Sync from SUSE:ALP:Source:Standard:1.0 libgcrypt revision 6131224c98fce16f17b1c1644f7697f3
This commit is contained in:
commit
f1d7e763c9
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
8
baselibs.conf
Normal file
8
baselibs.conf
Normal file
@ -0,0 +1,8 @@
|
||||
libgcrypt20
|
||||
provides "libgcrypt-<targettype> = <version>"
|
||||
obsoletes "libgcrypt-<targettype> <= <version>"
|
||||
provides "libgcrypt20-hmac-<targettype> = <version>-%release"
|
||||
obsoletes "libgcrypt20-hmac-<targettype> < <version>-%release"
|
||||
libgcrypt-devel
|
||||
requires -libgcrypt-<targettype>
|
||||
requires "libgcrypt20-<targettype> = <version>"
|
34
hwf.deny
Normal file
34
hwf.deny
Normal file
@ -0,0 +1,34 @@
|
||||
# This file can be used to globally disable the use of hardware
|
||||
# based optimizations. Supported options are:
|
||||
# padlock-rng
|
||||
# padlock-aes
|
||||
# padlock-sha
|
||||
# padlock-mmul
|
||||
# intel-cpu
|
||||
# intel-fast-shld
|
||||
# intel-bmi2
|
||||
# intel-ssse3
|
||||
# intel-sse4.1
|
||||
# intel-pclmul
|
||||
# intel-aesni
|
||||
# intel-rdrand
|
||||
# intel-avx
|
||||
# intel-avx2
|
||||
# intel-fast-vpgather
|
||||
# intel-rdtsc
|
||||
# intel-shaext
|
||||
# intel-vaes-vpclmul
|
||||
# arm-neon
|
||||
# arm-aes
|
||||
# arm-sha1
|
||||
# arm-sha2
|
||||
# arm-pmull
|
||||
# ppc-vcrypto
|
||||
# ppc-arch_3_00
|
||||
# ppc-arch_2_07
|
||||
# ppc-arch_3_10
|
||||
# s390x-msa
|
||||
# s390x-msa-4
|
||||
# s390x-msa-8
|
||||
# s390x-msa-9
|
||||
# s390x-vx
|
15
libgcrypt-1.10.0-allow_FSM_same_state.patch
Normal file
15
libgcrypt-1.10.0-allow_FSM_same_state.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Index: libgcrypt-1.10.0/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.10.0/src/fips.c
|
||||
@@ -890,6 +890,10 @@ fips_new_state (enum module_states new_s
|
||||
|
||||
}
|
||||
|
||||
+ /* Allow a transition to the current state */
|
||||
+ if (current_state == new_state)
|
||||
+ ok = 1;
|
||||
+
|
||||
if (ok)
|
||||
{
|
||||
current_state = new_state;
|
BIN
libgcrypt-1.10.3.tar.bz2
(Stored with Git LFS)
Normal file
BIN
libgcrypt-1.10.3.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
libgcrypt-1.10.3.tar.bz2.sig
Normal file
BIN
libgcrypt-1.10.3.tar.bz2.sig
Normal file
Binary file not shown.
1993
libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
Normal file
1993
libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
Normal file
File diff suppressed because it is too large
Load Diff
172
libgcrypt-FIPS-SLI-hash-mac.patch
Normal file
172
libgcrypt-FIPS-SLI-hash-mac.patch
Normal file
@ -0,0 +1,172 @@
|
||||
Index: libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
@@ -985,13 +985,21 @@ certification. If the function is approv
|
||||
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
|
||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_HASH; Arguments: enum gcry_md_algos
|
||||
|
||||
-Check if the given MAC is approved under the current FIPS 140-3
|
||||
-certification. If the MAC is approved, this function returns
|
||||
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
||||
+Check if the given HASH is approved under the current FIPS 140-3
|
||||
+certification. If the HASH is approved, this function returns
|
||||
+@code{GPS_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
||||
is returned.
|
||||
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos [, unsigned int]
|
||||
+
|
||||
+Check if the given MAC is approved under the current FIPS 140-3
|
||||
+certification. The second parameter provides the keylen (if the
|
||||
+algorithm supports different key sizes). If the MAC is approved,
|
||||
+this function returns @code{GPS_ERR_NO_ERROR}. Otherwise
|
||||
+@code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
+
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
|
||||
|
||||
Check if the given message digest algorithm is approved under the current
|
||||
Index: libgcrypt-1.10.2/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/fips.c
|
||||
+++ libgcrypt-1.10.2/src/fips.c
|
||||
@@ -377,31 +378,6 @@ _gcry_fips_indicator_cipher (va_list arg
|
||||
}
|
||||
}
|
||||
|
||||
-int
|
||||
-_gcry_fips_indicator_mac (va_list arg_ptr)
|
||||
-{
|
||||
- enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
|
||||
-
|
||||
- switch (alg)
|
||||
- {
|
||||
- case GCRY_MAC_CMAC_AES:
|
||||
- case GCRY_MAC_HMAC_SHA1:
|
||||
- case GCRY_MAC_HMAC_SHA224:
|
||||
- case GCRY_MAC_HMAC_SHA256:
|
||||
- case GCRY_MAC_HMAC_SHA384:
|
||||
- case GCRY_MAC_HMAC_SHA512:
|
||||
- case GCRY_MAC_HMAC_SHA512_224:
|
||||
- case GCRY_MAC_HMAC_SHA512_256:
|
||||
- case GCRY_MAC_HMAC_SHA3_224:
|
||||
- case GCRY_MAC_HMAC_SHA3_256:
|
||||
- case GCRY_MAC_HMAC_SHA3_384:
|
||||
- case GCRY_MAC_HMAC_SHA3_512:
|
||||
- return GPG_ERR_NO_ERROR;
|
||||
- default:
|
||||
- return GPG_ERR_NOT_SUPPORTED;
|
||||
- }
|
||||
-}
|
||||
-
|
||||
/* FIPS approved curves, extracted from:
|
||||
* cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
|
||||
static const struct
|
||||
@@ -598,6 +574,62 @@ _gcry_fips_indicator_pk_flags (va_list a
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
+int
|
||||
+_gcry_fips_indicator_hash (va_list arg_ptr)
|
||||
+{
|
||||
+ enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
|
||||
+
|
||||
+ switch (alg)
|
||||
+ {
|
||||
+ case GCRY_MD_SHA1:
|
||||
+ case GCRY_MD_SHA224:
|
||||
+ case GCRY_MD_SHA256:
|
||||
+ case GCRY_MD_SHA384:
|
||||
+ case GCRY_MD_SHA512:
|
||||
+ case GCRY_MD_SHA512_224:
|
||||
+ case GCRY_MD_SHA512_256:
|
||||
+ case GCRY_MD_SHA3_224:
|
||||
+ case GCRY_MD_SHA3_256:
|
||||
+ case GCRY_MD_SHA3_384:
|
||||
+ case GCRY_MD_SHA3_512:
|
||||
+ case GCRY_MD_SHAKE128:
|
||||
+ case GCRY_MD_SHAKE256:
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+_gcry_fips_indicator_mac (va_list arg_ptr)
|
||||
+{
|
||||
+ enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
|
||||
+ unsigned int keylen = va_arg (arg_ptr, unsigned int);
|
||||
+
|
||||
+ switch (alg)
|
||||
+ {
|
||||
+ case GCRY_MAC_HMAC_SHA1:
|
||||
+ case GCRY_MAC_HMAC_SHA224:
|
||||
+ case GCRY_MAC_HMAC_SHA256:
|
||||
+ case GCRY_MAC_HMAC_SHA384:
|
||||
+ case GCRY_MAC_HMAC_SHA512:
|
||||
+ case GCRY_MAC_HMAC_SHA512_224:
|
||||
+ case GCRY_MAC_HMAC_SHA512_256:
|
||||
+ case GCRY_MAC_HMAC_SHA3_224:
|
||||
+ case GCRY_MAC_HMAC_SHA3_256:
|
||||
+ case GCRY_MAC_HMAC_SHA3_384:
|
||||
+ case GCRY_MAC_HMAC_SHA3_512:
|
||||
+ if (keylen >= 112) {
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ }
|
||||
+ case GCRY_MAC_CMAC_AES:
|
||||
+ if (keylen == 128 || keylen == 192 || keylen == 256) {
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ }
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+}
|
||||
|
||||
/* This is a test on whether the library is in the error or
|
||||
operational state. */
|
||||
Index: libgcrypt-1.10.2/src/g10lib.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.10.2/src/g10lib.h
|
||||
@@ -456,6 +456,7 @@ void _gcry_fips_signal_error (const char
|
||||
#endif
|
||||
|
||||
int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
||||
+int _gcry_fips_indicator_hash (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_mac (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||
Index: libgcrypt-1.10.2/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.10.2/src/gcrypt.h.in
|
||||
@@ -335,7 +335,8 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
||||
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88,
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 89
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
Index: libgcrypt-1.10.2/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/global.c
|
||||
+++ libgcrypt-1.10.2/src/global.c
|
||||
@@ -791,6 +791,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
rc = _gcry_fips_indicator_cipher (arg_ptr);
|
||||
break;
|
||||
|
||||
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_HASH:
|
||||
+ /* Get FIPS Service Indicator for a given HASH. Returns GPG_ERR_NO_ERROR
|
||||
+ * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
|
||||
+ rc = _gcry_fips_indicator_hash (arg_ptr);
|
||||
+ break;
|
||||
+
|
||||
case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
|
||||
/* Get FIPS Service Indicator for a given message authentication code.
|
||||
* Returns GPG_ERR_NO_ERROR if algorithm is allowed or
|
42
libgcrypt-FIPS-SLI-kdf-leylength.patch
Normal file
42
libgcrypt-FIPS-SLI-kdf-leylength.patch
Normal file
@ -0,0 +1,42 @@
|
||||
Index: libgcrypt-1.10.2/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/fips.c
|
||||
+++ libgcrypt-1.10.2/src/fips.c
|
||||
@@ -520,10 +520,15 @@ int
|
||||
_gcry_fips_indicator_kdf (va_list arg_ptr)
|
||||
{
|
||||
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
||||
+ unsigned int keylen = 0;
|
||||
|
||||
switch (alg)
|
||||
{
|
||||
case GCRY_KDF_PBKDF2:
|
||||
+ keylen = va_arg (arg_ptr, unsigned int);
|
||||
+ if (keylen < 112) {
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
return GPG_ERR_NO_ERROR;
|
||||
default:
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
Index: libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
@@ -970,12 +970,13 @@ is approved under the current FIPS 140-3
|
||||
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos [, unsigned int]
|
||||
|
||||
Check if the given KDF is approved under the current FIPS 140-3
|
||||
-certification. If the KDF is approved, this function returns
|
||||
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
||||
-is returned.
|
||||
+certification. The second parameter provides the keylength in bits.
|
||||
+Keylength values of less that 112 bits are considered non-approved.
|
||||
+If the KDF is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
|
||||
|
177
libgcrypt-FIPS-SLI-pk.patch
Normal file
177
libgcrypt-FIPS-SLI-pk.patch
Normal file
@ -0,0 +1,177 @@
|
||||
Index: libgcrypt-1.10.2/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/fips.c
|
||||
+++ libgcrypt-1.10.2/src/fips.c
|
||||
@@ -38,6 +38,7 @@
|
||||
|
||||
#include "g10lib.h"
|
||||
#include "cipher-proto.h"
|
||||
+#include "cipher.h"
|
||||
#include "../random/random.h"
|
||||
|
||||
/* The states of the finite state machine used in fips mode. */
|
||||
@@ -399,6 +400,94 @@ _gcry_fips_indicator_mac (va_list arg_pt
|
||||
default:
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
}
|
||||
+}
|
||||
+
|
||||
+/* FIPS approved curves, extracted from:
|
||||
+ * cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
|
||||
+static const struct
|
||||
+{
|
||||
+ const char *name; /* Our name. */
|
||||
+ const char *other; /* Other name. */
|
||||
+} fips_approved_curve[] =
|
||||
+ {
|
||||
+ /* "NIST P-192" is non-approved if FIPS 140-3 */
|
||||
+ /* { "NIST P-192", "1.2.840.10045.3.1.1" }, /\* X9.62 OID *\/ */
|
||||
+ /* { "NIST P-192", "prime192v1" }, /\* X9.62 name. *\/ */
|
||||
+ /* { "NIST P-192", "secp192r1" }, /\* SECP name. *\/ */
|
||||
+ /* { "NIST P-192", "nistp192" }, /\* rfc5656. *\/ */
|
||||
+
|
||||
+ { "NIST P-224", "secp224r1" },
|
||||
+ { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
|
||||
+ { "NIST P-224", "nistp224" }, /* rfc5656. */
|
||||
+
|
||||
+ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
|
||||
+ { "NIST P-256", "prime256v1" },
|
||||
+ { "NIST P-256", "secp256r1" },
|
||||
+ { "NIST P-256", "nistp256" }, /* rfc5656. */
|
||||
+
|
||||
+ { "NIST P-384", "secp384r1" },
|
||||
+ { "NIST P-384", "1.3.132.0.34" },
|
||||
+ { "NIST P-384", "nistp384" }, /* rfc5656. */
|
||||
+
|
||||
+ { "NIST P-521", "secp521r1" },
|
||||
+ { "NIST P-521", "1.3.132.0.35" },
|
||||
+ { "NIST P-521", "nistp521" }, /* rfc5656. */
|
||||
+ { NULL, NULL}
|
||||
+ };
|
||||
+
|
||||
+enum pk_operation convert_from_pk_usage(unsigned int pk_usage)
|
||||
+{
|
||||
+ switch (pk_usage)
|
||||
+ {
|
||||
+ case GCRY_PK_USAGE_SIGN:
|
||||
+ return PUBKEY_OP_SIGN;
|
||||
+ case GCRY_PK_USAGE_ENCR:
|
||||
+ return PUBKEY_OP_ENCRYPT;
|
||||
+ default:
|
||||
+ return PUBKEY_OP_DECRYPT;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+_gcry_fips_indicator_pk (va_list arg_ptr)
|
||||
+{
|
||||
+ enum gcry_pk_algos alg = va_arg (arg_ptr, enum gcry_pk_algos);
|
||||
+ enum pk_operation oper;
|
||||
+ unsigned int keylen;
|
||||
+ const char *curve_name;
|
||||
+
|
||||
+ switch (alg)
|
||||
+ {
|
||||
+ case GCRY_PK_RSA:
|
||||
+ case GCRY_PK_RSA_E:
|
||||
+ case GCRY_PK_RSA_S:
|
||||
+ oper = convert_from_pk_usage(va_arg (arg_ptr, unsigned int));
|
||||
+ switch (oper)
|
||||
+ {
|
||||
+ case PUBKEY_OP_ENCRYPT:
|
||||
+ case PUBKEY_OP_DECRYPT:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ default:
|
||||
+ keylen = va_arg (arg_ptr, unsigned int);
|
||||
+ if (keylen < 2048)
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ }
|
||||
+ case GCRY_PK_ECC:
|
||||
+ case GCRY_PK_ECDH:
|
||||
+ case GCRY_PK_ECDSA:
|
||||
+ curve_name = va_arg (arg_ptr, const char *);
|
||||
+ for (int idx = 0; fips_approved_curve[idx].name; ++idx)
|
||||
+ {
|
||||
+ /* Check for the usual name and an alias. */
|
||||
+ if (!strcmp (curve_name, fips_approved_curve[idx].name) ||
|
||||
+ !strcmp (curve_name, fips_approved_curve[idx].other))
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ }
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
}
|
||||
|
||||
int
|
||||
Index: libgcrypt-1.10.2/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.10.2/src/gcrypt.h.in
|
||||
@@ -334,7 +334,8 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
|
||||
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
|
||||
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
Index: libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.10.2/doc/gcrypt.texi
|
||||
@@ -997,6 +997,19 @@ Check if the given message digest algori
|
||||
FIPS 140-3 certification. If the algorithm is approved, this function returns
|
||||
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK; Arguments: enum gcry_pk_algos [, constantsGCRY_PK_USAGE_ENCR or GCRY_PK_USAGE_SIGN, unsigned int (only for GCRY_PK_RSA)] [, const char * (only for GCRY_PK_ECC, GCRY_PK_ECDH or GCRY_PK_ECDSA)]
|
||||
+
|
||||
+Check if the given asymmetric cipher is approved under the current
|
||||
+FIPS 140-3 certification. For GCRY_PK_RSA, two additional parameter
|
||||
+are required: first describes the purpose of the algorithm through one
|
||||
+of the constants (GCRY_PK_USAGE_ENCR for encryption or decryption
|
||||
+operations; GCRY_PK_USAGE_SIGN for sign or verify operations). Second
|
||||
+one is the key length. For GCRY_PK_ECC, GCRY_PK_ECDH and
|
||||
+GCRY_PK_ECDSA, only a single parameter is needed: the curve name or
|
||||
+its alias as @code{const char *}. If the combination is approved, this
|
||||
+function returns @code{GPG_ERR_NO_ERROR}. Otherwise
|
||||
+@code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
+
|
||||
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
|
||||
|
||||
Check if the given public key operation flag or s-expression object name is
|
||||
Index: libgcrypt-1.10.2/src/g10lib.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.10.2/src/g10lib.h
|
||||
@@ -460,6 +460,7 @@ int _gcry_fips_indicator_mac (va_list ar
|
||||
int _gcry_fips_indicator_md (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_function (va_list arg_ptr);
|
||||
+int _gcry_fips_indicator_pk (va_list arg_ptr);
|
||||
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
|
||||
|
||||
int _gcry_fips_is_operational (void);
|
||||
Index: libgcrypt-1.10.2/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/src/global.c
|
||||
+++ libgcrypt-1.10.2/src/global.c
|
||||
@@ -825,6 +834,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
|
||||
break;
|
||||
|
||||
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_PK:
|
||||
+ /* Get FIPS Service Indicator for a given asymmetric algorithm. For
|
||||
+ * GCRY_PK_RSA, an additional parameter for the operation mode is
|
||||
+ * required. For ECC, ECDH and ECDSA, the additional parameter is the
|
||||
+ * curve name or its alias. Returns GPG_ERR_NO_ERROR if the
|
||||
+ * algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise. */
|
||||
+ rc = _gcry_fips_indicator_pk (arg_ptr);
|
||||
+ break;
|
||||
+
|
||||
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
|
||||
rc = GPG_ERR_NOT_SUPPORTED;
|
||||
break;
|
114
libgcrypt-FIPS-rndjent_poll.patch
Normal file
114
libgcrypt-FIPS-rndjent_poll.patch
Normal file
@ -0,0 +1,114 @@
|
||||
Index: libgcrypt-1.10.0/random/rndoldlinux.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
|
||||
+++ libgcrypt-1.10.0/random/rndoldlinux.c
|
||||
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
|
||||
volatile pid_t apid;
|
||||
int fd;
|
||||
int n;
|
||||
- byte buffer[768];
|
||||
+ byte buffer[256];
|
||||
size_t n_hw;
|
||||
size_t want = length;
|
||||
size_t last_so_far = 0;
|
||||
@@ -187,26 +187,43 @@ _gcry_rndoldlinux_gather_random (void (*
|
||||
my_pid = apid;
|
||||
}
|
||||
|
||||
+ if (fips_mode())
|
||||
+ {
|
||||
+ if (level >= GCRY_VERY_STRONG_RANDOM)
|
||||
+ {
|
||||
+ size_t n;
|
||||
|
||||
- /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
|
||||
- it account only for up to 50% (or 25% for RDRAND) of the requested
|
||||
- bytes. */
|
||||
- n_hw = _gcry_rndhw_poll_slow (add, origin, length);
|
||||
- if (length > 1)
|
||||
- length -= n_hw;
|
||||
-
|
||||
- /* When using a blocking random generator try to get some entropy
|
||||
- * from the jitter based RNG. In this case we take up to 50% of the
|
||||
- * remaining requested bytes. */
|
||||
- if (level >= GCRY_VERY_STRONG_RANDOM)
|
||||
- {
|
||||
- n_hw = _gcry_rndjent_poll (add, origin, length/2);
|
||||
- if (n_hw > length/2)
|
||||
- n_hw = length/2;
|
||||
+ n = _gcry_rndjent_poll (add, origin, length);
|
||||
+ if (n == 0)
|
||||
+ log_fatal ("unexpected error from rndjent: %s\n",
|
||||
+ strerror (errno));
|
||||
+ if (n > length)
|
||||
+ n = length;
|
||||
+ if (length > 1)
|
||||
+ length -= n;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
|
||||
+ it account only for up to 50% (or 25% for RDRAND) of the requested
|
||||
+ bytes. */
|
||||
+ n_hw = _gcry_rndhw_poll_slow (add, origin, length);
|
||||
if (length > 1)
|
||||
length -= n_hw;
|
||||
- }
|
||||
|
||||
+ /* When using a blocking random generator try to get some entropy
|
||||
+ * from the jitter based RNG. In this case we take up to 50% of the
|
||||
+ * remaining requested bytes. */
|
||||
+ if (level >= GCRY_VERY_STRONG_RANDOM)
|
||||
+ {
|
||||
+ n_hw = _gcry_rndjent_poll (add, origin, length/2);
|
||||
+ if (n_hw > length/2)
|
||||
+ n_hw = length/2;
|
||||
+ if (length > 1)
|
||||
+ length -= n_hw;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/* Open the requested device. The first time a device is to be
|
||||
opened we fail with a fatal error if the device does not exists.
|
||||
@@ -262,8 +279,6 @@ _gcry_rndoldlinux_gather_random (void (*
|
||||
do
|
||||
{
|
||||
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
|
||||
- if (nbytes > 256)
|
||||
- nbytes = 256;
|
||||
_gcry_pre_syscall ();
|
||||
ret = getentropy (buffer, nbytes);
|
||||
_gcry_post_syscall ();
|
||||
Index: libgcrypt-1.10.0/random/rndjent.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/rndjent.c
|
||||
+++ libgcrypt-1.10.0/random/rndjent.c
|
||||
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
|
||||
if (!jent_rng_is_initialized)
|
||||
{
|
||||
/* Auto-initialize. */
|
||||
- jent_rng_is_initialized = 1;
|
||||
jent_entropy_collector_free (jent_rng_collector);
|
||||
jent_rng_collector = NULL;
|
||||
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
|
||||
{
|
||||
- if (!jent_entropy_init ())
|
||||
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ if (!jent_entropy_init_ex (1, 0))
|
||||
+ {
|
||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ jent_rng_is_initialized = 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!jent_rng_collector)
|
||||
+ {
|
||||
+ if (!jent_entropy_init_ex (1, 0))
|
||||
+ {
|
||||
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
|
||||
+ jent_rng_is_initialized = 1;
|
||||
}
|
||||
}
|
||||
|
618
libgcrypt-jitterentropy-3.4.0.patch
Normal file
618
libgcrypt-jitterentropy-3.4.0.patch
Normal file
@ -0,0 +1,618 @@
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
|
||||
@@ -42,7 +42,7 @@
|
||||
* require consumer to be updated (as long as this number
|
||||
* is zero, the API is not considered stable and can
|
||||
* change without a bump of the major version) */
|
||||
-#define MINVERSION 3 /* API compatible, ABI may change, functional
|
||||
+#define MINVERSION 4 /* API compatible, ABI may change, functional
|
||||
* enhancements only, consumer can be left unchanged if
|
||||
* enhancements are not considered */
|
||||
#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
|
||||
@@ -200,29 +200,38 @@ ssize_t jent_read_entropy(struct rand_da
|
||||
tocopy = (DATA_SIZE_BITS / 8);
|
||||
else
|
||||
tocopy = len;
|
||||
- memcpy(p, &ec->data, tocopy);
|
||||
+
|
||||
+ jent_read_random_block(ec, p, tocopy);
|
||||
|
||||
len -= tocopy;
|
||||
p += tocopy;
|
||||
}
|
||||
|
||||
/*
|
||||
- * To be on the safe side, we generate one more round of entropy
|
||||
- * which we do not give out to the caller. That round shall ensure
|
||||
- * that in case the calling application crashes, memory dumps, pages
|
||||
- * out, or due to the CPU Jitter RNG lingering in memory for long
|
||||
- * time without being moved and an attacker cracks the application,
|
||||
- * all he reads in the entropy pool is a value that is NEVER EVER
|
||||
- * being used for anything. Thus, he does NOT see the previous value
|
||||
- * that was returned to the caller for cryptographic purposes.
|
||||
+ * Enhanced backtracking support: At this point, the hash state
|
||||
+ * contains the digest of the previous Jitter RNG collection round
|
||||
+ * which is inserted there by jent_read_random_block with the SHA
|
||||
+ * update operation. At the current code location we completed
|
||||
+ * one request for a caller and we do not know how long it will
|
||||
+ * take until a new request is sent to us. To guarantee enhanced
|
||||
+ * backtracking resistance at this point (i.e. ensure that an attacker
|
||||
+ * cannot obtain information about prior random numbers we generated),
|
||||
+ * but still stirring the hash state with old data the Jitter RNG
|
||||
+ * obtains a new message digest from its state and re-inserts it.
|
||||
+ * After this operation, the Jitter RNG state is still stirred with
|
||||
+ * the old data, but an attacker who gets access to the memory after
|
||||
+ * this point cannot deduce the random numbers produced by the
|
||||
+ * Jitter RNG prior to this point.
|
||||
*/
|
||||
/*
|
||||
- * If we use secured memory, do not use that precaution as the secure
|
||||
- * memory protects the entropy pool. Moreover, note that using this
|
||||
- * call reduces the speed of the RNG by up to half
|
||||
+ * If we use secured memory, where backtracking support may not be
|
||||
+ * needed because the state is protected in a different method,
|
||||
+ * it is permissible to drop this support. But strongly weigh the
|
||||
+ * pros and cons considering that the SHA3 operation is not that
|
||||
+ * expensive.
|
||||
*/
|
||||
#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
|
||||
- jent_random_data(ec);
|
||||
+ jent_read_random_block(ec, NULL, 0);
|
||||
#endif
|
||||
|
||||
err:
|
||||
@@ -379,6 +388,7 @@ static struct rand_data
|
||||
*jent_entropy_collector_alloc_internal(unsigned int osr, unsigned int flags)
|
||||
{
|
||||
struct rand_data *entropy_collector;
|
||||
+ uint32_t memsize = 0;
|
||||
|
||||
/*
|
||||
* Requesting disabling and forcing of internal timer
|
||||
@@ -405,7 +415,7 @@ static struct rand_data
|
||||
return NULL;
|
||||
|
||||
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
|
||||
- uint32_t memsize = jent_memsize(flags);
|
||||
+ memsize = jent_memsize(flags);
|
||||
|
||||
entropy_collector->mem = _gcry_calloc (1, memsize);
|
||||
|
||||
@@ -431,13 +441,19 @@ static struct rand_data
|
||||
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
|
||||
}
|
||||
|
||||
+ if (sha3_alloc(&entropy_collector->hash_state))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Initialize the hash state */
|
||||
+ sha3_256_init(entropy_collector->hash_state);
|
||||
+
|
||||
/* verify and set the oversampling rate */
|
||||
if (osr < JENT_MIN_OSR)
|
||||
osr = JENT_MIN_OSR;
|
||||
entropy_collector->osr = osr;
|
||||
entropy_collector->flags = flags;
|
||||
|
||||
- if (jent_fips_enabled() || (flags & JENT_FORCE_FIPS))
|
||||
+ if ((flags & JENT_FORCE_FIPS) || jent_fips_enabled())
|
||||
entropy_collector->fips_enabled = 1;
|
||||
|
||||
/* Initialize the APT */
|
||||
@@ -469,7 +485,7 @@ static struct rand_data
|
||||
|
||||
err:
|
||||
if (entropy_collector->mem != NULL)
|
||||
- jent_zfree(entropy_collector->mem, JENT_MEMORY_SIZE);
|
||||
+ jent_zfree(entropy_collector->mem, memsize);
|
||||
jent_zfree(entropy_collector, sizeof(struct rand_data));
|
||||
return NULL;
|
||||
}
|
||||
@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
|
||||
void jent_entropy_collector_free(struct rand_data *entropy_collector)
|
||||
{
|
||||
if (entropy_collector != NULL) {
|
||||
+ sha3_dealloc(entropy_collector->hash_state);
|
||||
jent_notime_disable(entropy_collector);
|
||||
if (entropy_collector->mem != NULL) {
|
||||
jent_zfree(entropy_collector->mem,
|
||||
@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
|
||||
int ret;
|
||||
|
||||
jent_notime_block_switch();
|
||||
+ jent_health_cb_block_switch();
|
||||
|
||||
if (sha3_tester())
|
||||
return EHASH;
|
||||
@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
+ ret = ENOTIME;
|
||||
+
|
||||
/* Test without internal timer unless caller does not want it */
|
||||
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
|
||||
ret = jent_time_entropy_init(osr,
|
||||
@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
|
||||
return jent_notime_switch(new_thread);
|
||||
}
|
||||
#endif
|
||||
+
|
||||
+JENT_PRIVATE_STATIC
|
||||
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
|
||||
+{
|
||||
+ return jent_set_fips_failure_callback_internal(cb);
|
||||
+}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
|
||||
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
|
||||
goto out;
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Ensure that we have variations in the time stamp below 100 for at
|
||||
- * least 10% of all checks -- on some platforms, the counter increments
|
||||
- * in multiples of 100, but not always
|
||||
- */
|
||||
- if (running_gcd >= 100) {
|
||||
+ /* Set a sensible maximum value. */
|
||||
+ if (running_gcd >= UINT32_MAX / 2) {
|
||||
ret = ECOARSETIME;
|
||||
goto out;
|
||||
}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
|
||||
@@ -19,9 +19,24 @@
|
||||
* DAMAGE.
|
||||
*/
|
||||
|
||||
-#include "jitterentropy.h"
|
||||
#include "jitterentropy-health.h"
|
||||
|
||||
+static jent_fips_failure_cb fips_cb = NULL;
|
||||
+static int jent_health_cb_switch_blocked = 0;
|
||||
+
|
||||
+void jent_health_cb_block_switch(void)
|
||||
+{
|
||||
+ jent_health_cb_switch_blocked = 1;
|
||||
+}
|
||||
+
|
||||
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb)
|
||||
+{
|
||||
+ if (jent_health_cb_switch_blocked)
|
||||
+ return -EAGAIN;
|
||||
+ fips_cb = cb;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/***************************************************************************
|
||||
* Lag Predictor Test
|
||||
*
|
||||
@@ -434,5 +449,9 @@ unsigned int jent_health_failure(struct
|
||||
if (!ec->fips_enabled)
|
||||
return 0;
|
||||
|
||||
+ if (fips_cb && ec->health_failure) {
|
||||
+ fips_cb(ec, ec->health_failure);
|
||||
+ }
|
||||
+
|
||||
return ec->health_failure;
|
||||
}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
|
||||
@@ -20,11 +20,16 @@
|
||||
#ifndef JITTERENTROPY_HEALTH_H
|
||||
#define JITTERENTROPY_HEALTH_H
|
||||
|
||||
+#include "jitterentropy.h"
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
+void jent_health_cb_block_switch(void);
|
||||
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb);
|
||||
+
|
||||
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
|
||||
{
|
||||
return (next - prev);
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
|
||||
@@ -33,7 +33,7 @@
|
||||
* Update of the loop count used for the next round of
|
||||
* an entropy collection.
|
||||
*
|
||||
- * @ec [in] entropy collector struct -- may be NULL
|
||||
+ * @ec [in] entropy collector struct
|
||||
* @bits [in] is the number of low bits of the timer to consider
|
||||
* @min [in] is the number of bits we shift the timer value to the right at
|
||||
* the end to make sure we have a guaranteed minimum value
|
||||
@@ -61,16 +61,13 @@ static uint64_t jent_loop_shuffle(struct
|
||||
* Mix the current state of the random number into the shuffle
|
||||
* calculation to balance that shuffle a bit more.
|
||||
*/
|
||||
- if (ec) {
|
||||
- jent_get_nstime_internal(ec, &time);
|
||||
- time ^= ec->data[0];
|
||||
- }
|
||||
+ jent_get_nstime_internal(ec, &time);
|
||||
|
||||
/*
|
||||
* We fold the time value as much as possible to ensure that as many
|
||||
* bits of the time stamp are included as possible.
|
||||
*/
|
||||
- for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
|
||||
+ for (i = 0; (((sizeof(time) << 3) + bits - 1) / bits) > i; i++) {
|
||||
shuffle ^= time & mask;
|
||||
time = time >> bits;
|
||||
}
|
||||
@@ -91,11 +88,11 @@ static uint64_t jent_loop_shuffle(struct
|
||||
* This function injects the individual bits of the time value into the
|
||||
* entropy pool using a hash.
|
||||
*
|
||||
- * @ec [in] entropy collector struct -- may be NULL
|
||||
- * @time [in] time stamp to be injected
|
||||
+ * @ec [in] entropy collector struct
|
||||
+ * @time [in] time delta to be injected
|
||||
* @loop_cnt [in] if a value not equal to 0 is set, use the given value as
|
||||
* number of loops to perform the hash operation
|
||||
- * @stuck [in] Is the time stamp identified as stuck?
|
||||
+ * @stuck [in] Is the time delta identified as stuck?
|
||||
*
|
||||
* Output:
|
||||
* updated hash context
|
||||
@@ -104,17 +101,19 @@ static void jent_hash_time(struct rand_d
|
||||
uint64_t loop_cnt, unsigned int stuck)
|
||||
{
|
||||
HASH_CTX_ON_STACK(ctx);
|
||||
- uint8_t itermediary[SHA3_256_SIZE_DIGEST];
|
||||
+ uint8_t intermediary[SHA3_256_SIZE_DIGEST];
|
||||
uint64_t j = 0;
|
||||
- uint64_t hash_loop_cnt;
|
||||
#define MAX_HASH_LOOP 3
|
||||
#define MIN_HASH_LOOP 0
|
||||
|
||||
/* Ensure that macros cannot overflow jent_loop_shuffle() */
|
||||
BUILD_BUG_ON((MAX_HASH_LOOP + MIN_HASH_LOOP) > 63);
|
||||
- hash_loop_cnt =
|
||||
+ uint64_t hash_loop_cnt =
|
||||
jent_loop_shuffle(ec, MAX_HASH_LOOP, MIN_HASH_LOOP);
|
||||
|
||||
+ /* Use the memset to shut up valgrind */
|
||||
+ memset(intermediary, 0, sizeof(intermediary));
|
||||
+
|
||||
sha3_256_init(&ctx);
|
||||
|
||||
/*
|
||||
@@ -125,35 +124,54 @@ static void jent_hash_time(struct rand_d
|
||||
hash_loop_cnt = loop_cnt;
|
||||
|
||||
/*
|
||||
- * This loop basically slows down the SHA-3 operation depending
|
||||
- * on the hash_loop_cnt. Each iteration of the loop generates the
|
||||
- * same result.
|
||||
+ * This loop fills a buffer which is injected into the entropy pool.
|
||||
+ * The main reason for this loop is to execute something over which we
|
||||
+ * can perform a timing measurement. The injection of the resulting
|
||||
+ * data into the pool is performed to ensure the result is used and
|
||||
+ * the compiler cannot optimize the loop away in case the result is not
|
||||
+ * used at all. Yet that data is considered "additional information"
|
||||
+ * considering the terminology from SP800-90A without any entropy.
|
||||
+ *
|
||||
+ * Note, it does not matter which or how much data you inject, we are
|
||||
+ * interested in one Keccack1600 compression operation performed with
|
||||
+ * the sha3_final.
|
||||
*/
|
||||
for (j = 0; j < hash_loop_cnt; j++) {
|
||||
- sha3_update(&ctx, ec->data, SHA3_256_SIZE_DIGEST);
|
||||
- sha3_update(&ctx, (uint8_t *)&time, sizeof(uint64_t));
|
||||
+ sha3_update(&ctx, intermediary, sizeof(intermediary));
|
||||
+ sha3_update(&ctx, (uint8_t *)&ec->rct_count,
|
||||
+ sizeof(ec->rct_count));
|
||||
+ sha3_update(&ctx, (uint8_t *)&ec->apt_cutoff,
|
||||
+ sizeof(ec->apt_cutoff));
|
||||
+ sha3_update(&ctx, (uint8_t *)&ec->apt_observations,
|
||||
+ sizeof(ec->apt_observations));
|
||||
+ sha3_update(&ctx, (uint8_t *)&ec->apt_count,
|
||||
+ sizeof(ec->apt_count));
|
||||
+ sha3_update(&ctx,(uint8_t *) &ec->apt_base,
|
||||
+ sizeof(ec->apt_base));
|
||||
sha3_update(&ctx, (uint8_t *)&j, sizeof(uint64_t));
|
||||
+ sha3_final(&ctx, intermediary);
|
||||
+ }
|
||||
|
||||
- /*
|
||||
- * If the time stamp is stuck, do not finally insert the value
|
||||
- * into the entropy pool. Although this operation should not do
|
||||
- * any harm even when the time stamp has no entropy, SP800-90B
|
||||
- * requires that any conditioning operation to have an identical
|
||||
- * amount of input data according to section 3.1.5.
|
||||
- */
|
||||
+ /*
|
||||
+ * Inject the data from the previous loop into the pool. This data is
|
||||
+ * not considered to contain any entropy, but it stirs the pool a bit.
|
||||
+ */
|
||||
+ sha3_update(ec->hash_state, intermediary, sizeof(intermediary));
|
||||
|
||||
- /*
|
||||
- * The sha3_final operations re-initialize the context for the
|
||||
- * next loop iteration.
|
||||
- */
|
||||
- if (stuck || (j < hash_loop_cnt - 1))
|
||||
- sha3_final(&ctx, itermediary);
|
||||
- else
|
||||
- sha3_final(&ctx, ec->data);
|
||||
- }
|
||||
+ /*
|
||||
+ * Insert the time stamp into the hash context representing the pool.
|
||||
+ *
|
||||
+ * If the time stamp is stuck, do not finally insert the value into the
|
||||
+ * entropy pool. Although this operation should not do any harm even
|
||||
+ * when the time stamp has no entropy, SP800-90B requires that any
|
||||
+ * conditioning operation to have an identical amount of input data
|
||||
+ * according to section 3.1.5.
|
||||
+ */
|
||||
+ if (!stuck)
|
||||
+ sha3_update(ec->hash_state, (uint8_t *)&time, sizeof(uint64_t));
|
||||
|
||||
jent_memset_secure(&ctx, SHA_MAX_CTX_SIZE);
|
||||
- jent_memset_secure(itermediary, sizeof(itermediary));
|
||||
+ jent_memset_secure(intermediary, sizeof(intermediary));
|
||||
}
|
||||
|
||||
#define MAX_ACC_LOOP_BIT 7
|
||||
@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
|
||||
|
||||
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||
{
|
||||
- uint64_t i = 0;
|
||||
+ uint64_t i = 0, time = 0;
|
||||
union {
|
||||
uint32_t u[4];
|
||||
uint8_t b[sizeof(uint32_t) * 4];
|
||||
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
|
||||
uint32_t addressMask;
|
||||
- uint64_t acc_loop_cnt;
|
||||
|
||||
if (NULL == ec || NULL == ec->mem)
|
||||
return;
|
||||
@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
|
||||
|
||||
/* Ensure that macros cannot overflow jent_loop_shuffle() */
|
||||
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
|
||||
- acc_loop_cnt =
|
||||
+ uint64_t acc_loop_cnt =
|
||||
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
|
||||
|
||||
/*
|
||||
@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
|
||||
* "per-update: timing, it gets you mostly independent "per-update"
|
||||
* timing, so we can now benefit from the Central Limit Theorem!
|
||||
*/
|
||||
- for (i = 0; i < sizeof(prngState); i++)
|
||||
- prngState.b[i] ^= ec->data[i];
|
||||
+ for (i = 0; i < sizeof(prngState); i++) {
|
||||
+ jent_get_nstime_internal(ec, &time);
|
||||
+ prngState.b[i] ^= (uint8_t)(time & 0xff);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* testing purposes -- allow test app to set the counter, not
|
||||
@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
|
||||
|
||||
/**
|
||||
* Generator of one 256 bit random number
|
||||
- * Function fills rand_data->data
|
||||
+ * Function fills rand_data->hash_state
|
||||
*
|
||||
* @ec [in] Reference to entropy collector
|
||||
*/
|
||||
void jent_random_data(struct rand_data *ec)
|
||||
{
|
||||
- unsigned int k = 0, safety_factor = ENTROPY_SAFETY_FACTOR;
|
||||
+ unsigned int k = 0, safety_factor = 0;
|
||||
|
||||
- if (!ec->fips_enabled)
|
||||
- safety_factor = 0;
|
||||
+ if (ec->fips_enabled)
|
||||
+ safety_factor = ENTROPY_SAFETY_FACTOR;
|
||||
|
||||
/* priming of the ->prev_time value */
|
||||
jent_measure_jitter(ec, 0, NULL);
|
||||
|
||||
- while (1) {
|
||||
+ while (!jent_health_failure(ec)) {
|
||||
/* If a stuck measurement is received, repeat measurement */
|
||||
if (jent_measure_jitter(ec, 0, NULL))
|
||||
continue;
|
||||
@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
|
||||
break;
|
||||
}
|
||||
}
|
||||
+
|
||||
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len)
|
||||
+{
|
||||
+ uint8_t jent_block[SHA3_256_SIZE_DIGEST];
|
||||
+
|
||||
+ BUILD_BUG_ON(SHA3_256_SIZE_DIGEST != (DATA_SIZE_BITS / 8));
|
||||
+
|
||||
+ /* The final operation automatically re-initializes the ->hash_state */
|
||||
+ sha3_final(ec->hash_state, jent_block);
|
||||
+ if (dst_len)
|
||||
+ memcpy(dst, jent_block, dst_len);
|
||||
+
|
||||
+ /*
|
||||
+ * Stir the new state with the data from the old state - the digest
|
||||
+ * of the old data is not considered to have entropy.
|
||||
+ */
|
||||
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
|
||||
+ jent_memset_secure(jent_block, sizeof(jent_block));
|
||||
+}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
|
||||
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
|
||||
uint64_t loop_cnt,
|
||||
uint64_t *ret_current_delta);
|
||||
void jent_random_data(struct rand_data *ec);
|
||||
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
|
||||
@@ -19,6 +19,7 @@
|
||||
*/
|
||||
|
||||
#include "jitterentropy-sha3.h"
|
||||
+#include "jitterentropy.h"
|
||||
|
||||
/***************************************************************************
|
||||
* Message Digest Implementation
|
||||
@@ -380,3 +381,23 @@ int sha3_tester(void)
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+int sha3_alloc(void **hash_state)
|
||||
+{
|
||||
+ struct sha_ctx *tmp;
|
||||
+
|
||||
+ tmp = jent_zalloc(SHA_MAX_CTX_SIZE);
|
||||
+ if (!tmp)
|
||||
+ return 1;
|
||||
+
|
||||
+ *hash_state = tmp;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void sha3_dealloc(void *hash_state)
|
||||
+{
|
||||
+ struct sha_ctx *ctx = (struct sha_ctx *)hash_state;
|
||||
+
|
||||
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
|
||||
+}
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
|
||||
@@ -47,6 +47,8 @@ struct sha_ctx {
|
||||
void sha3_256_init(struct sha_ctx *ctx);
|
||||
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
|
||||
void sha3_final(struct sha_ctx *ctx, uint8_t *digest);
|
||||
+int sha3_alloc(void **hash_state);
|
||||
+void sha3_dealloc(void *hash_state);
|
||||
int sha3_tester(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
|
||||
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
|
||||
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
|
||||
/* Self test not run yet */
|
||||
if (!jent_force_internal_timer &&
|
||||
- jent_time_entropy_init(flags | JENT_FORCE_INTERNAL_TIMER,
|
||||
- ec->osr))
|
||||
+ jent_time_entropy_init(ec->osr,
|
||||
+ flags | JENT_FORCE_INTERNAL_TIMER))
|
||||
return EHEALTH;
|
||||
|
||||
ec->enable_notime = 1;
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy.h
|
||||
@@ -49,7 +49,7 @@
|
||||
***************************************************************************/
|
||||
|
||||
/*
|
||||
- * Enable timer-less timer support
|
||||
+ * Enable timer-less timer support with JENT_CONF_ENABLE_INTERNAL_TIMER
|
||||
*
|
||||
* In case the hardware is identified to not provide a high-resolution time
|
||||
* stamp, this option enables a built-in high-resolution time stamp mechanism.
|
||||
@@ -166,7 +166,7 @@ struct rand_data
|
||||
* of the RNG are marked as SENSITIVE. A user must not
|
||||
* access that information while the RNG executes its loops to
|
||||
* calculate the next random value. */
|
||||
- uint8_t data[SHA3_256_SIZE_DIGEST]; /* SENSITIVE Actual random number */
|
||||
+ void *hash_state; /* SENSITIVE hash state entropy pool */
|
||||
uint64_t prev_time; /* SENSITIVE Previous time stamp */
|
||||
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
|
||||
|
||||
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
|
||||
JENT_PRIVATE_STATIC
|
||||
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
|
||||
|
||||
+/*
|
||||
+ * Set a callback to run on health failure in FIPS mode.
|
||||
+ * This function will take an action determined by the caller.
|
||||
+ */
|
||||
+typedef void (*jent_fips_failure_cb)(struct rand_data *ec,
|
||||
+ unsigned int health_failure);
|
||||
+JENT_PRIVATE_STATIC
|
||||
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb);
|
||||
+
|
||||
/* return version number of core library */
|
||||
JENT_PRIVATE_STATIC
|
||||
unsigned int jent_version(void);
|
||||
|
||||
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
|
||||
/* Set a different thread handling logic for the notimer support */
|
||||
JENT_PRIVATE_STATIC
|
||||
int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread);
|
||||
-#endif
|
||||
|
||||
/* -- END of Main interface functions -- */
|
||||
|
||||
/* -- BEGIN timer-less threading support functions to prevent code dupes -- */
|
||||
|
||||
-struct jent_notime_ctx {
|
||||
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
|
||||
+
|
||||
+struct jent_notime_ctx {
|
||||
pthread_attr_t notime_pthread_attr; /* pthreads library */
|
||||
pthread_t notime_thread_id; /* pthreads thread ID */
|
||||
-#endif
|
||||
};
|
||||
|
||||
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
|
||||
|
||||
JENT_PRIVATE_STATIC
|
||||
int jent_notime_init(void **ctx);
|
||||
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
|
||||
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
|
||||
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
|
||||
ext = strstr(buf, "K");
|
||||
if (ext) {
|
||||
shift = 10;
|
||||
- ext = '\0';
|
||||
+ *ext = '\0';
|
||||
} else {
|
||||
ext = strstr(buf, "M");
|
||||
if (ext) {
|
||||
shift = 20;
|
||||
- ext = '\0';
|
||||
+ *ext = '\0';
|
||||
}
|
||||
}
|
||||
|
24
libgcrypt-nobetasuffix.patch
Normal file
24
libgcrypt-nobetasuffix.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Index: libgcrypt-1.10.2/autogen.sh
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/autogen.sh
|
||||
+++ libgcrypt-1.10.2/autogen.sh
|
||||
@@ -249,7 +249,7 @@ if [ "$myhost" = "find-version" ]; then
|
||||
fi
|
||||
|
||||
beta=no
|
||||
- if [ -e .git ]; then
|
||||
+ if false; then
|
||||
ingit=yes
|
||||
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
|
||||
tmp=$(echo "$tmp" | sed s/^"$package"//)
|
||||
@@ -265,8 +265,8 @@ if [ "$myhost" = "find-version" ]; then
|
||||
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
|
||||
else
|
||||
ingit=no
|
||||
- beta=yes
|
||||
- tmp="-unknown"
|
||||
+ beta=no
|
||||
+ tmp=""
|
||||
rev="0000000"
|
||||
rvd="0"
|
||||
fi
|
@ -0,0 +1,76 @@
|
||||
commit 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14
|
||||
Author: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Sun Jun 12 21:51:34 2022 +0300
|
||||
|
||||
ppc enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch 3.00
|
||||
|
||||
* cipher/chacha20.c (chacha20_do_setkey) [USE_PPC_VEC]: Enable
|
||||
P10 assembly for HWF_PPC_ARCH_3_00 if ENABLE_FORCE_SOFT_HWFEATURES is
|
||||
defined.
|
||||
* cipher/poly1305.c (poly1305_init) [POLY1305_USE_PPC_VEC]: Likewise.
|
||||
* cipher/rijndael.c (do_setkey) [USE_PPC_CRYPTO_WITH_PPC9LE]: Likewise.
|
||||
---
|
||||
|
||||
This change allows testing P10 implementations with P9 and with QEMU-PPC.
|
||||
|
||||
GnuPG-bug-id: 6006
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
|
||||
Index: libgcrypt-1.10.2/cipher/chacha20.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/cipher/chacha20.c
|
||||
+++ libgcrypt-1.10.2/cipher/chacha20.c
|
||||
@@ -484,6 +484,11 @@ chacha20_do_setkey (CHACHA20_context_t *
|
||||
ctx->use_ppc = (features & HWF_PPC_ARCH_2_07) != 0;
|
||||
# ifndef WORDS_BIGENDIAN
|
||||
ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
|
||||
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
|
||||
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
|
||||
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
|
||||
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
|
||||
+# endif
|
||||
# endif
|
||||
#endif
|
||||
#ifdef USE_S390X_VX
|
||||
Index: libgcrypt-1.10.2/cipher/poly1305.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/cipher/poly1305.c
|
||||
+++ libgcrypt-1.10.2/cipher/poly1305.c
|
||||
@@ -90,11 +90,19 @@ static void poly1305_init (poly1305_cont
|
||||
const byte key[POLY1305_KEYLEN])
|
||||
{
|
||||
POLY1305_STATE *st = &ctx->state;
|
||||
+ unsigned int features = _gcry_get_hw_features ();
|
||||
|
||||
#ifdef POLY1305_USE_PPC_VEC
|
||||
- ctx->use_p10 = (_gcry_get_hw_features () & HWF_PPC_ARCH_3_10) != 0;
|
||||
+ ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
|
||||
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
|
||||
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
|
||||
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
|
||||
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
|
||||
+# endif
|
||||
#endif
|
||||
|
||||
+ (void)features;
|
||||
+
|
||||
ctx->leftover = 0;
|
||||
|
||||
st->h[0] = 0;
|
||||
Index: libgcrypt-1.10.2/cipher/rijndael.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.10.2.orig/cipher/rijndael.c
|
||||
+++ libgcrypt-1.10.2/cipher/rijndael.c
|
||||
@@ -605,6 +605,12 @@ do_setkey (RIJNDAEL_context *ctx, const
|
||||
bulk_ops->xts_crypt = _gcry_aes_ppc9le_xts_crypt;
|
||||
if (hwfeatures & HWF_PPC_ARCH_3_10) /* for P10 */
|
||||
bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
|
||||
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
|
||||
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
|
||||
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
|
||||
+ if (hwfeatures & HWF_PPC_ARCH_3_00)
|
||||
+ bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
|
||||
+# endif
|
||||
}
|
||||
#endif
|
||||
#ifdef USE_PPC_CRYPTO
|
1753
libgcrypt.changes
Normal file
1753
libgcrypt.changes
Normal file
File diff suppressed because it is too large
Load Diff
86
libgcrypt.keyring
Normal file
86
libgcrypt.keyring
Normal file
@ -0,0 +1,86 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
|
||||
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
|
||||
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
|
||||
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
|
||||
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
|
||||
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
|
||||
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
|
||||
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
|
||||
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
|
||||
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
|
||||
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
|
||||
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
|
||||
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
|
||||
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
|
||||
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
|
||||
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
|
||||
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
|
||||
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
|
||||
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
|
||||
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
|
||||
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
|
||||
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
|
||||
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
|
||||
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
|
||||
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
|
||||
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
|
||||
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
|
||||
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
|
||||
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
|
||||
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
|
||||
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
|
||||
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
|
||||
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
|
||||
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
|
||||
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
|
||||
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
|
||||
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
|
||||
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
|
||||
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
|
||||
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
|
||||
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
|
||||
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
|
||||
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
|
||||
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
|
||||
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
|
||||
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
|
||||
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
|
||||
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
|
||||
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
|
||||
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
|
||||
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
|
||||
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
|
||||
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
|
||||
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
|
||||
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
|
||||
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
|
||||
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
|
||||
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
|
||||
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
|
||||
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
|
||||
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
|
||||
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
|
||||
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
|
||||
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
|
||||
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
|
||||
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
|
||||
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
|
||||
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
|
||||
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
|
||||
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
|
||||
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
|
||||
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
|
||||
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
|
||||
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
|
||||
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
|
||||
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
|
||||
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
|
||||
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
|
||||
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
|
||||
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
|
||||
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
|
||||
eiInsGZ/+h5XYrpXTgA=
|
||||
=4+Sn
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
186
libgcrypt.spec
Normal file
186
libgcrypt.spec
Normal file
@ -0,0 +1,186 @@
|
||||
#
|
||||
# spec file for package libgcrypt
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define libsover 20
|
||||
%define libsoname %{name}%{libsover}
|
||||
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
|
||||
Name: libgcrypt
|
||||
Version: 1.10.3
|
||||
Release: 0
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||
Group: Development/Libraries/C and C++
|
||||
URL: https://gnupg.org/software/libgcrypt
|
||||
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
|
||||
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
|
||||
Source2: baselibs.conf
|
||||
Source3: random.conf
|
||||
Source4: hwf.deny
|
||||
# https://gnupg.org/signature_key.asc
|
||||
Source5: libgcrypt.keyring
|
||||
Source99: libgcrypt.changes
|
||||
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
|
||||
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
|
||||
Patch2: libgcrypt-nobetasuffix.patch
|
||||
# FIPS patches:
|
||||
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
|
||||
Patch100: libgcrypt-FIPS-SLI-pk.patch
|
||||
#PATCH-FIX-SUSE bsc#1190700 FIPS: Check keylength in gcry_fips_indicator_kdf()
|
||||
Patch101: libgcrypt-FIPS-SLI-kdf-leylength.patch
|
||||
#PATCH-FIX-SUSE bsc#1190700 FIPS add indicators
|
||||
Patch102: libgcrypt-FIPS-SLI-hash-mac.patch
|
||||
#PATCH-FIX-SUSE bsc#1202117 jsc#SLE-24941 FIPS: Port libgcrypt to use jitterentropy
|
||||
Patch103: libgcrypt-jitterentropy-3.4.0.patch
|
||||
#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
|
||||
Patch104: libgcrypt-FIPS-rndjent_poll.patch
|
||||
# POWER patches [jsc#PED-5088] POWER performance enhancements for cryptography
|
||||
Patch200: libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
|
||||
Patch201: libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
|
||||
BuildRequires: automake >= 1.14
|
||||
BuildRequires: libgpg-error-devel >= 1.27
|
||||
BuildRequires: libtool
|
||||
BuildRequires: makeinfo
|
||||
BuildRequires: pkgconfig
|
||||
%{?suse_build_hwcaps_libs}
|
||||
|
||||
%description
|
||||
Libgcrypt is a general purpose library of cryptographic building
|
||||
blocks. It is originally based on code used by GnuPG. It does not
|
||||
provide any implementation of OpenPGP or other protocols. Thorough
|
||||
understanding of applied cryptography is required to use Libgcrypt.
|
||||
|
||||
%package -n %{libsoname}
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later
|
||||
Group: System/Libraries
|
||||
Provides: %{libsoname}-hmac = %{version}-%{release}
|
||||
Obsoletes: %{libsoname}-hmac < %{version}-%{release}
|
||||
|
||||
%description -n %{libsoname}
|
||||
Libgcrypt is a general purpose crypto library based on the code used in
|
||||
GnuPG (alpha version).
|
||||
|
||||
%package devel
|
||||
Summary: The GNU Crypto Library
|
||||
License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{libsoname} = %{version}
|
||||
Requires: glibc-devel
|
||||
Requires: libgpg-error-devel >= 1.27
|
||||
|
||||
%description devel
|
||||
Libgcrypt is a general purpose library of cryptographic building
|
||||
blocks. It is originally based on code used by GnuPG. It does not
|
||||
provide any implementation of OpenPGP or other protocols. Thorough
|
||||
understanding of applied cryptography is required to use Libgcrypt.
|
||||
|
||||
This package contains needed files to compile and link against the
|
||||
library.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
# Rename the internal .hmac file to include the so library version
|
||||
sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile.am src/Makefile.in
|
||||
|
||||
%build
|
||||
export PUBKEYS="dsa elgamal rsa ecc"
|
||||
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4"
|
||||
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
|
||||
export KDFS="s2k pkdf2 scrypt"
|
||||
|
||||
autoreconf -fi
|
||||
date=$(date -u '+%%Y-%%m-%%dT%%H:%%M+0000' -r %{SOURCE99})
|
||||
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
|
||||
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
%configure \
|
||||
--with-fips-module-version="Libgcrypt version %{version}-%{release}" \
|
||||
--enable-hmac-binary-check="%{hmac_key}" \
|
||||
--enable-ciphers="$CIPHERS" \
|
||||
--enable-pubkey-ciphers="$PUBKEYS" \
|
||||
--enable-digests="$DIGESTS" \
|
||||
--enable-kdfs="$KDFS" \
|
||||
--enable-noexecstack \
|
||||
--disable-static \
|
||||
--enable-m-guard \
|
||||
%ifarch %{sparc}
|
||||
--disable-asm \
|
||||
%endif
|
||||
--enable-random=getentropy \
|
||||
%{nil}
|
||||
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make -k check
|
||||
# run the regression tests also in FIPS mode
|
||||
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
# this is a hack that re-defines the __spec_install_post macro
|
||||
# for a simple reason: the macro strips the binaries and thereby
|
||||
# invalidates a HMAC that may have been created earlier.
|
||||
# solution: create the hashes _after_ the macro runs.
|
||||
|
||||
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
cd src \
|
||||
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
|
||||
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
|
||||
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
|
||||
mv -f %{libpath}.new %{libpath} \
|
||||
rm -f %{libpath}.hmac \
|
||||
%{nil}
|
||||
|
||||
rm %{buildroot}%{_libdir}/%{name}.la
|
||||
|
||||
# Create /etc/gcrypt directory and install random.conf
|
||||
mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
|
||||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
|
||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
|
||||
|
||||
%post -n %{libsoname} -p /sbin/ldconfig
|
||||
%postun -n %{libsoname} -p /sbin/ldconfig
|
||||
|
||||
%files -n %{libsoname}
|
||||
%license COPYING COPYING.LIB LICENSES
|
||||
%doc AUTHORS ChangeLog NEWS README THANKS TODO
|
||||
%{_libdir}/%{name}.so.*
|
||||
%dir %{_sysconfdir}/gcrypt
|
||||
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
|
||||
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
|
||||
|
||||
%files devel
|
||||
%license COPYING COPYING.LIB LICENSES
|
||||
%{_bindir}/dumpsexp
|
||||
%{_bindir}/hmac256
|
||||
%{_bindir}/mpicalc
|
||||
%{_bindir}/%{name}-config
|
||||
%{_libdir}/%{name}.so
|
||||
%{_libdir}/pkgconfig/libgcrypt.pc
|
||||
%{_datadir}/aclocal/%{name}.m4
|
||||
%{_includedir}/gcrypt*.h
|
||||
%{_infodir}/gcrypt.info*%{ext_info}*
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
9
random.conf
Normal file
9
random.conf
Normal file
@ -0,0 +1,9 @@
|
||||
# This file can be used to globally change parameters of
|
||||
# the random generator. Supported options are:
|
||||
|
||||
# Always use the non-blocking /dev/urandom or the respective
|
||||
# system call instead of the blocking /dev/random.
|
||||
# only-urandom
|
||||
|
||||
# Disable the use of the jitter based entropy generator.
|
||||
# disable-jent
|
Loading…
Reference in New Issue
Block a user