86 lines
3.4 KiB
Diff
86 lines
3.4 KiB
Diff
From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001
|
|
From: Jakub Jelen <jjelen@redhat.com>
|
|
Date: Wed, 1 Mar 2023 15:39:15 +0100
|
|
Subject: [PATCH] random: Remove unused SHA384 DRBGs.
|
|
|
|
* random/random-drbg.c (global): Remove unused SHA384-based defines.
|
|
(drbg_cores): Remove SHA384 configurations.
|
|
(drbg_sec_strength): Remove unused SHA384.
|
|
--
|
|
|
|
These are no longer allowed by FIPS and it looks like they were never
|
|
usable as they do not have any conversion from the string flags.
|
|
|
|
GnuPG-bug-id: 6393
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
---
|
|
random/random-drbg.c | 13 ++-----------
|
|
1 file changed, 2 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/random/random-drbg.c b/random/random-drbg.c
|
|
index f1cfe286..af49a5a5 100644
|
|
--- a/random/random-drbg.c
|
|
+++ b/random/random-drbg.c
|
|
@@ -188,11 +188,9 @@
|
|
#define DRBG_HASHSHA1 ((u32)1<<4)
|
|
#define DRBG_HASHSHA224 ((u32)1<<5)
|
|
#define DRBG_HASHSHA256 ((u32)1<<6)
|
|
-#define DRBG_HASHSHA384 ((u32)1<<7)
|
|
#define DRBG_HASHSHA512 ((u32)1<<8)
|
|
#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
|
|
- | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
|
|
- | DRBG_HASHSHA512)
|
|
+ | DRBG_HASHSHA256 | DRBG_HASHSHA512)
|
|
/* type modifiers (A.3)*/
|
|
#define DRBG_HMAC ((u32)1<<12)
|
|
#define DRBG_SYM128 ((u32)1<<13)
|
|
@@ -211,23 +209,18 @@
|
|
#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
|
|
#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
|
|
#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
|
|
-#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
|
|
#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
|
|
#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
|
|
#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
|
|
-#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
|
|
#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
|
|
#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
|
|
| DRBG_HMAC)
|
|
#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
|
|
| DRBG_HMAC)
|
|
-#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
|
|
- | DRBG_HMAC)
|
|
#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
|
|
| DRBG_HMAC)
|
|
#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
|
|
#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
|
|
-#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
|
|
#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
|
|
|
|
|
|
@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {
|
|
/* Hash DRBGs */
|
|
{DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
|
|
{DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
|
|
- {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
|
|
{DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
|
|
/* HMAC DRBGs */
|
|
{DRBG_HASHSHA1 | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
|
|
{DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
|
|
- {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
|
|
{DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
|
|
/* block ciphers */
|
|
{DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
|
|
@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)
|
|
else if (flags & DRBG_SYM192)
|
|
return 24;
|
|
else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
|
|
- (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
|
|
+ (flags & DRBG_HASHSHA512))
|
|
return 32;
|
|
else
|
|
return 32;
|
|
--
|
|
2.39.2
|
|
|