NULL;
|
||||||
|
+
|
||||||
|
+ if (w == m)
|
||||||
|
+ {
|
||||||
|
+ temp_m = mpi_copy (m);
|
||||||
|
+ m = temp_m;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
mpi_mul (w, u, v);
|
||||||
|
_gcry_mpi_tdiv_r (w, w, m);
|
||||||
|
+
|
||||||
|
+ if (temp_m)
|
||||||
|
+ mpi_free(temp_m);
|
||||||
|
}
|
||||||
|
diff --git a/tests/mpitests.c b/tests/mpitests.c
|
||||||
|
index 48ea18b2..2ee08bd3 100644
|
||||||
|
--- a/tests/mpitests.c
|
||||||
|
+++ b/tests/mpitests.c
|
||||||
|
@@ -687,6 +687,58 @@ test_powm (void)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+/* What we test here is that using the same mpi for divider and result
|
||||||
|
+ works. */
|
||||||
|
+static int
|
||||||
|
+test_addm_subm_mulm (void)
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < 3; i++)
|
||||||
|
+ {
|
||||||
|
+ unsigned int expect;
|
||||||
|
+ const char *func;
|
||||||
|
+ gcry_mpi_t A;
|
||||||
|
+ gcry_mpi_t B;
|
||||||
|
+ gcry_mpi_t C;
|
||||||
|
+
|
||||||
|
+ A = gcry_mpi_set_ui (NULL, 2);
|
||||||
|
+ B = gcry_mpi_set_ui (NULL, 4);
|
||||||
|
+ C = gcry_mpi_set_ui (NULL, 7);
|
||||||
|
+
|
||||||
|
+ if (i == 0)
|
||||||
|
+ {
|
||||||
|
+ func = "mpi_addm";
|
||||||
|
+ expect = 6;
|
||||||
|
+ gcry_mpi_addm(C, A, B, C);
|
||||||
|
+ }
|
||||||
|
+ else if (i == 1)
|
||||||
|
+ {
|
||||||
|
+ func = "mpi_subm";
|
||||||
|
+ expect = 5;
|
||||||
|
+ gcry_mpi_subm(C, A, B, C);
|
||||||
|
+ }
|
||||||
|
+ else if (i == 2)
|
||||||
|
+ {
|
||||||
|
+ func = "mpi_mulm";
|
||||||
|
+ expect = 1;
|
||||||
|
+ gcry_mpi_mulm(C, A, B, C);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (gcry_mpi_is_neg (C) || gcry_mpi_cmp_ui (C, expect))
|
||||||
|
+ {
|
||||||
|
+ die ("test_addm_subm_mulm failed for %s at %d\n", func, __LINE__);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ gcry_mpi_release(A);
|
||||||
|
+ gcry_mpi_release(B);
|
||||||
|
+ gcry_mpi_release(C);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main (int argc, char* argv[])
|
||||||
|
{
|
||||||
|
@@ -710,6 +762,7 @@ main (int argc, char* argv[])
|
||||||
|
test_sub ();
|
||||||
|
test_mul ();
|
||||||
|
test_powm ();
|
||||||
|
+ test_addm_subm_mulm ();
|
||||||
|
|
||||||
|
return !!error_count;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.44.0
|
2187
SOURCES/libgcrypt-1.10.0-marvin3.patch
Normal file
2187
SOURCES/libgcrypt-1.10.0-marvin3.patch
Normal file
File diff suppressed because it is too large
Load Diff
29
SOURCES/libgcrypt-1.10.0-ppc-hwf.patch
Normal file
29
SOURCES/libgcrypt-1.10.0-ppc-hwf.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 29bfb3ebbc63d7ed18b916c5c6946790fb3d15df Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
Date: Fri, 1 Apr 2022 09:49:20 +0300
|
||||||
|
Subject: [PATCH] hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature
|
||||||
|
|
||||||
|
* src/hwf-ppc.c (ppc_features): Add HWF_PPC_ARCH_3_10.
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: T5913
|
||||||
|
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
---
|
||||||
|
src/hwf-ppc.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/hwf-ppc.c b/src/hwf-ppc.c
|
||||||
|
index 7801f8b0..11d14dc1 100644
|
||||||
|
--- a/src/hwf-ppc.c
|
||||||
|
+++ b/src/hwf-ppc.c
|
||||||
|
@@ -103,6 +103,7 @@ static const struct feature_map_s ppc_features[] =
|
||||||
|
{ 0, PPC_FEATURE2_VEC_CRYPTO, HWF_PPC_VCRYPTO },
|
||||||
|
#endif
|
||||||
|
{ 0, PPC_FEATURE2_ARCH_3_00, HWF_PPC_ARCH_3_00 },
|
||||||
|
+ { 0, PPC_FEATURE2_ARCH_3_10, HWF_PPC_ARCH_3_10 },
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
621
SOURCES/libgcrypt-1.10.0-sha3-large.patch
Normal file
621
SOURCES/libgcrypt-1.10.0-sha3-large.patch
Normal file
@ -0,0 +1,621 @@
|
|||||||
|
From 2c1bb2f34f2812888f75c476037afae6d9e21798 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 23 Sep 2022 18:39:20 +0200
|
||||||
|
Subject: [PATCH] keccak: Use size_t to avoid integer overflow
|
||||||
|
|
||||||
|
Any input to the SHA3 functions > 4GB was giving wrong result when it
|
||||||
|
was invoked in one-shot, while working correctly when it was fed by
|
||||||
|
chunks. It turned out that the calculation in the `keccak_write`
|
||||||
|
overflows the `unsigned int` type (`nlanes * 8` does not fit 32b when
|
||||||
|
the `inlen` > 4GB).
|
||||||
|
|
||||||
|
* cipher/keccak-armv7-neon.S: Fix function name in comment and change
|
||||||
|
parameter type to size_t
|
||||||
|
* cipher/keccak.c (keccak_ops_t): Change absorb function signature to
|
||||||
|
use size_t
|
||||||
|
(keccak_absorb_lanes64_avx512): Change nlanes type to size_t
|
||||||
|
(_gcry_keccak_absorb_lanes64_armv7_neon): Ditto.
|
||||||
|
(keccak_absorb_lanes64_armv7_neon): Ditto.
|
||||||
|
(keccak_absorb_lanes32bi): Ditto.
|
||||||
|
(keccak_absorb_lanes32bi_bmi2): Ditto.
|
||||||
|
(keccak_write): Change nlanes variable to use size_t and avoid
|
||||||
|
overflow when calculating count.
|
||||||
|
* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change
|
||||||
|
nlanes argument to use size_t.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/keccak-armv7-neon.S | 10 +++++-----
|
||||||
|
cipher/keccak.c | 20 ++++++++++----------
|
||||||
|
cipher/keccak_permute_64.h | 2 +-
|
||||||
|
3 files changed, 16 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S
|
||||||
|
index 0bec8d50..28a284a1 100644
|
||||||
|
--- a/cipher/keccak-armv7-neon.S
|
||||||
|
+++ b/cipher/keccak-armv7-neon.S
|
||||||
|
@@ -467,11 +467,11 @@ _gcry_keccak_permute_armv7_neon:
|
||||||
|
.ltorg
|
||||||
|
.size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon;
|
||||||
|
|
||||||
|
-@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4
|
||||||
|
-@ int pos, @r1
|
||||||
|
-@ const byte *lanes, @r2
|
||||||
|
-@ unsigned int nlanes, @r3
|
||||||
|
-@ int blocklanes) @ r5 callable from C
|
||||||
|
+@//unsigned _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, @r4
|
||||||
|
+@ int pos, @r1
|
||||||
|
+@ const byte *lanes, @r2
|
||||||
|
+@ size_t nlanes, @r3
|
||||||
|
+@ int blocklanes) @ r5 callable from C
|
||||||
|
.p2align 3
|
||||||
|
.global _gcry_keccak_absorb_lanes64_armv7_neon
|
||||||
|
.type _gcry_keccak_absorb_lanes64_armv7_neon,%function;
|
||||||
|
diff --git a/cipher/keccak.c b/cipher/keccak.c
|
||||||
|
index e7e42473..6c385f71 100644
|
||||||
|
--- a/cipher/keccak.c
|
||||||
|
+++ b/cipher/keccak.c
|
||||||
|
@@ -131,7 +131,7 @@ typedef struct
|
||||||
|
{
|
||||||
|
unsigned int (*permute)(KECCAK_STATE *hd);
|
||||||
|
unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes);
|
||||||
|
+ size_t nlanes, int blocklanes);
|
||||||
|
unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf,
|
||||||
|
unsigned int outlen);
|
||||||
|
} keccak_ops_t;
|
||||||
|
@@ -513,7 +513,7 @@ static const keccak_ops_t keccak_avx512_64_ops =
|
||||||
|
unsigned int _gcry_keccak_permute_armv7_neon(u64 *state);
|
||||||
|
unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos,
|
||||||
|
const byte *lanes,
|
||||||
|
- unsigned int nlanes,
|
||||||
|
+ size_t nlanes,
|
||||||
|
int blocklanes);
|
||||||
|
|
||||||
|
static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
|
||||||
|
@@ -523,7 +523,7 @@ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
if (blocklanes < 0)
|
||||||
|
{
|
||||||
|
@@ -571,7 +571,7 @@ static const keccak_ops_t keccak_armv7_neon_64_ops =
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
@@ -653,7 +653,7 @@ keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
@@ -873,7 +873,8 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
|
||||||
|
const byte *inbuf = inbuf_arg;
|
||||||
|
unsigned int nburn, burn = 0;
|
||||||
|
unsigned int count, i;
|
||||||
|
- unsigned int pos, nlanes;
|
||||||
|
+ unsigned int pos;
|
||||||
|
+ size_t nlanes;
|
||||||
|
|
||||||
|
#ifdef USE_S390X_CRYPTO
|
||||||
|
if (ctx->kimd_func)
|
||||||
|
@@ -918,8 +919,7 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
|
||||||
|
burn = nburn > burn ? nburn : burn;
|
||||||
|
inlen -= nlanes * 8;
|
||||||
|
inbuf += nlanes * 8;
|
||||||
|
- count += nlanes * 8;
|
||||||
|
- count = count % bsize;
|
||||||
|
+ count = ((size_t) count + nlanes * 8) % bsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inlen)
|
||||||
|
diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h
|
||||||
|
index b28c871e..45ef462f 100644
|
||||||
|
--- a/cipher/keccak_permute_64.h
|
||||||
|
+++ b/cipher/keccak_permute_64.h
|
||||||
|
@@ -292,7 +292,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes,
|
||||||
|
- unsigned int nlanes, int blocklanes)
|
||||||
|
+ size_t nlanes, int blocklanes)
|
||||||
|
{
|
||||||
|
unsigned int burn = 0;
|
||||||
|
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
From 910dcbcef36e1cd3de3dde192d829a1513273e14 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
Date: Sun, 25 Sep 2022 22:23:22 +0300
|
||||||
|
Subject: [PATCH] tests/hashtest: add hugeblock & disable-hwf options and 6 gig
|
||||||
|
test vectors
|
||||||
|
|
||||||
|
* .gitignore: Add 'tests/hashtest-6g'.
|
||||||
|
* configure.ac: Add 'tests/hashtest-6g'.
|
||||||
|
* tests/Makefile: Add 'hashtest-6g'.
|
||||||
|
* tests/hashtest-6g.in: New.
|
||||||
|
* tests/hashtest-256g.in: Add SHA3-512 to algos.
|
||||||
|
* tests/hashtest.c (use_hugeblock): New.
|
||||||
|
(testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and
|
||||||
|
whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3,
|
||||||
|
BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24.
|
||||||
|
(run_longtest); Use huge 5 GiB pattern block when requested.
|
||||||
|
(main): Add '--hugeblock' and '--disable-hwf' options.
|
||||||
|
* tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'.
|
||||||
|
---
|
||||||
|
|
||||||
|
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||||
|
---
|
||||||
|
.gitignore | 1 +
|
||||||
|
configure.ac | 1 +
|
||||||
|
tests/Makefile.am | 9 +-
|
||||||
|
tests/hashtest-256g.in | 2 +-
|
||||||
|
tests/hashtest-6g.in | 7 ++
|
||||||
|
tests/hashtest.c | 249 +++++++++++++++++++++++++++++++++++++++--
|
||||||
|
tests/testdrv.c | 7 +-
|
||||||
|
7 files changed, 261 insertions(+), 15 deletions(-)
|
||||||
|
create mode 100644 tests/hashtest-6g.in
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index c8f24dcc..c39257b5 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -3511,6 +3511,7 @@ src/libgcrypt.pc
|
||||||
|
src/versioninfo.rc
|
||||||
|
tests/Makefile
|
||||||
|
])
|
||||||
|
+AC_CONFIG_FILES([tests/hashtest-6g], [chmod +x tests/hashtest-6g])
|
||||||
|
AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g])
|
||||||
|
AC_CONFIG_FILES([tests/basic-disable-all-hwf], [chmod +x tests/basic-disable-all-hwf])
|
||||||
|
AC_OUTPUT
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 302d923b..75aa5cf7 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -44,13 +44,14 @@ tests_bin_last = benchmark bench-slope
|
||||||
|
|
||||||
|
tests_sh = basic-disable-all-hwf
|
||||||
|
|
||||||
|
-tests_sh_last = hashtest-256g
|
||||||
|
+tests_sh_last = hashtest-6g hashtest-256g
|
||||||
|
|
||||||
|
TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last)
|
||||||
|
|
||||||
|
# Force sequential run of some tests.
|
||||||
|
bench-slope.log: benchmark.log
|
||||||
|
-hashtest-256g.log: bench-slope.log
|
||||||
|
+hashtest-6g.log: bench-slope.log
|
||||||
|
+hashtest-256g.log: hashtest-6g.log
|
||||||
|
|
||||||
|
|
||||||
|
TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1
|
||||||
|
@@ -76,8 +77,8 @@ CLEANFILES = testdrv-build
|
||||||
|
EXTRA_DIST = README rsa-16k.key \
|
||||||
|
pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \
|
||||||
|
t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \
|
||||||
|
- t-rsa-pss.inp stopwatch.h hashtest-256g.in sha3-224.h \
|
||||||
|
- sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
|
||||||
|
+ t-rsa-pss.inp stopwatch.h hashtest-6g.in hashtest-256g.in \
|
||||||
|
+ sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
|
||||||
|
basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
|
||||||
|
|
||||||
|
LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
|
||||||
|
diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in
|
||||||
|
index a52b8692..44b69897 100755
|
||||||
|
--- a/tests/hashtest-256g.in
|
||||||
|
+++ b/tests/hashtest-256g.in
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
-algos="SHA1 SHA256 SHA512 SM3"
|
||||||
|
+algos="SHA1 SHA256 SHA512 SHA3-512 SM3"
|
||||||
|
|
||||||
|
test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
|
||||||
|
echo " now running 256 GiB tests for $algos - this takes looong"
|
||||||
|
diff --git a/tests/hashtest-6g.in b/tests/hashtest-6g.in
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..b3f3e2ff
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hashtest-6g.in
|
||||||
|
@@ -0,0 +1,7 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+
|
||||||
|
+algos="SHA1 SHA256 SHA512 SHA3-512 SM3 BLAKE2S_256 BLAKE2B_512 CRC32 CRC24RFC2440"
|
||||||
|
+
|
||||||
|
+test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
|
||||||
|
+echo " now running 6 GiB tests for $algos - this can take long"
|
||||||
|
+exec ./hashtest@EXEEXT@ --hugeblock --gigs 6 $algos
|
||||||
|
diff --git a/tests/hashtest.c b/tests/hashtest.c
|
||||||
|
index 4c9704f3..9389e50c 100644
|
||||||
|
--- a/tests/hashtest.c
|
||||||
|
+++ b/tests/hashtest.c
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
#define PGM "hashtest"
|
||||||
|
#include "t-common.h"
|
||||||
|
|
||||||
|
+static int use_hugeblock;
|
||||||
|
static int missing_test_vectors;
|
||||||
|
|
||||||
|
static struct {
|
||||||
|
@@ -113,6 +114,169 @@ static struct {
|
||||||
|
{ GCRY_MD_SM3, 256, +64,
|
||||||
|
"ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" },
|
||||||
|
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, -64,
|
||||||
|
+ "8a3d4f712275e8e8da70c76501cce364c75f8dd09748be58cf63c9ce38d62627" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, -1,
|
||||||
|
+ "0c01c9ad1e60e27dc889f2c9034a949ca8b9a9dc90dd99be64963af306d47b92" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +0,
|
||||||
|
+ "f8c43d5c4bad93aca702c8c466987c5ac5e640a29b37dd9904252ff27b2348a0" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +1,
|
||||||
|
+ "24c34b167b4eea1a7eb7d572ff3cf669a9856ea91bb112e9ef2ccd4b1aceccb4" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 256, +64,
|
||||||
|
+ "2f8d754f98e2d4ed7744389f89d0bdb9b770c9fa215b8badd3129ea1364af867" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, -64,
|
||||||
|
+ "36d32ae4deeacab4119401c52e2aec5545675bd2dce4f67871ddc73671a05f94"
|
||||||
|
+ "e8332c2a31f32f5601878606a571aa7b43029dac3ae71cf9ef141d05651dc4bf" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, -1,
|
||||||
|
+ "b5dc439f51664a6c9cbc87e2de98ce608ac4064a779e5140909d75d2120c9b2a"
|
||||||
|
+ "a1d4ae7be9c1ba97025be91ddcfbe42c791c3231cffbfa4b5368ba18f9590e1b" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +0,
|
||||||
|
+ "c413d011ba9abbf118dd96bfc827f5fd94493d8350df9f7aff834faace5adba2"
|
||||||
|
+ "0c3037069dfb2c81718ffc7b418ce1c1320d334b6fe8cddfb5d2dd19eb530853" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +1,
|
||||||
|
+ "b6dfb821f1c8167fb33995c29485010da56abd539c3d04ab9c222844301b8bba"
|
||||||
|
+ "6f57a48e45a748e40847084b93f26706aae82212550671c736becffcc6fb1496" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 256, +64,
|
||||||
|
+ "8c21316a4a02044e302d503d0fe669d905c40d9d80ecd5aafc8e30f1df06736f"
|
||||||
|
+ "51fdaf6002160bb8fe4e868eaad9623fc5ecdd728bcbfee4a19b386503710f48" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, -64,
|
||||||
|
+ "aabf62344c1aa82d2dc7605f339b3571d540f1f320f97e6a8c0229645ee61f1f"
|
||||||
|
+ "da796acde2f96caa1c56eb2c2f9a6029a6242ad690479def66feac44334cc3af" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, -1,
|
||||||
|
+ "9a35ec14aa9cefd40e04295d45d39f3111a98c2d76d90c54a7d2b8f2f5b9302b"
|
||||||
|
+ "79663eab6b6674625c3ae3e4b5dbb3b0a2f5b2f49a7a59cd1723e2b16a3efea2" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +0,
|
||||||
|
+ "818ad31a5110b6217cc6ffa099d554aaadc9566bf5291e104a5d58b21d51ae4d"
|
||||||
|
+ "c216c6de888d1359066c584e24e6606f530a3fce80ef78aed8564de4a28801c8" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +1,
|
||||||
|
+ "298805f5fc68488712427c1bcb27581d91aa04337c1c6b4657489ed3d239bb8b"
|
||||||
|
+ "c70ef654065d380ac1f5596aca5cb59e6da8044b5a067e32ea4cd94ca606f9f3" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 256, +64,
|
||||||
|
+ "7bd35c3bee621bc0fb8907904b3b84d6cf4fae4c22cc64fbc744c8c5c8de806d"
|
||||||
|
+ "0f11a27892d531dc907426597737762c83e3ddcdc62f50d16d130aaefaeec436" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA1, 6, -64,
|
||||||
|
+ "eeee82d952403313bd63d6d7c8e342df0a1eea77" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, -1,
|
||||||
|
+ "8217b9f987d67db5880bcfff1d6763a6514d629f" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +0,
|
||||||
|
+ "2b38aa63c05668217e5331320a4aee0adad7fc3b" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +1,
|
||||||
|
+ "f3222de4d0704554cff0a537bc95b30f15daa94f" },
|
||||||
|
+ { GCRY_MD_SHA1, 6, +64,
|
||||||
|
+ "b3bdd8065bb92d8208d55d28fad2281c6fbf2601" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA256, 6, -64,
|
||||||
|
+ "a2d5add5be904b70d6ef9bcd5feb9c6cfc2be0799732a122d9eccb576ff5a922" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, -1,
|
||||||
|
+ "88293b7e0e5a47fdef1148c6e510f95272770db6b5296958380209ba57db7a5d" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +0,
|
||||||
|
+ "ccee8e8dfc366eba67471e49c45057b0041be0d2206c6de1aa765ce07ecfc434" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +1,
|
||||||
|
+ "f4a89e92b38e0e61ee17079dc31411de06cfe1f77c83095ae1a2e7aa0205d94b" },
|
||||||
|
+ { GCRY_MD_SHA256, 6, +64,
|
||||||
|
+ "338708608c2356ed2927a85b08fe745223c6140243fb3a87f309e12b31b946a8" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA512, 6, -64,
|
||||||
|
+ "658f52850932633c00b2f1d65b874c540ab84e2c0fe84a8a6c35f8e90e6f6a9c"
|
||||||
|
+ "2f7e0ccca5064783562a42ad8f47eab48687aaf6998b04ee94441e82c14e834d" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, -1,
|
||||||
|
+ "9ead6d66b46a3a72d77c7990874cfebc1575e5bfda6026430d76b3db6cc62d52"
|
||||||
|
+ "4ca0dd2674b9c24208b2e780d75542572eee8df6724acadcc23a03eed8f82f0a" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +0,
|
||||||
|
+ "03e4549eb28bd0fb1606c321f1498503b5e889bec8d799cf0688567c7f8ac0d9"
|
||||||
|
+ "a7ec4e84d1d729d6a359797656e286617c3ef82abb51991bb576aaf05f7b6573" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +1,
|
||||||
|
+ "ffe52f6385ccde6fa7d45845787d8f9993fdcb5833fb58b13c424a84e39ea50f"
|
||||||
|
+ "52d40e254fe667cb0104ffe3837dc8d0eee3c81721cb8eac10d5851dfb1f91db" },
|
||||||
|
+ { GCRY_MD_SHA512, 6, +64,
|
||||||
|
+ "4a19da3d5eaaa79ac1eaff5e4062f23ee56573411f8d302f7bf3c6da8779bd00"
|
||||||
|
+ "a936e9ad7f535597a49162ed308b0cced7724667f97a1bb24540152fcfe3ec95" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, -64,
|
||||||
|
+ "a99f2913d3beb9b45273402e30daa4d25c7a5e9eb8cf6039996eb2292a45c04c"
|
||||||
|
+ "b9e3a1a187f71920626f465ed6cf7dc34047ec5578e05516374bb9c56683903a" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, -1,
|
||||||
|
+ "fca50bde79c55e5fc4c9d97e66eb5cfacef7032395848731e645ca42f07f8d38"
|
||||||
|
+ "be1d593727c2a82b9a9bc058ebc9744971f867fa920cfa902023448243ac017b" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +0,
|
||||||
|
+ "c61bb345c0a553edaa89fd38114ac9799b6d307ba8e3cde53552ad4c77cfe4b7"
|
||||||
|
+ "2671d82c1519c8e7b23153a9268e2939239564fc7c2060608aa42955e938840d" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +1,
|
||||||
|
+ "502a83d8d1b977312806382a45c1cc9c0e7db437ca962e37eb181754d59db686"
|
||||||
|
+ "14d91df286d510411adf69f7c9befc1027bdc0c33a48a5dd6ae0957b9061e7ca" },
|
||||||
|
+ { GCRY_MD_SHA3_512, 6, +64,
|
||||||
|
+ "207bfb83ae788ddd4531188567f0892bbddbbc88d69bc196b2357bee3e668706"
|
||||||
|
+ "c27f832ecb50e9ae5b63e9f384bdc37373958d4a14f3825146d2f6b1a65d8e51" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_SM3, 6, -64,
|
||||||
|
+ "41d96d19cef4c942b0f5f4cdc3e1afe440dc62c0bc103a2c0e9eee9e1733a74a" },
|
||||||
|
+ { GCRY_MD_SM3, 6, -1,
|
||||||
|
+ "b7689cc4ef6c7dc795b9e5e6998e5cc3dc1daec02bc1181cdbef8d6812b4957a" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +0,
|
||||||
|
+ "c6eae4a82052423cf98017bde4dee8769947c66120a1a2ff79f0f0dc945a3272" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +1,
|
||||||
|
+ "f6590f161fee11529585c7a9dfc725f8b81951e49b616844097a3dbdc9ffdbec" },
|
||||||
|
+ { GCRY_MD_SM3, 6, +64,
|
||||||
|
+ "f3277fa90c47afe5e4fc52374aadf8e96bc29c2b5a7a4ebf5d704245ada837ea" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, -64,
|
||||||
|
+ "0f3c17610777c34d40a0d11a93d5e5ed444ce16edefebabd0bc8e30392d5c2db" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, -1,
|
||||||
|
+ "92cbcf142c45de9d64da9791c51dce4e32b58f74d9f3d201b1ea74deac765f51" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +0,
|
||||||
|
+ "b20702cb5a0bee2ab104f38eb513429589310a7edde81dd1f40043be7d16d0de" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +1,
|
||||||
|
+ "bfc17dc74930989841da05aac08402bf0dcb4a597b17c52402a516ea7e541cdf" },
|
||||||
|
+ { GCRY_MD_BLAKE2S_256, 6, +64,
|
||||||
|
+ "d85588cdf5a00bec1327da02f22f1a10b68dd9d6b730f30a3aa65af3a51c1722" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, -64,
|
||||||
|
+ "30b6015f94524861b04b83f0455be10a993460e0f8f0fd755fc3d0270b0c7d00"
|
||||||
|
+ "039a6e01684ce0689ce4ef70932bd19a676acf4b4ea521c30337d2f445fc2055" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, -1,
|
||||||
|
+ "49abef820ad7fc5e6ed9b63acddce639a69dcd749b0798b140216649bc3b927c"
|
||||||
|
+ "637dbe1cb39a41bbafe7f8b675401ccdcf69a7fba227ae4cda5cd28b9ff36776" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +0,
|
||||||
|
+ "4182a7307a89391b78af9dbc3ba1e8d643708abbed5919086aa6e2bc65ae9597"
|
||||||
|
+ "e40229450c86ac5d3117b006427dd0131f5ae4c1a1d64c81420d2731536c81d8" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +1,
|
||||||
|
+ "33c0d9e65b1b18e9556134a08c1e725c19155bbf6ed4349d7d6d678f1827fef3"
|
||||||
|
+ "74b6e3381471f3d3fff7ffbcb9474ce9038143b99e25cd5f8afbb336313d4648" },
|
||||||
|
+ { GCRY_MD_BLAKE2B_512, 6, +64,
|
||||||
|
+ "d2d7f388611af78a2ea40b06f99993cff156afd25cbc47695bdb567d4d35b992"
|
||||||
|
+ "0ff8c325c359a2bdeddf54ececc671ac7b981031e90a7d63d6e0415ec4484282" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, -64,
|
||||||
|
+ "247707d1f9cf31b90ee68527144b1c20ad5ce96293bdccd1a81c8f40bc9df10c"
|
||||||
|
+ "e7441ac3b3097162d6fbf4d4b67b8fa09de451e2d920f16aad78c47ab00cb833" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, -1,
|
||||||
|
+ "af49e4a553bdbec1fdafc41713029e0fb1666894753c0ab3ecb280fc5af6eff8"
|
||||||
|
+ "253120745a229d7a8b5831711e4fd16ed0741258504d8a47e2b42aa2f1886968" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +0,
|
||||||
|
+ "f269ffa424bc2aad2da654f01783fc9b2b431219f2b05784d718da0935e78792"
|
||||||
|
+ "9207b000ebbfb63dfdcc8adf8e5bd321d9616c1b8357430b9be6cb4640df8609" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +1,
|
||||||
|
+ "52b77eb13129151b69b63c09abb655dc9cb046cafd4cbf7d4a82ae04b61ef9e6"
|
||||||
|
+ "531dde04cae7c5ab400ed8ee8da2e3f490d177289b2b3aa29b12b292954b902c" },
|
||||||
|
+ { GCRY_MD_WHIRLPOOL, 6, +64,
|
||||||
|
+ "60a950c92f3f08abbc81c41c86ce0463679ffd5ab420e988e15b210615b454ae"
|
||||||
|
+ "69607d14a1806fa44aacf8c926fbdcee998af46f56e0c642d3fb4ee54c8fb917" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_CRC32, 6, -64, "20739052" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, -1, "971a5a74" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +0, "bf48113c" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +1, "c7678ad5" },
|
||||||
|
+ { GCRY_MD_CRC32, 6, +64, "1efa7255" },
|
||||||
|
+
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, -64, "747e81" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, -1, "deb97d" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +0, "7d5bea" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +1, "acc351" },
|
||||||
|
+ { GCRY_MD_CRC24_RFC2440, 6, +64, "9d9032" },
|
||||||
|
+
|
||||||
|
{ 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -251,12 +415,38 @@ run_longtest (int algo, int gigs)
|
||||||
|
gcry_md_hd_t hd_post = NULL;
|
||||||
|
gcry_md_hd_t hd_post2 = NULL;
|
||||||
|
char pattern[1024];
|
||||||
|
- int i, g;
|
||||||
|
+ char *hugepattern = NULL;
|
||||||
|
+ size_t hugesize;
|
||||||
|
+ size_t hugegigs;
|
||||||
|
+ int i, g, gppos, gptot;
|
||||||
|
const unsigned char *digest;
|
||||||
|
unsigned int digestlen;
|
||||||
|
|
||||||
|
memset (pattern, 'a', sizeof pattern);
|
||||||
|
|
||||||
|
+ if (use_hugeblock)
|
||||||
|
+ {
|
||||||
|
+ hugegigs = 5;
|
||||||
|
+ if (sizeof(size_t) >= 8)
|
||||||
|
+ {
|
||||||
|
+ hugesize = hugegigs*1024*1024*1024;
|
||||||
|
+ hugepattern = malloc(hugesize);
|
||||||
|
+ if (hugepattern != NULL)
|
||||||
|
+ memset(hugepattern, 'a', hugesize);
|
||||||
|
+ else
|
||||||
|
+ show_note ("failed to allocate %d GiB huge pattern block: %s",
|
||||||
|
+ hugegigs, strerror(errno));
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ show_note ("cannot allocate %d GiB huge pattern block on 32-bit system",
|
||||||
|
+ hugegigs);
|
||||||
|
+ }
|
||||||
|
+ if (hugepattern == NULL)
|
||||||
|
+ {
|
||||||
|
+ hugegigs = 0;
|
||||||
|
+ hugesize = 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
err = gcry_md_open (&hd, algo, 0);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
@@ -267,9 +457,17 @@ run_longtest (int algo, int gigs)
|
||||||
|
|
||||||
|
digestlen = gcry_md_get_algo_dlen (algo);
|
||||||
|
|
||||||
|
-
|
||||||
|
- for (g=0; g < gigs; g++)
|
||||||
|
+ gppos = 0;
|
||||||
|
+ gptot = 0;
|
||||||
|
+ for (g=0; g < gigs; )
|
||||||
|
{
|
||||||
|
+ if (gppos >= 16)
|
||||||
|
+ {
|
||||||
|
+ gptot += 16;
|
||||||
|
+ gppos -= 16;
|
||||||
|
+ show_note ("%d GiB so far hashed with %s", gptot,
|
||||||
|
+ gcry_md_algo_name (algo));
|
||||||
|
+ }
|
||||||
|
if (g == gigs - 1)
|
||||||
|
{
|
||||||
|
for (i = 0; i < 1024*1023; i++)
|
||||||
|
@@ -283,16 +481,24 @@ run_longtest (int algo, int gigs)
|
||||||
|
die ("gcry_md_copy failed for %s (%d): %s",
|
||||||
|
gcry_md_algo_name (algo), algo, gpg_strerror (err));
|
||||||
|
gcry_md_write (hd, pattern, sizeof pattern);
|
||||||
|
+ g++;
|
||||||
|
+ gppos++;
|
||||||
|
+ }
|
||||||
|
+ else if (hugepattern != NULL && gigs - g > hugegigs)
|
||||||
|
+ {
|
||||||
|
+ gcry_md_write (hd, hugepattern, hugesize);
|
||||||
|
+ g += hugegigs;
|
||||||
|
+ gppos += hugegigs;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for (i = 0; i < 1024*1024; i++)
|
||||||
|
gcry_md_write (hd, pattern, sizeof pattern);
|
||||||
|
+ g++;
|
||||||
|
+ gppos++;
|
||||||
|
}
|
||||||
|
- if (g && !(g % 16))
|
||||||
|
- show_note ("%d GiB so far hashed with %s", g, gcry_md_algo_name (algo));
|
||||||
|
}
|
||||||
|
- if (g >= 16)
|
||||||
|
+ if (g >= 16 && gppos)
|
||||||
|
show_note ("%d GiB hashed with %s", g, gcry_md_algo_name (algo));
|
||||||
|
|
||||||
|
err = gcry_md_copy (&hd_post, hd);
|
||||||
|
@@ -335,6 +541,8 @@ run_longtest (int algo, int gigs)
|
||||||
|
gcry_md_close (hd_pre2);
|
||||||
|
gcry_md_close (hd_post);
|
||||||
|
gcry_md_close (hd_post2);
|
||||||
|
+
|
||||||
|
+ free(hugepattern);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -361,9 +569,12 @@ main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
fputs ("usage: " PGM " [options] [algos]\n"
|
||||||
|
"Options:\n"
|
||||||
|
- " --verbose print timings etc.\n"
|
||||||
|
- " --debug flyswatter\n"
|
||||||
|
- " --gigs N Run a test on N GiB\n",
|
||||||
|
+ " --verbose print timings etc.\n"
|
||||||
|
+ " --debug flyswatter\n"
|
||||||
|
+ " --hugeblock Use 5 GiB pattern block\n"
|
||||||
|
+ " --gigs N Run a test on N GiB\n"
|
||||||
|
+ " --disable-hwf <features> Disable hardware acceleration feature(s)\n"
|
||||||
|
+ " for benchmarking.\n",
|
||||||
|
stdout);
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
@@ -378,6 +589,11 @@ main (int argc, char **argv)
|
||||||
|
debug++;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
+ else if (!strcmp (*argv, "--hugeblock"))
|
||||||
|
+ {
|
||||||
|
+ use_hugeblock = 1;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
else if (!strcmp (*argv, "--gigs"))
|
||||||
|
{
|
||||||
|
argc--; argv++;
|
||||||
|
@@ -387,6 +603,21 @@ main (int argc, char **argv)
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ else if (!strcmp (*argv, "--disable-hwf"))
|
||||||
|
+ {
|
||||||
|
+ argc--;
|
||||||
|
+ argv++;
|
||||||
|
+ if (argc)
|
||||||
|
+ {
|
||||||
|
+ if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ PGM
|
||||||
|
+ ": unknown hardware feature `%s' - option ignored\n",
|
||||||
|
+ *argv);
|
||||||
|
+ argc--;
|
||||||
|
+ argv++;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
else if (!strncmp (*argv, "--", 2))
|
||||||
|
die ("unknown option '%s'", *argv);
|
||||||
|
}
|
||||||
|
diff --git a/tests/testdrv.c b/tests/testdrv.c
|
||||||
|
index 0ccde326..bfca4c23 100644
|
||||||
|
--- a/tests/testdrv.c
|
||||||
|
+++ b/tests/testdrv.c
|
||||||
|
@@ -78,7 +78,12 @@ static struct {
|
||||||
|
{ "t-ed448" },
|
||||||
|
{ "benchmark" },
|
||||||
|
{ "bench-slope" },
|
||||||
|
- { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SM3",
|
||||||
|
+ { "hashtest-6g", "hashtest", "--hugeblock --gigs 6 SHA1 SHA256 SHA512 "
|
||||||
|
+ "SHA3-512 SM3 BLAKE2S_256 "
|
||||||
|
+ "BLAKE2B_512 CRC32 "
|
||||||
|
+ "CRC24RFC2440",
|
||||||
|
+ LONG_RUNNING },
|
||||||
|
+ { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SHA3-512 SM3",
|
||||||
|
LONG_RUNNING },
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
From 567bc62e1c3046594088de7209fee7c545ece1e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 30 Sep 2022 14:54:14 +0200
|
||||||
|
Subject: [PATCH] tests: Avoid memory leak
|
||||||
|
|
||||||
|
* tests/hashtest.c (run_longtest): Avoid memory leak on error
|
||||||
|
--
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/hashtest.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/tests/hashtest.c b/tests/hashtest.c
|
||||||
|
index 9389e50c..379f7c40 100644
|
||||||
|
--- a/tests/hashtest.c
|
||||||
|
+++ b/tests/hashtest.c
|
||||||
|
@@ -452,6 +452,7 @@ run_longtest (int algo, int gigs)
|
||||||
|
{
|
||||||
|
fail ("gcry_md_open failed for %s (%d): %s",
|
||||||
|
gcry_md_algo_name (algo), algo, gpg_strerror (err));
|
||||||
|
+ free(hugepattern);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -1,104 +0,0 @@
|
|||||||
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
|
|
||||||
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
|
|
||||||
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
|
|
||||||
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
||||||
extra = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (buffer && n > len)
|
|
||||||
- {
|
|
||||||
- /* The provided buffer is too short. */
|
|
||||||
- xfree (tmp);
|
|
||||||
- return GPG_ERR_TOO_SHORT;
|
|
||||||
- }
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n > len)
|
|
||||||
+ {
|
|
||||||
+ /* The provided buffer is too short. */
|
|
||||||
+ xfree (tmp);
|
|
||||||
+ return GPG_ERR_TOO_SHORT;
|
|
||||||
+ }
|
|
||||||
if (extra == 1)
|
|
||||||
*s++ = 0;
|
|
||||||
else if (extra)
|
|
||||||
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
||||||
/* Note: We ignore the sign for this format. */
|
|
||||||
/* FIXME: for performance reasons we should put this into
|
|
||||||
mpi_aprint because we can then use the buffer directly. */
|
|
||||||
-
|
|
||||||
- if (buffer && n > len)
|
|
||||||
- return GPG_ERR_TOO_SHORT;
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *tmp;
|
|
||||||
|
|
||||||
+ if (n > len)
|
|
||||||
+ return GPG_ERR_TOO_SHORT;
|
|
||||||
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
|
|
||||||
if (!tmp)
|
|
||||||
return gpg_err_code_from_syserror ();
|
|
||||||
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
||||||
if (negative)
|
|
||||||
return GPG_ERR_INV_ARG;
|
|
||||||
|
|
||||||
- if (buffer && n+2 > len)
|
|
||||||
- return GPG_ERR_TOO_SHORT;
|
|
||||||
-
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *tmp;
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n+2 > len)
|
|
||||||
+ return GPG_ERR_TOO_SHORT;
|
|
||||||
+
|
|
||||||
s[0] = nbits >> 8;
|
|
||||||
s[1] = nbits;
|
|
||||||
|
|
||||||
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
||||||
extra=1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (buffer && n+4 > len)
|
|
||||||
- {
|
|
||||||
- xfree(tmp);
|
|
||||||
- return GPG_ERR_TOO_SHORT;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n+4 > len)
|
|
||||||
+ {
|
|
||||||
+ xfree(tmp);
|
|
||||||
+ return GPG_ERR_TOO_SHORT;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*s++ = n >> 24;
|
|
||||||
*s++ = n >> 16;
|
|
||||||
*s++ = n >> 8;
|
|
||||||
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
||||||
if (!n || (*tmp & 0x80))
|
|
||||||
extra = 2;
|
|
||||||
|
|
||||||
- if (buffer && 2*n + extra + negative + 1 > len)
|
|
||||||
- {
|
|
||||||
- xfree(tmp);
|
|
||||||
- return GPG_ERR_TOO_SHORT;
|
|
||||||
- }
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (2*n + extra + negative + 1 > len)
|
|
||||||
+ {
|
|
||||||
+ xfree(tmp);
|
|
||||||
+ return GPG_ERR_TOO_SHORT;
|
|
||||||
+ }
|
|
||||||
if (negative)
|
|
||||||
*s++ = '-';
|
|
||||||
if (extra)
|
|
@ -1,122 +0,0 @@
|
|||||||
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
|
|
||||||
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
|
|
||||||
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
|
|
||||||
@@ -1412,7 +1412,7 @@ ecc_bench (int iterations, int print_hea
|
|
||||||
{
|
|
||||||
#if USE_ECC
|
|
||||||
gpg_error_t err;
|
|
||||||
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
|
|
||||||
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
|
|
||||||
"gost256", "gost512" };
|
|
||||||
int testno;
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
|
|
||||||
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
|
|
||||||
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
|
|
||||||
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
|
|
||||||
" ))"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "(private-key"
|
|
||||||
- " (ecdsa"
|
|
||||||
- " (curve \"NIST P-192\")"
|
|
||||||
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
|
|
||||||
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
|
|
||||||
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
|
|
||||||
- " ))"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
"ECDSA, 224 bits (prime field)",
|
|
||||||
"(private-key"
|
|
||||||
" (ecdsa"
|
|
||||||
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
|
|
||||||
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-1, message = \"sample\"",
|
|
||||||
- "sha1", "sample",
|
|
||||||
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
|
|
||||||
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
|
|
||||||
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-224, message = \"sample\"",
|
|
||||||
- "sha224", "sample",
|
|
||||||
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
|
|
||||||
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
|
|
||||||
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-256, message = \"sample\"",
|
|
||||||
- "sha256", "sample",
|
|
||||||
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
|
|
||||||
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
|
|
||||||
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-384, message = \"sample\"",
|
|
||||||
- "sha384", "sample",
|
|
||||||
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
|
|
||||||
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
|
|
||||||
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-512, message = \"sample\"",
|
|
||||||
- "sha512", "sample",
|
|
||||||
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
|
|
||||||
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
|
|
||||||
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-1, message = \"test\"",
|
|
||||||
- "sha1", "test",
|
|
||||||
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
|
|
||||||
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
|
|
||||||
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-224, message = \"test\"",
|
|
||||||
- "sha224", "test",
|
|
||||||
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
|
|
||||||
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
|
|
||||||
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-256, message = \"test\"",
|
|
||||||
- "sha256", "test",
|
|
||||||
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
|
|
||||||
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
|
|
||||||
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-384, message = \"test\"",
|
|
||||||
- "sha384", "test",
|
|
||||||
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
|
|
||||||
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
|
|
||||||
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- "ECDSA, 192 bits (prime field)",
|
|
||||||
- "With SHA-512, message = \"test\"",
|
|
||||||
- "sha512", "test",
|
|
||||||
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
|
|
||||||
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
|
|
||||||
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
|
|
||||||
- },
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- {
|
|
||||||
"ECDSA, 224 bits (prime field)",
|
|
||||||
"With SHA-1, message = \"sample\"",
|
|
||||||
"sha1", "sample",
|
|
File diff suppressed because it is too large
Load Diff
@ -1,35 +0,0 @@
|
|||||||
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
|
|
||||||
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
|
|
||||||
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
|
|
||||||
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
|
|
||||||
unsigned long iterations,
|
|
||||||
size_t keysize, void *keybuffer)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ return gpg_error (fips_not_operational ());
|
|
||||||
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
|
|
||||||
salt, saltlen, iterations,
|
|
||||||
keysize, keybuffer));
|
|
||||||
@@ -1343,6 +1345,13 @@ void
|
|
||||||
gcry_mpi_randomize (gcry_mpi_t w,
|
|
||||||
unsigned int nbits, enum gcry_random_level level)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ {
|
|
||||||
+ (void)fips_not_operational ();
|
|
||||||
+ fips_signal_fatal_error ("called in non-operational state");
|
|
||||||
+ fips_noreturn ();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
_gcry_mpi_randomize (w, nbits, level);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
|
|
||||||
gcry_random_level_t random_level,
|
|
||||||
unsigned int flags)
|
|
||||||
{
|
|
||||||
+ if (!fips_is_operational ())
|
|
||||||
+ return gpg_error (fips_not_operational ());
|
|
||||||
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
|
|
||||||
factors, cb_func, cb_arg,
|
|
||||||
random_level, flags));
|
|
@ -1,322 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest libgcrypt-1.8.3/cipher/cipher-cmac.c
|
|
||||||
--- libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/cipher/cipher-cmac.c 2019-05-31 17:33:35.594407152 +0200
|
|
||||||
@@ -251,3 +251,246 @@ _gcry_cipher_cmac_set_subkeys (gcry_ciph
|
|
||||||
|
|
||||||
return GPG_ERR_NO_ERROR;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+/* CMAC selftests.
|
|
||||||
+ * Copyright (C) 2008 Free Software Foundation, Inc.
|
|
||||||
+ * Copyright (C) 2019 Red Hat, Inc.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Check one MAC with MAC ALGO using the regular MAC
|
|
||||||
+ * API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key
|
|
||||||
+ * and (EXPECT,EXPECTLEN) the expected result. If TRUNC is set, the
|
|
||||||
+ * EXPECTLEN may be less than the digest length. Returns NULL on
|
|
||||||
+ * success or a string describing the failure. */
|
|
||||||
+static const char *
|
|
||||||
+check_one (int algo,
|
|
||||||
+ const void *data, size_t datalen,
|
|
||||||
+ const void *key, size_t keylen,
|
|
||||||
+ const void *expect, size_t expectlen)
|
|
||||||
+{
|
|
||||||
+ gcry_mac_hd_t hd;
|
|
||||||
+ unsigned char mac[512]; /* hardcoded to avoid allocation */
|
|
||||||
+ size_t macoutlen = expectlen;
|
|
||||||
+
|
|
||||||
+/* printf ("MAC algo %d\n", algo); */
|
|
||||||
+ if (_gcry_mac_get_algo_maclen (algo) != expectlen ||
|
|
||||||
+ expectlen > sizeof (mac))
|
|
||||||
+ return "invalid tests data";
|
|
||||||
+ if (_gcry_mac_open (&hd, algo, 0, NULL))
|
|
||||||
+ return "gcry_mac_open failed";
|
|
||||||
+ if (_gcry_mac_setkey (hd, key, keylen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_md_setkey failed";
|
|
||||||
+ }
|
|
||||||
+ if (_gcry_mac_write (hd, data, datalen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_mac_write failed";
|
|
||||||
+ }
|
|
||||||
+ if (_gcry_mac_read (hd, mac, &macoutlen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_mac_read failed";
|
|
||||||
+ }
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ if (macoutlen != expectlen || memcmp (mac, expect, expectlen))
|
|
||||||
+ {
|
|
||||||
+/* int i; */
|
|
||||||
+
|
|
||||||
+/* fputs (" {", stdout); */
|
|
||||||
+/* for (i=0; i < expectlen-1; i++) */
|
|
||||||
+/* { */
|
|
||||||
+/* if (i && !(i % 8)) */
|
|
||||||
+/* fputs ("\n ", stdout); */
|
|
||||||
+/* printf (" 0x%02x,", mac[i]); */
|
|
||||||
+/* } */
|
|
||||||
+/* printf (" 0x%02x } },\n", mac[i]); */
|
|
||||||
+
|
|
||||||
+ return "does not match";
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+selftests_cmac_tdes (int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ const char *what;
|
|
||||||
+ const char *errtxt;
|
|
||||||
+
|
|
||||||
+ what = "Basic TDES";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57", 20,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ if (extended)
|
|
||||||
+ {
|
|
||||||
+ what = "Extended TDES #1";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "", 0,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\xb7\xa6\x88\xe1\x22\xff\xaf\x95", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended TDES #2";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", 8,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x8e\x8f\x29\x31\x36\x28\x37\x97", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended TDES #3";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 32,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x33\xe6\xb1\x09\x24\x00\xea\xe5", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0; /* Succeeded. */
|
|
||||||
+
|
|
||||||
+ failed:
|
|
||||||
+ if (report)
|
|
||||||
+ report ("cmac", GCRY_MAC_CMAC_3DES, what, errtxt);
|
|
||||||
+ return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+selftests_cmac_aes (int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ const char *what;
|
|
||||||
+ const char *errtxt;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES128";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
|
|
||||||
+ "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES192";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
|
|
||||||
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
|
|
||||||
+ "\x8a\x1d\xe5\xbe\x2e\xb3\x1a\xad\x08\x9a\x82\xe6\xee\x90\x8b\x0e", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES256";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
|
|
||||||
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
|
|
||||||
+ "\xaa\xf3\xd8\xf1\xde\x56\x40\xc2\x32\xf5\xb1\x69\xb9\xc9\x11\xe6", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ if (extended)
|
|
||||||
+ {
|
|
||||||
+ what = "Extended AES #1";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "", 0,
|
|
||||||
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
|
|
||||||
+ "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended AES #2";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 16,
|
|
||||||
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
|
|
||||||
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
|
|
||||||
+ "\x9e\x99\xa7\xbf\x31\xe7\x10\x90\x06\x62\xf6\x5e\x61\x7c\x51\x84", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended AES #3";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
|
|
||||||
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 64,
|
|
||||||
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
|
|
||||||
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
|
|
||||||
+ "\xe1\x99\x21\x90\x54\x9f\x6e\xd5\x69\x6a\x2c\x05\x6c\x31\x54\x10", 16 );
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0; /* Succeeded. */
|
|
||||||
+
|
|
||||||
+ failed:
|
|
||||||
+ if (report)
|
|
||||||
+ report ("cmac", GCRY_MAC_CMAC_AES, what, errtxt);
|
|
||||||
+ return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Run a full self-test for ALGO and return 0 on success. */
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+run_cmac_selftests (int algo, int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ gpg_err_code_t ec;
|
|
||||||
+
|
|
||||||
+ switch (algo)
|
|
||||||
+ {
|
|
||||||
+ case GCRY_MAC_CMAC_3DES:
|
|
||||||
+ ec = selftests_cmac_tdes (extended, report);
|
|
||||||
+ break;
|
|
||||||
+ case GCRY_MAC_CMAC_AES:
|
|
||||||
+ ec = selftests_cmac_aes (extended, report);
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ default:
|
|
||||||
+ ec = GPG_ERR_MAC_ALGO;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ return ec;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Run the selftests for CMAC with CMAC algorithm ALGO with optional
|
|
||||||
+ reporting function REPORT. */
|
|
||||||
+gpg_error_t
|
|
||||||
+_gcry_cmac_selftest (int algo, int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ gcry_err_code_t ec = 0;
|
|
||||||
+
|
|
||||||
+ if (!_gcry_mac_algo_info( algo, GCRYCTL_TEST_ALGO, NULL, NULL ))
|
|
||||||
+ {
|
|
||||||
+ ec = run_cmac_selftests (algo, extended, report);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ ec = GPG_ERR_MAC_ALGO;
|
|
||||||
+ if (report)
|
|
||||||
+ report ("mac", algo, "module", "algorithm not available");
|
|
||||||
+ }
|
|
||||||
+ return gpg_error (ec);
|
|
||||||
+}
|
|
||||||
diff -up libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest libgcrypt-1.8.3/src/cipher-proto.h
|
|
||||||
--- libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/cipher-proto.h 2019-05-31 17:29:34.574588234 +0200
|
|
||||||
@@ -256,6 +256,8 @@ gcry_error_t _gcry_pk_selftest (int algo
|
|
||||||
selftest_report_func_t report);
|
|
||||||
gcry_error_t _gcry_hmac_selftest (int algo, int extended,
|
|
||||||
selftest_report_func_t report);
|
|
||||||
+gcry_error_t _gcry_cmac_selftest (int algo, int extended,
|
|
||||||
+ selftest_report_func_t report);
|
|
||||||
|
|
||||||
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.3/src/fips.c.cmac-selftest libgcrypt-1.8.3/src/fips.c
|
|
||||||
--- libgcrypt-1.8.3/src/fips.c.cmac-selftest 2018-11-01 15:40:36.051865535 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/fips.c 2019-05-31 17:31:20.157756640 +0200
|
|
||||||
@@ -521,29 +521,32 @@ run_digest_selftests (int extended)
|
|
||||||
|
|
||||||
/* Run self-tests for all HMAC algorithms. Return 0 on success. */
|
|
||||||
static int
|
|
||||||
-run_hmac_selftests (int extended)
|
|
||||||
+run_mac_selftests (int extended)
|
|
||||||
{
|
|
||||||
- static int algos[] =
|
|
||||||
+ static int algos[][2] =
|
|
||||||
{
|
|
||||||
- GCRY_MD_SHA1,
|
|
||||||
- GCRY_MD_SHA224,
|
|
||||||
- GCRY_MD_SHA256,
|
|
||||||
- GCRY_MD_SHA384,
|
|
||||||
- GCRY_MD_SHA512,
|
|
||||||
- GCRY_MD_SHA3_224,
|
|
||||||
- GCRY_MD_SHA3_256,
|
|
||||||
- GCRY_MD_SHA3_384,
|
|
||||||
- GCRY_MD_SHA3_512,
|
|
||||||
- 0
|
|
||||||
+ { GCRY_MD_SHA1, 0 },
|
|
||||||
+ { GCRY_MD_SHA224, 0 },
|
|
||||||
+ { GCRY_MD_SHA256, 0 },
|
|
||||||
+ { GCRY_MD_SHA384, 0 },
|
|
||||||
+ { GCRY_MD_SHA512, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_224, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_256, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_384, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_512, 0 },
|
|
||||||
+ { GCRY_MAC_CMAC_3DES, 1 },
|
|
||||||
+ { GCRY_MAC_CMAC_AES, 1 },
|
|
||||||
+ { 0, 0 }
|
|
||||||
};
|
|
||||||
int idx;
|
|
||||||
gpg_error_t err;
|
|
||||||
int anyerr = 0;
|
|
||||||
|
|
||||||
- for (idx=0; algos[idx]; idx++)
|
|
||||||
+ for (idx=0; algos[idx][0]; idx++)
|
|
||||||
{
|
|
||||||
- err = _gcry_hmac_selftest (algos[idx], extended, reporter);
|
|
||||||
- reporter ("hmac", algos[idx], NULL,
|
|
||||||
+ err = algos[idx][1] ? _gcry_cmac_selftest (algos[idx][0], extended, reporter) :
|
|
||||||
+ _gcry_hmac_selftest (algos[idx][0], extended, reporter);
|
|
||||||
+ reporter (algos[idx][1] ? "cmac" : "hmac", algos[idx][0], NULL,
|
|
||||||
err? gpg_strerror (err):NULL);
|
|
||||||
if (err)
|
|
||||||
anyerr = 1;
|
|
||||||
@@ -747,7 +750,7 @@ _gcry_fips_run_selftests (int extended)
|
|
||||||
if (run_digest_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
- if (run_hmac_selftests (extended))
|
|
||||||
+ if (run_mac_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
/* Run random tests before the pubkey tests because the latter
|
|
@ -1,60 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
|
||||||
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
|
|
||||||
@@ -141,6 +141,34 @@ global_init (void)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE_PATH
|
|
||||||
+#define FIPS_MODULE_PATH "/etc/system-fips"
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
|
||||||
+{
|
|
||||||
+ int rv;
|
|
||||||
+
|
|
||||||
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
|
||||||
+ if (rv < 0 && errno != ENOENT)
|
|
||||||
+ rv = 0;
|
|
||||||
+
|
|
||||||
+ if (!rv)
|
|
||||||
+ {
|
|
||||||
+ int no_secmem_save;
|
|
||||||
+
|
|
||||||
+ /* it should be always 0 at this point but let's keep on the safe side */
|
|
||||||
+ no_secmem_save = no_secure_memory;
|
|
||||||
+ no_secure_memory = 1;
|
|
||||||
+ /* force selftests */
|
|
||||||
+ global_init();
|
|
||||||
+ _gcry_fips_run_selftests (0);
|
|
||||||
+ if (!fips_mode())
|
|
||||||
+ _gcry_random_close_fds ();
|
|
||||||
+ no_secure_memory = no_secmem_save;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* This function is called by the macro fips_is_operational and makes
|
|
||||||
sure that the minimal initialization has been done. This is far
|
|
||||||
from a perfect solution and hides problems with an improper
|
|
||||||
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
|
||||||
|
|
||||||
case GCRYCTL_FIPS_MODE_P:
|
|
||||||
if (fips_mode ()
|
|
||||||
- && !_gcry_is_fips_mode_inactive ()
|
|
||||||
- && !no_secure_memory)
|
|
||||||
+ && !_gcry_is_fips_mode_inactive ())
|
|
||||||
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
|
||||||
break;
|
|
||||||
|
|
||||||
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
|
||||||
break;
|
|
||||||
|
|
||||||
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
|
||||||
- if (!any_init_done)
|
|
||||||
+ if (fips_mode ())
|
|
||||||
{
|
|
||||||
- /* Not yet initialized at all. Set the enforced fips mode flag */
|
|
||||||
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
|
|
||||||
_gcry_set_preferred_rng_type (0);
|
|
||||||
_gcry_set_enforced_fips_mode ();
|
|
||||||
}
|
|
@ -1,113 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
|
|
||||||
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
|
|
||||||
@@ -317,6 +317,7 @@ struct drbg_state_s
|
|
||||||
unsigned char *ctr_null; /* CTR mode zero buffer */
|
|
||||||
int seeded:1; /* DRBG fully seeded? */
|
|
||||||
int pr:1; /* Prediction resistance enabled? */
|
|
||||||
+ int ent_primed:1; /* Previous entropy data primed? */
|
|
||||||
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
|
|
||||||
* process which did the initialization so that we can detect a fork.
|
|
||||||
* The volatile modifier is required so that the compiler does not
|
|
||||||
@@ -324,6 +325,7 @@ struct drbg_state_s
|
|
||||||
pid_t seed_init_pid;
|
|
||||||
const struct drbg_state_ops_s *d_ops;
|
|
||||||
const struct drbg_core_s *core;
|
|
||||||
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
|
|
||||||
struct drbg_test_data_s *test_data;
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
|
||||||
size_t len)
|
|
||||||
{
|
|
||||||
int rc = 0;
|
|
||||||
+ unsigned char newhash[64];
|
|
||||||
|
|
||||||
/* Perform testing as defined in 11.3.2 */
|
|
||||||
if (drbg->test_data && drbg->test_data->fail_seed_source)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
+redo:
|
|
||||||
read_cb_buffer = buffer;
|
|
||||||
read_cb_size = len;
|
|
||||||
read_cb_len = 0;
|
|
||||||
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
|
||||||
#else
|
|
||||||
rc = -1;
|
|
||||||
#endif
|
|
||||||
+
|
|
||||||
+ /* to avoid storing the actual entropy obtained for indefinite
|
|
||||||
+ time, we just store the SHA-512 hash of the entropy gathered
|
|
||||||
+ */
|
|
||||||
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
|
|
||||||
+
|
|
||||||
+ if (!drbg->ent_primed)
|
|
||||||
+ {
|
|
||||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
|
||||||
+ drbg->ent_primed = 1;
|
|
||||||
+ goto redo;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
|
|
||||||
+ {
|
|
||||||
+ fips_signal_error ("Entropy source failed the continuous test");
|
|
||||||
+ return -1; /* continuous entropy test failed */
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
|
|
||||||
+
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
+ int nonce = 0;
|
|
||||||
/* Gather entropy equal to the security strength of the DRBG.
|
|
||||||
* With a derivation function, a nonce is required in addition
|
|
||||||
* to the entropy. A nonce must be at least 1/2 of the security
|
|
||||||
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
|
|
||||||
* of the strength. The consideration of a nonce is only
|
|
||||||
- * applicable during initial seeding. */
|
|
||||||
+ * applicable during initial seeding.
|
|
||||||
+ * To avoid pulling different length of data from entropy
|
|
||||||
+ * source, we use 2 * strength for initial seeding. */
|
|
||||||
entropylen = drbg_sec_strength (drbg->core->flags);
|
|
||||||
if (!entropylen)
|
|
||||||
return GPG_ERR_GENERAL;
|
|
||||||
if (0 == reseed)
|
|
||||||
- /* make sure we round up strength/2 in
|
|
||||||
- * case it is not divisible by 2 */
|
|
||||||
- entropylen = ((entropylen + 1) / 2) * 3;
|
|
||||||
+ {
|
|
||||||
+ nonce = 1;
|
|
||||||
+ }
|
|
||||||
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
|
|
||||||
- entropy = xcalloc_secure (1, entropylen);
|
|
||||||
+ entropy = xcalloc_secure (nonce + 1, entropylen);
|
|
||||||
if (!entropy)
|
|
||||||
return GPG_ERR_ENOMEM;
|
|
||||||
ret = drbg_get_entropy (drbg, entropy, entropylen);
|
|
||||||
if (ret)
|
|
||||||
goto out;
|
|
||||||
+ if (nonce)
|
|
||||||
+ {
|
|
||||||
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
|
|
||||||
+ if (ret)
|
|
||||||
+ goto out;
|
|
||||||
+ /* make sure we round up strength/2 in
|
|
||||||
+ * case it is not divisible by 2 */
|
|
||||||
+ entropylen = 2 * entropylen;
|
|
||||||
+ }
|
|
||||||
drbg_string_fill (&data1, entropy, entropylen);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
|
|
||||||
drbg->core = &drbg_cores[coreref];
|
|
||||||
drbg->pr = pr;
|
|
||||||
drbg->seeded = 0;
|
|
||||||
+ drbg->ent_primed = 0;
|
|
||||||
if (drbg->core->flags & DRBG_HMAC)
|
|
||||||
drbg->d_ops = &drbg_hmac_ops;
|
|
||||||
else if (drbg->core->flags & DRBG_HASH_MASK)
|
|
@ -1,18 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
|
|
||||||
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
|
|
||||||
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
|
||||||
+ if (!err && !spec->flags.fips && fips_mode ())
|
|
||||||
{
|
|
||||||
- _gcry_inactivate_fips_mode ("MD5 used");
|
|
||||||
if (_gcry_enforced_fips_mode () )
|
|
||||||
{
|
|
||||||
- /* We should never get to here because we do not register
|
|
||||||
- MD5 in enforced fips mode. But better throw an error. */
|
|
||||||
err = GPG_ERR_DIGEST_ALGO;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,65 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
|
||||||
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
|
||||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen);
|
|
||||||
- else
|
|
||||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|
||||||
+ else if (!domain->p || !domain->q)
|
|
||||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
||||||
+ initial_seed.seed,
|
|
||||||
+ initial_seed.seedlen,
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen, NULL);
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* Domain parameters p and q are given; use them. */
|
|
||||||
+ prime_p = mpi_copy (domain->p);
|
|
||||||
+ prime_q = mpi_copy (domain->q);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
|
||||||
+ ec = 0;
|
|
||||||
+ }
|
|
||||||
sexp_release (initial_seed.sexp);
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
|
||||||
sexp_release (l1);
|
|
||||||
sexp_release (domainsexp);
|
|
||||||
|
|
||||||
- /* Check that all domain parameters are available. */
|
|
||||||
- if (!domain.p || !domain.q || !domain.g)
|
|
||||||
+ /* Check that p and q domain parameters are available. */
|
|
||||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
|
||||||
{
|
|
||||||
_gcry_mpi_release (domain.p);
|
|
||||||
_gcry_mpi_release (domain.q);
|
|
||||||
_gcry_mpi_release (domain.g);
|
|
||||||
- sexp_release (deriveparms);
|
|
||||||
return GPG_ERR_MISSING_VALUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
|
|
||||||
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
|
|
||||||
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
|
||||||
|
|
||||||
if (nbits < 1024 || (nbits & 0x1FF))
|
|
||||||
return GPG_ERR_INV_VALUE;
|
|
||||||
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
|
||||||
+ if (fips_mode() && nbits < 2048)
|
|
||||||
return GPG_ERR_INV_VALUE;
|
|
||||||
|
|
||||||
/* The random quality depends on the transient_key flag. */
|
|
||||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
|
||||||
|
|
||||||
*swapped = 0;
|
|
||||||
|
|
||||||
- if (e_value == 1) /* Alias for a secure value. */
|
|
||||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
|
||||||
e_value = 65537;
|
|
||||||
|
|
||||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
|
@ -1,184 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
|
|
||||||
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
|
|
||||||
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
|
|
||||||
@@ -6964,7 +6964,7 @@ check_ciphers (void)
|
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
|
|
||||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
|
||||||
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
|
||||||
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
|
||||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
|
||||||
@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
|
|
||||||
check_cfb_cipher ();
|
|
||||||
check_ofb_cipher ();
|
|
||||||
check_ccm_cipher ();
|
|
||||||
- check_gcm_cipher ();
|
|
||||||
- check_poly1305_cipher ();
|
|
||||||
- check_ocb_cipher ();
|
|
||||||
+ if (!in_fips_mode)
|
|
||||||
+ {
|
|
||||||
+ check_gcm_cipher ();
|
|
||||||
+ check_poly1305_cipher ();
|
|
||||||
+ check_ocb_cipher ();
|
|
||||||
+ }
|
|
||||||
check_xts_cipher ();
|
|
||||||
- check_gost28147_cipher ();
|
|
||||||
+ if (!in_fips_mode)
|
|
||||||
+ {
|
|
||||||
+ check_gost28147_cipher ();
|
|
||||||
+ }
|
|
||||||
check_stream_cipher ();
|
|
||||||
check_stream_cipher_large_block ();
|
|
||||||
|
|
||||||
@@ -10001,7 +10007,7 @@ check_mac (void)
|
|
||||||
show_mac_not_available (algos[i].algo);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
|
|
||||||
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
|
|
||||||
{
|
|
||||||
if (verbose)
|
|
||||||
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
|
||||||
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
|
|
||||||
/* If we are in fips mode do some more tests. */
|
|
||||||
gcry_md_hd_t md;
|
|
||||||
|
|
||||||
- /* First trigger a self-test. */
|
|
||||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
|
||||||
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
|
||||||
fail ("not in operational state after self-test\n");
|
|
||||||
|
|
||||||
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
|
|
||||||
gcry_md_close (md);
|
|
||||||
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
|
||||||
fail ("expected error state but still in operational state\n");
|
|
||||||
- else
|
|
||||||
- {
|
|
||||||
- /* Now run a self-test and to get back into
|
|
||||||
- operational state. */
|
|
||||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
|
||||||
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
|
||||||
- fail ("did not reach operational after error "
|
|
||||||
- "and self-test\n");
|
|
||||||
- }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
|
|
||||||
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
|
|
||||||
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|
|
||||||
|| (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
- if (modes[modeidx].req_blocksize > 0
|
|
||||||
- && blklen != modes[modeidx].req_blocksize)
|
|
||||||
+ if ((modes[modeidx].req_blocksize > 0
|
|
||||||
+ && blklen != modes[modeidx].req_blocksize)
|
|
||||||
+ || (in_fips_mode
|
|
||||||
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
|
||||||
{
|
|
||||||
printf (" %7s %7s", "-", "-" );
|
|
||||||
continue;
|
|
||||||
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
|
|
||||||
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
|
|
||||||
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* GCM has restrictions for block-size */
|
|
||||||
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
|
|
||||||
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* XTS has restrictions for block-size */
|
|
||||||
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
|
|
||||||
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
|
|
||||||
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
|
||||||
rc = gcry_sexp_new
|
|
||||||
(&key_spec,
|
|
||||||
"(genkey (dsa (transient-key)(domain"
|
|
||||||
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
|
|
||||||
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
|
|
||||||
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
|
|
||||||
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
|
|
||||||
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
|
|
||||||
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
|
|
||||||
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
|
|
||||||
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
|
|
||||||
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
|
|
||||||
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
|
||||||
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
|
||||||
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
|
||||||
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
|
||||||
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
|
||||||
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
|
||||||
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
|
||||||
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
|
||||||
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
|
||||||
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
|
||||||
+ " 2c8d7469db02e24d592394a7dba069e9#)"
|
|
||||||
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
|
||||||
+ " 7441a0a5#)"
|
|
||||||
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
|
||||||
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
|
||||||
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
|
||||||
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
|
|
||||||
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
|
||||||
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
|
||||||
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
|
||||||
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
|
||||||
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
|
||||||
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
|
||||||
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
|
|
||||||
")))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
|
||||||
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
|
||||||
" (use-fips186)"
|
|
||||||
" (transient-key)"
|
|
||||||
" (derive-parms"
|
|
||||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
|
||||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
|
||||||
0, 1);
|
|
||||||
if (rc)
|
|
||||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
|
||||||
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
|
|
||||||
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
|
|
||||||
@@ -560,6 +560,9 @@ main (int argc, char **argv)
|
|
||||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
|
||||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
|
||||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+ /* Curve25519 isn't supported in fips mode */
|
|
||||||
+ if (gcry_fips_mode_active())
|
|
||||||
+ return 77;
|
|
||||||
|
|
||||||
start_timer ();
|
|
||||||
check_cv25519 ();
|
|
||||||
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
|
|
||||||
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
|
|
||||||
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
|
||||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
|
||||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
|
||||||
xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
|
|
||||||
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
|
||||||
+ if (!gcry_fips_mode_active ())
|
|
||||||
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
|
||||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
|
|
||||||
/* Libgcrypt prints a warning when the first overflow is allocated;
|
|
||||||
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
|
||||||
|
|
||||||
|
|
||||||
test_secmem ();
|
|
||||||
- test_secmem_overflow ();
|
|
||||||
+ if (!gcry_fips_mode_active ())
|
|
||||||
+ test_secmem_overflow ();
|
|
||||||
/* FIXME: We need to improve the tests, for example by registering
|
|
||||||
* our own log handler and comparing the output of
|
|
||||||
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */
|
|
@ -1,77 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
|
|
||||||
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
|
|
||||||
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
|
|
||||||
@@ -32,6 +32,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
+#include <poll.h>
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
|
||||||
# include <sys/syscall.h>
|
|
||||||
#endif
|
|
||||||
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
return with something we will actually use 100ms. */
|
|
||||||
while (length)
|
|
||||||
{
|
|
||||||
- fd_set rfds;
|
|
||||||
- struct timeval tv;
|
|
||||||
int rc;
|
|
||||||
+ struct pollfd pfd;
|
|
||||||
|
|
||||||
/* If we have a modern Linux kernel, we first try to use the new
|
|
||||||
* getrandom syscall. That call guarantees that the kernel's
|
|
||||||
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
any_need_entropy = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* If the system has no limit on the number of file descriptors
|
|
||||||
- and we encounter an fd which is larger than the fd_set size,
|
|
||||||
- we don't use the select at all. The select code is only used
|
|
||||||
- to emit progress messages. A better solution would be to
|
|
||||||
- fall back to poll() if available. */
|
|
||||||
-#ifdef FD_SETSIZE
|
|
||||||
- if (fd < FD_SETSIZE)
|
|
||||||
-#endif
|
|
||||||
+ pfd.fd = fd;
|
|
||||||
+ pfd.events = POLLIN;
|
|
||||||
+
|
|
||||||
+ _gcry_pre_syscall ();
|
|
||||||
+ rc = poll(&pfd, 1, delay);
|
|
||||||
+ _gcry_post_syscall ();
|
|
||||||
+ if (!rc)
|
|
||||||
{
|
|
||||||
- FD_ZERO(&rfds);
|
|
||||||
- FD_SET(fd, &rfds);
|
|
||||||
- tv.tv_sec = delay;
|
|
||||||
- tv.tv_usec = delay? 0 : 100000;
|
|
||||||
- _gcry_pre_syscall ();
|
|
||||||
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
|
|
||||||
- _gcry_post_syscall ();
|
|
||||||
- if (!rc)
|
|
||||||
- {
|
|
||||||
- any_need_entropy = 1;
|
|
||||||
- delay = 3; /* Use 3 seconds henceforth. */
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
- else if( rc == -1 )
|
|
||||||
- {
|
|
||||||
- log_error ("select() error: %s\n", strerror(errno));
|
|
||||||
- if (!delay)
|
|
||||||
- delay = 1; /* Use 1 second if we encounter an error before
|
|
||||||
- we have ever blocked. */
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
+ any_need_entropy = 1;
|
|
||||||
+ delay = 3000; /* Use 3 seconds henceforth. */
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ else if( rc == -1 )
|
|
||||||
+ {
|
|
||||||
+ log_error ("poll() error: %s\n", strerror(errno));
|
|
||||||
+ if (!delay)
|
|
||||||
+ delay = 1000; /* Use 1 second if we encounter an error before
|
|
||||||
+ we have ever blocked. */
|
|
||||||
+ continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
do
|
|
File diff suppressed because it is too large
Load Diff
@ -1,14 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S 2020-01-30 17:26:12.026404286 +0100
|
|
||||||
@@ -87,9 +87,8 @@ _gcry_poly1305_armv7_neon_init_ext:
|
|
||||||
.Lpoly1305_init_ext_neon_local:
|
|
||||||
stmfd sp!, {r4-r11, lr}
|
|
||||||
sub sp, sp, #32
|
|
||||||
- mov r14, r2
|
|
||||||
+ mov r14, #-1
|
|
||||||
and r2, r2, r2
|
|
||||||
- moveq r14, #-1
|
|
||||||
UNALIGNED_LDMIA4(r1, r2, r3, r4, r5)
|
|
||||||
GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8)
|
|
||||||
mov r6, r2
|
|
@ -1,67 +0,0 @@
|
|||||||
commit e8b7f10be275bcedb5fc05ed4837a89bfd605c61
|
|
||||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
Date: Tue Apr 13 10:00:00 2021 +0900
|
|
||||||
|
|
||||||
cipher: Hardening ElGamal by introducing exponent blinding too.
|
|
||||||
|
|
||||||
* cipher/elgamal.c (do_encrypt): Also do exponent blinding.
|
|
||||||
|
|
||||||
--
|
|
||||||
|
|
||||||
Base blinding had been introduced with USE_BLINDING. This patch add
|
|
||||||
exponent blinding as well to mitigate side-channel attack on mpi_powm.
|
|
||||||
|
|
||||||
GnuPG-bug-id: 5328
|
|
||||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
|
|
||||||
index 4eb52d62..9835122f 100644
|
|
||||||
--- a/cipher/elgamal.c
|
|
||||||
+++ b/cipher/elgamal.c
|
|
||||||
@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
|
|
||||||
static void
|
|
||||||
decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
|
|
||||||
{
|
|
||||||
- gcry_mpi_t t1, t2, r;
|
|
||||||
+ gcry_mpi_t t1, t2, r, r1, h;
|
|
||||||
unsigned int nbits = mpi_get_nbits (skey->p);
|
|
||||||
+ gcry_mpi_t x_blind;
|
|
||||||
|
|
||||||
mpi_normalize (a);
|
|
||||||
mpi_normalize (b);
|
|
||||||
@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
|
|
||||||
|
|
||||||
t2 = mpi_snew (nbits);
|
|
||||||
r = mpi_new (nbits);
|
|
||||||
+ r1 = mpi_new (nbits);
|
|
||||||
+ h = mpi_new (nbits);
|
|
||||||
+ x_blind = mpi_snew (nbits);
|
|
||||||
|
|
||||||
/* We need a random number of about the prime size. The random
|
|
||||||
number merely needs to be unpredictable; thus we use level 0. */
|
|
||||||
_gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
|
|
||||||
|
|
||||||
+ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
|
|
||||||
+ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
|
|
||||||
+ mpi_set_highbit (r1, nbits - 1);
|
|
||||||
+ mpi_sub_ui (h, skey->p, 1);
|
|
||||||
+ mpi_mul (x_blind, h, r1);
|
|
||||||
+ mpi_add (x_blind, skey->x, x_blind);
|
|
||||||
+
|
|
||||||
/* t1 = r^x mod p */
|
|
||||||
- mpi_powm (t1, r, skey->x, skey->p);
|
|
||||||
+ mpi_powm (t1, r, x_blind, skey->p);
|
|
||||||
/* t2 = (a * r)^-x mod p */
|
|
||||||
mpi_mulm (t2, a, r, skey->p);
|
|
||||||
- mpi_powm (t2, t2, skey->x, skey->p);
|
|
||||||
+ mpi_powm (t2, t2, x_blind, skey->p);
|
|
||||||
mpi_invm (t2, t2, skey->p);
|
|
||||||
/* t1 = (t1 * t2) mod p*/
|
|
||||||
mpi_mulm (t1, t1, t2, skey->p);
|
|
||||||
|
|
||||||
+ mpi_free (x_blind);
|
|
||||||
+ mpi_free (h);
|
|
||||||
+ mpi_free (r1);
|
|
||||||
mpi_free (r);
|
|
||||||
mpi_free (t2);
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
|
|
||||||
--- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips 2021-06-25 11:55:55.843819137 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/hwfeatures.c 2021-06-25 11:56:00.925895390 +0200
|
|
||||||
@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
|
|
||||||
{
|
|
||||||
hw_features = 0;
|
|
||||||
|
|
||||||
- if (fips_mode ())
|
|
||||||
- return; /* Hardware support is not to be evaluated. */
|
|
||||||
-
|
|
||||||
parse_hwf_deny_file ();
|
|
||||||
|
|
||||||
#if defined (HAVE_CPU_ARCH_X86)
|
|
@ -1,139 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
|
|
||||||
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
|
|
||||||
@@ -35,10 +35,6 @@
|
|
||||||
#include "hmac256.h"
|
|
||||||
|
|
||||||
|
|
||||||
-/* The name of the file used to force libgcrypt into fips mode. */
|
|
||||||
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
|
||||||
-
|
|
||||||
-
|
|
||||||
/* The states of the finite state machine used in fips mode. */
|
|
||||||
enum module_states
|
|
||||||
{
|
|
||||||
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* For testing the system it is useful to override the system
|
|
||||||
- provided detection of the FIPS mode and force FIPS mode using a
|
|
||||||
- file. The filename is hardwired so that there won't be any
|
|
||||||
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
|
||||||
- actually used. The file itself may be empty. */
|
|
||||||
- if ( !access (FIPS_FORCE_FILE, F_OK) )
|
|
||||||
- {
|
|
||||||
- gcry_assert (!no_fips_mode_required);
|
|
||||||
- goto leave;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* Checking based on /proc file properties. */
|
|
||||||
- {
|
|
||||||
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
|
||||||
- FILE *fp;
|
|
||||||
- int saved_errno;
|
|
||||||
-
|
|
||||||
- fp = fopen (procfname, "r");
|
|
||||||
- if (fp)
|
|
||||||
- {
|
|
||||||
- char line[256];
|
|
||||||
-
|
|
||||||
- if (fgets (line, sizeof line, fp) && atoi (line))
|
|
||||||
- {
|
|
||||||
- /* System is in fips mode. */
|
|
||||||
- fclose (fp);
|
|
||||||
- gcry_assert (!no_fips_mode_required);
|
|
||||||
- goto leave;
|
|
||||||
- }
|
|
||||||
- fclose (fp);
|
|
||||||
- }
|
|
||||||
- else if ((saved_errno = errno) != ENOENT
|
|
||||||
- && saved_errno != EACCES
|
|
||||||
- && !access ("/proc/version", F_OK) )
|
|
||||||
- {
|
|
||||||
- /* Problem reading the fips file despite that we have the proc
|
|
||||||
- file system. We better stop right away. */
|
|
||||||
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
|
||||||
- procfname, strerror (saved_errno));
|
|
||||||
-#ifdef HAVE_SYSLOG
|
|
||||||
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
|
||||||
- "reading `%s' failed: %s - abort",
|
|
||||||
- procfname, strerror (saved_errno));
|
|
||||||
-#endif /*HAVE_SYSLOG*/
|
|
||||||
- abort ();
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/* Fips not not requested, set flag. */
|
|
||||||
no_fips_mode_required = 1;
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
|
|
||||||
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
|
|
||||||
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
|
||||||
|
|
||||||
/*-- fips.c --*/
|
|
||||||
|
|
||||||
+/* The name of the file used to force libgcrypt into fips mode. */
|
|
||||||
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
|
||||||
+
|
|
||||||
void _gcry_initialize_fips_mode (int force);
|
|
||||||
|
|
||||||
int _gcry_fips_mode (void);
|
|
||||||
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
|
|
||||||
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
|
|
||||||
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
|
|
||||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
|
||||||
if (rv < 0 && errno != ENOENT)
|
|
||||||
rv = 0;
|
|
||||||
+
|
|
||||||
+ /* For testing the system it is useful to override the system
|
|
||||||
+ provided detection of the FIPS mode and force FIPS mode using a
|
|
||||||
+ file. The filename is hardwired so that there won't be any
|
|
||||||
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
|
||||||
+ actually used. The file itself may be empty. */
|
|
||||||
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
|
||||||
+ {
|
|
||||||
+ rv = 0;
|
|
||||||
+ force_fips_mode = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Checking based on /proc file properties. */
|
|
||||||
+ {
|
|
||||||
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
|
||||||
+ FILE *fp;
|
|
||||||
+ int saved_errno;
|
|
||||||
+
|
|
||||||
+ fp = fopen (procfname, "r");
|
|
||||||
+ if (fp)
|
|
||||||
+ {
|
|
||||||
+ char line[256];
|
|
||||||
+
|
|
||||||
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
|
||||||
+ {
|
|
||||||
+ /* System is in fips mode. */
|
|
||||||
+ rv = 0;
|
|
||||||
+ force_fips_mode = 1;
|
|
||||||
+ }
|
|
||||||
+ fclose (fp);
|
|
||||||
+ }
|
|
||||||
+ else if ((saved_errno = errno) != ENOENT
|
|
||||||
+ && saved_errno != EACCES
|
|
||||||
+ && !access ("/proc/version", F_OK) )
|
|
||||||
+ {
|
|
||||||
+ /* Problem reading the fips file despite that we have the proc
|
|
||||||
+ file system. We better stop right away. */
|
|
||||||
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
|
||||||
+ procfname, strerror (saved_errno));
|
|
||||||
+#ifdef HAVE_SYSLOG
|
|
||||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
|
||||||
+ "reading `%s' failed: %s - abort",
|
|
||||||
+ procfname, strerror (saved_errno));
|
|
||||||
+#endif /*HAVE_SYSLOG*/
|
|
||||||
+ abort ();
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!rv)
|
|
||||||
{
|
|
@ -1,285 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
|
|
||||||
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
|
|
||||||
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
|
|
||||||
|
|
||||||
/*-- random-csprng.c --*/
|
|
||||||
void _gcry_rngcsprng_initialize (int full);
|
|
||||||
+void _gcry_rngcsprng_deinit (void);
|
|
||||||
void _gcry_rngcsprng_close_fds (void);
|
|
||||||
void _gcry_rngcsprng_dump_stats (void);
|
|
||||||
void _gcry_rngcsprng_secure_alloc (void);
|
|
||||||
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
|
|
||||||
|
|
||||||
/*-- random-drbg.c --*/
|
|
||||||
void _gcry_rngdrbg_inititialize (int full);
|
|
||||||
+void _gcry_rngdrbg_deinit (void);
|
|
||||||
void _gcry_rngdrbg_close_fds (void);
|
|
||||||
void _gcry_rngdrbg_dump_stats (void);
|
|
||||||
int _gcry_rngdrbg_is_faked (void);
|
|
||||||
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
|
|
||||||
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
|
|
||||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
|
||||||
unsigned int result = 0;
|
|
||||||
|
|
||||||
fp = fopen (fname, "r");
|
|
||||||
- if (!fp)
|
|
||||||
- return result;
|
|
||||||
+ if (!fp) /* We make only_urandom the default. */
|
|
||||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
|
||||||
|
|
||||||
for (;;)
|
|
||||||
{
|
|
||||||
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+/* Deinitialize this random subsystem. */
|
|
||||||
+void
|
|
||||||
+_gcry_random_deinit (void)
|
|
||||||
+{
|
|
||||||
+ if (fips_mode ())
|
|
||||||
+ _gcry_rngdrbg_deinit ();
|
|
||||||
+ else if (rng_types.standard)
|
|
||||||
+ _gcry_rngcsprng_deinit ();
|
|
||||||
+ else if (rng_types.fips)
|
|
||||||
+ _gcry_rngdrbg_deinit ();
|
|
||||||
+ else
|
|
||||||
+ _gcry_rngcsprng_deinit ();
|
|
||||||
+ /* not needed for system */
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/* If possible close file descriptors used by the RNG. */
|
|
||||||
void
|
|
||||||
_gcry_random_close_fds (void)
|
|
||||||
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
|
|
||||||
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
|
|
||||||
@@ -55,6 +55,10 @@
|
|
||||||
#ifdef __MINGW32__
|
|
||||||
#include <process.h>
|
|
||||||
#endif
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
|
||||||
+# include <sys/syscall.h>
|
|
||||||
+# include <linux/random.h>
|
|
||||||
+#endif
|
|
||||||
#include "g10lib.h"
|
|
||||||
#include "random.h"
|
|
||||||
#include "rand-internal.h"
|
|
||||||
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+void
|
|
||||||
+_gcry_rngcsprng_deinit (void)
|
|
||||||
+{
|
|
||||||
+ lock_pool();
|
|
||||||
+ pool_writepos = 0;
|
|
||||||
+ pool_readpos = 0;
|
|
||||||
+ pool_filled = 0;
|
|
||||||
+ pool_filled_counter = 0;
|
|
||||||
+ did_initial_extra_seeding = 0;
|
|
||||||
+ pool_balance = 0;
|
|
||||||
+ just_mixed = 0;
|
|
||||||
+ unlock_pool();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/* Try to close the FDs of the random gather module. This is
|
|
||||||
currently only implemented for rndlinux. */
|
|
||||||
void
|
|
||||||
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
|
|
||||||
enum random_origins, size_t, int);
|
|
||||||
|
|
||||||
#if USE_RNDLINUX
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ long ret;
|
|
||||||
+ char buffer[1];
|
|
||||||
+
|
|
||||||
+ _gcry_pre_syscall ();
|
|
||||||
+ ret = syscall (__NR_getrandom,
|
|
||||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
|
||||||
+ _gcry_post_syscall ();
|
|
||||||
+ if (ret != -1 || errno != ENOSYS)
|
|
||||||
+ {
|
|
||||||
+ fnc = _gcry_rndlinux_gather_random;
|
|
||||||
+ return fnc;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
|
||||||
+#endif
|
|
||||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
|
||||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
|
||||||
{
|
|
||||||
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
|
|
||||||
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
|
|
||||||
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * Deinitialize the DRBG invoked by the libgcrypt API
|
|
||||||
+ * It will be automatically re-initialized on next call
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+_gcry_rngdrbg_deinit (void)
|
|
||||||
+{
|
|
||||||
+ drbg_lock ();
|
|
||||||
+ if (drbg_state)
|
|
||||||
+ {
|
|
||||||
+ drbg_uninstantiate (drbg_state);
|
|
||||||
+ drbg_state = NULL;
|
|
||||||
+ }
|
|
||||||
+ drbg_unlock ();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* Backend handler function for GCRYCTL_DRBG_REINIT
|
|
||||||
*
|
|
||||||
* Select a different DRBG type and initialize it.
|
|
||||||
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
|
|
||||||
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
|
|
||||||
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
|
|
||||||
|
|
||||||
void _gcry_set_preferred_rng_type (int type);
|
|
||||||
void _gcry_random_initialize (int full);
|
|
||||||
+void _gcry_random_deinit (void);
|
|
||||||
void _gcry_random_close_fds (void);
|
|
||||||
int _gcry_get_rng_type (int ignore_fips_mode);
|
|
||||||
void _gcry_random_dump_stats(void);
|
|
||||||
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
|
|
||||||
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
|
|
||||||
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
|
|
||||||
@@ -35,6 +35,7 @@
|
|
||||||
#include <poll.h>
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
|
||||||
# include <sys/syscall.h>
|
|
||||||
+# include <linux/random.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "types.h"
|
|
||||||
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
if (!add)
|
|
||||||
{
|
|
||||||
/* Special mode to close the descriptors. */
|
|
||||||
- if (fd_random != -1)
|
|
||||||
+ if (fd_random >= 0)
|
|
||||||
{
|
|
||||||
close (fd_random);
|
|
||||||
fd_random = -1;
|
|
||||||
}
|
|
||||||
- if (fd_urandom != -1)
|
|
||||||
+ if (fd_urandom >= 0)
|
|
||||||
{
|
|
||||||
close (fd_urandom);
|
|
||||||
fd_urandom = -1;
|
|
||||||
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
apid = getpid ();
|
|
||||||
if (my_pid != apid)
|
|
||||||
{
|
|
||||||
- if (fd_random != -1)
|
|
||||||
+ if (fd_random >= 0)
|
|
||||||
{
|
|
||||||
close (fd_random);
|
|
||||||
fd_random = -1;
|
|
||||||
}
|
|
||||||
- if (fd_urandom != -1)
|
|
||||||
+ if (fd_urandom >= 0)
|
|
||||||
{
|
|
||||||
close (fd_urandom);
|
|
||||||
fd_urandom = -1;
|
|
||||||
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
that we always require the device to be existent but want a more
|
|
||||||
graceful behaviour if the rarely needed close operation has been
|
|
||||||
used and the device needs to be re-opened later. */
|
|
||||||
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
|
|
||||||
+ {
|
|
||||||
+ long ret;
|
|
||||||
+
|
|
||||||
+ _gcry_pre_syscall ();
|
|
||||||
+ ret = syscall (__NR_getrandom,
|
|
||||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
|
||||||
+ _gcry_post_syscall ();
|
|
||||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
|
||||||
+ {
|
|
||||||
+ fd_urandom = -2;
|
|
||||||
+ fd_random = -2;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
|
|
||||||
{
|
|
||||||
if (fd_random == -1)
|
|
||||||
{
|
|
||||||
@@ -255,6 +272,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
* syscall and not a new device and thus we are not able to use
|
|
||||||
* select(2) to have a timeout. */
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ if (fd == -2)
|
|
||||||
{
|
|
||||||
long ret;
|
|
||||||
size_t nbytes;
|
|
||||||
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
_gcry_post_syscall ();
|
|
||||||
}
|
|
||||||
while (ret == -1 && errno == EINTR);
|
|
||||||
- if (ret == -1 && errno == ENOSYS)
|
|
||||||
- ; /* The syscall is not supported - fallback to pulling from fd. */
|
|
||||||
- else
|
|
||||||
+ if (1)
|
|
||||||
{ /* The syscall is supported. Some sanity checks. */
|
|
||||||
if (ret == -1)
|
|
||||||
log_fatal ("unexpected error from getrandom: %s\n",
|
|
||||||
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
|
|
||||||
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
|
|
||||||
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
|
|
||||||
void _gcry_fips_noreturn (void);
|
|
||||||
#define fips_noreturn() (_gcry_fips_noreturn ())
|
|
||||||
|
|
||||||
-
|
|
||||||
+int _gcry_in_constructor (void);
|
|
||||||
|
|
||||||
#endif /* G10LIB_H */
|
|
||||||
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
|
|
||||||
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
|
|
||||||
@@ -145,10 +145,18 @@ global_init (void)
|
|
||||||
#define FIPS_MODULE_PATH "/etc/system-fips"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+static int in_constructor = 0;
|
|
||||||
+
|
|
||||||
+int _gcry_in_constructor(void)
|
|
||||||
+{
|
|
||||||
+ return in_constructor;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
|
||||||
{
|
|
||||||
int rv;
|
|
||||||
|
|
||||||
+ in_constructor = 1;
|
|
||||||
rv = access (FIPS_MODULE_PATH, F_OK);
|
|
||||||
if (rv < 0 && errno != ENOENT)
|
|
||||||
rv = 0;
|
|
||||||
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
|
|
||||||
/* force selftests */
|
|
||||||
global_init();
|
|
||||||
_gcry_fips_run_selftests (0);
|
|
||||||
- if (!fips_mode())
|
|
||||||
- _gcry_random_close_fds ();
|
|
||||||
+ _gcry_random_close_fds ();
|
|
||||||
+ _gcry_random_deinit ();
|
|
||||||
no_secure_memory = no_secmem_save;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ in_constructor = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* This function is called by the macro fips_is_operational and makes
|
|
@ -1,348 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S 2020-01-23 15:36:44.148972045 +0100
|
|
||||||
@@ -18,8 +18,9 @@
|
|
||||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#ifdef __x86_64
|
|
||||||
#include <config.h>
|
|
||||||
+
|
|
||||||
+#ifdef __x86_64
|
|
||||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
|
||||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
|
||||||
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S 2020-01-23 15:36:44.145972088 +0100
|
|
||||||
@@ -18,8 +18,9 @@
|
|
||||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#ifdef __x86_64
|
|
||||||
#include <config.h>
|
|
||||||
+
|
|
||||||
+#ifdef __x86_64
|
|
||||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
|
||||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
|
||||||
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S 2020-01-23 15:36:16.780250066 +0100
|
|
||||||
@@ -48,6 +48,9 @@
|
|
||||||
.globl _gcry_chacha20_amd64_avx2_blocks
|
|
||||||
ELF(.type _gcry_chacha20_amd64_avx2_blocks,@function;)
|
|
||||||
_gcry_chacha20_amd64_avx2_blocks:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lchacha_blocks_avx2_local:
|
|
||||||
vzeroupper
|
|
||||||
pushq %rbx
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S 2020-01-23 15:36:16.783250095 +0100
|
|
||||||
@@ -41,6 +41,9 @@
|
|
||||||
.globl _gcry_chacha20_amd64_sse2_blocks
|
|
||||||
ELF(.type _gcry_chacha20_amd64_sse2_blocks,@function;)
|
|
||||||
_gcry_chacha20_amd64_sse2_blocks:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lchacha_blocks_sse2_local:
|
|
||||||
pushq %rbx
|
|
||||||
pushq %rbp
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S 2020-01-23 15:36:16.784250105 +0100
|
|
||||||
@@ -43,6 +43,9 @@
|
|
||||||
.globl _gcry_poly1305_amd64_avx2_init_ext
|
|
||||||
ELF(.type _gcry_poly1305_amd64_avx2_init_ext,@function;)
|
|
||||||
_gcry_poly1305_amd64_avx2_init_ext:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_init_ext_avx2_local:
|
|
||||||
xor %edx, %edx
|
|
||||||
vzeroupper
|
|
||||||
@@ -406,6 +409,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_init
|
|
||||||
.globl _gcry_poly1305_amd64_avx2_blocks
|
|
||||||
ELF(.type _gcry_poly1305_amd64_avx2_blocks,@function;)
|
|
||||||
_gcry_poly1305_amd64_avx2_blocks:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_blocks_avx2_local:
|
|
||||||
vzeroupper
|
|
||||||
pushq %rbp
|
|
||||||
@@ -732,6 +738,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_bloc
|
|
||||||
.globl _gcry_poly1305_amd64_avx2_finish_ext
|
|
||||||
ELF(.type _gcry_poly1305_amd64_avx2_finish_ext,@function;)
|
|
||||||
_gcry_poly1305_amd64_avx2_finish_ext:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_finish_ext_avx2_local:
|
|
||||||
vzeroupper
|
|
||||||
pushq %rbp
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S 2020-01-23 15:36:16.787250134 +0100
|
|
||||||
@@ -42,6 +42,9 @@
|
|
||||||
.globl _gcry_poly1305_amd64_sse2_init_ext
|
|
||||||
ELF(.type _gcry_poly1305_amd64_sse2_init_ext,@function;)
|
|
||||||
_gcry_poly1305_amd64_sse2_init_ext:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_init_ext_x86_local:
|
|
||||||
xor %edx, %edx
|
|
||||||
pushq %r12
|
|
||||||
@@ -288,6 +291,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_init
|
|
||||||
.globl _gcry_poly1305_amd64_sse2_finish_ext
|
|
||||||
ELF(.type _gcry_poly1305_amd64_sse2_finish_ext,@function;)
|
|
||||||
_gcry_poly1305_amd64_sse2_finish_ext:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_finish_ext_x86_local:
|
|
||||||
pushq %rbp
|
|
||||||
movq %rsp, %rbp
|
|
||||||
@@ -439,6 +445,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_fini
|
|
||||||
.globl _gcry_poly1305_amd64_sse2_blocks
|
|
||||||
ELF(.type _gcry_poly1305_amd64_sse2_blocks,@function;)
|
|
||||||
_gcry_poly1305_amd64_sse2_blocks:
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
.Lpoly1305_blocks_x86_local:
|
|
||||||
pushq %rbp
|
|
||||||
movq %rsp, %rbp
|
|
||||||
diff -up libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S
|
|
||||||
--- libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S 2020-01-23 15:36:44.151972003 +0100
|
|
||||||
@@ -18,8 +18,9 @@
|
|
||||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#ifdef __x86_64
|
|
||||||
#include <config.h>
|
|
||||||
+
|
|
||||||
+#ifdef __x86_64
|
|
||||||
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
|
||||||
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) && \
|
|
||||||
defined(ENABLE_AVX2_SUPPORT)
|
|
||||||
diff -up libgcrypt-1.8.5/configure.ac.intel-cet libgcrypt-1.8.5/configure.ac
|
|
||||||
--- libgcrypt-1.8.5/configure.ac.intel-cet 2019-08-29 15:00:08.000000000 +0200
|
|
||||||
+++ libgcrypt-1.8.5/configure.ac 2020-01-23 15:35:28.147774463 +0100
|
|
||||||
@@ -95,6 +95,12 @@ AH_TOP([
|
|
||||||
AH_BOTTOM([
|
|
||||||
#define _GCRYPT_IN_LIBGCRYPT 1
|
|
||||||
|
|
||||||
+/* Add .note.gnu.property section for Intel CET in assembler sources
|
|
||||||
+ when CET is enabled. */
|
|
||||||
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
|
||||||
+# include <cet.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* If the configure check for endianness has been disabled, get it from
|
|
||||||
OS macros. This is intended for making fat binary builds on OS X. */
|
|
||||||
#ifdef DISABLED_ENDIAN_CHECK
|
|
||||||
diff -up libgcrypt-1.8.5/mpi/config.links.intel-cet libgcrypt-1.8.5/mpi/config.links
|
|
||||||
--- libgcrypt-1.8.5/mpi/config.links.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/mpi/config.links 2020-01-23 15:35:46.398952954 +0100
|
|
||||||
@@ -382,6 +382,16 @@ if test x"$mpi_cpu_arch" = x ; then
|
|
||||||
mpi_cpu_arch="unknown"
|
|
||||||
fi
|
|
||||||
|
|
||||||
+# Add .note.gnu.property section for Intel CET in assembler sources
|
|
||||||
+# when CET is enabled. */
|
|
||||||
+if test x"$mpi_cpu_arch" = xx86 ; then
|
|
||||||
+ cat <<EOF >> ./mpi/asm-syntax.h
|
|
||||||
+
|
|
||||||
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
|
||||||
+# include <cet.h>
|
|
||||||
+#endif
|
|
||||||
+EOF
|
|
||||||
+fi
|
|
||||||
|
|
||||||
# Make sysdep.h
|
|
||||||
echo '/* created by config.links - do not edit */' >./mpi/sysdep.h
|
|
||||||
diff -up libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-add1.S
|
|
||||||
--- libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/mpi/i386/mpih-add1.S 2020-01-23 15:37:40.470175379 +0100
|
|
||||||
@@ -52,6 +52,10 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
|
||||||
movl 20(%esp),%edx /* s2_ptr */
|
|
||||||
movl 24(%esp),%ecx /* size */
|
|
||||||
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ pushl %ebx
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
movl %ecx,%eax
|
|
||||||
shrl $3,%ecx /* compute count for unrolled loop */
|
|
||||||
negl %eax
|
|
||||||
@@ -63,6 +67,9 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
|
||||||
subl %eax,%esi /* ... by a constant when we ... */
|
|
||||||
subl %eax,%edx /* ... enter the loop */
|
|
||||||
shrl $2,%eax /* restore previous value */
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
|
||||||
+#endif
|
|
||||||
#ifdef PIC
|
|
||||||
/* Calculate start address in loop for PIC. Due to limitations in some
|
|
||||||
assemblers, Loop-L0-3 cannot be put into the leal */
|
|
||||||
@@ -75,29 +82,53 @@ L0: leal (%eax,%eax,8),%eax
|
|
||||||
/* Calculate start address in loop for non-PIC. */
|
|
||||||
leal (Loop - 3)(%eax,%eax,8),%eax
|
|
||||||
#endif
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ addl %ebx,%eax /* Adjust for endbr32 */
|
|
||||||
+#endif
|
|
||||||
jmp *%eax /* jump into loop */
|
|
||||||
ALIGN (3)
|
|
||||||
Loop: movl (%esi),%eax
|
|
||||||
adcl (%edx),%eax
|
|
||||||
movl %eax,(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 4(%esi),%eax
|
|
||||||
adcl 4(%edx),%eax
|
|
||||||
movl %eax,4(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 8(%esi),%eax
|
|
||||||
adcl 8(%edx),%eax
|
|
||||||
movl %eax,8(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 12(%esi),%eax
|
|
||||||
adcl 12(%edx),%eax
|
|
||||||
movl %eax,12(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 16(%esi),%eax
|
|
||||||
adcl 16(%edx),%eax
|
|
||||||
movl %eax,16(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 20(%esi),%eax
|
|
||||||
adcl 20(%edx),%eax
|
|
||||||
movl %eax,20(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 24(%esi),%eax
|
|
||||||
adcl 24(%edx),%eax
|
|
||||||
movl %eax,24(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 28(%esi),%eax
|
|
||||||
adcl 28(%edx),%eax
|
|
||||||
movl %eax,28(%edi)
|
|
||||||
@@ -110,6 +141,10 @@ Loop: movl (%esi),%eax
|
|
||||||
sbbl %eax,%eax
|
|
||||||
negl %eax
|
|
||||||
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ popl %ebx
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
popl %esi
|
|
||||||
popl %edi
|
|
||||||
ret
|
|
||||||
diff -up libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-sub1.S
|
|
||||||
--- libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/mpi/i386/mpih-sub1.S 2020-01-23 15:37:40.472175351 +0100
|
|
||||||
@@ -53,6 +53,10 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
|
||||||
movl 20(%esp),%edx /* s2_ptr */
|
|
||||||
movl 24(%esp),%ecx /* size */
|
|
||||||
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ pushl %ebx
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
movl %ecx,%eax
|
|
||||||
shrl $3,%ecx /* compute count for unrolled loop */
|
|
||||||
negl %eax
|
|
||||||
@@ -64,6 +68,9 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
|
||||||
subl %eax,%esi /* ... by a constant when we ... */
|
|
||||||
subl %eax,%edx /* ... enter the loop */
|
|
||||||
shrl $2,%eax /* restore previous value */
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
|
||||||
+#endif
|
|
||||||
#ifdef PIC
|
|
||||||
/* Calculate start address in loop for PIC. Due to limitations in some
|
|
||||||
assemblers, Loop-L0-3 cannot be put into the leal */
|
|
||||||
@@ -76,29 +83,53 @@ L0: leal (%eax,%eax,8),%eax
|
|
||||||
/* Calculate start address in loop for non-PIC. */
|
|
||||||
leal (Loop - 3)(%eax,%eax,8),%eax
|
|
||||||
#endif
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ addl %ebx,%eax /* Adjust for endbr32 */
|
|
||||||
+#endif
|
|
||||||
jmp *%eax /* jump into loop */
|
|
||||||
ALIGN (3)
|
|
||||||
Loop: movl (%esi),%eax
|
|
||||||
sbbl (%edx),%eax
|
|
||||||
movl %eax,(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 4(%esi),%eax
|
|
||||||
sbbl 4(%edx),%eax
|
|
||||||
movl %eax,4(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 8(%esi),%eax
|
|
||||||
sbbl 8(%edx),%eax
|
|
||||||
movl %eax,8(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 12(%esi),%eax
|
|
||||||
sbbl 12(%edx),%eax
|
|
||||||
movl %eax,12(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 16(%esi),%eax
|
|
||||||
sbbl 16(%edx),%eax
|
|
||||||
movl %eax,16(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 20(%esi),%eax
|
|
||||||
sbbl 20(%edx),%eax
|
|
||||||
movl %eax,20(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 24(%esi),%eax
|
|
||||||
sbbl 24(%edx),%eax
|
|
||||||
movl %eax,24(%edi)
|
|
||||||
+#ifdef _CET_ENDBR
|
|
||||||
+ _CET_ENDBR
|
|
||||||
+#endif
|
|
||||||
movl 28(%esi),%eax
|
|
||||||
sbbl 28(%edx),%eax
|
|
||||||
movl %eax,28(%edi)
|
|
||||||
@@ -111,6 +142,10 @@ Loop: movl (%esi),%eax
|
|
||||||
sbbl %eax,%eax
|
|
||||||
negl %eax
|
|
||||||
|
|
||||||
+#if defined __CET__ && (__CET__ & 1) != 0
|
|
||||||
+ popl %ebx
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
popl %esi
|
|
||||||
popl %edi
|
|
||||||
ret
|
|
@ -1,158 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
|
|
||||||
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/cipher/kdf.c 2020-06-15 18:14:26.494995669 +0200
|
|
||||||
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
|
|
||||||
leave:
|
|
||||||
return ec;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* PBKDF2 selftests.
|
|
||||||
+ * Copyright (C) 2008 Free Software Foundation, Inc.
|
|
||||||
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
|
|
||||||
+ * API. (passphrase,passphraselen) is the password to be derived,
|
|
||||||
+ * (salt,saltlen) the salt for the key derivation,
|
|
||||||
+ * iterations is the number of the kdf iterations,
|
|
||||||
+ * and (expect,expectlen) the expected result. Returns NULL on
|
|
||||||
+ * success or a string describing the failure. */
|
|
||||||
+
|
|
||||||
+static const char *
|
|
||||||
+check_one (int algo,
|
|
||||||
+ const void *passphrase, size_t passphraselen,
|
|
||||||
+ const void *salt, size_t saltlen,
|
|
||||||
+ unsigned long iterations,
|
|
||||||
+ const void *expect, size_t expectlen)
|
|
||||||
+{
|
|
||||||
+ unsigned char key[512]; /* hardcoded to avoid allocation */
|
|
||||||
+ size_t keysize = expectlen;
|
|
||||||
+
|
|
||||||
+ if (keysize > sizeof(key))
|
|
||||||
+ return "invalid tests data";
|
|
||||||
+
|
|
||||||
+ if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
|
|
||||||
+ algo, salt, saltlen, iterations,
|
|
||||||
+ keysize, key))
|
|
||||||
+ return "gcry_kdf_derive failed";
|
|
||||||
+
|
|
||||||
+ if (memcmp (key, expect, expectlen))
|
|
||||||
+ return "does not match";
|
|
||||||
+
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ const char *what;
|
|
||||||
+ const char *errtxt;
|
|
||||||
+
|
|
||||||
+ what = "Basic PBKDF2 SHA256";
|
|
||||||
+ errtxt = check_one (GCRY_MD_SHA256,
|
|
||||||
+ "password", 8,
|
|
||||||
+ "salt", 4,
|
|
||||||
+ 2,
|
|
||||||
+ "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
|
|
||||||
+ "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ if (extended)
|
|
||||||
+ {
|
|
||||||
+ what = "Extended PBKDF2 SHA256";
|
|
||||||
+ errtxt = check_one (GCRY_MD_SHA256,
|
|
||||||
+ "passwordPASSWORDpassword", 24,
|
|
||||||
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
|
||||||
+ 4096,
|
|
||||||
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
|
|
||||||
+ "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
|
|
||||||
+ "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0; /* Succeeded. */
|
|
||||||
+
|
|
||||||
+ failed:
|
|
||||||
+ if (report)
|
|
||||||
+ report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
|
|
||||||
+ return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
|
|
||||||
+ reporting function REPORT. */
|
|
||||||
+gpg_error_t
|
|
||||||
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ gcry_err_code_t ec = 0;
|
|
||||||
+
|
|
||||||
+ if (algo == GCRY_KDF_PBKDF2)
|
|
||||||
+ {
|
|
||||||
+ ec = run_pbkdf2_selftest (extended, report);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
|
|
||||||
+ if (report)
|
|
||||||
+ report ("kdf", algo, "module", "algorithm not available");
|
|
||||||
+ }
|
|
||||||
+ return gpg_error (ec);
|
|
||||||
+}
|
|
||||||
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
|
|
||||||
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest 2020-06-15 18:03:25.785353036 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/cipher-proto.h 2020-06-15 18:03:25.788353061 +0200
|
|
||||||
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
|
|
||||||
selftest_report_func_t report);
|
|
||||||
gcry_error_t _gcry_cmac_selftest (int algo, int extended,
|
|
||||||
selftest_report_func_t report);
|
|
||||||
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
|
|
||||||
+ selftest_report_func_t report);
|
|
||||||
|
|
||||||
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
|
|
||||||
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest 2020-06-15 18:03:25.777352968 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/fips.c 2020-06-15 18:08:40.651028096 +0200
|
|
||||||
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
|
|
||||||
return anyerr;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Run self-tests for all KDF algorithms. Return 0 on success. */
|
|
||||||
+static int
|
|
||||||
+run_kdf_selftests (int extended)
|
|
||||||
+{
|
|
||||||
+ static int algos[] =
|
|
||||||
+ {
|
|
||||||
+ GCRY_KDF_PBKDF2,
|
|
||||||
+ 0
|
|
||||||
+ };
|
|
||||||
+ int idx;
|
|
||||||
+ gpg_error_t err;
|
|
||||||
+ int anyerr = 0;
|
|
||||||
+
|
|
||||||
+ for (idx=0; algos[idx]; idx++)
|
|
||||||
+ {
|
|
||||||
+ err = _gcry_kdf_selftest (algos[idx], extended, reporter);
|
|
||||||
+ reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
|
|
||||||
+ if (err)
|
|
||||||
+ anyerr = 1;
|
|
||||||
+ }
|
|
||||||
+ return anyerr;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
|
|
||||||
/* Run self-tests for all required public key algorithms. Return 0 on
|
|
||||||
success. */
|
|
||||||
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
|
|
||||||
if (run_mac_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
+ if (run_kdf_selftests (extended))
|
|
||||||
+ goto leave;
|
|
||||||
+
|
|
||||||
/* Run random tests before the pubkey tests because the latter
|
|
||||||
require random. */
|
|
||||||
if (run_random_selftests ())
|
|
File diff suppressed because it is too large
Load Diff
@ -1,274 +0,0 @@
|
|||||||
diff --git a/cipher/crc-ppc.c b/cipher/crc-ppc.c
|
|
||||||
index 4d7f0add..b9a40130 100644
|
|
||||||
--- a/cipher/crc-ppc.c
|
|
||||||
+++ b/cipher/crc-ppc.c
|
|
||||||
@@ -154,26 +154,63 @@ static const vector16x_u8 bswap_const ALIGNED_64 =
|
|
||||||
#ifdef WORDS_BIGENDIAN
|
|
||||||
# define CRC_VEC_U64_DEF(lo, hi) { (hi), (lo) }
|
|
||||||
# define CRC_VEC_U64_LOAD(offs, ptr) \
|
|
||||||
- asm_swap_u64(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
|
|
||||||
+ asm_swap_u64(asm_vec_u64_load(offs, ptr))
|
|
||||||
# define CRC_VEC_U64_LOAD_LE(offs, ptr) \
|
|
||||||
- CRC_VEC_SWAP(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
|
|
||||||
+ CRC_VEC_SWAP(asm_vec_u64_load(offs, ptr))
|
|
||||||
# define CRC_VEC_U64_LOAD_BE(offs, ptr) \
|
|
||||||
- vec_vsx_ld((offs), (const unsigned long long *)(ptr))
|
|
||||||
+ asm_vec_u64_load(offs, ptr)
|
|
||||||
# define CRC_VEC_SWAP_TO_LE(v) CRC_VEC_SWAP(v)
|
|
||||||
# define CRC_VEC_SWAP_TO_BE(v) (v)
|
|
||||||
# define VEC_U64_LO 1
|
|
||||||
# define VEC_U64_HI 0
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+asm_vec_u64_load(unsigned long offset, const void *ptr)
|
|
||||||
+{
|
|
||||||
+ vector2x_u64 vecu64;
|
|
||||||
+#if __GNUC__ >= 4
|
|
||||||
+ if (__builtin_constant_p (offset) && offset == 0)
|
|
||||||
+ __asm__ volatile ("lxvd2x %x0,0,%1\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory");
|
|
||||||
+ else
|
|
||||||
+#endif
|
|
||||||
+ __asm__ volatile ("lxvd2x %x0,%1,%2\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" (offset), "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory", "r0");
|
|
||||||
+ return vecu64;
|
|
||||||
+}
|
|
||||||
#else
|
|
||||||
# define CRC_VEC_U64_DEF(lo, hi) { (lo), (hi) }
|
|
||||||
-# define CRC_VEC_U64_LOAD(offs, ptr) \
|
|
||||||
- vec_vsx_ld((offs), (const unsigned long long *)(ptr))
|
|
||||||
-# define CRC_VEC_U64_LOAD_LE(offs, ptr) CRC_VEC_U64_LOAD((offs), (ptr))
|
|
||||||
+# define CRC_VEC_U64_LOAD(offs, ptr) asm_vec_u64_load_le(offs, ptr)
|
|
||||||
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) asm_vec_u64_load_le(offs, ptr)
|
|
||||||
# define CRC_VEC_U64_LOAD_BE(offs, ptr) asm_vec_u64_load_be(offs, ptr)
|
|
||||||
# define CRC_VEC_SWAP_TO_LE(v) (v)
|
|
||||||
# define CRC_VEC_SWAP_TO_BE(v) CRC_VEC_SWAP(v)
|
|
||||||
# define VEC_U64_LO 0
|
|
||||||
# define VEC_U64_HI 1
|
|
||||||
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+asm_vec_u64_load_le(unsigned long offset, const void *ptr)
|
|
||||||
+{
|
|
||||||
+ vector2x_u64 vecu64;
|
|
||||||
+#if __GNUC__ >= 4
|
|
||||||
+ if (__builtin_constant_p (offset) && offset == 0)
|
|
||||||
+ __asm__ volatile ("lxvd2x %x0,0,%1\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory");
|
|
||||||
+ else
|
|
||||||
+#endif
|
|
||||||
+ __asm__ volatile ("lxvd2x %x0,%1,%2\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" (offset), "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory", "r0");
|
|
||||||
+ return asm_swap_u64(vecu64);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
asm_vec_u64_load_be(unsigned int offset, const void *ptr)
|
|
||||||
{
|
|
||||||
diff --git a/cipher/sha512-ppc.c b/cipher/sha512-ppc.c
|
|
||||||
index a758e1ea..31ea25bf 100644
|
|
||||||
--- a/cipher/sha512-ppc.c
|
|
||||||
+++ b/cipher/sha512-ppc.c
|
|
||||||
@@ -115,14 +115,62 @@ vec_merge_idx0_elems(vector2x_u64 v0, vector2x_u64 v1)
|
|
||||||
static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
vec_vshasigma_u64(vector2x_u64 v, unsigned int a, unsigned int b)
|
|
||||||
{
|
|
||||||
- asm ("vshasigmad %0,%1,%2,%3"
|
|
||||||
- : "=v" (v)
|
|
||||||
- : "v" (v), "g" (a), "g" (b)
|
|
||||||
- : "memory");
|
|
||||||
+ __asm__ ("vshasigmad %0,%1,%2,%3"
|
|
||||||
+ : "=v" (v)
|
|
||||||
+ : "v" (v), "g" (a), "g" (b)
|
|
||||||
+ : "memory");
|
|
||||||
return v;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+vec_u64_load(unsigned long offset, const void *ptr)
|
|
||||||
+{
|
|
||||||
+ vector2x_u64 vecu64;
|
|
||||||
+#if __GNUC__ >= 4
|
|
||||||
+ if (__builtin_constant_p (offset) && offset == 0)
|
|
||||||
+ __asm__ ("lxvd2x %x0,0,%1\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory");
|
|
||||||
+ else
|
|
||||||
+#endif
|
|
||||||
+ __asm__ ("lxvd2x %x0,%1,%2\n\t"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "r" (offset), "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory", "r0");
|
|
||||||
+#ifndef WORDS_BIGENDIAN
|
|
||||||
+ __asm__ ("xxswapd %x0, %x1"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "wa" (vecu64));
|
|
||||||
+#endif
|
|
||||||
+ return vecu64;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE void
|
|
||||||
+vec_u64_store(vector2x_u64 vecu64, unsigned long offset, void *ptr)
|
|
||||||
+{
|
|
||||||
+#ifndef WORDS_BIGENDIAN
|
|
||||||
+ __asm__ ("xxswapd %x0, %x1"
|
|
||||||
+ : "=wa" (vecu64)
|
|
||||||
+ : "wa" (vecu64));
|
|
||||||
+#endif
|
|
||||||
+#if __GNUC__ >= 4
|
|
||||||
+ if (__builtin_constant_p (offset) && offset == 0)
|
|
||||||
+ __asm__ ("stxvd2x %x0,0,%1\n\t"
|
|
||||||
+ :
|
|
||||||
+ : "wa" (vecu64), "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory");
|
|
||||||
+ else
|
|
||||||
+#endif
|
|
||||||
+ __asm__ ("stxvd2x %x0,%1,%2\n\t"
|
|
||||||
+ :
|
|
||||||
+ : "wa" (vecu64), "r" (offset), "r" ((uintptr_t)ptr)
|
|
||||||
+ : "memory", "r0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/* SHA2 round in vector registers */
|
|
||||||
#define R(a,b,c,d,e,f,g,h,k,w) do \
|
|
||||||
{ \
|
|
||||||
@@ -168,13 +216,13 @@ _gcry_sha512_transform_ppc8(u64 state[8],
|
|
||||||
vector2x_u64 a, b, c, d, e, f, g, h, t1, t2;
|
|
||||||
u64 w[16];
|
|
||||||
|
|
||||||
- h0 = vec_vsx_ld (8 * 0, (unsigned long long *)state);
|
|
||||||
+ h0 = vec_u64_load (8 * 0, (unsigned long long *)state);
|
|
||||||
h1 = vec_rol_elems (h0, 1);
|
|
||||||
- h2 = vec_vsx_ld (8 * 2, (unsigned long long *)state);
|
|
||||||
+ h2 = vec_u64_load (8 * 2, (unsigned long long *)state);
|
|
||||||
h3 = vec_rol_elems (h2, 1);
|
|
||||||
- h4 = vec_vsx_ld (8 * 4, (unsigned long long *)state);
|
|
||||||
+ h4 = vec_u64_load (8 * 4, (unsigned long long *)state);
|
|
||||||
h5 = vec_rol_elems (h4, 1);
|
|
||||||
- h6 = vec_vsx_ld (8 * 6, (unsigned long long *)state);
|
|
||||||
+ h6 = vec_u64_load (8 * 6, (unsigned long long *)state);
|
|
||||||
h7 = vec_rol_elems (h6, 1);
|
|
||||||
|
|
||||||
while (nblks >= 2)
|
|
||||||
@@ -514,10 +562,10 @@ _gcry_sha512_transform_ppc8(u64 state[8],
|
|
||||||
h2 = vec_merge_idx0_elems (h2, h3);
|
|
||||||
h4 = vec_merge_idx0_elems (h4, h5);
|
|
||||||
h6 = vec_merge_idx0_elems (h6, h7);
|
|
||||||
- vec_vsx_st (h0, 8 * 0, (unsigned long long *)state);
|
|
||||||
- vec_vsx_st (h2, 8 * 2, (unsigned long long *)state);
|
|
||||||
- vec_vsx_st (h4, 8 * 4, (unsigned long long *)state);
|
|
||||||
- vec_vsx_st (h6, 8 * 6, (unsigned long long *)state);
|
|
||||||
+ vec_u64_store (h0, 8 * 0, (unsigned long long *)state);
|
|
||||||
+ vec_u64_store (h2, 8 * 2, (unsigned long long *)state);
|
|
||||||
+ vec_u64_store (h4, 8 * 4, (unsigned long long *)state);
|
|
||||||
+ vec_u64_store (h6, 8 * 6, (unsigned long long *)state);
|
|
||||||
|
|
||||||
return sizeof(w);
|
|
||||||
}
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index b6b6455a..be35ce42 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -1745,10 +1745,12 @@ AC_CACHE_CHECK([whether compiler supports PowerPC AltiVec/VSX intrinsics],
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
|
|
||||||
[[#include <altivec.h>
|
|
||||||
typedef vector unsigned char block;
|
|
||||||
+ typedef vector unsigned int vecu32;
|
|
||||||
block fn(block in)
|
|
||||||
{
|
|
||||||
block t = vec_perm (in, in, vec_vsx_ld (0, (unsigned char*)0));
|
|
||||||
- return vec_cipher_be (t, in);
|
|
||||||
+ vecu32 y = vec_vsx_ld (0, (unsigned int*)0);
|
|
||||||
+ return vec_cipher_be (t, in) ^ (block)y;
|
|
||||||
}
|
|
||||||
]])],
|
|
||||||
[gcry_cv_cc_ppc_altivec=yes])
|
|
||||||
@@ -1769,10 +1771,12 @@ if test "$gcry_cv_cc_ppc_altivec" = "no" &&
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
|
|
||||||
[[#include <altivec.h>
|
|
||||||
typedef vector unsigned char block;
|
|
||||||
+ typedef vector unsigned int vecu32;
|
|
||||||
block fn(block in)
|
|
||||||
{
|
|
||||||
block t = vec_perm (in, in, vec_vsx_ld (0, (unsigned char*)0));
|
|
||||||
- return vec_cipher_be (t, in);
|
|
||||||
+ vecu32 y = vec_vsx_ld (0, (unsigned int*)0);
|
|
||||||
+ return vec_cipher_be (t, in) ^ (block)y;
|
|
||||||
}]])],
|
|
||||||
[gcry_cv_cc_ppc_altivec_cflags=yes])])
|
|
||||||
if test "$gcry_cv_cc_ppc_altivec_cflags" = "yes" ; then
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 202ac888..fd447906 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -2562,13 +2562,13 @@ if test "$found" = "1" ; then
|
|
||||||
GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-intel-pclmul.lo"
|
|
||||||
;;
|
|
||||||
powerpc64le-*-*)
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc64-*-*)
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc-*-*)
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-ppc.lo"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
@@ -2635,17 +2635,17 @@ if test "$found" = "1" ; then
|
|
||||||
;;
|
|
||||||
powerpc64le-*-*)
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc64-*-*)
|
|
||||||
# Big-Endian.
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc-*-*)
|
|
||||||
# Big-Endian.
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha256-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ppc.lo"
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
@@ -2667,17 +2667,17 @@ if test "$found" = "1" ; then
|
|
||||||
;;
|
|
||||||
powerpc64le-*-*)
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc64-*-*)
|
|
||||||
# Big-Endian.
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
|
|
||||||
;;
|
|
||||||
powerpc-*-*)
|
|
||||||
# Big-Endian.
|
|
||||||
# Build with the crypto extension implementation
|
|
||||||
- GCRYPT_CIPHERS="$GCRYPT_CIPHERS sha512-ppc.lo"
|
|
||||||
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ppc.lo"
|
|
||||||
esac
|
|
||||||
|
|
||||||
if test x"$neonsupport" = xyes ; then
|
|
File diff suppressed because it is too large
Load Diff
@ -1,794 +0,0 @@
|
|||||||
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
|
|
||||||
index cb41c251..1728e9f9 100644
|
|
||||||
--- a/cipher/Makefile.am
|
|
||||||
+++ b/cipher/Makefile.am
|
|
||||||
@@ -67,7 +67,7 @@ cast5.c cast5-amd64.S cast5-arm.S \
|
|
||||||
chacha20.c chacha20-sse2-amd64.S chacha20-ssse3-amd64.S chacha20-avx2-amd64.S \
|
|
||||||
chacha20-armv7-neon.S \
|
|
||||||
crc.c \
|
|
||||||
- crc-intel-pclmul.c \
|
|
||||||
+ crc-intel-pclmul.c crc-ppc.c \
|
|
||||||
des.c des-amd64.S \
|
|
||||||
dsa.c \
|
|
||||||
elgamal.c \
|
|
||||||
@@ -159,3 +159,9 @@ sha512-ppc.o: $(srcdir)/sha512-ppc.c Makefile
|
|
||||||
|
|
||||||
sha512-ppc.lo: $(srcdir)/sha512-ppc.c Makefile
|
|
||||||
`echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< `
|
|
||||||
+
|
|
||||||
+crc-ppc.o: $(srcdir)/crc-ppc.c Makefile
|
|
||||||
+ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< `
|
|
||||||
+
|
|
||||||
+crc-ppc.lo: $(srcdir)/crc-ppc.c Makefile
|
|
||||||
+ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< `
|
|
||||||
diff --git a/cipher/crc-ppc.c b/cipher/crc-ppc.c
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..4d7f0add
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/cipher/crc-ppc.c
|
|
||||||
@@ -0,0 +1,619 @@
|
|
||||||
+/* crc-ppc.c - POWER8 vpmsum accelerated CRC implementation
|
|
||||||
+ * Copyright (C) 2019-2020 Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
+ *
|
|
||||||
+ * This file is part of Libgcrypt.
|
|
||||||
+ *
|
|
||||||
+ * Libgcrypt is free software; you can redistribute it and/or modify
|
|
||||||
+ * it under the terms of the GNU Lesser General Public License as
|
|
||||||
+ * published by the Free Software Foundation; either version 2.1 of
|
|
||||||
+ * the License, or (at your option) any later version.
|
|
||||||
+ *
|
|
||||||
+ * Libgcrypt is distributed in the hope that it will be useful,
|
|
||||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
+ * GNU Lesser General Public License for more details.
|
|
||||||
+ *
|
|
||||||
+ * You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ * License along with this program; if not, write to the Free Software
|
|
||||||
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
||||||
+ *
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <config.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#include <string.h>
|
|
||||||
+
|
|
||||||
+#include "g10lib.h"
|
|
||||||
+
|
|
||||||
+#include "bithelp.h"
|
|
||||||
+#include "bufhelp.h"
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#if defined(ENABLE_PPC_CRYPTO_SUPPORT) && \
|
|
||||||
+ defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \
|
|
||||||
+ defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC) && \
|
|
||||||
+ __GNUC__ >= 4
|
|
||||||
+
|
|
||||||
+#include <altivec.h>
|
|
||||||
+#include "bufhelp.h"
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#define ALWAYS_INLINE inline __attribute__((always_inline))
|
|
||||||
+#define NO_INLINE __attribute__((noinline))
|
|
||||||
+#define NO_INSTRUMENT_FUNCTION __attribute__((no_instrument_function))
|
|
||||||
+
|
|
||||||
+#define ASM_FUNC_ATTR NO_INSTRUMENT_FUNCTION
|
|
||||||
+#define ASM_FUNC_ATTR_INLINE ASM_FUNC_ATTR ALWAYS_INLINE
|
|
||||||
+#define ASM_FUNC_ATTR_NOINLINE ASM_FUNC_ATTR NO_INLINE
|
|
||||||
+
|
|
||||||
+#define ALIGNED_64 __attribute__ ((aligned (64)))
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+typedef vector unsigned char vector16x_u8;
|
|
||||||
+typedef vector unsigned int vector4x_u32;
|
|
||||||
+typedef vector unsigned long long vector2x_u64;
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Constants structure for generic reflected/non-reflected CRC32 PMULL
|
|
||||||
+ * functions. */
|
|
||||||
+struct crc32_consts_s
|
|
||||||
+{
|
|
||||||
+ /* k: { x^(32*17), x^(32*15), x^(32*5), x^(32*3), x^(32*2), 0 } mod P(x) */
|
|
||||||
+ unsigned long long k[6];
|
|
||||||
+ /* my_p: { floor(x^64 / P(x)), P(x) } */
|
|
||||||
+ unsigned long long my_p[2];
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+/* PMULL constants for CRC32 and CRC32RFC1510. */
|
|
||||||
+static const struct crc32_consts_s crc32_consts ALIGNED_64 =
|
|
||||||
+{
|
|
||||||
+ { /* k[6] = reverse_33bits( x^(32*y) mod P(x) ) */
|
|
||||||
+ U64_C(0x154442bd4), U64_C(0x1c6e41596), /* y = { 17, 15 } */
|
|
||||||
+ U64_C(0x1751997d0), U64_C(0x0ccaa009e), /* y = { 5, 3 } */
|
|
||||||
+ U64_C(0x163cd6124), 0 /* y = 2 */
|
|
||||||
+ },
|
|
||||||
+ { /* my_p[2] = reverse_33bits ( { floor(x^64 / P(x)), P(x) } ) */
|
|
||||||
+ U64_C(0x1f7011641), U64_C(0x1db710641)
|
|
||||||
+ }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+/* PMULL constants for CRC24RFC2440 (polynomial multiplied with x⁸). */
|
|
||||||
+static const struct crc32_consts_s crc24rfc2440_consts ALIGNED_64 =
|
|
||||||
+{
|
|
||||||
+ { /* k[6] = x^(32*y) mod P(x) << 32*/
|
|
||||||
+ U64_C(0x08289a00) << 32, U64_C(0x74b44a00) << 32, /* y = { 17, 15 } */
|
|
||||||
+ U64_C(0xc4b14d00) << 32, U64_C(0xfd7e0c00) << 32, /* y = { 5, 3 } */
|
|
||||||
+ U64_C(0xd9fe8c00) << 32, 0 /* y = 2 */
|
|
||||||
+ },
|
|
||||||
+ { /* my_p[2] = { floor(x^64 / P(x)), P(x) } */
|
|
||||||
+ U64_C(0x1f845fe24), U64_C(0x1864cfb00)
|
|
||||||
+ }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+asm_vpmsumd(vector2x_u64 a, vector2x_u64 b)
|
|
||||||
+{
|
|
||||||
+ __asm__("vpmsumd %0, %1, %2"
|
|
||||||
+ : "=v" (a)
|
|
||||||
+ : "v" (a), "v" (b));
|
|
||||||
+ return a;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+asm_swap_u64(vector2x_u64 a)
|
|
||||||
+{
|
|
||||||
+ __asm__("xxswapd %x0, %x1"
|
|
||||||
+ : "=wa" (a)
|
|
||||||
+ : "wa" (a));
|
|
||||||
+ return a;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector4x_u32
|
|
||||||
+vec_sld_u32(vector4x_u32 a, vector4x_u32 b, unsigned int idx)
|
|
||||||
+{
|
|
||||||
+ return vec_sld (a, b, (4 * idx) & 15);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static const byte crc32_partial_fold_input_mask[16 + 16] ALIGNED_64 =
|
|
||||||
+ {
|
|
||||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
||||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
||||||
+ };
|
|
||||||
+static const byte crc32_shuf_shift[3 * 16] ALIGNED_64 =
|
|
||||||
+ {
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
|
|
||||||
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ };
|
|
||||||
+static const byte crc32_refl_shuf_shift[3 * 16] ALIGNED_64 =
|
|
||||||
+ {
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
|
||||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
|
|
||||||
+ };
|
|
||||||
+static const vector16x_u8 bswap_const ALIGNED_64 =
|
|
||||||
+ { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#define CRC_VEC_SWAP(v) ({ vector2x_u64 __vecu64 = (v); \
|
|
||||||
+ vec_perm(__vecu64, __vecu64, bswap_const); })
|
|
||||||
+
|
|
||||||
+#ifdef WORDS_BIGENDIAN
|
|
||||||
+# define CRC_VEC_U64_DEF(lo, hi) { (hi), (lo) }
|
|
||||||
+# define CRC_VEC_U64_LOAD(offs, ptr) \
|
|
||||||
+ asm_swap_u64(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
|
|
||||||
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) \
|
|
||||||
+ CRC_VEC_SWAP(vec_vsx_ld((offs), (const unsigned long long *)(ptr)))
|
|
||||||
+# define CRC_VEC_U64_LOAD_BE(offs, ptr) \
|
|
||||||
+ vec_vsx_ld((offs), (const unsigned long long *)(ptr))
|
|
||||||
+# define CRC_VEC_SWAP_TO_LE(v) CRC_VEC_SWAP(v)
|
|
||||||
+# define CRC_VEC_SWAP_TO_BE(v) (v)
|
|
||||||
+# define VEC_U64_LO 1
|
|
||||||
+# define VEC_U64_HI 0
|
|
||||||
+#else
|
|
||||||
+# define CRC_VEC_U64_DEF(lo, hi) { (lo), (hi) }
|
|
||||||
+# define CRC_VEC_U64_LOAD(offs, ptr) \
|
|
||||||
+ vec_vsx_ld((offs), (const unsigned long long *)(ptr))
|
|
||||||
+# define CRC_VEC_U64_LOAD_LE(offs, ptr) CRC_VEC_U64_LOAD((offs), (ptr))
|
|
||||||
+# define CRC_VEC_U64_LOAD_BE(offs, ptr) asm_vec_u64_load_be(offs, ptr)
|
|
||||||
+# define CRC_VEC_SWAP_TO_LE(v) (v)
|
|
||||||
+# define CRC_VEC_SWAP_TO_BE(v) CRC_VEC_SWAP(v)
|
|
||||||
+# define VEC_U64_LO 0
|
|
||||||
+# define VEC_U64_HI 1
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE vector2x_u64
|
|
||||||
+asm_vec_u64_load_be(unsigned int offset, const void *ptr)
|
|
||||||
+{
|
|
||||||
+ static const vector16x_u8 vec_load_le_const =
|
|
||||||
+ { ~7, ~6, ~5, ~4, ~3, ~2, ~1, ~0, ~15, ~14, ~13, ~12, ~11, ~10, ~9, ~8 };
|
|
||||||
+ vector2x_u64 vecu64;
|
|
||||||
+
|
|
||||||
+#if __GNUC__ >= 4
|
|
||||||
+ if (__builtin_constant_p (offset) && offset == 0)
|
|
||||||
+ __asm__ ("lxvd2x %%vs32,0,%1\n\t"
|
|
||||||
+ "vperm %0,%%v0,%%v0,%2\n\t"
|
|
||||||
+ : "=v" (vecu64)
|
|
||||||
+ : "r" ((uintptr_t)(ptr)), "v" (vec_load_le_const)
|
|
||||||
+ : "memory", "v0");
|
|
||||||
+#endif
|
|
||||||
+ else
|
|
||||||
+ __asm__ ("lxvd2x %%vs32,%1,%2\n\t"
|
|
||||||
+ "vperm %0,%%v0,%%v0,%3\n\t"
|
|
||||||
+ : "=v" (vecu64)
|
|
||||||
+ : "r" (offset), "r" ((uintptr_t)(ptr)),
|
|
||||||
+ "v" (vec_load_le_const)
|
|
||||||
+ : "memory", "r0", "v0");
|
|
||||||
+
|
|
||||||
+ return vecu64;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE void
|
|
||||||
+crc32r_ppc8_ce_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ vector4x_u32 zero = { 0, 0, 0, 0 };
|
|
||||||
+ vector2x_u64 low_64bit_mask = CRC_VEC_U64_DEF((u64)-1, 0);
|
|
||||||
+ vector2x_u64 low_32bit_mask = CRC_VEC_U64_DEF((u32)-1, 0);
|
|
||||||
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
|
|
||||||
+ vector2x_u64 k1k2 = CRC_VEC_U64_LOAD(0, &consts->k[1 - 1]);
|
|
||||||
+ vector2x_u64 k3k4 = CRC_VEC_U64_LOAD(0, &consts->k[3 - 1]);
|
|
||||||
+ vector2x_u64 k4lo = CRC_VEC_U64_DEF(k3k4[VEC_U64_HI], 0);
|
|
||||||
+ vector2x_u64 k5lo = CRC_VEC_U64_LOAD(0, &consts->k[5 - 1]);
|
|
||||||
+ vector2x_u64 crc = CRC_VEC_U64_DEF(*pcrc, 0);
|
|
||||||
+ vector2x_u64 crc0, crc1, crc2, crc3;
|
|
||||||
+ vector2x_u64 v0;
|
|
||||||
+
|
|
||||||
+ if (inlen >= 8 * 16)
|
|
||||||
+ {
|
|
||||||
+ crc0 = CRC_VEC_U64_LOAD_LE(0 * 16, inbuf);
|
|
||||||
+ crc0 ^= crc;
|
|
||||||
+ crc1 = CRC_VEC_U64_LOAD_LE(1 * 16, inbuf);
|
|
||||||
+ crc2 = CRC_VEC_U64_LOAD_LE(2 * 16, inbuf);
|
|
||||||
+ crc3 = CRC_VEC_U64_LOAD_LE(3 * 16, inbuf);
|
|
||||||
+
|
|
||||||
+ inbuf += 4 * 16;
|
|
||||||
+ inlen -= 4 * 16;
|
|
||||||
+
|
|
||||||
+ /* Fold by 4. */
|
|
||||||
+ while (inlen >= 4 * 16)
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(0 * 16, inbuf);
|
|
||||||
+ crc0 = asm_vpmsumd(crc0, k1k2) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(1 * 16, inbuf);
|
|
||||||
+ crc1 = asm_vpmsumd(crc1, k1k2) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(2 * 16, inbuf);
|
|
||||||
+ crc2 = asm_vpmsumd(crc2, k1k2) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(3 * 16, inbuf);
|
|
||||||
+ crc3 = asm_vpmsumd(crc3, k1k2) ^ v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 4 * 16;
|
|
||||||
+ inlen -= 4 * 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Fold 4 to 1. */
|
|
||||||
+ crc1 ^= asm_vpmsumd(crc0, k3k4);
|
|
||||||
+ crc2 ^= asm_vpmsumd(crc1, k3k4);
|
|
||||||
+ crc3 ^= asm_vpmsumd(crc2, k3k4);
|
|
||||||
+ crc = crc3;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(0, inbuf);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 16;
|
|
||||||
+ inlen -= 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Fold by 1. */
|
|
||||||
+ while (inlen >= 16)
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(0, inbuf);
|
|
||||||
+ crc = asm_vpmsumd(k3k4, crc);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 16;
|
|
||||||
+ inlen -= 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Partial fold. */
|
|
||||||
+ if (inlen)
|
|
||||||
+ {
|
|
||||||
+ /* Load last input and add padding zeros. */
|
|
||||||
+ vector2x_u64 mask = CRC_VEC_U64_LOAD_LE(inlen, crc32_partial_fold_input_mask);
|
|
||||||
+ vector2x_u64 shl_shuf = CRC_VEC_U64_LOAD_LE(inlen, crc32_refl_shuf_shift);
|
|
||||||
+ vector2x_u64 shr_shuf = CRC_VEC_U64_LOAD_LE(inlen + 16, crc32_refl_shuf_shift);
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(inlen - 16, inbuf);
|
|
||||||
+ v0 &= mask;
|
|
||||||
+
|
|
||||||
+ crc = CRC_VEC_SWAP_TO_LE(crc);
|
|
||||||
+ v0 |= (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
|
|
||||||
+ (vector16x_u8)shr_shuf);
|
|
||||||
+ crc = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
|
|
||||||
+ (vector16x_u8)shl_shuf);
|
|
||||||
+ crc = asm_vpmsumd(k3k4, crc);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += inlen;
|
|
||||||
+ inlen -= inlen;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Final fold. */
|
|
||||||
+
|
|
||||||
+ /* reduce 128-bits to 96-bits */
|
|
||||||
+ v0 = asm_swap_u64(crc);
|
|
||||||
+ v0 &= low_64bit_mask;
|
|
||||||
+ crc = asm_vpmsumd(k4lo, crc);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ /* reduce 96-bits to 64-bits */
|
|
||||||
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
|
|
||||||
+ (vector4x_u32)crc, 3); /* [x0][x3][x2][x1] */
|
|
||||||
+ v0 &= low_64bit_mask; /* [00][00][x2][x1] */
|
|
||||||
+ crc = crc & low_32bit_mask; /* [00][00][00][x0] */
|
|
||||||
+ crc = v0 ^ asm_vpmsumd(k5lo, crc); /* [00][00][xx][xx] */
|
|
||||||
+
|
|
||||||
+ /* barrett reduction */
|
|
||||||
+ v0 = crc << 32; /* [00][00][x0][00] */
|
|
||||||
+ v0 = asm_vpmsumd(my_p, v0);
|
|
||||||
+ v0 = asm_swap_u64(v0);
|
|
||||||
+ v0 = asm_vpmsumd(my_p, v0);
|
|
||||||
+ crc = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
|
|
||||||
+ zero, 1); /* [00][x1][x0][00] */
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ *pcrc = (u32)crc[VEC_U64_HI];
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE u32
|
|
||||||
+crc32r_ppc8_ce_reduction_4 (u32 data, u32 crc,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ vector4x_u32 zero = { 0, 0, 0, 0 };
|
|
||||||
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
|
|
||||||
+ vector2x_u64 v0 = CRC_VEC_U64_DEF((u64)data, 0);
|
|
||||||
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
|
|
||||||
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)v0,
|
|
||||||
+ zero, 3); /* [x0][00][00][00] */
|
|
||||||
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)v0,
|
|
||||||
+ (vector4x_u32)v0, 3); /* [00][x0][00][00] */
|
|
||||||
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
|
|
||||||
+ return (v0[VEC_U64_LO] >> 32) ^ crc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE void
|
|
||||||
+crc32r_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ u32 crc = *pcrc;
|
|
||||||
+ u32 data;
|
|
||||||
+
|
|
||||||
+ while (inlen >= 4)
|
|
||||||
+ {
|
|
||||||
+ data = buf_get_le32(inbuf);
|
|
||||||
+ data ^= crc;
|
|
||||||
+
|
|
||||||
+ inlen -= 4;
|
|
||||||
+ inbuf += 4;
|
|
||||||
+
|
|
||||||
+ crc = crc32r_ppc8_ce_reduction_4 (data, 0, consts);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ switch (inlen)
|
|
||||||
+ {
|
|
||||||
+ case 0:
|
|
||||||
+ break;
|
|
||||||
+ case 1:
|
|
||||||
+ data = inbuf[0];
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data <<= 24;
|
|
||||||
+ crc >>= 8;
|
|
||||||
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ case 2:
|
|
||||||
+ data = inbuf[0] << 0;
|
|
||||||
+ data |= inbuf[1] << 8;
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data <<= 16;
|
|
||||||
+ crc >>= 16;
|
|
||||||
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ case 3:
|
|
||||||
+ data = inbuf[0] << 0;
|
|
||||||
+ data |= inbuf[1] << 8;
|
|
||||||
+ data |= inbuf[2] << 16;
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data <<= 8;
|
|
||||||
+ crc >>= 24;
|
|
||||||
+ crc = crc32r_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ *pcrc = crc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE void
|
|
||||||
+crc32_ppc8_ce_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ vector4x_u32 zero = { 0, 0, 0, 0 };
|
|
||||||
+ vector2x_u64 low_96bit_mask = CRC_VEC_U64_DEF(~0, ~((u64)(u32)-1 << 32));
|
|
||||||
+ vector2x_u64 p_my = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->my_p[0]));
|
|
||||||
+ vector2x_u64 p_my_lo, p_my_hi;
|
|
||||||
+ vector2x_u64 k2k1 = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->k[1 - 1]));
|
|
||||||
+ vector2x_u64 k4k3 = asm_swap_u64(CRC_VEC_U64_LOAD(0, &consts->k[3 - 1]));
|
|
||||||
+ vector2x_u64 k4hi = CRC_VEC_U64_DEF(0, consts->k[4 - 1]);
|
|
||||||
+ vector2x_u64 k5hi = CRC_VEC_U64_DEF(0, consts->k[5 - 1]);
|
|
||||||
+ vector2x_u64 crc = CRC_VEC_U64_DEF(0, _gcry_bswap64(*pcrc));
|
|
||||||
+ vector2x_u64 crc0, crc1, crc2, crc3;
|
|
||||||
+ vector2x_u64 v0;
|
|
||||||
+
|
|
||||||
+ if (inlen >= 8 * 16)
|
|
||||||
+ {
|
|
||||||
+ crc0 = CRC_VEC_U64_LOAD_BE(0 * 16, inbuf);
|
|
||||||
+ crc0 ^= crc;
|
|
||||||
+ crc1 = CRC_VEC_U64_LOAD_BE(1 * 16, inbuf);
|
|
||||||
+ crc2 = CRC_VEC_U64_LOAD_BE(2 * 16, inbuf);
|
|
||||||
+ crc3 = CRC_VEC_U64_LOAD_BE(3 * 16, inbuf);
|
|
||||||
+
|
|
||||||
+ inbuf += 4 * 16;
|
|
||||||
+ inlen -= 4 * 16;
|
|
||||||
+
|
|
||||||
+ /* Fold by 4. */
|
|
||||||
+ while (inlen >= 4 * 16)
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(0 * 16, inbuf);
|
|
||||||
+ crc0 = asm_vpmsumd(crc0, k2k1) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(1 * 16, inbuf);
|
|
||||||
+ crc1 = asm_vpmsumd(crc1, k2k1) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(2 * 16, inbuf);
|
|
||||||
+ crc2 = asm_vpmsumd(crc2, k2k1) ^ v0;
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(3 * 16, inbuf);
|
|
||||||
+ crc3 = asm_vpmsumd(crc3, k2k1) ^ v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 4 * 16;
|
|
||||||
+ inlen -= 4 * 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Fold 4 to 1. */
|
|
||||||
+ crc1 ^= asm_vpmsumd(crc0, k4k3);
|
|
||||||
+ crc2 ^= asm_vpmsumd(crc1, k4k3);
|
|
||||||
+ crc3 ^= asm_vpmsumd(crc2, k4k3);
|
|
||||||
+ crc = crc3;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(0, inbuf);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 16;
|
|
||||||
+ inlen -= 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Fold by 1. */
|
|
||||||
+ while (inlen >= 16)
|
|
||||||
+ {
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_BE(0, inbuf);
|
|
||||||
+ crc = asm_vpmsumd(k4k3, crc);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += 16;
|
|
||||||
+ inlen -= 16;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Partial fold. */
|
|
||||||
+ if (inlen)
|
|
||||||
+ {
|
|
||||||
+ /* Load last input and add padding zeros. */
|
|
||||||
+ vector2x_u64 mask = CRC_VEC_U64_LOAD_LE(inlen, crc32_partial_fold_input_mask);
|
|
||||||
+ vector2x_u64 shl_shuf = CRC_VEC_U64_LOAD_LE(32 - inlen, crc32_refl_shuf_shift);
|
|
||||||
+ vector2x_u64 shr_shuf = CRC_VEC_U64_LOAD_LE(inlen + 16, crc32_shuf_shift);
|
|
||||||
+
|
|
||||||
+ v0 = CRC_VEC_U64_LOAD_LE(inlen - 16, inbuf);
|
|
||||||
+ v0 &= mask;
|
|
||||||
+
|
|
||||||
+ crc = CRC_VEC_SWAP_TO_LE(crc);
|
|
||||||
+ crc2 = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
|
|
||||||
+ (vector16x_u8)shr_shuf);
|
|
||||||
+ v0 |= crc2;
|
|
||||||
+ v0 = CRC_VEC_SWAP(v0);
|
|
||||||
+ crc = (vector2x_u64)vec_perm((vector16x_u8)crc, (vector16x_u8)zero,
|
|
||||||
+ (vector16x_u8)shl_shuf);
|
|
||||||
+ crc = asm_vpmsumd(k4k3, crc);
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ inbuf += inlen;
|
|
||||||
+ inlen -= inlen;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Final fold. */
|
|
||||||
+
|
|
||||||
+ /* reduce 128-bits to 96-bits */
|
|
||||||
+ v0 = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
|
|
||||||
+ (vector4x_u32)zero, 2);
|
|
||||||
+ crc = asm_vpmsumd(k4hi, crc);
|
|
||||||
+ crc ^= v0; /* bottom 32-bit are zero */
|
|
||||||
+
|
|
||||||
+ /* reduce 96-bits to 64-bits */
|
|
||||||
+ v0 = crc & low_96bit_mask; /* [00][x2][x1][00] */
|
|
||||||
+ crc >>= 32; /* [00][x3][00][x0] */
|
|
||||||
+ crc = asm_vpmsumd(k5hi, crc); /* [00][xx][xx][00] */
|
|
||||||
+ crc ^= v0; /* top and bottom 32-bit are zero */
|
|
||||||
+
|
|
||||||
+ /* barrett reduction */
|
|
||||||
+ p_my_hi = p_my;
|
|
||||||
+ p_my_lo = p_my;
|
|
||||||
+ p_my_hi[VEC_U64_LO] = 0;
|
|
||||||
+ p_my_lo[VEC_U64_HI] = 0;
|
|
||||||
+ v0 = crc >> 32; /* [00][00][00][x1] */
|
|
||||||
+ crc = asm_vpmsumd(p_my_hi, crc); /* [00][xx][xx][xx] */
|
|
||||||
+ crc = (vector2x_u64)vec_sld_u32((vector4x_u32)crc,
|
|
||||||
+ (vector4x_u32)crc, 3); /* [x0][00][x2][x1] */
|
|
||||||
+ crc = asm_vpmsumd(p_my_lo, crc); /* [00][xx][xx][xx] */
|
|
||||||
+ crc ^= v0;
|
|
||||||
+
|
|
||||||
+ *pcrc = _gcry_bswap32(crc[VEC_U64_LO]);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE u32
|
|
||||||
+crc32_ppc8_ce_reduction_4 (u32 data, u32 crc,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ vector2x_u64 my_p = CRC_VEC_U64_LOAD(0, &consts->my_p[0]);
|
|
||||||
+ vector2x_u64 v0 = CRC_VEC_U64_DEF((u64)data << 32, 0);
|
|
||||||
+ v0 = asm_vpmsumd(v0, my_p); /* [00][x1][x0][00] */
|
|
||||||
+ v0[VEC_U64_LO] = 0; /* [00][x1][00][00] */
|
|
||||||
+ v0 = asm_vpmsumd(v0, my_p); /* [00][00][xx][xx] */
|
|
||||||
+ return _gcry_bswap32(v0[VEC_U64_LO]) ^ crc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static ASM_FUNC_ATTR_INLINE void
|
|
||||||
+crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
|
|
||||||
+ const struct crc32_consts_s *consts)
|
|
||||||
+{
|
|
||||||
+ u32 crc = *pcrc;
|
|
||||||
+ u32 data;
|
|
||||||
+
|
|
||||||
+ while (inlen >= 4)
|
|
||||||
+ {
|
|
||||||
+ data = buf_get_le32(inbuf);
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data = _gcry_bswap32(data);
|
|
||||||
+
|
|
||||||
+ inlen -= 4;
|
|
||||||
+ inbuf += 4;
|
|
||||||
+
|
|
||||||
+ crc = crc32_ppc8_ce_reduction_4 (data, 0, consts);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ switch (inlen)
|
|
||||||
+ {
|
|
||||||
+ case 0:
|
|
||||||
+ break;
|
|
||||||
+ case 1:
|
|
||||||
+ data = inbuf[0];
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data = data & 0xffU;
|
|
||||||
+ crc = crc >> 8;
|
|
||||||
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ case 2:
|
|
||||||
+ data = inbuf[0] << 0;
|
|
||||||
+ data |= inbuf[1] << 8;
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data = _gcry_bswap32(data << 16);
|
|
||||||
+ crc = crc >> 16;
|
|
||||||
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ case 3:
|
|
||||||
+ data = inbuf[0] << 0;
|
|
||||||
+ data |= inbuf[1] << 8;
|
|
||||||
+ data |= inbuf[2] << 16;
|
|
||||||
+ data ^= crc;
|
|
||||||
+ data = _gcry_bswap32(data << 8);
|
|
||||||
+ crc = crc >> 24;
|
|
||||||
+ crc = crc32_ppc8_ce_reduction_4 (data, crc, consts);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ *pcrc = crc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void ASM_FUNC_ATTR
|
|
||||||
+_gcry_crc32_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen)
|
|
||||||
+{
|
|
||||||
+ const struct crc32_consts_s *consts = &crc32_consts;
|
|
||||||
+
|
|
||||||
+ if (!inlen)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (inlen >= 16)
|
|
||||||
+ crc32r_ppc8_ce_bulk (pcrc, inbuf, inlen, consts);
|
|
||||||
+ else
|
|
||||||
+ crc32r_less_than_16 (pcrc, inbuf, inlen, consts);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void ASM_FUNC_ATTR
|
|
||||||
+_gcry_crc24rfc2440_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen)
|
|
||||||
+{
|
|
||||||
+ const struct crc32_consts_s *consts = &crc24rfc2440_consts;
|
|
||||||
+
|
|
||||||
+ if (!inlen)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ /* Note: *pcrc in input endian. */
|
|
||||||
+
|
|
||||||
+ if (inlen >= 16)
|
|
||||||
+ crc32_ppc8_ce_bulk (pcrc, inbuf, inlen, consts);
|
|
||||||
+ else
|
|
||||||
+ crc32_less_than_16 (pcrc, inbuf, inlen, consts);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
diff --git a/cipher/crc.c b/cipher/crc.c
|
|
||||||
index a1ce50b6..bbb159ce 100644
|
|
||||||
--- a/cipher/crc.c
|
|
||||||
+++ b/cipher/crc.c
|
|
||||||
@@ -43,11 +43,27 @@
|
|
||||||
#endif /* USE_INTEL_PCLMUL */
|
|
||||||
|
|
||||||
|
|
||||||
+/* USE_PPC_VPMSUM indicates whether to enable PowerPC vector
|
|
||||||
+ * accelerated code. */
|
|
||||||
+#undef USE_PPC_VPMSUM
|
|
||||||
+#ifdef ENABLE_PPC_CRYPTO_SUPPORT
|
|
||||||
+# if defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \
|
|
||||||
+ defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC)
|
|
||||||
+# if __GNUC__ >= 4
|
|
||||||
+# define USE_PPC_VPMSUM 1
|
|
||||||
+# endif
|
|
||||||
+# endif
|
|
||||||
+#endif /* USE_PPC_VPMSUM */
|
|
||||||
+
|
|
||||||
+
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
u32 CRC;
|
|
||||||
#ifdef USE_INTEL_PCLMUL
|
|
||||||
unsigned int use_pclmul:1; /* Intel PCLMUL shall be used. */
|
|
||||||
+#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ unsigned int use_vpmsum:1; /* POWER vpmsum shall be used. */
|
|
||||||
#endif
|
|
||||||
byte buf[4];
|
|
||||||
}
|
|
||||||
@@ -61,6 +77,20 @@ void _gcry_crc24rfc2440_intel_pclmul (u32 *pcrc, const byte *inbuf,
|
|
||||||
size_t inlen);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef USE_ARM_PMULL
|
|
||||||
+/*-- crc-armv8-ce.c --*/
|
|
||||||
+void _gcry_crc32_armv8_ce_pmull (u32 *pcrc, const byte *inbuf, size_t inlen);
|
|
||||||
+void _gcry_crc24rfc2440_armv8_ce_pmull (u32 *pcrc, const byte *inbuf,
|
|
||||||
+ size_t inlen);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+/*-- crc-ppc.c --*/
|
|
||||||
+void _gcry_crc32_ppc8_vpmsum (u32 *pcrc, const byte *inbuf, size_t inlen);
|
|
||||||
+void _gcry_crc24rfc2440_ppc8_vpmsum (u32 *pcrc, const byte *inbuf,
|
|
||||||
+ size_t inlen);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Code generated by universal_crc by Danjel McGougan
|
|
||||||
@@ -361,11 +391,13 @@ static void
|
|
||||||
crc32_init (void *context, unsigned int flags)
|
|
||||||
{
|
|
||||||
CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
|
|
||||||
-#ifdef USE_INTEL_PCLMUL
|
|
||||||
u32 hwf = _gcry_get_hw_features ();
|
|
||||||
-
|
|
||||||
+#ifdef USE_INTEL_PCLMUL
|
|
||||||
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
|
|
||||||
#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
(void)flags;
|
|
||||||
|
|
||||||
@@ -386,6 +418,13 @@ crc32_write (void *context, const void *inbuf_arg, size_t inlen)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ if (ctx->use_vpmsum)
|
|
||||||
+ {
|
|
||||||
+ _gcry_crc32_ppc8_vpmsum(&ctx->CRC, inbuf, inlen);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (!inbuf || !inlen)
|
|
||||||
return;
|
|
||||||
@@ -444,6 +483,10 @@ crc32rfc1510_init (void *context, unsigned int flags)
|
|
||||||
|
|
||||||
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
|
|
||||||
#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ u32 hwf = _gcry_get_hw_features ();
|
|
||||||
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
(void)flags;
|
|
||||||
|
|
||||||
@@ -774,6 +817,10 @@ crc24rfc2440_init (void *context, unsigned int flags)
|
|
||||||
|
|
||||||
ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL);
|
|
||||||
#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ u32 hwf = _gcry_get_hw_features ();
|
|
||||||
+ ctx->use_vpmsum = !!(hwf & HWF_PPC_ARCH_2_07);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
(void)flags;
|
|
||||||
|
|
||||||
@@ -794,6 +841,13 @@ crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+#ifdef USE_PPC_VPMSUM
|
|
||||||
+ if (ctx->use_vpmsum)
|
|
||||||
+ {
|
|
||||||
+ _gcry_crc24rfc2440_ppc8_vpmsum(&ctx->CRC, inbuf, inlen);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (!inbuf || !inlen)
|
|
||||||
return;
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 953a20e9..b6b6455a 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -1916,6 +1916,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports PowerPC AltiVec/VSX/crypto
|
|
||||||
"vadduwm %v0, %v1, %v22;\n"
|
|
||||||
"vshasigmaw %v0, %v1, 0, 15;\n"
|
|
||||||
"vshasigmad %v0, %v1, 0, 15;\n"
|
|
||||||
+ "vpmsumd %v11, %v11, %v11;\n"
|
|
||||||
);
|
|
||||||
]])],
|
|
||||||
[gcry_cv_gcc_inline_asm_ppc_altivec=yes])
|
|
||||||
@@ -2556,6 +2557,15 @@ if test "$found" = "1" ; then
|
|
||||||
# Build with the assembly implementation
|
|
||||||
GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-intel-pclmul.lo"
|
|
||||||
;;
|
|
||||||
+ powerpc64le-*-*)
|
|
||||||
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ ;;
|
|
||||||
+ powerpc64-*-*)
|
|
||||||
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ ;;
|
|
||||||
+ powerpc-*-*)
|
|
||||||
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS crc-ppc.lo"
|
|
||||||
+ ;;
|
|
||||||
esac
|
|
||||||
fi
|
|
File diff suppressed because it is too large
Load Diff
@ -1,89 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
|
|
||||||
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
|
|
||||||
@@ -581,23 +581,50 @@ run_random_selftests (void)
|
|
||||||
return !!err;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef ENABLE_HMAC_BINARY_CHECK
|
|
||||||
+static int
|
|
||||||
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
|
|
||||||
+{
|
|
||||||
+ Dl_info info;
|
|
||||||
+ void *dl, *sym;
|
|
||||||
+ int rv = -1;
|
|
||||||
+
|
|
||||||
+ dl = dlopen(libname, RTLD_LAZY);
|
|
||||||
+ if (dl == NULL) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ sym = dlsym(dl, symbolname);
|
|
||||||
+
|
|
||||||
+ if (sym != NULL && dladdr(sym, &info)) {
|
|
||||||
+ strncpy(path, info.dli_fname, pathlen-1);
|
|
||||||
+ path[pathlen-1] = '\0';
|
|
||||||
+ rv = 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ dlclose(dl);
|
|
||||||
+
|
|
||||||
+ return rv;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* Run an integrity check on the binary. Returns 0 on success. */
|
|
||||||
static int
|
|
||||||
check_binary_integrity (void)
|
|
||||||
{
|
|
||||||
#ifdef ENABLE_HMAC_BINARY_CHECK
|
|
||||||
gpg_error_t err;
|
|
||||||
- Dl_info info;
|
|
||||||
+ char libpath[4096];
|
|
||||||
unsigned char digest[32];
|
|
||||||
int dlen;
|
|
||||||
char *fname = NULL;
|
|
||||||
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
|
|
||||||
-
|
|
||||||
- if (!dladdr ("gcry_check_version", &info))
|
|
||||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
|
||||||
+
|
|
||||||
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
|
|
||||||
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
|
|
||||||
key, strlen (key));
|
|
||||||
if (dlen < 0)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
@@ -605,7 +632,7 @@ check_binary_integrity (void)
|
|
||||||
err = gpg_error (GPG_ERR_INTERNAL);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
|
||||||
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
|
|
||||||
if (!fname)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
@@ -614,7 +641,7 @@ check_binary_integrity (void)
|
|
||||||
char *p;
|
|
||||||
|
|
||||||
/* Prefix the basename with a dot. */
|
|
||||||
- strcpy (fname, info.dli_fname);
|
|
||||||
+ strcpy (fname, libpath);
|
|
||||||
p = strrchr (fname, '/');
|
|
||||||
if (p)
|
|
||||||
p++;
|
|
||||||
diff -up libgcrypt-1.8.5/src/Makefile.am.use-fipscheck libgcrypt-1.8.5/src/Makefile.am
|
|
||||||
--- libgcrypt-1.8.5/src/Makefile.am.use-fipscheck 2020-04-23 10:18:36.237764702 +0200
|
|
||||||
+++ libgcrypt-1.8.5/src/Makefile.am 2020-04-23 10:19:03.186247455 +0200
|
|
||||||
@@ -125,7 +125,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
|
||||||
../cipher/libcipher.la \
|
|
||||||
../random/librandom.la \
|
|
||||||
../mpi/libmpi.la \
|
|
||||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
|
||||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
|
||||||
|
|
||||||
|
|
||||||
dumpsexp_SOURCES = dumpsexp.c
|
|
@ -1,100 +0,0 @@
|
|||||||
commit 3462280f2e23e16adf3ed5176e0f2413d8861320
|
|
||||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
Date: Fri May 21 11:15:07 2021 +0900
|
|
||||||
|
|
||||||
cipher: Fix ElGamal encryption for other implementations.
|
|
||||||
|
|
||||||
* cipher/elgamal.c (gen_k): Remove support of smaller K.
|
|
||||||
(do_encrypt): Never use smaller K.
|
|
||||||
(sign): Folllow the change of gen_k.
|
|
||||||
|
|
||||||
--
|
|
||||||
|
|
||||||
Cherry-pick master commit of:
|
|
||||||
632d80ef30e13de6926d503aa697f92b5dbfbc5e
|
|
||||||
|
|
||||||
This change basically reverts encryption changes in two commits:
|
|
||||||
|
|
||||||
74386120dad6b3da62db37f7044267c8ef34689b
|
|
||||||
78531373a342aeb847950f404343a05e36022065
|
|
||||||
|
|
||||||
Use of smaller K for ephemeral key in ElGamal encryption is only good,
|
|
||||||
when we can guarantee that recipient's key is generated by our
|
|
||||||
implementation (or compatible).
|
|
||||||
|
|
||||||
For detail, please see:
|
|
||||||
|
|
||||||
Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
|
|
||||||
"On the (in)security of ElGamal in OpenPGP";
|
|
||||||
in the proceedings of CCS'2021.
|
|
||||||
|
|
||||||
CVE-id: CVE-2021-33560
|
|
||||||
GnuPG-bug-id: 5328
|
|
||||||
Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
|
|
||||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
|
|
||||||
index 9835122f..eead4502 100644
|
|
||||||
--- a/cipher/elgamal.c
|
|
||||||
+++ b/cipher/elgamal.c
|
|
||||||
@@ -66,7 +66,7 @@ static const char *elg_names[] =
|
|
||||||
|
|
||||||
|
|
||||||
static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
|
|
||||||
-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
|
|
||||||
+static gcry_mpi_t gen_k (gcry_mpi_t p);
|
|
||||||
static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
|
|
||||||
gcry_mpi_t **factors);
|
|
||||||
static int check_secret_key (ELG_secret_key *sk);
|
|
||||||
@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
|
|
||||||
|
|
||||||
/****************
|
|
||||||
* Generate a random secret exponent k from prime p, so that k is
|
|
||||||
- * relatively prime to p-1. With SMALL_K set, k will be selected for
|
|
||||||
- * better encryption performance - this must never be used signing!
|
|
||||||
+ * relatively prime to p-1.
|
|
||||||
*/
|
|
||||||
static gcry_mpi_t
|
|
||||||
-gen_k( gcry_mpi_t p, int small_k )
|
|
||||||
+gen_k( gcry_mpi_t p )
|
|
||||||
{
|
|
||||||
gcry_mpi_t k = mpi_alloc_secure( 0 );
|
|
||||||
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
|
|
||||||
@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
|
|
||||||
unsigned int nbits, nbytes;
|
|
||||||
char *rndbuf = NULL;
|
|
||||||
|
|
||||||
- if (small_k)
|
|
||||||
- {
|
|
||||||
- /* Using a k much lesser than p is sufficient for encryption and
|
|
||||||
- * it greatly improves the encryption performance. We use
|
|
||||||
- * Wiener's table and add a large safety margin. */
|
|
||||||
- nbits = wiener_map( orig_nbits ) * 3 / 2;
|
|
||||||
- if( nbits >= orig_nbits )
|
|
||||||
- BUG();
|
|
||||||
- }
|
|
||||||
- else
|
|
||||||
- nbits = orig_nbits;
|
|
||||||
-
|
|
||||||
+ nbits = orig_nbits;
|
|
||||||
|
|
||||||
nbytes = (nbits+7)/8;
|
|
||||||
if( DBG_CIPHER )
|
|
||||||
@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
|
|
||||||
* error code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
- k = gen_k( pkey->p, 1 );
|
|
||||||
+ k = gen_k( pkey->p );
|
|
||||||
mpi_powm (a, pkey->g, k, pkey->p);
|
|
||||||
|
|
||||||
/* b = (y^k * input) mod p
|
|
||||||
@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
mpi_sub_ui(p_1, p_1, 1);
|
|
||||||
- k = gen_k( skey->p, 0 /* no small K ! */ );
|
|
||||||
+ k = gen_k( skey->p );
|
|
||||||
mpi_powm( a, skey->g, k, skey->p );
|
|
||||||
mpi_mul(t, skey->x, a );
|
|
||||||
mpi_subm(t, input, t, p_1 );
|
|
@ -1,4 +0,0 @@
|
|||||||
# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/
|
|
||||||
only-urandom
|
|
||||||
# Keep jitter entropy generator enabled (should do no harm)
|
|
||||||
#disable-jent
|
|
File diff suppressed because it is too large
Load Diff
@ -1,76 +1,97 @@
|
|||||||
Name: libgcrypt
|
# This is taken from gnutls.spec
|
||||||
Version: 1.8.5
|
%define srpmhash() %{lua:
|
||||||
Release: 7%{?dist}
|
local files = rpm.expand("%_specdir/libgcrypt.spec")
|
||||||
URL: http://www.gnupg.org/
|
for i, p in ipairs(patches) do
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
files = files.." "..p
|
||||||
# The original libgcrypt sources now contain potentially patented ECC
|
end
|
||||||
# cipher support. We have to remove it in the tarball we ship with
|
for i, p in ipairs(sources) do
|
||||||
# the hobble-libgcrypt script.
|
files = files.." "..p
|
||||||
# (We replace it with RH approved ECC in Source4-5)
|
end
|
||||||
#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2
|
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
|
||||||
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig
|
local hash = sha256sum:read("*a")
|
||||||
Source2: wk@g10code.com
|
sha256sum:close()
|
||||||
Source3: hobble-libgcrypt
|
print(string.sub(hash, 0, 16))
|
||||||
# Approved ECC support
|
}
|
||||||
Source4: ecc-curves.c
|
|
||||||
Source5: curves.c
|
|
||||||
Source6: t-mpi-point.c
|
|
||||||
Source7: random.conf
|
|
||||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
|
||||||
# update on soname bump
|
|
||||||
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
|
|
||||||
# modify FIPS RSA and DSA keygen to comply with requirements
|
|
||||||
Patch5: libgcrypt-1.8.4-fips-keygen.patch
|
|
||||||
# fix the tests to work correctly in the FIPS mode
|
|
||||||
Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
|
|
||||||
# update the CAVS tests
|
|
||||||
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
|
||||||
# use poll instead of select when gathering randomness
|
|
||||||
Patch11: libgcrypt-1.8.4-use-poll.patch
|
|
||||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
|
||||||
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
|
||||||
# fix tests to work with approved ECC
|
|
||||||
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
|
|
||||||
# Run the FIPS mode initialization in the shared library constructor
|
|
||||||
Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
|
||||||
# Block some operations if in FIPS non-operational state
|
|
||||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
|
||||||
# Do not try to open /dev/urandom if getrandom() works
|
|
||||||
Patch24: libgcrypt-1.8.5-getrandom.patch
|
|
||||||
# CMAC selftest for FIPS POST
|
|
||||||
Patch25: libgcrypt-1.8.3-cmac-selftest.patch
|
|
||||||
# Continuous FIPS entropy test
|
|
||||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
|
||||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
|
||||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
|
||||||
# Intel CET support, in upstream master
|
|
||||||
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
|
||||||
# Fix build on ARMv7
|
|
||||||
Patch29: libgcrypt-1.8.5-build.patch
|
|
||||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
|
||||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
|
||||||
# Backported AES performance improvements
|
|
||||||
Patch31: libgcrypt-1.8.5-aes-perf.patch
|
|
||||||
# FIPS selftest for PBKDF2
|
|
||||||
Patch32: libgcrypt-1.8.5-kdf-selftest.patch
|
|
||||||
# ppc64 performance for SHA2 (#1855231)
|
|
||||||
Patch33: libgcrypt-1.8.5-ppc-sha2.patch
|
|
||||||
# ppc64 performance for CRC32 (#1855231)
|
|
||||||
Patch34: libgcrypt-1.8.5-ppc-crc32.patch
|
|
||||||
# ppc64 bugfixes (#1855231)
|
|
||||||
Patch35: libgcrypt-1.8.5-ppc-bugfix.patch
|
|
||||||
# ppc64 performance AES-GCM (#1855231)
|
|
||||||
Patch36: libgcrypt-1.8.5-ppc-aes-gcm.patch
|
|
||||||
# Fix elgamal cross-configuration (CVE-2021-40528)
|
|
||||||
Patch37: libgcrypt-1.9.3-CVE-2021-40528.patch
|
|
||||||
# We can use HW optimizations in FIPS (#1976137)
|
|
||||||
Patch38: libgcrypt-1.8.5-fips-hwfeatures.patch
|
|
||||||
# ppc64 performance chacha20 and poly1305 (#1855231)
|
|
||||||
Patch39: libgcrypt-1.8.5-ppc-chacha20-poly1305.patch
|
|
||||||
# Fix CVE-2021-33560 (elgamal blinding)
|
|
||||||
Patch40: libgcrypt-1.8.5-elgamal-blinding.patch
|
|
||||||
|
|
||||||
%define gcrylibdir %{_libdir}
|
|
||||||
|
Name: libgcrypt
|
||||||
|
Version: 1.10.0
|
||||||
|
Release: 11%{?dist}
|
||||||
|
URL: https://www.gnupg.org/
|
||||||
|
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
|
||||||
|
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
||||||
|
Source2: wk@g10code.com
|
||||||
|
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
|
||||||
|
Patch3: libgcrypt-1.10.0-ppc-hwf.patch
|
||||||
|
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
|
||||||
|
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
|
||||||
|
Patch6: libgcrypt-1.10.0-fips-getrandom.patch
|
||||||
|
# https://dev.gnupg.org/T6127
|
||||||
|
# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
|
||||||
|
Patch7: libgcrypt-1.10.0-fips-selftest.patch
|
||||||
|
# https://dev.gnupg.org/T6217
|
||||||
|
Patch9: libgcrypt-1.10.0-sha3-large.patch
|
||||||
|
# https://dev.gnupg.org/T5919
|
||||||
|
Patch10: libgcrypt-1.10.0-fips-keygen.patch
|
||||||
|
# https://dev.gnupg.org/T6219
|
||||||
|
# f4a861f3e5ae82f278284061e4829c03edf9c3a7
|
||||||
|
Patch11: libgcrypt-1.10.0-fips-kdf.patch
|
||||||
|
# c34c9e70055ee43e5ef257384fa15941f064e5a4
|
||||||
|
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/13
|
||||||
|
Patch12: libgcrypt-1.10.0-fips-indicator.patch
|
||||||
|
# beb5d6df5c5785db7c32a24a5d2a351cb964bfbc
|
||||||
|
# 521500624b4b11538d206137205e2a511dad7072
|
||||||
|
# 9dcf9305962b90febdf2d7cc73b49feadbf6a01f
|
||||||
|
# a340e980388243ceae6df57d101036f3f2a955be
|
||||||
|
Patch13: libgcrypt-1.10.0-fips-integrity.patch
|
||||||
|
# 3c8b6c4a9cad59c5e1db5706f6774a3141b60210
|
||||||
|
# 052c5ef4cea56772b7015e36f231fa0bcbf91410
|
||||||
|
# 3fd3bb31597f80c76a94ea62e42d58d796beabf1
|
||||||
|
Patch14: libgcrypt-1.10.0-fips-integrity2.patch
|
||||||
|
# 06ea5b5332ffdb44a0a394d766be8989bcb6a95c
|
||||||
|
Patch15: libgcrypt-1.10.0-fips-x931.patch
|
||||||
|
# bf1e62e59200b2046680d1d3d1599facc88cfe63
|
||||||
|
Patch16: libgcrypt-1.10.0-fips-rsa-pss.patch
|
||||||
|
# https://dev.gnupg.org/T6376
|
||||||
|
Patch17: libgcrypt-1.10.0-fips-indicator-md-hmac.patch
|
||||||
|
# https://dev.gnupg.org/T6394
|
||||||
|
# https://dev.gnupg.org/T6397
|
||||||
|
Patch18: libgcrypt-1.10.0-fips-pct.patch
|
||||||
|
# https://dev.gnupg.org/T6396
|
||||||
|
Patch19: libgcrypt-1.10.0-fips-status-sign-verify.patch
|
||||||
|
# https://dev.gnupg.org/T6393
|
||||||
|
Patch20: libgcrypt-1.10.0-fips-drbg.patch
|
||||||
|
# https://dev.gnupg.org/T6417
|
||||||
|
Patch21: libgcrypt-1.10.0-fips-indicator-pk-flags.patch
|
||||||
|
# a611e3a25d61505698e2bb38ec2db38bc6a74820
|
||||||
|
# 34c20427926010d6fa95b1666e4b1b60f60a8742
|
||||||
|
# c848459e512615c1865a23cf24debb3ad4a1e85b
|
||||||
|
# c31b70b2660c3d24bd54ee08c255c36d867fdea7
|
||||||
|
# bd08357436a9559766cd458d25781ee4f94012a2
|
||||||
|
# 58b62be844549ad3d57c507d834027f1e2756567
|
||||||
|
# 6d1d50ba3aad1850975f717adbedb4cb8b236fa7
|
||||||
|
# 1e9ddbd65c4627235611d75c3198c4ec197c9a05
|
||||||
|
# 137e35ad47ee8734d0f3ffb6af1d1669c4621e0b
|
||||||
|
# 84f934c09afac18b3f4351646c0fe6f93aede277
|
||||||
|
# 0c6ec6bbe788b8c4a6982b2128d442b51323c898
|
||||||
|
# 22dde5150ee2be01651410ed9756601ba6a29c93
|
||||||
|
# 4d3e0e30b98b2acb90acb2792b8327c26824a66f
|
||||||
|
# 179df341162c74da312f76363a0ff1f2f303aa78
|
||||||
|
# d4aee9ace9a904446b987dddc2999119c4d62dae
|
||||||
|
# aab6a42d5f44724b73a02598546a5e7d8b33298e
|
||||||
|
# 5c5ba1ec2b505726ee1311339ac9e8b5c62cac4a
|
||||||
|
# cf757cf90e9ae966b95dcebfd2f31b9212697f0c
|
||||||
|
# c419a04d529af7b5fb43732ec2b4304166c2579a
|
||||||
|
# 39d5364a9557d6f423de117601cb1e6414814f47
|
||||||
|
Patch22: libgcrypt-1.10.0-marvin.patch
|
||||||
|
# f490ffd739f713fcf0be35b7fbbb8502dea40a0c
|
||||||
|
Patch23: libgcrypt-1.10.0-marvin2.patch
|
||||||
|
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19/
|
||||||
|
Patch24: libgcrypt-1.10.0-marvin3.patch
|
||||||
|
|
||||||
|
%global gcrylibdir %{_libdir}
|
||||||
|
%global gcrysoname libgcrypt.so.20
|
||||||
|
%global hmackey orboDeJITITejsirpADONivirpUkvarP
|
||||||
|
|
||||||
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
|
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
|
||||||
# Documentation and some utilities are GPLv2+ licensed. These files
|
# Documentation and some utilities are GPLv2+ licensed. These files
|
||||||
@ -79,18 +100,17 @@ License: LGPLv2+
|
|||||||
Summary: A general-purpose cryptography library
|
Summary: A general-purpose cryptography library
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
|
BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
|
||||||
BuildRequires: fipscheck
|
|
||||||
# This is needed only when patching the .texi doc.
|
# This is needed only when patching the .texi doc.
|
||||||
BuildRequires: texinfo
|
BuildRequires: texinfo
|
||||||
BuildRequires: autoconf, automake, libtool
|
BuildRequires: autoconf, automake, libtool
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for the %{name} package
|
Summary: Development files for the %{name} package
|
||||||
License: LGPLv2+ and GPLv2+
|
License: LGPLv2+ and GPLv2+
|
||||||
Requires(pre): /sbin/install-info
|
|
||||||
Requires(post): /sbin/install-info
|
|
||||||
Requires: libgpg-error-devel
|
Requires: libgpg-error-devel
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: pkgconfig
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Libgcrypt is a general purpose crypto library based on the code used
|
Libgcrypt is a general purpose crypto library based on the code used
|
||||||
@ -103,64 +123,83 @@ applications using libgcrypt.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%{SOURCE3}
|
%patch1 -p1
|
||||||
%patch2 -p1 -b .use-fipscheck
|
%patch3 -p1
|
||||||
%patch5 -p1 -b .fips-keygen
|
%patch4 -p1
|
||||||
%patch6 -p1 -b .tests-fipsmode
|
%patch5 -p1
|
||||||
%patch7 -p1 -b .cavs
|
%patch6 -p1
|
||||||
%patch11 -p1 -b .use-poll
|
%patch7 -p1
|
||||||
%patch13 -p1 -b .gccopt
|
%patch9 -p1
|
||||||
%patch14 -p1 -b .eccfix
|
%patch10 -p1
|
||||||
%patch18 -p1 -b .fips-ctor
|
%patch11 -p1
|
||||||
%patch22 -p1 -b .fips-reqs
|
%patch12 -p1
|
||||||
%patch24 -p1 -b .getrandom
|
%patch13 -p1
|
||||||
%patch25 -p1 -b .cmac-selftest
|
%patch14 -p1
|
||||||
%patch26 -p1 -b .fips-enttest
|
%patch15 -p1
|
||||||
%patch27 -p1 -b .fips-enforce
|
%patch16 -p1
|
||||||
%patch28 -p1 -b .intel-cet
|
%patch17 -p1
|
||||||
%patch29 -p1 -b .build
|
%patch18 -p1
|
||||||
%patch30 -p1 -b .fips-module
|
%patch19 -p1
|
||||||
%patch31 -p1 -b .aes-perf
|
%patch20 -p1
|
||||||
%patch32 -p1 -b .kdf-selftest
|
%patch21 -p1
|
||||||
%patch33 -p1 -b .ppc-sha2
|
%patch22 -p1
|
||||||
%patch34 -p1 -b .ppc-crc32
|
%patch23 -p1
|
||||||
%patch35 -p1 -b .ppc-bugfix
|
%patch24 -p1
|
||||||
%patch36 -p1 -b .ppc-aes-gcm
|
|
||||||
%patch37 -p1 -b .CVE-2021-40528
|
|
||||||
%patch38 -p1 -b .hw-fips
|
|
||||||
%patch39 -p1 -b .ppc-chacha
|
|
||||||
%patch40 -p1 -b .elgamal-blinding
|
|
||||||
|
|
||||||
cp %{SOURCE4} cipher/
|
|
||||||
cp %{SOURCE5} %{SOURCE6} tests/
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
# This package has a configure test which uses ASMs, but does not link the
|
||||||
|
# resultant .o files. As such the ASM test is always successful, even on
|
||||||
|
# architectures were the ASM is not valid when compiling with LTO.
|
||||||
|
#
|
||||||
|
# -ffat-lto-objects is sufficient to address this issue. It is the default
|
||||||
|
# for F33, but is expected to only be enabled for packages that need it in
|
||||||
|
# F34, so we use it here explicitly
|
||||||
|
%define _lto_cflags -flto=auto -ffat-lto-objects
|
||||||
|
|
||||||
|
# should be all algorithms except SM3 and SM4
|
||||||
|
export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
|
||||||
|
export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
|
||||||
|
|
||||||
|
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
|
||||||
|
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
|
||||||
|
|
||||||
autoreconf -f
|
autoreconf -f
|
||||||
%configure --disable-static \
|
%configure --disable-static \
|
||||||
%ifarch sparc64
|
%ifarch sparc64
|
||||||
--disable-asm \
|
--disable-asm \
|
||||||
%endif
|
%endif
|
||||||
--enable-noexecstack \
|
--enable-noexecstack \
|
||||||
--enable-hmac-binary-check \
|
--enable-hmac-binary-check=%{hmackey} \
|
||||||
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
|
--disable-brainpool \
|
||||||
--disable-O-flag-munging
|
--disable-jent-support \
|
||||||
|
--enable-digests="$DIGESTS" \
|
||||||
|
--enable-ciphers="$CIPHERS" \
|
||||||
|
--enable-marvin-workaround \
|
||||||
|
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
|
||||||
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
|
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
|
||||||
make %{?_smp_mflags}
|
%make_build
|
||||||
|
|
||||||
%check
|
%check
|
||||||
fipshmac src/.libs/libgcrypt.so.??
|
|
||||||
make check
|
make check
|
||||||
|
# try in faked FIPS mode too
|
||||||
|
LIBGCRYPT_FORCE_FIPS_MODE=1 make check
|
||||||
|
|
||||||
# Add generation of HMAC checksums of the final stripped binaries
|
# Add generation of HMAC checksums of the final stripped binaries
|
||||||
|
%define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
|
||||||
%define __spec_install_post \
|
%define __spec_install_post \
|
||||||
%{?__debug_package:%{__debug_install_post}} \
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
%{__arch_install_post} \
|
%{__arch_install_post} \
|
||||||
%{__os_install_post} \
|
%{__os_install_post} \
|
||||||
fipshmac $RPM_BUILD_ROOT%{gcrylibdir}/*.so.?? \
|
cd src \
|
||||||
|
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
|
||||||
|
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
|
||||||
|
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
|
||||||
|
mv -f %{libpath}.new %{libpath} \
|
||||||
|
rm -f %{libpath}.hmac
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
%make_install
|
||||||
|
|
||||||
# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
|
# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
|
||||||
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
|
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
|
||||||
@ -201,32 +240,13 @@ popd
|
|||||||
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
||||||
# that _someone_ owns it.
|
# that _someone_ owns it.
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
||||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
|
||||||
|
|
||||||
# Drop the pkgconfig as it would require an updated libgpg-error
|
%ldconfig_scriptlets
|
||||||
rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libgcrypt.pc
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%post devel
|
|
||||||
[ -f %{_infodir}/gcrypt.info.gz ] && \
|
|
||||||
/sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%preun devel
|
|
||||||
if [ $1 = 0 -a -f %{_infodir}/gcrypt.info.gz ]; then
|
|
||||||
/sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%dir /etc/gcrypt
|
%dir /etc/gcrypt
|
||||||
%config(noreplace) /etc/gcrypt/random.conf
|
%{gcrylibdir}/libgcrypt.so.*.*
|
||||||
%{gcrylibdir}/libgcrypt.so.*
|
%{gcrylibdir}/%{gcrysoname}
|
||||||
%{gcrylibdir}/.libgcrypt.so.*.hmac
|
|
||||||
%{!?_licensedir:%global license %%doc}
|
|
||||||
%license COPYING.LIB
|
%license COPYING.LIB
|
||||||
%doc AUTHORS NEWS THANKS
|
%doc AUTHORS NEWS THANKS
|
||||||
|
|
||||||
@ -237,42 +257,171 @@ exit 0
|
|||||||
%{_bindir}/mpicalc
|
%{_bindir}/mpicalc
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_libdir}/*.so
|
%{_libdir}/*.so
|
||||||
|
%{_libdir}/pkgconfig/libgcrypt.pc
|
||||||
%{_datadir}/aclocal/*
|
%{_datadir}/aclocal/*
|
||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%{_infodir}/gcrypt.info*
|
%{_infodir}/gcrypt.info*
|
||||||
%{!?_licensedir:%global license %%doc}
|
|
||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 05 2022 Jakub Jelen <jjelen@redhat.com> - 1.8.5-7
|
* Thu Aug 01 2024 Jakub Jelen <jjelen@redhat.com> - 1.10.0-11
|
||||||
- Fix CVE-2021-33560 (#2018525)
|
- Fix CVE-2024-2236 (RHEL-34579)
|
||||||
|
|
||||||
* Mon Jun 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-6
|
* Mon Mar 20 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-10
|
||||||
- Fix for CVE-2021-40528 (#1971421)
|
- Provide FIPS indicators for MD and HMACs
|
||||||
- Enable HW optimizations in FIPS (#1976137)
|
- Improve PCT tests for ECDSA and always run them after key is generated
|
||||||
- Performance enchancements for ChaCha20 and Poly1305 (#1855231)
|
- Add missing guards for FIPS status in md_sign/verify function
|
||||||
|
- Provider FIPS indicators for public key operation flags
|
||||||
|
|
||||||
* Thu May 13 2021 Jakub Jelen <jjelen@redhat.com> - 1.8.5-5
|
* Tue Jan 24 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-9
|
||||||
- Performance enchancements for AES-GCM, CRC32 and SHA2 (#1855231)
|
- Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode
|
||||||
|
- Do not allow large salt lengths with RSA-PSS padding
|
||||||
|
- Disable X9.31 key generation in FIPS mode
|
||||||
|
- Update the FIPS integrity checking code to upstream version
|
||||||
|
- Update cipher modes FIPS indicators for AES WRAP and GCM
|
||||||
|
- Disable jitter entropy generator
|
||||||
|
|
||||||
* Mon Jun 15 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
|
* Thu Oct 20 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-8
|
||||||
- add PBKDF2 selftest for FIPS POST
|
- Fix unneeded PBKDF2 passphrase length limitation in FIPS mode
|
||||||
|
- Enforce HMAC key lengths in MD API in FIPS mode
|
||||||
|
|
||||||
* Tue Apr 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
|
* Thu Oct 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-7
|
||||||
- new upstream version 1.8.5
|
- Properly enforce KDF limits in FIPS mode (#2130275)
|
||||||
|
- Fix memory leak in large digest test (#2129150)
|
||||||
|
- Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275)
|
||||||
|
- Skip RSA encryption/decryption selftest in FIPS mode (#2130275)
|
||||||
|
|
||||||
|
* Tue Sep 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-6
|
||||||
|
- Fix SHA3 digests with large inputs (#2129150)
|
||||||
|
- Fix FIPS RSA PCT (#2128455)
|
||||||
|
- Fix RSA FIPS Keygen that non-deterministically fails (#2130275)
|
||||||
|
- Get max 32B from getrandom in FIPS mode (#2130275)
|
||||||
|
|
||||||
|
* Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5
|
||||||
|
- Allow signature verification with smaller RSA keys (#2083846)
|
||||||
|
- Allow short salt for KDF (#2114870)
|
||||||
|
- Reseed the kernel DRBG by using GRND_RANDOM (#2118695)
|
||||||
|
- Address FIPS review comments around selftests (#2118695)
|
||||||
|
- Disable RSA-OAEP in FIPS mode (#2118695)
|
||||||
|
|
||||||
|
* Fri May 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-4
|
||||||
|
- Backport ppc hardware flags detection (#2051307)
|
||||||
|
- Disable PKCS#1.5 encryption in FIPS mode (#2061328)
|
||||||
|
|
||||||
|
* Thu Mar 31 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-3
|
||||||
|
- Use correct FIPS module name (#2067123)
|
||||||
|
|
||||||
|
* Thu Feb 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-2
|
||||||
|
- Systematic FIPS module name with other FIPS modules
|
||||||
|
|
||||||
|
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
|
||||||
|
- Final release (#2026636)
|
||||||
|
|
||||||
|
* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.3
|
||||||
|
- Fix broken soname in the previous beta
|
||||||
|
|
||||||
|
* Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.2
|
||||||
|
- Provide compat soname symlink as the new release is backward compatible
|
||||||
|
|
||||||
|
* Wed Jan 26 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.1
|
||||||
|
- New upstream pre-release (#2026636)
|
||||||
|
- Upstream all patches
|
||||||
|
- Implement FIPS 140-3 support
|
||||||
|
|
||||||
|
* Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5
|
||||||
|
- Allow HW optimizations in FIPS mode (#1990059)
|
||||||
|
|
||||||
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-4
|
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Tue Jun 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-3
|
||||||
|
- Fix for CVE-2021-33560 (#1970098)
|
||||||
|
|
||||||
|
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
|
||||||
|
- Restore the CET protection (#1954049)
|
||||||
|
|
||||||
|
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
|
||||||
|
- New upstream release (#1951325)
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.2-4
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3
|
||||||
|
- Fix issues reported by coverity
|
||||||
|
|
||||||
|
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2
|
||||||
|
- Fix OCB tag creation on s390x (failing gnupg2 tests)
|
||||||
|
|
||||||
|
* Wed Feb 17 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-1
|
||||||
|
- New upstream release (#1929630)
|
||||||
|
|
||||||
|
* Fri Jan 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
|
||||||
|
- New upstream release (#1922156, #1922097)
|
||||||
|
|
||||||
|
* Wed Jan 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
|
||||||
|
- New upstream release (#1917878)
|
||||||
|
|
||||||
|
* Tue Nov 24 2020 Jakub Jelen <jjelen@redhat.com> - 1.8.7-1
|
||||||
|
- new upstream release (#1891123)
|
||||||
|
|
||||||
|
* Fri Aug 21 2020 Jeff Law <law@redhat.com> - 1.8.6-4
|
||||||
|
- Re-enable LTO
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.6-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 21 2020 Tom Stellard <tstellar@redhat.com> - 1.8.6-2
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Mon Jul 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.6-1
|
||||||
|
- new upstream version 1.8.6
|
||||||
|
|
||||||
|
* Wed Jul 1 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-7
|
||||||
|
- use the hmac256 tool to calculate the library hmac
|
||||||
|
|
||||||
|
* Tue Jun 30 2020 Jeff Law <law@redhat.com>
|
||||||
|
- Disable LTO
|
||||||
|
|
||||||
|
* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-6
|
||||||
|
- Fix regression - missing -ldl linkage
|
||||||
|
|
||||||
|
* Wed Apr 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-5
|
||||||
- AES performance improvements backported from master branch
|
- AES performance improvements backported from master branch
|
||||||
|
|
||||||
|
* Mon Apr 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
|
||||||
|
- FIPS selftest is run directly from the constructor
|
||||||
- FIPS module is implicit with kernel FIPS flag
|
- FIPS module is implicit with kernel FIPS flag
|
||||||
- always run the FIPS selftests if FIPS module is installed
|
|
||||||
|
|
||||||
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
|
* Thu Jan 30 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
|
||||||
- improve the continuous FIPS entropy test
|
- fix the build on ARMv7
|
||||||
|
|
||||||
* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-3
|
* Thu Jan 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-2
|
||||||
|
- Intel CET support by H. J. Lu
|
||||||
|
|
||||||
|
* Tue Sep 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.5-1
|
||||||
|
- new upstream version 1.8.5
|
||||||
- add CMAC selftest for FIPS POST
|
- add CMAC selftest for FIPS POST
|
||||||
- add continuous FIPS entropy test
|
- add continuous FIPS entropy test
|
||||||
- disable non-approved FIPS hashes in the enforced FIPS mode
|
- disable non-approved FIPS hashes in the enforced FIPS mode
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Feb 12 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.4-3
|
||||||
|
- fix the build tests to pass in the FIPS mode
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Nov 20 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.4-1
|
||||||
|
- new upstream version 1.8.4
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Jul 12 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.3-2
|
* Thu Jul 12 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.3-2
|
||||||
- make only_urandom a default in non-presence of configuration file
|
- make only_urandom a default in non-presence of configuration file
|
||||||
- run the full FIPS selftests only when the library is called from
|
- run the full FIPS selftests only when the library is called from
|
||||||
|
Loading…
Reference in New Issue
Block a user