From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 1 Mar 2023 15:39:15 +0100
Subject: [PATCH] random: Remove unused SHA384 DRBGs.

* random/random-drbg.c (global): Remove unused SHA384-based defines.
(drbg_cores): Remove SHA384 configurations.
(drbg_sec_strength): Remove unused SHA384.
--

These are no longer allowed by FIPS and it looks like they were never
usable as they do not have any conversion from the string flags.

GnuPG-bug-id: 6393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 random/random-drbg.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/random/random-drbg.c b/random/random-drbg.c
index f1cfe286..af49a5a5 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -188,11 +188,9 @@
 #define DRBG_HASHSHA1		((u32)1<<4)
 #define DRBG_HASHSHA224		((u32)1<<5)
 #define DRBG_HASHSHA256		((u32)1<<6)
-#define DRBG_HASHSHA384		((u32)1<<7)
 #define DRBG_HASHSHA512		((u32)1<<8)
 #define DRBG_HASH_MASK		(DRBG_HASHSHA1 | DRBG_HASHSHA224 \
-				 | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
-				 | DRBG_HASHSHA512)
+				 | DRBG_HASHSHA256 | DRBG_HASHSHA512)
 /* type modifiers (A.3)*/
 #define DRBG_HMAC		((u32)1<<12)
 #define DRBG_SYM128		((u32)1<<13)
@@ -211,23 +209,18 @@
 #define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
 #define DRBG_PR_HASHSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
 #define DRBG_PR_HASHSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
-#define DRBG_PR_HASHSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
 #define DRBG_PR_HASHSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
 #define DRBG_NOPR_HASHSHA1   (DRBG_HASHSHA1)
 #define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
-#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
 #define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
 #define DRBG_PR_HMACSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
                               | DRBG_HMAC)
 #define DRBG_PR_HMACSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
                               | DRBG_HMAC)
-#define DRBG_PR_HMACSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
-                              | DRBG_HMAC)
 #define DRBG_PR_HMACSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
                               | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA1   (DRBG_HASHSHA1 | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
-#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
 #define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
 
 
@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {
   /* Hash DRBGs */
   {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
   {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
-  {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
   {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
   /* HMAC DRBGs */
   {DRBG_HASHSHA1   | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
   {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
-  {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
   {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
   /* block ciphers */
   {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)
   else if (flags & DRBG_SYM192)
     return 24;
   else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
-	   (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
+	   (flags & DRBG_HASHSHA512))
     return 32;
   else
     return 32;
-- 
2.39.2