pool/libgcrypt
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
libgcrypt/libgcrypt-FIPS-jitter-whole-entropy.patch

42 lines
1.3 KiB
Diff
Raw Permalink Normal View History

Accepting request 1183811 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 1.11.0: * New and extended interfaces: - Add an API for Key Encapsulation Mechanism (KEM). [T6755] - Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5] - Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268] - Add Classic McEliece algorithm. [rC003367b912] - Add One-Step KDF with hash and MAC. [T5964] - Add KDF algorithm HKDF of RFC-5869. [T5964] - Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3] - Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4] - Add ARIA block cipher algorithm. [rC316c6d7715] - Add explicit FIPS indicators for MD and MAC algorithms. [T6376] - Add support for SHAKE as MGF in RSA. [T6557] - Add gcry_md_read support for SHAKE algorithms. [T6539] - Add gcry_md_hash_buffers_ext function. [T7035] - Add cSHAKE hash algorithm. [rC065b3f4e02] - Support internal generation of IV for AEAD cipher mode. [T4873] * Performance: - Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3] - Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1] - Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16] - Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006] - Add PowerPC vector implementation of SM4. [rC0b2da804ee] - Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006] - Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5] - Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4 and Camellia. [rCcf956793af] - Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f] - Add AVX2 and AVX512 accelerated implementations for GHASH (GCM) and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193] OBS-URL: https://build.opensuse.org/request/show/1183811 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=180
2024-06-28 11:08:29 +02:00
Index: libgcrypt-1.10.3/random/rndgetentropy.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndgetentropy.c
+++ libgcrypt-1.10.3/random/rndgetentropy.c
@@ -53,16 +53,30 @@ _gcry_rndgetentropy_gather_random (void
/* When using a blocking random generator try to get some entropy
* from the jitter based RNG. In this case we take up to 50% of the
- * remaining requested bytes. */
+ * remaining requested bytes. In FIPS mode, we get all the entropy
+ * from the jitter RNG. */
if (level >= GCRY_VERY_STRONG_RANDOM)
{
size_t n;
- n = _gcry_rndjent_poll (add, origin, length/2);
- if (n > length/2)
- n = length/2;
- if (length > 1)
- length -= n;
+ /* In FIPS mode, use the whole length of the entropy buffer from
+ * Jitter RNG */
+ if (fips_mode ())
+ {
+ n = _gcry_rndjent_poll (add, origin, length);
+ if (n != length)
+ fips_signal_error ("jitter entropy failed");
+ else
+ length = 0;
+ }
+ else
+ {
+ n = _gcry_rndjent_poll (add, origin, length/2);
+ if (n > length/2)
+ n = length/2;
+ if (length > 1)
+ length -= n;
+ }
}
/* Enter the loop. */
Reference in New Issue Copy Permalink