pool/libgcrypt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1038228 from devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1038228
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=94
This commit is contained in:
Dominique Leuenberger 2022-11-27 11:52:48 +00:00 committed by Git OBS Bridge
commit 42ed2c4012
60 changed files with 547 additions and 15040 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
cavs-test.sh
View File

@ -1,61 +0,0 @@
#!/bin/bash
#
# This is the driver script around the actual FIPS testing
# Written by: Stephan Müller <sm@atsec.com>
# (c) atsec information security corporation
# The easiest way to perform the cipher compliance testing
# is the following:
#
# 1. patch/compile/copy the openssl binary with the patch if necessary
# (old versions hang when running the MC test if unpatched)
#
# 2. unpack the test vector ZIP file to a local dir
#
# 3. set PATH in a way that cavs_driver.pl is found
#
# 4. go to the local dir where you unzipped the test vector archive and execute
# $0
#
# 5. send atsec the prepared CAVS_results-*.zip archive found in the same dir
DATE=$(date +%Y%m%d)
ARCH=$(uname -m)
PATH=$PATH:$(pwd)
# test interface to be used
# can be overridden by passing an argument to this script
# possible values are:
# openssl OpenSSL (default)
# libgcrypt Libgcrypt
# cryptoapi Kernel
INTERFACE="libgcrypt"
if [ "$1" == "-I" -a -n "$2" ]; then
INTERFACE="$2"
fi
for i in $(find ./ -name "*.req");
do
(
cd $(dirname $i) || exit 1
# We have to see whether we check on DSA based on path name
echo $(dirname $i) | if [ ! $(grep -v DSA) ]; then
/usr/lib/libgcrypt/cavs_driver.pl -I $INTERFACE -D $(basename $i)
else
/usr/lib/libgcrypt/cavs_driver.pl -I $INTERFACE $(basename $i)
fi
# for CAVS, we have path/req/<testvectors>
# and want to have the responses in path/resp/*.rsp
if [ $(basename $(dirname $i)) = "req" ]; then
mkdir ../resp > /dev/null 2>&1
outfile="$(basename $i .req).rsp"
mv "$outfile" ../resp/
fi
) &
done
wait
zip -r CAVS_results-$ARCH-$DATE.zip $(find ./ -name "*.rsp")

3072
cavs_driver.pl
View File

File diff suppressed because it is too large Load Diff

1371
drbg_test.patch
View File

File diff suppressed because it is too large Load Diff

35
hwf.deny Normal file
View File

@ -0,0 +1,35 @@
# This file can be used to globally disable the use of hardware
# based optimizations. Supported options are:
# padlock-rng
# padlock-aes
# padlock-sha
# padlock-mmul
# intel-cpu
# intel-fast-shld
# intel-bmi2
# intel-ssse3
# intel-sse4.1
# intel-pclmul
# intel-aesni
# intel-rdrand
# intel-avx
# intel-avx2
# intel-fast-vpgather
# intel-rdtsc
# intel-shaext
# intel-vaes-vpclmul
# arm-neon
# arm-aes
# arm-sha1
# arm-sha2
# arm-pmull
# ppc-vcrypto
# ppc-arch_3_00
# ppc-arch_2_07
# ppc-arch_3_10
# s390x-msa
# s390x-msa-4
# s390x-msa-8
# s390x-msa-9
# s390x-vx

8
libgcrypt-1.8.4-allow_FSM_same_state.patch → libgcrypt-1.10.0-allow_FSM_same_state.patch
View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.8.4/src/fips.c
Index: libgcrypt-1.10.0/src/fips.c
===================================================================
--- libgcrypt-1.8.4.orig/src/fips.c
+++ libgcrypt-1.8.4/src/fips.c
@@ -930,6 +930,10 @@ fips_new_state (enum module_states new_s
--- libgcrypt-1.10.0.orig/src/fips.c
+++ libgcrypt-1.10.0/src/fips.c
@@ -890,6 +890,10 @@ fips_new_state (enum module_states new_s
}

8
libgcrypt-out-of-core-handler.patch → libgcrypt-1.10.0-out-of-core-handler.patch
View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.9.4/src/global.c
Index: libgcrypt-1.10.0/src/global.c
===================================================================
--- libgcrypt-1.9.4.orig/src/global.c
+++ libgcrypt-1.9.4/src/global.c
@@ -951,7 +951,6 @@ _gcry_set_outofcore_handler (int (*f)(vo
--- libgcrypt-1.10.0.orig/src/global.c
+++ libgcrypt-1.10.0/src/global.c
@@ -974,7 +974,6 @@ _gcry_set_outofcore_handler (int (*f)(vo
if (fips_mode () )
{

114
libgcrypt-1.10.0-use-fipscheck.patch Normal file
View File

@ -0,0 +1,114 @@
Index: libgcrypt-1.10.1/src/fips.c
===================================================================
--- libgcrypt-1.10.1.orig/src/fips.c
+++ libgcrypt-1.10.1/src/fips.c
@@ -949,6 +949,65 @@ hmac256_check (const char *filename, con
return err;
}
+static int
+get_library_path(const char *libname, const char *symbolname,
+ char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL)
+ return -1;
+
+ sym = dlsym(dl, symbolname);
+ if (sym != NULL && dladdr(sym, &info))
+ {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+
+static gpg_error_t
+get_hmac_path(char **fname, char *suffix)
+{
+ char libpath[4096];
+ gpg_error_t err;
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version",
+ libpath, sizeof(libpath)))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ *fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
+ if (!*fname)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ char *p;
+
+ /* Prefix the basename with a dot. */
+ strcpy (*fname, libpath);
+ p = strrchr (*fname, '/');
+ if (p)
+ p++;
+ else
+ p = *fname;
+ memmove (p+1, p, strlen (p)+1);
+ *p = '.';
+ strcat (*fname, suffix);
+ err = 0;
+ }
+ }
+ return err;
+}
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
@@ -997,6 +1056,33 @@ run_hmac_sha256_selftests (int extended)
}
#endif
+int
+can_skip_selftests(void)
+{
+ char *fname = NULL;
+ int ret = 0;
+
+ if (fips_mode())
+ return 0;
+
+ if (get_hmac_path(&fname, ".fips"))
+ return 0;
+
+ /* check the hmac presence */
+ if (access(fname, F_OK))
+ /* no hmac file is present, don't run the tests */
+ if (errno == ENOENT)
+ ret = 1;
+ /* otherwise one of these events happened:
+ * access() returned 0
+ * -> run the tests
+ * some error other than ENOENT occurred
+ * -> run the tests anyway and let them fail
+ */
+
+ xfree(fname);
+ return ret;
+}
/* Run the self-tests. If EXTENDED is true, extended versions of the
selftest are run, that is more tests than required by FIPS. */
@@ -1006,6 +1092,9 @@ _gcry_fips_run_selftests (int extended)
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
+ if (can_skip_selftests())
+ return 0;
+
if (fips_mode ())
fips_new_state (STATE_SELFTEST);

3
libgcrypt-1.10.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de
size 3778457

BIN
libgcrypt-1.10.1.tar.bz2.sig Normal file
View File

Binary file not shown.

17
libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
View File

@ -1,17 +0,0 @@
Index: libgcrypt-1.9.0/cipher/Makefile.am
===================================================================
--- libgcrypt-1.9.0.orig/cipher/Makefile.am
+++ libgcrypt-1.9.0/cipher/Makefile.am
@@ -155,6 +155,12 @@ tiger.o: $(srcdir)/tiger.c Makefile
tiger.lo: $(srcdir)/tiger.c Makefile
`echo $(LTCOMPILE) -c $< | $(o_flag_munging) `
+# rijndael.c needs -fno-strict-aliasing
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
# We need to disable instrumentation for these modules as they use cc as
# thin assembly front-end and do not tolerate in-between function calls

27
libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
View File

@ -1,27 +0,0 @@
From: draht@suse.com
Subject: LIBGCRYPT_FORCE_FIPS_MODE env
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt
Index: libgcrypt-1.5.2/src/fips.c
===================================================================
--- libgcrypt-1.5.2.orig/src/fips.c
+++ libgcrypt-1.5.2/src/fips.c
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
+ /* for convenience, so that a process can run fips-enabled, but
+ not necessarily all of them, enable FIPS mode via environment
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
+
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+ {
+ gcry_assert (!_gcry_no_fips_mode_required);
+ goto leave;
+ }
+
+
/* For testing the system it is useful to override the system
provided detection of the FIPS mode and force FIPS mode using a
file. The filename is hardwired so that there won't be any

1126
libgcrypt-1.6.1-fips-cavs.patch
View File

File diff suppressed because it is too large Load Diff

81
libgcrypt-1.6.1-use-fipscheck.patch
View File

@ -1,81 +0,0 @@
---
src/Makefile.in | 2 +-
src/fips.c | 39 ++++++++++++++++++++++++++++++++-------
2 files changed, 33 insertions(+), 8 deletions(-)
Index: libgcrypt-1.9.0/src/fips.c
===================================================================
--- libgcrypt-1.9.0.orig/src/fips.c
+++ libgcrypt-1.9.0/src/fips.c
@@ -603,23 +603,49 @@ run_random_selftests (void)
return !!err;
}
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL)
+ return -1;
+
+ sym = dlsym(dl, symbolname);
+ if (sym != NULL && dladdr(sym, &info))
+ {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
- if (!dladdr ("gcry_check_version", &info))
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -627,7 +652,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -636,7 +661,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;

266
libgcrypt-1.8.3-fips-ctor.patch
View File

@ -1,266 +0,0 @@
Index: libgcrypt-1.9.0/cipher/md.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/md.c
+++ libgcrypt-1.9.0/cipher/md.c
@@ -564,11 +564,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
Index: libgcrypt-1.9.0/src/fips.c
===================================================================
--- libgcrypt-1.9.0.orig/src/fips.c
+++ libgcrypt-1.9.0/src/fips.c
@@ -90,7 +90,31 @@ static void fips_new_state (enum module_
#define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p))
-
+/* Initialize the FSM lock - this function may only
+ be called once and is intended to be run from the library
+ constructor */
+void
+_gcry_initialize_fsm_lock (void)
+{
+ gpg_error_t err;
+ /* Intitialize the lock to protect the FSM. */
+ err = gpgrt_lock_init (&fsm_lock);
+ if (err)
+ {
+ /* If that fails we can't do anything but abort the
+ process. We need to use log_info so that the FSM won't
+ get involved. */
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "creating FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+}
+
/* Check whether the OS is in FIPS mode and record that in a module
local variable. If FORCE is passed as true, fips mode will be
enabled anyway. Note: This function is not thread-safe and should
@@ -100,7 +124,6 @@ void
_gcry_initialize_fips_mode (int force)
{
static int done;
- gpg_error_t err;
/* Make sure we are not accidentally called twice. */
if (done)
@@ -190,24 +213,6 @@ _gcry_initialize_fips_mode (int force)
/* Yes, we are in FIPS mode. */
FILE *fp;
- /* Intitialize the lock to protect the FSM. */
- err = gpgrt_lock_init (&fsm_lock);
- if (err)
- {
- /* If that fails we can't do anything but abort the
- process. We need to use log_info so that the FSM won't
- get involved. */
- log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
- gpg_strerror (err));
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
- "creating FSM lock failed: %s - abort",
- gpg_strerror (err));
-#endif /*HAVE_SYSLOG*/
- abort ();
- }
-
-
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
@@ -356,16 +361,20 @@ _gcry_fips_is_operational (void)
{
int result;
- if (!fips_mode ())
+ lock_fsm ();
+ if (current_state == STATE_POWERON && !fips_mode ())
+ /* If we are at this point in POWERON state it means the FIPS
+ module installation was not completed. (/etc/system-fips
+ is not present.) */
result = 1;
else
{
- lock_fsm ();
- if (current_state == STATE_INIT)
+ if (current_state == STATE_INIT || current_state == STATE_SELFTEST)
{
- /* If we are still in the INIT state, we need to run the
- selftests so that the FSM can eventually get into
- operational state. Given that we would need a 2-phase
+ /* If we are still in the INIT (or SELFTEST) state,
+ we need to run (or finish) the selftests so
+ that the FSM can eventually get into operational
+ state. Given that we would need a 2-phase
initialization of libgcrypt, but that has traditionally
not been enforced, we use this on demand self-test
checking. Note that Proper applications would do the
@@ -381,9 +390,11 @@ _gcry_fips_is_operational (void)
lock_fsm ();
}
- result = (current_state == STATE_OPERATIONAL);
- unlock_fsm ();
+ result = (current_state == STATE_OPERATIONAL) || !fips_mode ();
+ /* We always run the selftests but ignore the result
+ in non-FIPS mode. */
}
+ unlock_fsm ();
return result;
}
@@ -729,9 +740,25 @@ _gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
+ int in_poweron;
- if (fips_mode ())
- fips_new_state (STATE_SELFTEST);
+ lock_fsm ();
+ in_poweron = (current_state == STATE_POWERON);
+ unlock_fsm ();
+
+ fips_new_state (STATE_SELFTEST);
+
+ /* We first check the integrity of the binary.
+ If run from the constructor we are in POWERON state,
+ we return and finish the remaining selftests before
+ real use of the library. It will be in the POWERON
+ state meanwhile. */
+ if (in_poweron)
+ if (check_binary_integrity ())
+ goto leave;
+
+ if (in_poweron)
+ return 0;
if (run_cipher_selftests (extended))
goto leave;
@@ -753,21 +780,12 @@ _gcry_fips_run_selftests (int extended)
if (run_pubkey_selftests (extended))
goto leave;
- if (fips_mode ())
- {
- /* Now check the integrity of the binary. We do this this after
- having checked the HMAC code. */
- if (check_binary_integrity ())
- goto leave;
- }
-
/* All selftests passed. */
result = STATE_OPERATIONAL;
ec = 0;
leave:
- if (fips_mode ())
- fips_new_state (result);
+ fips_new_state (result);
return ec;
}
@@ -823,6 +841,7 @@ fips_new_state (enum module_states new_s
{
case STATE_POWERON:
if (new_state == STATE_INIT
+ || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
@@ -837,6 +856,8 @@ fips_new_state (enum module_states new_s
case STATE_SELFTEST:
if (new_state == STATE_OPERATIONAL
+ || new_state == STATE_INIT
+ || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
Index: libgcrypt-1.9.0/src/global.c
===================================================================
--- libgcrypt-1.9.0.orig/src/global.c
+++ libgcrypt-1.9.0/src/global.c
@@ -141,6 +141,29 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ /* We always need the FSM lock to be functional. */
+ _gcry_initialize_fsm_lock ();
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ /* We run the integrity check at this point. The remaining
+ selftests are run before use of the library by application. */
+ _gcry_fips_run_selftests (0);
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -672,9 +695,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+ && !_gcry_is_fips_mode_inactive ())
+ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
case GCRYCTL_FORCE_FIPS_MODE:
@@ -750,9 +772,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!_gcry_global_any_init_done)
+ if (fips_mode())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}
Index: libgcrypt-1.9.0/src/g10lib.h
===================================================================
--- libgcrypt-1.9.0.orig/src/g10lib.h
+++ libgcrypt-1.9.0/src/g10lib.h
@@ -429,6 +429,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
extern int _gcry_no_fips_mode_required;
+void _gcry_initialize_fsm_lock (void);
+
void _gcry_initialize_fips_mode (int force);
/* This macro returns true if fips mode is enabled. This is

66
libgcrypt-1.8.4-fips-keygen.patch
View File

@ -1,66 +0,0 @@
Index: libgcrypt-1.9.1/cipher/dsa.c
===================================================================
--- libgcrypt-1.9.1.orig/cipher/dsa.c
+++ libgcrypt-1.9.1/cipher/dsa.c
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
+ else if (!domain->p || !domain->q)
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -859,13 +868,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
Index: libgcrypt-1.9.1/cipher/rsa.c
===================================================================
--- libgcrypt-1.9.1.orig/cipher/rsa.c
+++ libgcrypt-1.9.1/cipher/rsa.c
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits < 2048)
return GPG_ERR_INV_VALUE;
/* The random quality depends on the transient_key flag. */
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */

32
libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
View File

@ -1,32 +0,0 @@
Index: libgcrypt-1.8.4/src/global.c
===================================================================
--- libgcrypt-1.8.4.orig/src/global.c
+++ libgcrypt-1.8.4/src/global.c
@@ -141,27 +141,10 @@ global_init (void)
}
-#ifndef FIPS_MODULE_PATH
-#define FIPS_MODULE_PATH "/etc/system-fips"
-#endif
-
void __attribute__ ((constructor)) _gcry_global_constructor (void)
{
- int rv;
-
/* We always need the FSM lock to be functional. */
_gcry_initialize_fsm_lock ();
-
- rv = access (FIPS_MODULE_PATH, F_OK);
- if (rv < 0 && errno != ENOENT)
- rv = 0;
-
- if (!rv)
- {
- /* We run the integrity check at this point. The remaining
- selftests are run before use of the library by application. */
- _gcry_fips_run_selftests (0);
- }
}
/* This function is called by the macro fips_is_operational and makes

124
libgcrypt-1.8.4-getrandom.patch
View File

@ -1,124 +0,0 @@
Index: libgcrypt-1.9.1/random/random-csprng.c
===================================================================
--- libgcrypt-1.9.1.orig/random/random-csprng.c
+++ libgcrypt-1.9.1/random/random-csprng.c
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -1202,6 +1206,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
Index: libgcrypt-1.9.1/random/random.c
===================================================================
--- libgcrypt-1.9.1.orig/random/random.c
+++ libgcrypt-1.9.1/random/random.c
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
Index: libgcrypt-1.9.1/random/rndlinux.c
===================================================================
--- libgcrypt-1.9.1.orig/random/rndlinux.c
+++ libgcrypt-1.9.1/random/rndlinux.c
@@ -39,6 +39,7 @@ extern int getentropy (void *buf, size_t
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
#ifdef HAVE_SYSCALL
# include <sys/syscall.h>
+# include <linux/random.h>
# ifdef __NR_getrandom
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
# endif
@@ -155,12 +156,12 @@ _gcry_rndlinux_gather_random (void (*add
if (!add)
{
/* Special mode to close the descriptors. */
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -176,12 +177,12 @@ _gcry_rndlinux_gather_random (void (*add
apid = getpid ();
if (my_pid != apid)
{
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -230,6 +231,17 @@ _gcry_rndlinux_gather_random (void (*add
{
if (fd_urandom == -1)
{
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ fd_urandom = -2;
+ else /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
ever_opened |= 2;
}
@@ -272,9 +284,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* getentropy is not supported - fallback to pulling from fd. */
- else
+ if (1)
{ /* getentropy is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getentropy: %s\n",

39
libgcrypt-1.8.4-use_xfree.patch
View File

@ -1,39 +0,0 @@
Index: libgcrypt-1.8.4/src/hmac256.c
===================================================================
--- libgcrypt-1.8.4.orig/src/hmac256.c
+++ libgcrypt-1.8.4/src/hmac256.c
@@ -69,6 +69,7 @@ typedef uint32_t u32;
#ifdef STANDALONE
#define xtrymalloc(a) malloc((a))
+#define xfree(a) free((a))
#define gpg_err_set_errno(a) (errno = (a))
#else
#include "g10lib.h"
@@ -341,7 +342,7 @@ _gcry_hmac256_new (const void *key, size
tmphd = _gcry_hmac256_new (NULL, 0);
if (!tmphd)
{
- free (hd);
+ xfree (hd);
return NULL;
}
_gcry_hmac256_update (tmphd, key, keylen);
@@ -373,7 +374,7 @@ _gcry_hmac256_release (hmac256_context_t
/* Note: We need to take care not to modify errno. */
if (ctx->use_hmac)
my_wipememory (ctx->opad, 64);
- free (ctx);
+ xfree (ctx);
}
}
@@ -489,7 +490,7 @@ _gcry_hmac256_file (void *result, size_t
while ( (nread = fread (buffer, 1, buffer_size, fp)))
_gcry_hmac256_update (hd, buffer, nread);
- free (buffer);
+ xfree (buffer);
if (ferror (fp))
{

3
libgcrypt-1.9.4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7
size 3239704

BIN
libgcrypt-1.9.4.tar.bz2.sig
View File

Binary file not shown.

13
libgcrypt-FIPS-GMAC_AES-benckmark.patch
View File

@ -1,13 +0,0 @@
Index: libgcrypt-1.8.2/tests/benchmark.c
===================================================================
--- libgcrypt-1.8.2.orig/tests/benchmark.c
+++ libgcrypt-1.8.2/tests/benchmark.c
@@ -598,7 +598,7 @@ mac_bench ( const char *algoname )
if (!algoname)
{
for (i=1; i < 600; i++)
- if (in_fips_mode && i == GCRY_MAC_HMAC_MD5)
+ if (in_fips_mode && (i == GCRY_MAC_HMAC_MD5 || i == GCRY_MAC_GMAC_AES))
; /* Don't use MD5 in fips mode. */
else if ( !gcry_mac_test_algo (i) )
mac_bench (gcry_mac_algo_name (i));

203
libgcrypt-FIPS-HMAC-short-keylen.patch
View File

@ -1,203 +0,0 @@
From 76aad97dd312e83f2f9b8d086553f2b72ab6546f Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 19 Jan 2022 11:41:40 +0900
Subject: [PATCH 2/2] fips: Reject shorter key for HMAC in FIPS mode.
* cipher/md.c (prepare_macpads): Reject < 112-bit key.
* cipher/kdf.c (selftest_pbkdf2): Remove selftest cases with shorter
key.
* cipher/mac-hmac.c (selftests_sha224, selftests_sha256): Likewise.
(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
* tests/basic.c (check_one_hmac) Handle an error when shorter key
is rejected.
(check_one_mac): Likewise.
* tests/t-kdf.c (check_pbkdf2, check_scrypt): Likewise.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
cipher/kdf.c | 76 ++---------------------------------------------
cipher/mac-hmac.c | 67 -----------------------------------------
cipher/md.c | 3 ++
tests/basic.c | 29 +++++++++++++++---
tests/t-kdf.c | 38 ++++++++++++++++++++----
5 files changed, 62 insertions(+), 151 deletions(-)
Index: libgcrypt-1.9.4/cipher/kdf.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/kdf.c
+++ libgcrypt-1.9.4/cipher/kdf.c
@@ -324,6 +324,10 @@ check_one (int algo, int hash_algo,
unsigned char key[512]; /* hardcoded to avoid allocation */
size_t keysize = expectlen;
+ /* Skip test with shoter passphrase in FIPS mode. */
+ if (fips_mode () && passphraselen < 14)
+ return NULL;
+
if (keysize > sizeof(key))
return "invalid tests data";
Index: libgcrypt-1.9.4/cipher/mac-hmac.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/mac-hmac.c
+++ libgcrypt-1.9.4/cipher/mac-hmac.c
@@ -241,6 +241,11 @@ check_one (int algo,
const unsigned char *digest;
/* printf ("HMAC algo %d\n", algo); */
+
+ /* Skip test with shoter key in FIPS mode. */
+ if (fips_mode () && keylen < 14)
+ return NULL;
+
if (trunc)
{
if (_gcry_md_get_algo_dlen (algo) < expectlen)
Index: libgcrypt-1.9.4/cipher/md.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/md.c
+++ libgcrypt-1.9.4/cipher/md.c
@@ -903,6 +903,9 @@ prepare_macpads (gcry_md_hd_t a, const u
{
GcryDigestEntry *r;
+ if (fips_mode () && keylen < 14)
+ return GPG_ERR_INV_VALUE;
+
if (!a->ctx->list)
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
Index: libgcrypt-1.9.4/tests/basic.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/basic.c
+++ libgcrypt-1.9.4/tests/basic.c
@@ -12016,7 +12016,19 @@ check_one_hmac (int algo, const char *da
return;
}
- gcry_md_setkey( hd, key, keylen );
+ err = gcry_md_setkey( hd, key, keylen );
+ if (err)
+ {
+ if (in_fips_mode)
+ {
+ if (verbose)
+ fprintf (stderr,
+ " shorter key (%d) rejected correctly in fips mode\n",
+ keylen);
+ }
+ gcry_md_close (hd);
+ return;
+ }
gcry_md_write (hd, data, datalen);
@@ -12420,9 +12432,18 @@ check_one_mac (int algo, const char *dat
clutter_vector_registers();
err = gcry_mac_setkey (hd, key, keylen);
if (err)
- fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err));
- if (err)
- goto out;
+ {
+ if (in_fips_mode)
+ {
+ if (verbose)
+ fprintf (stderr,
+ " shorter key (%d) rejected correctly in fips mode\n",
+ keylen);
+ }
+ else
+ fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err));
+ goto out;
+ }
if (ivlen && iv)
{
Index: libgcrypt-1.9.4/tests/t-kdf.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/t-kdf.c
+++ libgcrypt-1.9.4/tests/t-kdf.c
@@ -31,6 +31,8 @@
#define PGM "t-kdf"
#include "t-common.h"
+static int in_fips_mode;
+
static void
dummy_consumer (volatile char *buffer, size_t buflen)
@@ -858,8 +860,7 @@ check_openpgp (void)
if (tv[tvidx].disabled)
continue;
/* MD5 isn't supported in fips mode */
- if (gcry_fips_mode_active()
- && tv[tvidx].hashalgo == GCRY_MD_MD5)
+ if (in_fips_mode && tv[tvidx].hashalgo == GCRY_MD_MD5)
continue;
if (verbose)
fprintf (stderr, "checking S2K test vector %d\n", tvidx);
@@ -1104,7 +1105,7 @@ check_pbkdf2 (void)
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].c, tv[tvidx].dklen, outbuf);
- if (gcry_fips_mode_active() && tvidx > 6)
+ if (in_fips_mode && tvidx > 6)
{
if (!err)
fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
@@ -1112,7 +1113,17 @@ check_pbkdf2 (void)
continue;
}
if (err)
- fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
+ {
+ if (in_fips_mode && tv[tvidx].plen < 14)
+ {
+ if (verbose)
+ fprintf (stderr,
+ " shorter key (%u) rejected correctly in fips mode\n",
+ (unsigned int)tv[tvidx].plen);
+ }
+ else
+ fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
+ }
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
{
fail ("pbkdf2 test %d failed: mismatch\n", tvidx);
@@ -1209,7 +1220,17 @@ check_scrypt (void)
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].parm_p, tv[tvidx].dklen, outbuf);
if (err)
- fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err));
+ {
+ if (in_fips_mode && tv[tvidx].plen < 14)
+ {
+ if (verbose)
+ fprintf (stderr,
+ " shorter key (%u) rejected correctly in fips mode\n",
+ (unsigned int)tv[tvidx].plen);
+ }
+ else
+ fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err));
+ }
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
{
fail ("scrypt test %d failed: mismatch\n", tvidx);
@@ -1281,7 +1302,12 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
- xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
+
+ if (!in_fips_mode)
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
+
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));

245
libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
View File

@ -1,245 +0,0 @@
Index: libgcrypt-1.9.0/cipher/pubkey.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey.c
+++ libgcrypt-1.9.0/cipher/pubkey.c
@@ -384,6 +384,33 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain,
}
+static gcry_err_code_t
+calculate_hash (gcry_md_hd_t hd, gcry_sexp_t* s_hash)
+{
+ gcry_err_code_t rc;
+ const unsigned char *digest;
+ int algo;
+
+ if (!hd)
+ return 0;
+
+ rc = _gcry_pk_util_get_algo (*s_hash, &algo);
+ if (rc)
+ return rc;
+
+ digest = _gcry_md_read(hd, algo);
+ if (!digest)
+ return GPG_ERR_DIGEST_ALGO;
+
+ rc = _gcry_sexp_build (s_hash, NULL,
+ "(data (flags pkcs1)(hash %s %b))",
+ _gcry_md_algo_name(algo),
+ (int) _gcry_md_get_algo_dlen(algo),
+ digest);
+
+ return rc;
+}
+
/*
Create a signature.
@@ -414,7 +441,8 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain,
Note that (hash algo) in R_SIG is not used.
*/
gcry_err_code_t
-_gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+_gcry_pk_sign_md (gcry_sexp_t *r_sig, gcry_md_hd_t hd, gcry_sexp_t s_hash,
+ gcry_sexp_t s_skey)
{
gcry_err_code_t rc;
gcry_pk_spec_t *spec;
@@ -426,6 +454,10 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_
if (rc)
goto leave;
+ rc = calculate_hash (hd, &s_hash);
+ if (rc)
+ goto leave;
+
if (spec->sign)
rc = spec->sign (r_sig, s_hash, keyparms);
else
@@ -437,6 +469,13 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_
}
+gcry_err_code_t
+_gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+{
+ return _gcry_pk_sign_md (r_sig, NULL, s_hash, s_skey);
+}
+
+
/*
Verify a signature.
@@ -445,7 +484,8 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_
as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data
must be an S-Exp like the one in sign too. */
gcry_err_code_t
-_gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
+_gcry_pk_verify_md (gcry_sexp_t s_sig, gcry_md_hd_t hd, gcry_sexp_t s_hash,
+ gcry_sexp_t s_pkey)
{
gcry_err_code_t rc;
gcry_pk_spec_t *spec;
@@ -455,6 +495,10 @@ _gcry_pk_verify (gcry_sexp_t s_sig, gcry
if (rc)
goto leave;
+ rc = calculate_hash (hd, &s_hash);
+ if (rc)
+ goto leave;
+
if (spec->verify)
rc = spec->verify (s_sig, s_hash, keyparms);
else
@@ -466,6 +510,13 @@ _gcry_pk_verify (gcry_sexp_t s_sig, gcry
}
+gcry_err_code_t
+_gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
+{
+ return _gcry_pk_verify_md (s_sig, NULL, s_hash, s_pkey);
+}
+
+
/*
Test a key.
Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
+++ libgcrypt-1.9.0/cipher/pubkey-internal.h
@@ -43,6 +43,8 @@ void _gcry_pk_util_free_encoding_ctx (st
gcry_err_code_t _gcry_pk_util_data_to_mpi (gcry_sexp_t input,
gcry_mpi_t *ret_mpi,
struct pk_encoding_ctx *ctx);
+gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input,
+ int *algo);
Index: libgcrypt-1.9.0/cipher/pubkey-util.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
+++ libgcrypt-1.9.0/cipher/pubkey-util.c
@@ -1158,3 +1158,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
return rc;
}
+
+
+gcry_err_code_t
+_gcry_pk_util_get_algo (gcry_sexp_t input, int *algo)
+{
+ gcry_err_code_t rc = 0;
+ gcry_sexp_t ldata, list = NULL;
+ const char *s;
+ size_t n;
+ int lalgo;
+
+ ldata = sexp_find_token (input, "data", 0);
+ if (!ldata)
+ {
+ rc = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+
+ list = sexp_find_token (ldata, "hash-algo", 0);
+ if (!list)
+ {
+ rc = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+
+ s = sexp_nth_data (list, 1, &n);
+ if (!s)
+ {
+ rc = GPG_ERR_NO_OBJ;
+ goto leave;
+ }
+
+ lalgo = get_hash_algo (s, n);
+ if (!lalgo)
+ {
+ rc = GPG_ERR_DIGEST_ALGO;
+ goto leave;
+ }
+
+ *algo = lalgo;
+
+ leave:
+ sexp_release (ldata);
+ sexp_release (list);
+
+ return rc;
+}
Index: libgcrypt-1.9.0/src/g10lib.h
===================================================================
--- libgcrypt-1.9.0.orig/src/g10lib.h
+++ libgcrypt-1.9.0/src/g10lib.h
@@ -299,6 +299,10 @@ gpg_err_code_t _gcry_generate_fips186_3_
gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
unsigned int bits);
+gcry_err_code_t _gcry_pk_sign_md (gcry_sexp_t *r_sig, gcry_md_hd_t hd,
+ gcry_sexp_t s_hash, gcry_sexp_t s_skey);
+gcry_err_code_t _gcry_pk_verify_md (gcry_sexp_t s_sig, gcry_md_hd_t hd,
+ gcry_sexp_t s_hash, gcry_sexp_t s_pkey);
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
Index: libgcrypt-1.9.0/src/visibility.c
===================================================================
--- libgcrypt-1.9.0.orig/src/visibility.c
+++ libgcrypt-1.9.0/src/visibility.c
@@ -992,6 +992,18 @@ gcry_pk_decrypt (gcry_sexp_t *result, gc
}
gcry_error_t
+gcry_pk_sign_md (gcry_sexp_t *result, gcry_md_hd_t hd, gcry_sexp_t data,
+ gcry_sexp_t skey)
+{
+ if (!fips_is_operational ())
+ {
+ *result = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pk_sign_md (result, hd, data, skey));
+}
+
+gcry_error_t
gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey)
{
if (!fips_is_operational ())
@@ -1003,6 +1015,15 @@ gcry_pk_sign (gcry_sexp_t *result, gcry_
}
gcry_error_t
+gcry_pk_verify_md (gcry_sexp_t sigval, gcry_md_hd_t hd, gcry_sexp_t data,
+ gcry_sexp_t pkey)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_pk_verify_md (sigval, hd, data, pkey));
+}
+
+gcry_error_t
gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
{
if (!fips_is_operational ())
Index: libgcrypt-1.9.0/src/visibility.h
===================================================================
--- libgcrypt-1.9.0.orig/src/visibility.h
+++ libgcrypt-1.9.0/src/visibility.h
@@ -360,8 +360,10 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
#define gcry_pk_get_param _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_sign_md _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_sign _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_testkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_verify_md _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pubkey_get_sexp _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_ecc_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION

585
libgcrypt-FIPS-RSA-keylen-tests.patch
View File

@ -1,585 +0,0 @@
From cc3571a1f2244bdf829d7d16dd546131711eb8a9 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 8 Nov 2021 13:57:18 +0900
Subject: tests: Expect errors from algorithms not supported in
FIPS mode.
* tests/basic.c (FLAG_NOFIPS): New.
(check_pubkey_sign): Pass and handle NOFIPS flag.
(check_pubkey_sign_ecdsa): Likewise.
(check_pubkey_crypt): Likewise.
(do_check_one_pubkey): Pass flags.
(check_pubkey): Mark explicitly algorithms expected not to work in
FIPS mode and make sure they fail.
--
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/basic.c | 65 ++++++++++++++++++++++++++++++++++++---------------
1 file changed, 46 insertions(+), 19 deletions(-)
Index: libgcrypt-1.9.4/tests/basic.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/basic.c
+++ libgcrypt-1.9.4/tests/basic.c
@@ -55,9 +55,10 @@ typedef struct test_spec_pubkey
}
test_spec_pubkey_t;
-#define FLAG_CRYPT (1 << 0)
-#define FLAG_SIGN (1 << 1)
-#define FLAG_GRIP (1 << 2)
+#define FLAG_CRYPT (1 << 0)
+#define FLAG_SIGN (1 << 1)
+#define FLAG_GRIP (1 << 2)
+#define FLAG_NOFIPS (1 << 3)
static int in_fips_mode;
@@ -13509,7 +13510,8 @@ verify_one_signature (gcry_sexp_t pkey,
/* Test the public key sign function using the private key SKEY. PKEY
is used for verification. */
static void
-check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo)
+check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
+ int flags)
{
gcry_error_t rc;
gcry_sexp_t sig, badhash, hash;
@@ -13588,6 +13590,7 @@ check_pubkey_sign (int n, gcry_sexp_t sk
if (rc)
die ("converting data failed: %s\n", gpg_strerror (rc));
+ sig = NULL;
for (dataidx = 0; datas[dataidx].data; dataidx++)
{
if (datas[dataidx].algo && datas[dataidx].algo != algo)
@@ -13603,12 +13606,19 @@ check_pubkey_sign (int n, gcry_sexp_t sk
die ("converting data failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_sign (&sig, hash, skey);
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
+ {
+ if (!rc)
+ fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
+ goto next;
+ }
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
if (!rc)
verify_one_signature (pkey, hash, badhash, sig);
+ next:
gcry_sexp_release (sig);
sig = NULL;
gcry_sexp_release (hash);
@@ -13622,7 +13632,8 @@ check_pubkey_sign (int n, gcry_sexp_t sk
/* Test the public key sign function using the private key SKEY. PKEY
is used for verification. This variant is only used for ECDSA. */
static void
-check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
+check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey,
+ int flags)
{
gcry_error_t rc;
gcry_sexp_t sig, badhash, hash;
@@ -13704,6 +13715,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
nbits = gcry_pk_get_nbits (skey);
+ sig = NULL;
for (dataidx = 0; datas[dataidx].data; dataidx++)
{
if (datas[dataidx].nbits != nbits)
@@ -13723,6 +13735,12 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
die ("converting data failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_sign (&sig, hash, skey);
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
+ {
+ if (!rc)
+ fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
+ goto next;
+ }
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
@@ -13732,6 +13750,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
if (!rc)
verify_one_signature (pkey, hash, badhash, sig);
+ next:
gcry_sexp_release (sig);
sig = NULL;
gcry_sexp_release (badhash);
@@ -13743,7 +13762,8 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
static void
-check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo)
+check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
+ int flags)
{
gcry_error_t rc;
gcry_sexp_t plain = NULL;
@@ -13876,6 +13896,12 @@ check_pubkey_crypt (int n, gcry_sexp_t s
die ("converting data failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_encrypt (&ciph, data, pkey);
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
+ {
+ if (!rc)
+ fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
+ goto next;
+ }
if (gcry_err_code (rc) != datas[dataidx].encrypt_expected_rc)
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (rc));
@@ -13974,6 +14000,7 @@ check_pubkey_crypt (int n, gcry_sexp_t s
}
}
+ next:
gcry_sexp_release (plain);
plain = NULL;
gcry_sexp_release (ciph);
@@ -14005,17 +14032,17 @@ static void
do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey,
const unsigned char *grip, int algo, int flags)
{
- if (flags & FLAG_SIGN)
+ if ((flags & FLAG_SIGN))
{
if (algo == GCRY_PK_ECDSA)
- check_pubkey_sign_ecdsa (n, skey, pkey);
+ check_pubkey_sign_ecdsa (n, skey, pkey, flags);
else
- check_pubkey_sign (n, skey, pkey, algo);
+ check_pubkey_sign (n, skey, pkey, algo, flags);
}
- if (flags & FLAG_CRYPT)
- check_pubkey_crypt (n, skey, pkey, algo);
- if (grip && (flags & FLAG_GRIP))
- check_pubkey_grip (n, grip, skey, pkey, algo);
+ if ((flags & FLAG_CRYPT))
+ check_pubkey_crypt (n, skey, pkey, algo, flags);
+ if (grip && (flags & FLAG_GRIP))
+ check_pubkey_grip (n, grip, skey, pkey, algo);
}
static void
@@ -14089,7 +14116,7 @@ check_pubkey (void)
{
static const test_spec_pubkey_t pubkeys[] = {
{
- GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP,
+ GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP | FLAG_NOFIPS, /* 1k RSA */
{
"(private-key\n"
" (rsa\n"
@@ -14228,7 +14255,7 @@ check_pubkey (void)
"\x47\xdd\x69\x55\xdb\x3a\xac\x89\x6e\x40"}
},
{
- GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP,
+ GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP | FLAG_NOFIPS,
{
"(private-key\n"
" (ELG\n"
@@ -14360,7 +14387,7 @@ check_pubkey (void)
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
},
{ /* GOST R 34.10-2001/2012 test 256 bit. */
- GCRY_PK_ECDSA, FLAG_SIGN,
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
{
"(private-key\n"
" (ecc\n"
@@ -14382,7 +14409,7 @@ check_pubkey (void)
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
},
{ /* GOST R 34.10-2012 test 512 bit. */
- GCRY_PK_ECDSA, FLAG_SIGN,
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
{
"(private-key\n"
" (ecc\n"
@@ -14433,7 +14460,7 @@ check_pubkey (void)
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
},
{ /* sm2 test */
- GCRY_PK_ECDSA, FLAG_SIGN,
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
{
"(private-key\n"
" (ecc\n"
From 66119e0c1a024f7cf059393c3db827eb338339b0 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 11 Nov 2021 13:03:58 +0900
Subject: tests:pubkey: Replace RSA key to one of 2k.
* tests/pubkey.c (sample_private_key_1): Use 2k key from basic.c.
(sample_private_key_1_1): Likewise.
(sample_private_key_1_2): Likewise.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
tests/pubkey.c | 126 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 88 insertions(+), 38 deletions(-)
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 8a482dc3..51ef0f51 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -36,21 +36,40 @@ static int in_fips_mode;
static const char sample_private_key_1[] =
"(private-key\n"
" (openpgp-rsa\n"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+" CB#)\n"
" (e #010001#)\n"
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
- "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n"
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
- "35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n"
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
- "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n"
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
+" #)\n"
+" (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
+" 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
+" 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
+" 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
+" 83#)\n"
+" (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46"
+" 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
+" 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
+" 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9"
+" 19#)\n"
+" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
+" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
+" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
+" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
+" #)\n"
" )\n"
")\n";
@@ -58,15 +77,25 @@ static const char sample_private_key_1[] =
static const char sample_private_key_1_1[] =
"(private-key\n"
" (openpgp-rsa\n"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+" CB#)\n"
" (e #010001#)\n"
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
+" #)\n"
" )\n"
")\n";
@@ -75,29 +104,50 @@ static const char sample_private_key_1_1[] =
static const char sample_private_key_1_2[] =
"(private-key\n"
" (openpgp-rsa\n"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+" CB#)\n"
" (e #010001#)\n"
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
- "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n"
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
- "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n"
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
+" #)\n"
+" (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
+" 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
+" 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
+" 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
+" 83#)\n"
+" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
+" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
+" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
+" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
+" #)\n"
" )\n"
")\n";
static const char sample_public_key_1[] =
"(public-key\n"
" (rsa\n"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+" CB#)\n"
" (e #010001#)\n"
" )\n"
")\n";
--
2.33.1
From 1481607cb9db977468a75f9f4638dc1cf3ade007 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 11 Nov 2021 13:44:40 +0900
Subject: tests:pkcs1v2: Skip tests with small keys in FIPS
mode.
* tests/pkcs1v2.c (in_fips_mode): New.
(check_oaep): Skip when key size is less than 2048 in FIPS mode.
(check_pss, check_v15crypt, check_v15sign): Likewise.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
tests/pkcs1v2.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 75 insertions(+), 3 deletions(-)
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
index 968d3fea..f26e779b 100644
--- a/tests/pkcs1v2.c
+++ b/tests/pkcs1v2.c
@@ -36,6 +36,8 @@
#include "t-common.h"
+static int in_fips_mode;
+
static void
show_sexp (const char *prefix, gcry_sexp_t a)
{
@@ -147,6 +149,18 @@ check_oaep (void)
gcry_free (rsa_e);
gcry_free (rsa_d);
+ if (in_fips_mode)
+ {
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
+
+ if (nbits < 2048)
+ {
+ if (verbose > 1)
+ info ("... skipped\n");
+ goto next;
+ }
+ }
+
for (mno = 0; mno < DIM (tbl[0].m); mno++)
{
void *mesg, *seed, *encr;
@@ -225,6 +239,7 @@ check_oaep (void)
ciph = NULL;
}
+ next:
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
@@ -269,6 +284,18 @@ check_pss (void)
gcry_free (rsa_e);
gcry_free (rsa_d);
+ if (in_fips_mode)
+ {
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
+
+ if (nbits < 2048)
+ {
+ if (verbose > 1)
+ info ("... skipped\n");
+ goto next;
+ }
+ }
+
for (mno = 0; mno < DIM (tbl[0].m); mno++)
{
void *mesg, *salt, *sign;
@@ -347,6 +374,7 @@ check_pss (void)
sigtmpl = NULL;
}
+ next:
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
@@ -391,6 +419,18 @@ check_v15crypt (void)
gcry_free (rsa_e);
gcry_free (rsa_d);
+ if (in_fips_mode)
+ {
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
+
+ if (nbits < 2048)
+ {
+ if (verbose > 1)
+ info ("... skipped\n");
+ goto next;
+ }
+ }
+
for (mno = 0; mno < DIM (tbl[0].m); mno++)
{
void *mesg, *seed, *encr;
@@ -469,6 +509,7 @@ check_v15crypt (void)
ciph = NULL;
}
+ next:
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
@@ -513,6 +554,18 @@ check_v15sign (void)
gcry_free (rsa_e);
gcry_free (rsa_d);
+ if (in_fips_mode)
+ {
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
+
+ if (nbits < 2048)
+ {
+ if (verbose > 1)
+ info ("... skipped\n");
+ goto next;
+ }
+ }
+
for (mno = 0; mno < DIM (tbl[0].m); mno++)
{
void *mesg, *sign;
@@ -583,6 +636,7 @@ check_v15sign (void)
sigtmpl = NULL;
}
+ next:
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
@@ -597,6 +651,7 @@ main (int argc, char **argv)
int run_pss = 0;
int run_v15c = 0;
int run_v15s = 0;
+ int use_fips = 0;
if (argc)
{ argc--; argv++; }
@@ -625,6 +680,11 @@ main (int argc, char **argv)
die_on_error = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--fips"))
+ {
+ use_fips = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--oaep"))
{
run_oaep = 1;
@@ -651,9 +711,21 @@ main (int argc, char **argv)
run_oaep = run_pss = run_v15c = run_v15s = 1;
xgcry_control ((GCRYCTL_SET_VERBOSITY, (int)verbose));
- xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
- if (!gcry_check_version ("1.5.0"))
- die ("version mismatch\n");
+
+ if (use_fips)
+ xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
+
+ /* Check that we test exactly our version - including the patchlevel. */
+ if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL)))
+ die ("version mismatch; pgm=%s, library=%s\n",
+ GCRYPT_VERSION,gcry_check_version (NULL));
+
+ if ( gcry_fips_mode_active () )
+ in_fips_mode = 1;
+
+ if (!in_fips_mode)
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
+
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
--
2.33.1

250
libgcrypt-FIPS-RSA-keylen.patch
View File

@ -1,250 +0,0 @@
From 40d63d09b2d06631f4d2c3d1b167a620d50c99f8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 5 Nov 2021 14:19:23 +0100
Subject: [PATCH 198/200] rsa: Check keylen constraints for key operations.
* cipher/rsa.c (rsa_check_keysize): New.
(generate_fips): Factor out the bits check.
(rsa_encrypt): Add checking key length.
(rsa_decrypt, rsa_sign, rsa_verify): Likewise.
--
GnuPG-bug-id: 5512
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/rsa.c | 58 ++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 43 insertions(+), 15 deletions(-)
Index: libgcrypt-1.9.4/cipher/rsa.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/rsa.c
+++ libgcrypt-1.9.4/cipher/rsa.c
@@ -301,14 +301,6 @@ generate_std (RSA_secret_key *sk, unsign
gcry_mpi_t f;
gcry_random_level_t random_level;
- if (fips_mode ())
- {
- if (nbits < 1024)
- return GPG_ERR_INV_VALUE;
- if (transient_key)
- return GPG_ERR_INV_VALUE;
- }
-
/* The random quality depends on the transient_key flag. */
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
@@ -437,6 +429,17 @@ generate_std (RSA_secret_key *sk, unsign
}
+/* Check the RSA key length is acceptable for key generation or usage */
+static gpg_err_code_t
+rsa_check_keysize (unsigned int nbits)
+{
+ if (fips_mode() && nbits < 2048)
+ return GPG_ERR_INV_VALUE;
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
/****************
* Generate a key pair with a key of size NBITS.
* USE_E = 0 let Libcgrypt decide what exponent to use.
@@ -466,12 +469,15 @@ generate_fips (RSA_secret_key *sk, unsig
unsigned int pbits = nbits/2;
unsigned int i;
int pqswitch;
- gpg_err_code_t ec = GPG_ERR_NO_PRIME;
+ gpg_err_code_t ec;
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (fips_mode() && nbits < 2048)
- return GPG_ERR_INV_VALUE;
+ ec = rsa_check_keysize (nbits);
+ if (ec)
+ return ec;
+
+ ec = GPG_ERR_NO_PRIME;
/* The random quality depends on the transient_key flag. */
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
@@ -1360,9 +1366,13 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
gcry_mpi_t data = NULL;
RSA_public_key pk = {NULL, NULL};
gcry_mpi_t ciph = NULL;
+ unsigned int nbits = rsa_get_nbits (keyparms);
+
+ rc = rsa_check_keysize (nbits);
+ if (rc)
+ return rc;
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT,
- rsa_get_nbits (keyparms));
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, nbits);
/* Extract the data. */
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
@@ -1432,9 +1442,13 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
gcry_mpi_t plain = NULL;
unsigned char *unpad = NULL;
size_t unpadlen = 0;
+ unsigned int nbits = rsa_get_nbits (keyparms);
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT,
- rsa_get_nbits (keyparms));
+ rc = rsa_check_keysize (nbits);
+ if (rc)
+ return rc;
+
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, nbits);
/* Extract the data. */
rc = _gcry_pk_util_preparse_encval (s_data, rsa_names, &l1, &ctx);
@@ -1477,7 +1491,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
mpi_fdiv_r (data, data, sk.n);
/* Allocate MPI for the plaintext. */
- plain = mpi_snew (ctx.nbits);
+ plain = mpi_snew (nbits);
/* We use blinding by default to mitigate timing attacks which can
be practically mounted over the network as shown by Brumley and
@@ -1485,7 +1499,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING))
secret (plain, data, &sk);
else
- secret_blinded (plain, data, &sk, ctx.nbits);
+ secret_blinded (plain, data, &sk, nbits);
if (DBG_CIPHER)
log_printmpi ("rsa_decrypt res", plain);
@@ -1494,7 +1508,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
switch (ctx.encoding)
{
case PUBKEY_ENC_PKCS1:
- rc = _gcry_rsa_pkcs1_decode_for_enc (&unpad, &unpadlen, ctx.nbits, plain);
+ rc = _gcry_rsa_pkcs1_decode_for_enc (&unpad, &unpadlen, nbits, plain);
mpi_free (plain);
plain = NULL;
if (!rc)
@@ -1503,7 +1517,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
case PUBKEY_ENC_OAEP:
rc = _gcry_rsa_oaep_decode (&unpad, &unpadlen,
- ctx.nbits, ctx.hash_algo,
+ nbits, ctx.hash_algo,
plain, ctx.label, ctx.labellen);
mpi_free (plain);
plain = NULL;
@@ -1548,9 +1562,13 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_
RSA_public_key pk;
gcry_mpi_t sig = NULL;
gcry_mpi_t result = NULL;
+ unsigned int nbits = rsa_get_nbits (keyparms);
+
+ rc = rsa_check_keysize (nbits);
+ if (rc)
+ return rc;
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN,
- rsa_get_nbits (keyparms));
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, nbits);
/* Extract the data. */
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
@@ -1588,7 +1606,7 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_
if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING))
secret (sig, data, &sk);
else
- secret_blinded (sig, data, &sk, ctx.nbits);
+ secret_blinded (sig, data, &sk, nbits);
if (DBG_CIPHER)
log_printmpi ("rsa_sign res", sig);
@@ -1650,9 +1668,13 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp
gcry_mpi_t data = NULL;
RSA_public_key pk = { NULL, NULL };
gcry_mpi_t result = NULL;
+ unsigned int nbits = rsa_get_nbits (keyparms);
+
+ rc = rsa_check_keysize (nbits);
+ if (rc)
+ return rc;
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY,
- rsa_get_nbits (keyparms));
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY, nbits);
/* Extract the data. */
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
Index: libgcrypt-1.9.4/tests/basic.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/basic.c
+++ libgcrypt-1.9.4/tests/basic.c
@@ -14172,6 +14172,62 @@ check_pubkey (void)
"\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" }
},
{
+ GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP, /* 2k RSA */
+ {
+ "(private-key"
+ " (rsa"
+ " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+ " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+ " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+ " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+ " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+ " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+ " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+ " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+ " CB#)\n"
+ " (e #010001#)\n"
+ " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
+ " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
+ " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
+ " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
+ " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
+ " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
+ " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
+ " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
+ " #)\n"
+ " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
+ " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
+ " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
+ " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
+ " 83#)\n"
+ " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46"
+ " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
+ " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
+ " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9"
+ " 19#)\n"
+ " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
+ " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
+ " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
+ " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
+ " #)))\n",
+
+ "(public-key\n"
+ " (rsa\n"
+ " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
+ " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
+ " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
+ " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
+ " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
+ " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
+ " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
+ " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
+ " CB#)\n"
+ " (e #010001#)))\n",
+
+ "\xe0\x08\x98\x9b\xb6\x44\xa2\x9a\x83\x37"
+ "\x47\xdd\x69\x55\xdb\x3a\xac\x89\x6e\x40"}
+ },
+ {
GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP,
{
"(private-key\n"

70
libgcrypt_indicators_changes.patch → libgcrypt-FIPS-SLI-hash-mac.patch
View File

@ -1,8 +1,8 @@
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index afb8a05..c613577 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -968,23 +968,39 @@ is approved under the current FIPS 140-3 certification. If the
Index: libgcrypt-1.10.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.10.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.0/doc/gcrypt.texi
@@ -980,23 +980,39 @@ is approved under the current FIPS 140-3
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
@ -52,11 +52,11 @@ index afb8a05..c613577 100644
@code{GPG_ERR_NOT_SUPPORTED} is returned.
@end table
diff --git a/src/fips.c b/src/fips.c
index f523e7d..d5ca482 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -452,6 +452,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
Index: libgcrypt-1.10.0/src/fips.c
===================================================================
--- libgcrypt-1.10.0.orig/src/fips.c
+++ libgcrypt-1.10.0/src/fips.c
@@ -357,6 +357,7 @@ _gcry_fips_indicator_cipher (va_list arg
mode = va_arg (arg_ptr, enum gcry_cipher_modes);
switch (mode)
{
@ -64,7 +64,7 @@ index f523e7d..d5ca482 100644
case GCRY_CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CFB:
@@ -459,7 +460,6 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
@@ -364,7 +365,6 @@ _gcry_fips_indicator_cipher (va_list arg
case GCRY_CIPHER_MODE_OFB:
case GCRY_CIPHER_MODE_CTR:
case GCRY_CIPHER_MODE_CCM:
@ -72,7 +72,7 @@ index f523e7d..d5ca482 100644
case GCRY_CIPHER_MODE_XTS:
return GPG_ERR_NO_ERROR;
default:
@@ -519,11 +519,25 @@ static const struct
@@ -422,11 +422,25 @@ static const struct
{ NULL, NULL}
};
@ -98,7 +98,7 @@ index f523e7d..d5ca482 100644
const char *curve_name;
switch (alg)
@@ -531,13 +545,17 @@ _gcry_fips_indicator_pk (va_list arg_ptr)
@@ -434,13 +448,17 @@ _gcry_fips_indicator_pk (va_list arg_ptr
case GCRY_PK_RSA:
case GCRY_PK_RSA_E:
case GCRY_PK_RSA_S:
@ -117,7 +117,7 @@ index f523e7d..d5ca482 100644
return GPG_ERR_NO_ERROR;
}
case GCRY_PK_ECC:
@@ -557,6 +575,60 @@ _gcry_fips_indicator_pk (va_list arg_ptr)
@@ -460,6 +478,62 @@ _gcry_fips_indicator_pk (va_list arg_ptr
}
}
@ -139,6 +139,8 @@ index f523e7d..d5ca482 100644
+ case GCRY_MD_SHA3_256:
+ case GCRY_MD_SHA3_384:
+ case GCRY_MD_SHA3_512:
+ case GCRY_MD_SHAKE128:
+ case GCRY_MD_SHAKE256:
+ return GPG_ERR_NO_ERROR;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
@ -178,11 +180,11 @@ index f523e7d..d5ca482 100644
/* This is a test on whether the library is in the error or
operational state. */
diff --git a/src/g10lib.h b/src/g10lib.h
index 9fc868b..92c24a5 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -488,7 +488,9 @@ void _gcry_fips_signal_error (const char *srcfile,
Index: libgcrypt-1.10.0/src/g10lib.h
===================================================================
--- libgcrypt-1.10.0.orig/src/g10lib.h
+++ libgcrypt-1.10.0/src/g10lib.h
@@ -456,7 +456,9 @@ void _gcry_fips_signal_error (const char
#endif
int _gcry_fips_indicator_cipher (va_list arg_ptr);
@ -192,26 +194,26 @@ index 9fc868b..92c24a5 100644
int _gcry_fips_indicator_pk (va_list arg_ptr);
int _gcry_fips_is_operational (void);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 7704d17..344f879 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -337,7 +337,9 @@ enum gcry_ctl_cmds
GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
Index: libgcrypt-1.10.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.10.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.10.0/src/gcrypt.h.in
@@ -331,7 +331,9 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 83
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 83,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 84,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85
GCRYCTL_NO_FIPS_MODE = 83,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 84
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 84,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 85,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 86
};
/* Perform various operations defined by CMD. */
diff --git a/src/global.c b/src/global.c
index c01b424..03756ea 100644
--- a/src/global.c
+++ b/src/global.c
@@ -762,12 +762,24 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
Index: libgcrypt-1.10.0/src/global.c
===================================================================
--- libgcrypt-1.10.0.orig/src/global.c
+++ libgcrypt-1.10.0/src/global.c
@@ -791,12 +791,24 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_cipher (arg_ptr);
break;

16
libgcrypt-FIPS-kdf-leylength.patch → libgcrypt-FIPS-SLI-kdf-leylength.patch
View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.9.4/src/fips.c
Index: libgcrypt-1.10.0/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -475,10 +475,15 @@ int
--- libgcrypt-1.10.0.orig/src/fips.c
+++ libgcrypt-1.10.0/src/fips.c
@@ -379,10 +379,15 @@ int
_gcry_fips_indicator_kdf (va_list arg_ptr)
{
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
@ -18,11 +18,11 @@ Index: libgcrypt-1.9.4/src/fips.c
return GPG_ERR_NO_ERROR;
default:
return GPG_ERR_NOT_SUPPORTED;
Index: libgcrypt-1.9.4/doc/gcrypt.texi
Index: libgcrypt-1.10.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.9.4.orig/doc/gcrypt.texi
+++ libgcrypt-1.9.4/doc/gcrypt.texi
@@ -983,10 +983,12 @@ algorithm supports different key sizes).
--- libgcrypt-1.10.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.0/doc/gcrypt.texi
@@ -995,10 +995,12 @@ algorithm supports different key sizes).
this function returns @code{GPS_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
is returned.

57
libgcrypt-FIPS-SLI-pk.patch
View File

@ -1,22 +1,21 @@
Index: libgcrypt-1.9.4/src/fips.c
Index: libgcrypt-1.10.0/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -32,6 +32,7 @@
--- libgcrypt-1.10.0.orig/src/fips.c
+++ libgcrypt-1.10.0/src/fips.c
@@ -36,6 +36,7 @@
#include "g10lib.h"
#include "cipher-proto.h"
+#include "cipher.h"
#include "hmac256.h"
#include "../random/random.h"
@@ -482,6 +483,78 @@ _gcry_fips_indicator_kdf (va_list arg_pt
/* The states of the finite state machine used in fips mode. */
@@ -386,6 +387,77 @@ _gcry_fips_indicator_kdf (va_list arg_pt
default:
return GPG_ERR_NOT_SUPPORTED;
}
+}
+
+
+/* FIPS approved curves, extracted from:
+ * cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
+static const struct
@ -89,25 +88,25 @@ Index: libgcrypt-1.9.4/src/fips.c
}
Index: libgcrypt-1.9.4/src/gcrypt.h.in
Index: libgcrypt-1.10.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.9.4.orig/src/gcrypt.h.in
+++ libgcrypt-1.9.4/src/gcrypt.h.in
@@ -336,7 +336,8 @@ enum gcry_ctl_cmds
GCRYCTL_AUTO_EXPAND_SECMEM = 78,
GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
--- libgcrypt-1.10.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.10.0/src/gcrypt.h.in
@@ -330,7 +330,8 @@ enum gcry_ctl_cmds
GCRYCTL_SET_DECRYPTION_TAG = 80,
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
- GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82
+ GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 83
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
- GCRYCTL_NO_FIPS_MODE = 83
+ GCRYCTL_NO_FIPS_MODE = 83,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 84
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.9.4/doc/gcrypt.texi
Index: libgcrypt-1.10.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.9.4.orig/doc/gcrypt.texi
+++ libgcrypt-1.9.4/doc/gcrypt.texi
@@ -975,6 +975,18 @@ certification. If the KDF is approved, t
--- libgcrypt-1.10.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.0/doc/gcrypt.texi
@@ -987,6 +987,18 @@ certification. If the KDF is approved, t
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
is returned.
@ -126,11 +125,11 @@ Index: libgcrypt-1.9.4/doc/gcrypt.texi
@end table
@end deftypefun
Index: libgcrypt-1.9.4/src/g10lib.h
Index: libgcrypt-1.10.0/src/g10lib.h
===================================================================
--- libgcrypt-1.9.4.orig/src/g10lib.h
+++ libgcrypt-1.9.4/src/g10lib.h
@@ -489,6 +489,7 @@ void _gcry_fips_signal_error (const char
--- libgcrypt-1.10.0.orig/src/g10lib.h
+++ libgcrypt-1.10.0/src/g10lib.h
@@ -457,6 +457,7 @@ void _gcry_fips_signal_error (const char
int _gcry_fips_indicator_cipher (va_list arg_ptr);
int _gcry_fips_indicator_kdf (va_list arg_ptr);
@ -138,11 +137,11 @@ Index: libgcrypt-1.9.4/src/g10lib.h
int _gcry_fips_is_operational (void);
Index: libgcrypt-1.9.4/src/global.c
Index: libgcrypt-1.10.0/src/global.c
===================================================================
--- libgcrypt-1.9.4.orig/src/global.c
+++ libgcrypt-1.9.4/src/global.c
@@ -768,6 +768,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
--- libgcrypt-1.10.0.orig/src/global.c
+++ libgcrypt-1.10.0/src/global.c
@@ -797,6 +797,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_kdf (arg_ptr);
break;

35
libgcrypt-FIPS-Zeroize-hmac.patch
View File

@ -1,35 +0,0 @@
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -905,6 +905,10 @@ check_binary_integrity (void)
char *fname = NULL;
const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+ /* A buffer of 64 bytes plus one for a LF and one to
+ * detect garbage. */
+ unsigned char buffer[64+1+1];
+
if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
@@ -927,9 +931,6 @@ check_binary_integrity (void)
err = gpg_error_from_syserror ();
else
{
- /* A buffer of 64 bytes plus one for a LF and one to
- detect garbage. */
- unsigned char buffer[64+1+1];
const unsigned char *s;
int n;
@@ -957,6 +958,9 @@ check_binary_integrity (void)
}
}
}
+ /* Zeroize digest and buffer */
+ memset (digest, 0, sizeof(digest));
+ memset (buffer, 0, sizeof(buffer));
reporter ("binary", 0, fname, err? gpg_strerror (err):NULL);
#ifdef HAVE_SYSLOG
if (err)

52
libgcrypt-FIPS-disable-3DES.patch
View File

@ -1,52 +0,0 @@
Index: libgcrypt-1.9.4/cipher/des.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/des.c
+++ libgcrypt-1.9.4/cipher/des.c
@@ -1498,7 +1498,7 @@ static gcry_cipher_oid_spec_t oids_tripl
gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
{
- GCRY_CIPHER_3DES, {0, 1},
+ GCRY_CIPHER_3DES, {0, 0},
"3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt,
NULL, NULL,
Index: libgcrypt-1.9.4/cipher/mac-cmac.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/mac-cmac.c
+++ libgcrypt-1.9.4/cipher/mac-cmac.c
@@ -458,7 +458,7 @@ gcry_mac_spec_t _gcry_mac_type_spec_cmac
#endif
#if USE_DES
gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = {
- GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES",
+ GCRY_MAC_CMAC_3DES, {0, 0}, "CMAC_3DES",
&cmac_ops
};
#endif
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -493,6 +493,10 @@ run_cipher_selftests (int extended)
for (idx=0; algos[idx]; idx++)
{
+ /* Skip non-approved cipher in FIPS mode */
+ if (fips_mode() && algos[idx] == GCRY_CIPHER_3DES)
+ continue;
+
err = _gcry_cipher_selftest (algos[idx], extended, reporter);
reporter ("cipher", algos[idx], NULL,
err? gpg_strerror (err):NULL);
@@ -558,6 +562,10 @@ run_mac_selftests (int extended)
for (idx=0; algos[idx]; idx++)
{
+ /* Skip non-approved MAC algorithm in FIPS mode */
+ if (fips_mode() && algos[idx] == GCRY_MAC_CMAC_3DES)
+ continue;
+
err = _gcry_mac_selftest (algos[idx], extended, reporter);
reporter ("mac", algos[idx], NULL,
err? gpg_strerror (err):NULL);

44
libgcrypt-FIPS-disable-DSA.patch
View File

@ -1,44 +0,0 @@
From ea362090fc11caa28643153fc6444442243c8765 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 8 Dec 2021 09:52:02 +0900
Subject: [PATCH 0937/1000] fips: Disable DSA in FIPS mode.
* cipher/dsa.c (run_selftests): Disable DSA spec in FIPS mode.
* src/fips.c (run_pubkey_selftests): Skip DSA power-on selftests.
--
GnuPG-bug-id: 5710
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/dsa.c | 2 +-
src/fips.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/cipher/dsa.c b/cipher/dsa.c
index d5b00912..e559f9f5 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1441,7 +1441,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
gcry_pk_spec_t _gcry_pubkey_spec_dsa =
{
- GCRY_PK_DSA, { 0, 1 },
+ GCRY_PK_DSA, { 0, 0 },
GCRY_PK_USAGE_SIGN,
"DSA", dsa_names,
"pqgy", "pqgyx", "", "rs", "pqgy",
diff --git a/src/fips.c b/src/fips.c
index 0ab7fecc..bcadc5f2 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -522,7 +522,6 @@ run_pubkey_selftests (int extended)
static int algos[] =
{
GCRY_PK_RSA,
- GCRY_PK_DSA,
GCRY_PK_ECC,
0
};
--
2.34.1

230
libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
View File

@ -1,230 +0,0 @@
From d5bf106468e6c6b0f33b193abf04590e4e9fc011 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Tue, 30 Nov 2021 22:04:16 +0200
Subject: gcry_mpi_sub_ui: fix subtracting from negative value
* mpi/mpi-add.c (_gcry_mpi_sub_ui): Set output sign bit when 'u'
is negative.
* tests/mpitests.c (test_add): Additional tests for mpi_add_ui; Check
test output and fail if output does not match expected.
(test_sub): Additional tests for mpi_sub_ui; Check test output and fail
if output does not match expected.
(test_mul): Additional tests for mpi_mul_ui; Check test output and fail
if output does not match expected.
--
Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
mpi/mpi-add.c | 1 +
tests/mpitests.c | 119 ++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 113 insertions(+), 7 deletions(-)
diff --git a/mpi/mpi-add.c b/mpi/mpi-add.c
index 53f476e0..38dd352f 100644
--- a/mpi/mpi-add.c
+++ b/mpi/mpi-add.c
@@ -191,6 +191,7 @@ _gcry_mpi_sub_ui(gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
cy = _gcry_mpih_add_1(wp, up, usize, v);
wp[usize] = cy;
wsize = usize + cy;
+ wsign = 1;
}
else { /* The signs are different. Need exact comparison to determine
* which operand to subtract from which. */
diff --git a/tests/mpitests.c b/tests/mpitests.c
index 96e01551..48ea18b2 100644
--- a/tests/mpitests.c
+++ b/tests/mpitests.c
@@ -378,7 +378,8 @@ test_add (void)
gcry_mpi_t two;
gcry_mpi_t ff;
gcry_mpi_t result;
- unsigned char* pc;
+ gcry_mpi_t minusfive;
+ char *pc;
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
@@ -386,21 +387,47 @@ test_add (void)
result = gcry_mpi_new(0);
gcry_mpi_add(result, one, two);
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
if (debug)
gcry_log_debug ("Result of one plus two:\n%s\n", pc);
+ if (strcmp (pc, "030303030303030303030303030303030303030303030303"
+ "030303030303030303030303030303030303030303030303") != 0)
+ fail ("mpi_add failed at line %d", __LINE__);
gcry_free(pc);
gcry_mpi_add(result, ff, one);
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
if (debug)
gcry_log_debug ("Result of ff plus one:\n%s\n", pc);
+ if (strcmp (pc, "010101010101010101010101010101010101010101010101"
+ "01010101010101010101010101010101010101010101010100") != 0)
+ fail ("mpi_add failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_scan(&minusfive, GCRYMPI_FMT_HEX, "-5", 0, NULL);
+ gcry_mpi_add_ui (result, minusfive, 2);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of minus five plus two:\n%s\n", pc);
+ if (strcmp (pc, "-03") != 0)
+ fail ("mpi_add_ui failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_add_ui (result, result, 3);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of minus three plus three:\n%s\n", pc);
+ if (strcmp (pc, "00") != 0)
+ fail ("mpi_add_ui failed at line %d", __LINE__);
gcry_free(pc);
gcry_mpi_release(one);
gcry_mpi_release(two);
gcry_mpi_release(ff);
gcry_mpi_release(result);
+ gcry_mpi_release(minusfive);
return 1;
}
@@ -408,24 +435,76 @@ test_add (void)
static int
test_sub (void)
{
+ gcry_mpi_t zero;
gcry_mpi_t one;
gcry_mpi_t two;
+ gcry_mpi_t five;
gcry_mpi_t result;
- unsigned char* pc;
+ gcry_mpi_t minusfive;
+ char *pc;
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
result = gcry_mpi_new(0);
gcry_mpi_sub(result, two, one);
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
if (debug)
gcry_log_debug ("Result of two minus one:\n%s\n", pc);
+ if (strcmp (pc, "010101010101010101010101010101010101010101010101"
+ "010101010101010101010101010101010101010101010101") != 0)
+ fail ("mpi_sub failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ zero = gcry_mpi_new(0);
+ five = gcry_mpi_new(0);
+ minusfive = gcry_mpi_new(0);
+ gcry_mpi_set_ui (zero, 0);
+ gcry_mpi_set_ui (one, 1);
+ gcry_mpi_set_ui (two, 2);
+ gcry_mpi_set_ui (five, 5);
+ gcry_mpi_sub (minusfive, zero, five);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, minusfive);
+ if (debug)
+ gcry_log_debug ("Result of zero minus five:\n%s\n", pc);
+ if (strcmp (pc, "-05") != 0)
+ fail ("mpi_sub failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_sub_ui (result, five, 2);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of five minus two:\n%s\n", pc);
+ if (strcmp (pc, "03") != 0)
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_sub_ui (result, one, 10);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of one minus ten:\n%s\n", pc);
+ if (strcmp (pc, "-09") != 0)
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_sub_ui (result, minusfive, 2);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of minus five minus two:\n%s\n", pc);
+ if (strcmp (pc, "-07") != 0)
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
gcry_free(pc);
gcry_mpi_release(one);
gcry_mpi_release(two);
gcry_mpi_release(result);
+ gcry_mpi_release(zero);
+ gcry_mpi_release(five);
+ gcry_mpi_release(minusfive);
return 1;
}
@@ -436,21 +515,47 @@ test_mul (void)
gcry_mpi_t two;
gcry_mpi_t three;
gcry_mpi_t result;
- unsigned char* pc;
+ gcry_mpi_t minusfive;
+ char *pc;
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
gcry_mpi_scan(&three, GCRYMPI_FMT_USG, threes, sizeof(threes), NULL);
result = gcry_mpi_new(0);
gcry_mpi_mul(result, two, three);
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
if (debug)
gcry_log_debug ("Result of two mul three:\n%s\n", pc);
+ if (strcmp (pc, "060C12181E242A30363C42484E545A60666C72787E848A90"
+ "969CA2A8AEB4BAC0C6CCD2D8DEE4EAF0F6FD03090F151B21"
+ "1B150F0902FCF6F0EAE4DED8D2CCC6C0BAB4AEA8A29C9690"
+ "8A847E78726C66605A544E48423C36302A241E18120C06") != 0)
+ fail ("mpi_mul failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_scan(&minusfive, GCRYMPI_FMT_HEX, "-5", 0, NULL);
+ gcry_mpi_mul_ui (result, minusfive, 3);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of minus five mul three:\n%s\n", pc);
+ if (strcmp (pc, "-0F") != 0)
+ fail ("mpi_mul_ui failed at line %d", __LINE__);
+ gcry_free(pc);
+
+ gcry_mpi_mul_ui (result, result, 0);
+
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
+ if (debug)
+ gcry_log_debug ("Result of minus fifteen mul zero:\n%s\n", pc);
+ if (strcmp (pc, "00") != 0)
+ fail ("mpi_mul_ui failed at line %d", __LINE__);
gcry_free(pc);
gcry_mpi_release(two);
gcry_mpi_release(three);
gcry_mpi_release(result);
+ gcry_mpi_release(minusfive);
return 1;
}
--
2.33.1

448
libgcrypt-FIPS-fix-regression-tests.patch
View File

@ -1,448 +0,0 @@
Index: libgcrypt-1.9.4/cipher/pubkey.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/pubkey.c
+++ libgcrypt-1.9.4/cipher/pubkey.c
@@ -224,7 +224,7 @@ check_pubkey_algo (int algo, unsigned us
gcry_pk_spec_t *spec;
spec = spec_from_algo (algo);
- if (spec)
+ if (spec && !spec->flags.disabled)
{
if (((use & GCRY_PK_USAGE_SIGN)
&& (! (spec->use & GCRY_PK_USAGE_SIGN)))
From 44c7c41af21c668826280abfee1257853020ba2d Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 16 Aug 2021 12:41:11 +0900
Subject: [PATCH 161/200] tests: Skip tests when FIPS for keygrip computations.
* tests/keygrip.c (check): Skip non-FIPS curves when FIPS.
(main): Check if FIPS is enabled.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
tests/keygrip.c | 37 ++++++++++++++++++++++++++++---------
1 file changed, 28 insertions(+), 9 deletions(-)
diff --git a/tests/keygrip.c b/tests/keygrip.c
index cfccc06e..49bd71bc 100644
--- a/tests/keygrip.c
+++ b/tests/keygrip.c
@@ -33,6 +33,9 @@
static int repetitions;
+/* Whether fips mode was active at startup. */
+static int in_fips_mode;
+
static void
@@ -54,6 +57,7 @@ static struct
int algo;
const char *key;
const unsigned char grip[20];
+ int skip_when_fips;
} key_grips[] =
{
{
@@ -155,7 +159,8 @@ static struct
/* */"436DD11A1756AFE56CD93408410FCDA9"
/* */"BA95024EB613BD481A14FCFEC27A448A#)))",
"\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06"
- "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4"
+ "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4",
+ 1
},
{ /* Compressed form of above. */
GCRY_PK_ECC,
@@ -165,7 +170,8 @@ static struct
" (q #022ECD8679930BE2DB4AD42B8600BA3F80"
/* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))",
"\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06"
- "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4"
+ "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4",
+ 1
},
{
GCRY_PK_ECC,
@@ -177,7 +183,8 @@ static struct
/* */"9EBBA41915313417BA54218EB0569C59"
/* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))",
"\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74"
- "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F"
+ "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
+ 1
},
{ /* Compressed form of above. */
GCRY_PK_ECC,
@@ -187,7 +194,8 @@ static struct
" (q #035B784CA008EE64AB3D85017EE0D2BE87"
/* */"558762C7300E0C8E06B1F9AF7C031458#)))",
"\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74"
- "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F"
+ "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
+ 1
},
{ /* Ed25519 standard */
GCRY_PK_ECC,
@@ -199,7 +207,8 @@ static struct
" 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)"
" ))",
"\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8"
- "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1"
+ "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1",
+ 1
},
{ /* Ed25519+EdDSA */
GCRY_PK_ECC,
@@ -209,7 +218,8 @@ static struct
" (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
+ 1
},
{ /* Ed25519+EdDSA (with compression prefix) */
GCRY_PK_ECC,
@@ -220,7 +230,8 @@ static struct
" 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
+ 1
},
{ /* Ed25519+EdDSA (same but uncompressed)*/
GCRY_PK_ECC,
@@ -232,7 +243,8 @@ static struct
" 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)"
" ))",
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
+ 1
},
{ /* Cv25519 */
GCRY_PK_ECC,
@@ -243,7 +255,8 @@ static struct
" 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)"
" ))",
"\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39"
- "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C"
+ "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C",
+ 1
},
{ /* Random key */
GCRY_PK_RSA,
@@ -280,6 +293,9 @@ check (void)
for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++)
{
+ if (in_fips_mode && key_grips[i].skip_when_fips)
+ continue;
+
if (gcry_pk_test_algo (key_grips[i].algo))
{
if (verbose)
@@ -379,6 +395,9 @@ main (int argc, char **argv)
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
+
check ();
return 0;
--
2.33.0
From 3026148331523ec7ca81031339b5629431cafa23 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Jul 2021 09:20:18 +0200
Subject: tests: Expect curves 25519/448 to fail in FIPS mode
* tests/t-cv25519.c (test_cv_hl): Expect the operation to fail in FIPS
mode.
(test_cv_x25519, test_it): Ditto.
(main) Detect FIPS mode.
* tests/t-ed25519.c (one_test): Expect the operation to fail in FIPS
mode.
(main) Detect FIPS mode.
* tests/t-ed448.c (one_test): Expect the operation to fail in FIPS
mode.
(main) Detect FIPS mode.
* tests/t-x448.c (test_cv_hl): Expect the operation to fail in FIPS
mode.
(test_cv_x448, test_cv): Ditto.
(main) Detect FIPS mode.
--
The ed25519, ed448, cv25519 and cv448 curves are not available in FIPS
mode. Some of the tests already skipped these, but it is always better
to make sure thy are failing, rather than just skipping these.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/t-cv25519.c | 37 +++++++++++++++++++++++++++++++++++--
tests/t-ed25519.c | 18 ++++++++++++++----
tests/t-ed448.c | 18 ++++++++++++++----
tests/t-x448.c | 41 +++++++++++++++++++++++++++++++++++++----
4 files changed, 100 insertions(+), 14 deletions(-)
diff --git a/tests/t-cv25519.c b/tests/t-cv25519.c
index 0de50a02..b4126f4c 100644
--- a/tests/t-cv25519.c
+++ b/tests/t-cv25519.c
@@ -33,6 +33,7 @@
#include "t-common.h"
#define N_TESTS 18
+static int in_fips_mode = 0;
static void
print_mpi (const char *text, gcry_mpi_t a)
@@ -188,7 +189,17 @@ test_cv_hl (int testno, const char *k_str, const char *u_str,
xfree (buffer);
buffer = NULL;
- if ((err = gcry_pk_encrypt (&s_result, s_data, s_pk)))
+ err = gcry_pk_encrypt (&s_result, s_data, s_pk);
+ if (in_fips_mode)
+ {
+ if (!err)
+ fail ("gcry_pk_encrypt is not expected to work in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
fail ("gcry_pk_encrypt failed for test %d: %s", testno,
gpg_strerror (err));
@@ -281,7 +292,17 @@ test_cv_x25519 (int testno, const char *k_str, const char *u_str,
goto leave;
}
- if ((err = gcry_ecc_mul_point (algo, result, scalar, point)))
+ err = gcry_ecc_mul_point (algo, result, scalar, point);
+ if (in_fips_mode)
+ {
+ if (!err)
+ fail ("gcry_ecc_mul_point is not expected to work in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
fail ("gcry_ecc_mul_point failed for test %d: %s", testno,
gpg_strerror (err));
@@ -335,6 +356,15 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
info ("Running test %d: iteration=%d\n", testno, iter);
gcry_mpi_ec_new (&ctx, NULL, "Curve25519");
+ if (in_fips_mode)
+ {
+ if (ctx)
+ fail ("gcry_mpi_ec_new should fail in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ return;
+ }
Q = gcry_mpi_point_new (0);
if (!(buffer = hex2buffer (k_str, &buflen)) || buflen != 32)
@@ -640,6 +670,9 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
+
start_timer ();
check_cv25519 ();
stop_timer ();
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index a5271c25..567bc797 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -36,6 +36,7 @@
static int sign_with_pk;
static int no_verify;
static int custom_data_file;
+static int in_fips_mode = 0;
static void
@@ -271,7 +272,17 @@ one_test (int testno, const char *sk, const char *pk,
goto leave;
}
- if ((err = gcry_pk_sign (&s_sig, s_msg, s_sk)))
+ err = gcry_pk_sign (&s_sig, s_msg, s_sk);
+ if (in_fips_mode)
+ {
+ if (!err)
+ fail ("gcry_pk_sign is not expected to work in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
fail ("gcry_pk_sign failed for test %d: %s", testno, gpg_strerror (err));
if (debug)
show_sexp ("sig=", s_sig);
@@ -481,9 +492,8 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
- /* Ed25519 isn't supported in fips mode */
- if (gcry_fips_mode_active())
- return 77;
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
start_timer ();
check_ed25519 (fname);
diff --git a/tests/t-ed448.c b/tests/t-ed448.c
index 1f445ffc..f38cd10c 100644
--- a/tests/t-ed448.c
+++ b/tests/t-ed448.c
@@ -36,6 +36,7 @@
static int sign_with_pk;
static int no_verify;
static int custom_data_file;
+static int in_fips_mode = 0;
static void
@@ -302,7 +303,17 @@ one_test (int testno, int ph, const char *sk, const char *pk,
}
}
- if ((err = gcry_pk_sign (&s_sig, s_msg, s_sk)))
+ err = gcry_pk_sign (&s_sig, s_msg, s_sk);
+ if (in_fips_mode)
+ {
+ if (!err)
+ fail ("gcry_pk_sign is not expected to work in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
fail ("gcry_pk_sign failed for test %d: %s", testno, gpg_strerror (err));
if (debug)
show_sexp ("sig=", s_sig);
@@ -521,9 +532,8 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
- /* Ed448 isn't supported in fips mode */
- if (gcry_fips_mode_active())
- return 77;
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
start_timer ();
check_ed448 (fname);
diff --git a/tests/t-x448.c b/tests/t-x448.c
index 5c3cbeb9..cc4b10fc 100644
--- a/tests/t-x448.c
+++ b/tests/t-x448.c
@@ -34,6 +34,7 @@
#include "t-common.h"
#define N_TESTS 9
+static int in_fips_mode = 0;
static void
print_mpi (const char *text, gcry_mpi_t a)
@@ -179,8 +180,18 @@ test_cv_hl (int testno, const char *k_str, const char *u_str,
xfree (buffer);
buffer = NULL;
- if ((err = gcry_pk_encrypt (&s_result, s_data, s_pk)))
- fail ("gcry_pk_encrypt failed for test %d: %s", testno,
+ err = gcry_pk_encrypt (&s_result, s_data, s_pk);
+ if (in_fips_mode)
+ {
+ if (!err)
+ fail ("gcry_pk_encrypt is not expected to work in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
+ fail ("gcry_pk_encrypt goto leavefailed for test %d: %s", testno,
gpg_strerror (err));
s_tmp = gcry_sexp_find_token (s_result, "s", 0);
@@ -257,7 +268,17 @@ test_cv_x448 (int testno, const char *k_str, const char *u_str,
goto leave;
}
- if ((err = gcry_ecc_mul_point (GCRY_ECC_CURVE448, result, scalar, point)))
+ err = gcry_ecc_mul_point (GCRY_ECC_CURVE448, result, scalar, point);
+ if (in_fips_mode)
+ {
+ if (err != GPG_ERR_NOT_SUPPORTED)
+ fail ("gcry_ecc_mul_point is not expected to work in FIPS mode for test %d: %s",
+ testno, gpg_strerror (err));
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ goto leave;
+ }
+ if (err)
fail ("gcry_ecc_mul_point failed for test %d: %s", testno,
gpg_strerror (err));
@@ -296,7 +317,7 @@ test_cv (int testno, const char *k_str, const char *u_str,
static void
test_it (int testno, const char *k_str, int iter, const char *result_str)
{
- gcry_ctx_t ctx;
+ gcry_ctx_t ctx = NULL;
gpg_error_t err;
void *buffer = NULL;
size_t buflen;
@@ -311,6 +332,15 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
info ("Running test %d: iteration=%d\n", testno, iter);
gcry_mpi_ec_new (&ctx, NULL, "X448");
+ if (in_fips_mode)
+ {
+ if (ctx)
+ fail ("gcry_mpi_ec_new should fail in FIPS mode for test %d",
+ testno);
+ if (verbose > 1)
+ info ("not executed in FIPS mode\n");
+ return;
+ }
Q = gcry_mpi_point_new (0);
if (!(buffer = hex2buffer (k_str, &buflen)) || buflen != 56)
@@ -583,6 +613,9 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
+
start_timer ();
check_x448 ();
stop_timer ();
--
2.33.0

31
libgcrypt-FIPS-hw-optimizations.patch
View File

@ -1,31 +0,0 @@
From 70e6cec07d86332f1aaf7a69bec75c7138306f6a Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 29 Jul 2021 14:20:14 +0900
Subject: [PATCH] hwfeatures: Enable hardware support also in FIPS mode.
* src/hwfeatures.c (_gcry_detect_hw_features): Remove skipping in FIPS
mode.
--
Reported-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
src/hwfeatures.c | 3 ---
1 file changed, 3 deletions(-)
Index: libgcrypt-1.9.4/src/hwfeatures.c
===================================================================
--- libgcrypt-1.9.4.orig/src/hwfeatures.c
+++ libgcrypt-1.9.4/src/hwfeatures.c
@@ -213,9 +213,6 @@ _gcry_detect_hw_features (void)
{
hw_features = 0;
- if (fips_mode ())
- return; /* Hardware support is not to be evaluated. */
-
parse_hwf_deny_file ();
#if defined (HAVE_CPU_ARCH_X86)

89
libgcrypt-FIPS-module-version.patch
View File

@ -1,89 +0,0 @@
From c74fde0c3f6114c594332fb28a09c7b817969231 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 17 Sep 2021 17:11:30 +0200
Subject: [PATCH 187/200] Allow passing FIPS module version
* README: Document new --with-fips-module-version=version switch
* configure.ac: Implementation of the --with-fips-module-version
* src/global.c (print_config): Print FIPS module version from above
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Moved the module version to a 3rd field to keep the semantics of that
line.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 1600
---
README | 4 ++++
configure.ac | 7 +++++++
src/global.c | 16 +++++++++++++---
3 files changed, 24 insertions(+), 3 deletions(-)
Index: libgcrypt-1.9.4/README
===================================================================
--- libgcrypt-1.9.4.orig/README
+++ libgcrypt-1.9.4/README
@@ -165,6 +165,10 @@
against a HMAC checksum. This works only in FIPS
mode and on systems providing the dladdr function.
+ --with-fips-module-version=version
+ Specify a string used as a module version for FIPS
+ certification purposes.
+
--disable-padlock-support
Disable support for the PadLock engine of VIA
processors. The default is to use PadLock if
Index: libgcrypt-1.9.4/configure.ac
===================================================================
--- libgcrypt-1.9.4.orig/configure.ac
+++ libgcrypt-1.9.4/configure.ac
@@ -599,6 +599,12 @@ if test "$use_hmac_binary_check" = yes ;
[Define to support an HMAC based integrity check])
fi
+# Implementation of the --with-fips-module-version.
+AC_ARG_WITH(fips-module-version,
+ [ --with-fips-module-version=VERSION],
+ fips_module_version="$withval", fips_module_version="" )
+AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
+ [Define FIPS module version for certification])
# Implementation of the --disable-jent-support switch.
AC_MSG_CHECKING([whether jitter entropy support is requested])
@@ -3266,6 +3272,7 @@ GCRY_MSG_WRAP([Enabled pubkey algorithms
GCRY_MSG_SHOW([Random number generator: ],[$random])
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
+GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
GCRY_MSG_SHOW([Try using Padlock crypto: ],[$padlocksupport])
GCRY_MSG_SHOW([Try using AES-NI crypto: ],[$aesnisupport])
GCRY_MSG_SHOW([Try using Intel SHAEXT: ],[$shaextsupport])
Index: libgcrypt-1.9.4/src/global.c
===================================================================
--- libgcrypt-1.9.4.orig/src/global.c
+++ libgcrypt-1.9.4/src/global.c
@@ -379,10 +379,19 @@ print_config (const char *what, gpgrt_st
{
/* We use y/n instead of 1/0 for the stupid reason that
* Emacsen's compile error parser would accidentally flag that
- * line when printed during "make check" as an error. */
- gpgrt_fprintf (fp, "fips-mode:%c:%c:\n",
+ * line when printed during "make check" as an error. The
+ * second field is obsolete and thus empty (used to be used for
+ * a so-called enforced-fips-mode). The third field has an
+ * option static string describing the module versions; this is
+ * an optional configure option. */
+ gpgrt_fprintf (fp, "fips-mode:%c::%s:\n",
fips_mode ()? 'y':'n',
- _gcry_enforced_fips_mode ()? 'y':'n' );
+#ifdef FIPS_MODULE_VERSION
+ fips_mode () ? FIPS_MODULE_VERSION : ""
+#else
+ ""
+#endif /* FIPS_MODULE_VERSION */
+ );
}
if (!what || !strcmp (what, "rng-type"))

18
libgcrypt-FIPS-rndjent_poll.patch
View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.9.4/random/rndlinux.c
Index: libgcrypt-1.10.0/random/rndoldlinux.c
===================================================================
--- libgcrypt-1.9.4.orig/random/rndlinux.c
+++ libgcrypt-1.9.4/random/rndlinux.c
@@ -141,7 +141,7 @@ _gcry_rndlinux_gather_random (void (*add
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
+++ libgcrypt-1.10.0/random/rndoldlinux.c
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
volatile pid_t apid;
int fd;
int n;
@ -11,7 +11,7 @@ Index: libgcrypt-1.9.4/random/rndlinux.c
size_t n_hw;
size_t want = length;
size_t last_so_far = 0;
@@ -196,26 +196,43 @@ _gcry_rndlinux_gather_random (void (*add
@@ -187,26 +187,43 @@ _gcry_rndoldlinux_gather_random (void (*
my_pid = apid;
}
@ -71,7 +71,7 @@ Index: libgcrypt-1.9.4/random/rndlinux.c
/* Open the requested device. The first time a device is to be
opened we fail with a fatal error if the device does not exists.
@@ -283,8 +301,6 @@ _gcry_rndlinux_gather_random (void (*add
@@ -262,8 +279,6 @@ _gcry_rndoldlinux_gather_random (void (*
do
{
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
@ -80,10 +80,10 @@ Index: libgcrypt-1.9.4/random/rndlinux.c
_gcry_pre_syscall ();
ret = getentropy (buffer, nbytes);
_gcry_post_syscall ();
Index: libgcrypt-1.9.4/random/rndjent.c
Index: libgcrypt-1.10.0/random/rndjent.c
===================================================================
--- libgcrypt-1.9.4.orig/random/rndjent.c
+++ libgcrypt-1.9.4/random/rndjent.c
--- libgcrypt-1.10.0.orig/random/rndjent.c
+++ libgcrypt-1.10.0/random/rndjent.c
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
if (!jent_rng_is_initialized)
{

375
libgcrypt-FIPS-service-indicators.patch
View File

@ -1,375 +0,0 @@
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -437,6 +437,54 @@ _gcry_fips_test_operational (void)
}
+int
+_gcry_fips_indicator_cipher (va_list arg_ptr)
+{
+ enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_cipher_algos);
+ enum gcry_cipher_modes mode;
+
+ switch (alg)
+ {
+ case GCRY_CIPHER_AES:
+ case GCRY_CIPHER_AES192:
+ case GCRY_CIPHER_AES256:
+ mode = va_arg (arg_ptr, enum gcry_cipher_modes);
+ switch (mode)
+ {
+ case GCRY_CIPHER_MODE_ECB:
+ case GCRY_CIPHER_MODE_CBC:
+ case GCRY_CIPHER_MODE_CFB:
+ case GCRY_CIPHER_MODE_CFB8:
+ case GCRY_CIPHER_MODE_OFB:
+ case GCRY_CIPHER_MODE_CTR:
+ case GCRY_CIPHER_MODE_CCM:
+ case GCRY_CIPHER_MODE_GCM:
+ case GCRY_CIPHER_MODE_XTS:
+ return GPG_ERR_NO_ERROR;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+}
+
+
+int
+_gcry_fips_indicator_kdf (va_list arg_ptr)
+{
+ enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
+
+ switch (alg)
+ {
+ case GCRY_KDF_PBKDF2:
+ return GPG_ERR_NO_ERROR;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+}
+
+
/* This is a test on whether the library is in the error or
operational state. */
int
Index: libgcrypt-1.9.4/src/g10lib.h
===================================================================
--- libgcrypt-1.9.4.orig/src/g10lib.h
+++ libgcrypt-1.9.4/src/g10lib.h
@@ -487,6 +487,9 @@ void _gcry_fips_signal_error (const char
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
#endif
+int _gcry_fips_indicator_cipher (va_list arg_ptr);
+int _gcry_fips_indicator_kdf (va_list arg_ptr);
+
int _gcry_fips_is_operational (void);
/* Return true if the library is in the operational state. */
Index: libgcrypt-1.9.4/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.9.4.orig/src/gcrypt.h.in
+++ libgcrypt-1.9.4/src/gcrypt.h.in
@@ -334,7 +334,9 @@ enum gcry_ctl_cmds
GCRYCTL_GET_TAGLEN = 76,
GCRYCTL_REINIT_SYSCALL_CLAMP = 77,
GCRYCTL_AUTO_EXPAND_SECMEM = 78,
- GCRYCTL_SET_ALLOW_WEAK_KEY = 79
+ GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.9.4/src/global.c
===================================================================
--- libgcrypt-1.9.4.orig/src/global.c
+++ libgcrypt-1.9.4/src/global.c
@@ -755,6 +755,19 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_run_selftests (1);
break;
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER:
+ /* Get FIPS Service Indicator for a given symmetric algorithm and
+ * optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or
+ * GPG_ERR_NOT_SUPPORTED otherwise */
+ rc = _gcry_fips_indicator_cipher (arg_ptr);
+ break;
+
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
+ /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
+ * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
+ rc = _gcry_fips_indicator_kdf (arg_ptr);
+ break;
+
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
rc = GPG_ERR_NOT_SUPPORTED;
break;
Index: libgcrypt-1.9.4/tests/basic.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/basic.c
+++ libgcrypt-1.9.4/tests/basic.c
@@ -6383,6 +6383,16 @@ do_check_ocb_cipher (int inplace)
assert (tv[tidx].taglen <= ciphlen);
assert (tv[tidx].taglen <= sizeof tag);
+ /* Verify the FIPS indicator marks this as non-approved */
+ if (in_fips_mode)
+ {
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
+ tv[tidx].algo, GCRY_CIPHER_MODE_OCB);
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+ fail ("cipher-ocb, gcry_control did not fail as expected (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ }
+
err = gcry_cipher_open (&hde, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
if (!err)
err = gcry_cipher_open (&hdd, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
@@ -6644,6 +6654,16 @@ check_ocb_cipher_largebuf_split (int alg
memcpy(inbuf + i, hash, 16);
}
+ /* Verify the FIPS indicator marks this as non-approved */
+ if (in_fips_mode)
+ {
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
+ algo, GCRY_CIPHER_MODE_OCB);
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+ fail ("cipher-ocb, gcry_control did not fail as expected (large, algo %d): %s\n",
+ algo, gpg_strerror (err));
+ }
+
err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
if (!err)
err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0);
@@ -6842,7 +6862,17 @@ check_ocb_cipher_checksum (int algo, int
blk[byteidx] |= 1 << bitpos;
}
- err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
+ /* Verify the FIPS indicator marks this as non-approved */
+ if (in_fips_mode)
+ {
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
+ algo, GCRY_CIPHER_MODE_OCB);
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+ fail ("cipher-ocb, gcry_control did not fail as expected (checksum, algo %d): %s\n",
+ algo, gpg_strerror (err));
+ }
+
+ err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
if (!err)
err = gcry_cipher_open (&hde2, algo, GCRY_CIPHER_MODE_OCB, 0);
if (!err)
@@ -7110,6 +7140,16 @@ check_ocb_cipher_splitaad (void)
aad[2] = tv[tidx].aad2? hex2buffer (tv[tidx].aad2, aadlen+2) : NULL;
aad[3] = tv[tidx].aad3? hex2buffer (tv[tidx].aad3, aadlen+3) : NULL;
+ /* Verify the FIPS indicator marks this as non-approved */
+ if (in_fips_mode)
+ {
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
+ GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB);
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+ fail ("cipher-ocb-splitaad, gcry_control did not fail as expected: %s\n",
+ gpg_strerror (err));
+ }
+
err = gcry_cipher_open (&hde, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB, 0);
if (err)
{
@@ -9044,6 +9084,17 @@ check_bulk_cipher_modes (void)
fprintf (stderr, " checking bulk encryption for %s [%i], mode %d\n",
gcry_cipher_algo_name (tv[i].algo),
tv[i].algo, tv[i].mode);
+
+ /* Verify the FIPS indicator marks approved cipher/modes combinations */
+ if (in_fips_mode)
+ {
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
+ tv[i].algo, tv[i].mode);
+ if (gpg_err_code (err) != GPG_ERR_NO_ERROR)
+ fail ("gcry_control unexpectedly failed for algo = %s, mode = %d : %s\n",
+ gcry_cipher_algo_name (tv[i].algo), tv[i].mode, gpg_strerror (err));
+ }
+
err = gcry_cipher_open (&hde, tv[i].algo, tv[i].mode, 0);
if (!err)
err = gcry_cipher_open (&hdd, tv[i].algo, tv[i].mode, 0);
Index: libgcrypt-1.9.4/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.9.4.orig/doc/gcrypt.texi
+++ libgcrypt-1.9.4/doc/gcrypt.texi
@@ -961,6 +961,19 @@ been registered with Libgpg-error and ad
clamp again. Obviously this control code may only be used before a
second thread is started in a process.
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER; Arguments: enum gcry_cipher_algos [, enum gcry_cipher_modes]
+
+Check if the given symmetric cipher and optional cipher mode combination
+is approved under the current FIPS 140-3 certification. If the
+combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
+
+Check if the given KDF is approved under the current FIPS 140-3
+certification. If the KDF is approved, this function returns
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
+is returned.
@end table
@@ -980,7 +993,7 @@ descriptive message to the user and canc
Some error values do not indicate a system error or an error in the
operation, but the result of an operation that failed properly. For
-example, if you try to decrypt a tempered message, the decryption will
+example, if you try to decrypt a tampered message, the decryption will
fail. Another error value actually means that the end of a data
buffer or list has been reached. The following descriptions explain
for many error codes what they mean usually. Some error values have
@@ -6320,25 +6333,6 @@ The following symmetric encryption algor
power-up:
@table @asis
-@item 3DES
-To test the 3DES 3-key EDE encryption in ECB mode these tests are
-run:
-@enumerate
-@item
-A known answer test is run on a 64 bit test vector processed by 64
-rounds of Single-DES block encryption and decryption using a key
-changed with each round.
-@item
-A known answer test is run on a 64 bit test vector processed by 16
-rounds of 2-key and 3-key Triple-DES block encryption and decryptions
-using a key changed with each round.
-@item
-10 known answer tests using 3-key Triple-DES EDE encryption, comparing
-the ciphertext to the known value, then running a decryption and
-comparing it to the initial plaintext.
-@end enumerate
-(@code{cipher/des.c:selftest})
-
@item AES-128
A known answer tests is run using one test vector and one test
key with AES in ECB mode. (@code{cipher/rijndael.c:selftest_basic_128})
@@ -6394,6 +6388,9 @@ A known answer test using 28 byte of dat
@item HMAC SHA-512
A known answer test using 28 byte of data and a 4 byte key is run.
(@code{cipher/hmac-tests.c:selftests_sha512})
+@item CMAC AES
+A known answer test using 40 byte of data and a 16 byte key is run.
+(@code{cipher/mac-cmac.c:selftests_cmac_aes})
@end table
@subsection Random Number Power-Up Test
@@ -6416,7 +6413,7 @@ The public key algorithms are tested dur
@table @asis
@item RSA
-A pre-defined 1024 bit RSA key is used and these tests are run
+A pre-defined 2048 bit RSA key is used and these tests are run
in turn:
@enumerate
@item
@@ -6426,14 +6423,14 @@ Conversion of S-expression to internal f
Private key consistency check.
(@code{cipher/@/rsa.c:@/selftests_rsa})
@item
-A pre-defined 20 byte value is signed with PKCS#1 padding for SHA-1.
+A pre-defined 20 byte value is signed with PKCS#1 padding for SHA-256.
The result is verified using the public key against the original data
-and against modified data. (@code{cipher/@/rsa.c:@/selftest_sign_1024})
+and against modified data. (@code{cipher/@/rsa.c:@/selftest_sign_2048})
@item
-A 1000 bit random value is encrypted and checked that it does not
-match the original random value. The encrypted result is then
+A predefined 66 byte value is encrypted and checked that it matches
+reference encyrpted message. The encrypted result is then
decrypted and checked that it matches the original random value.
-(@code{cipher/@/rsa.c:@/selftest_encr_1024})
+(@code{cipher/@/rsa.c:@/selftest_encr_2048})
@end enumerate
@item DSA
@@ -6463,15 +6461,6 @@ of the same name but with a single dot a
@file{.hmac}.
-@subsection Critical Functions Power-Up Tests
-
-The 3DES weak key detection is tested during power-up by calling the
-detection function with keys taken from a table listening all weak
-keys. The table itself is protected using a SHA-1 hash.
-(@code{cipher/@/des.c:@/selftest})
-
-
-
@c --------------------------------
@section Conditional Tests
@@ -6645,8 +6634,6 @@ If Libgcrypt is used in FIPS mode these
The cryptographic algorithms are restricted to this list:
@table @asis
-@item GCRY_CIPHER_3DES
-3 key EDE Triple-DES symmetric encryption.
@item GCRY_CIPHER_AES128
AES 128 bit symmetric encryption.
@item GCRY_CIPHER_AES192
@@ -6673,6 +6660,8 @@ HMAC using a SHA-256 message digest.
HMAC using a SHA-384 message digest.
@item GCRY_MD_SHA512,GCRY_MD_FLAG_HMAC
HMAC using a SHA-512 message digest.
+@item GCRY_MAC_CMAC_AES
+CMAC using a AES key.
@item GCRY_PK_RSA
RSA encryption and signing.
@item GCRY_PK_DSA
@@ -6683,8 +6672,8 @@ Note that the CRC algorithms are not con
and thus are in addition available.
@item
-RSA key generation refuses to create a key with a keysize of
-less than 1024 bits.
+RSA key generation refuses to create and uyse ea key with a keysize of
+less than 2048 bits.
@item
DSA key generation refuses to create a key with a keysize other
@@ -6697,8 +6686,9 @@ The @code{transient-key} flag for RSA an
Support for the VIA Padlock engine is disabled.
@item
-FIPS mode may only be used on systems with a /dev/random device.
-Switching into FIPS mode on other systems will fail at runtime.
+FIPS mode may only be used on systems with a /dev/random device or
+with a getentropy syscall. Switching into FIPS mode on other systems
+will fail at runtime.
@item
Saving and loading a random seed file is ignored.
@@ -6731,11 +6721,15 @@ disables FIPS mode unless Enforced FIPS
Libgcrypt will enter the error state.
@item
+The signatures using SHA-1 digest algorithm may not be used.
+
+@item
In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is
ignored. In standard FIPS mode it disables FIPS mode.
@item
A handler set by @code{gcry_set_outofcore_handler} is ignored.
+
@item
A handler set by @code{gcry_set_fatalerror_handler} is ignored.

68
libgcrypt-FIPS-verify-unsupported-KDF-test.patch
View File

@ -1,68 +0,0 @@
From 0ab4e8063729147fb9abd463055785aac831bf5c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Jul 2021 16:58:54 +0200
Subject: [PATCH 348/500] tests: Verify unsupported KDF tests fail in FIPS mode
* tests/t-kdf.c (check_pbkdf2): Verify tests based on algorithms
unsupported in FIPS mode fail.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/t-kdf.c | 7 +++++++
1 file changed, 7 insertions(+)
Index: libgcrypt-1.9.4/tests/t-kdf.c
===================================================================
--- libgcrypt-1.9.4.orig/tests/t-kdf.c
+++ libgcrypt-1.9.4/tests/t-kdf.c
@@ -998,7 +998,7 @@ check_pbkdf2 (void)
"\xa5\x7a\xe5\xa6\x08\x83\x96\xd1\x20\x85\x0c\x5c\x09\xde\x0a\x52"
"\x51\x00\x93\x8a\x59\xb1\xb5\xc3\xf7\x81\x09\x10\xd0\x5f\xcd\x97"
}, */
- {
+ /* { -- not FIPS approved
"passwordPASSWORDpassword", 24,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
GCRY_MD_GOSTR3411_CP,
@@ -1007,7 +1007,7 @@ check_pbkdf2 (void)
"\x78\x83\x58\xc6\x9c\xb2\xdb\xe2\x51\xa7\xbb\x17\xd5\xf4\x24\x1f"
"\x26\x5a\x79\x2a\x35\xbe\xcd\xe8\xd5\x6f\x32\x6b\x49\xc8\x50\x47"
"\xb7\x63\x8a\xcb\x47\x64\xb1\xfd"
- },
+ }, */
{
"pass\0word", 9,
"sa\0lt", 5,
@@ -1061,7 +1061,7 @@ check_pbkdf2 (void)
"\x1a\xdb\x60\x1c\x7e\x2a\x31\x4e\x8c\xb7\xb1\xe9\xdf\x84\x0e\x36"
"\xab\x56\x15\xbe\x5d\x74\x2b\x6c\xf2\x03\xfb\x55\xfd\xc4\x80\x71"
}, */
- {
+ /* { -- not FIPS approved
"passwordPASSWORDpassword", 24,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
GCRY_MD_STRIBOG512,
@@ -1074,7 +1074,7 @@ check_pbkdf2 (void)
"\xbd\x24\x21\xee\x9b\xb7\x11\x83\xba\x88\x2c\xee\xbf\xef\x25\x9f"
"\x33\xf9\xe2\x7d\xc6\x17\x8c\xb8\x9d\xc3\x74\x28\xcf\x9c\xc5\x2a"
"\x2b\xaa\x2d\x3a"
- },
+ }, */
{
"pass\0word", 9,
"sa\0lt", 5,
@@ -1104,6 +1104,13 @@ check_pbkdf2 (void)
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].c, tv[tvidx].dklen, outbuf);
+ if (gcry_fips_mode_active() && tvidx > 6)
+ {
+ if (!err)
+ fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
+ tvidx, gpg_strerror (err));
+ continue;
+ }
if (err)
fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))

118
libgcrypt-PCT-DSA.patch
View File

@ -1,118 +0,0 @@
Index: libgcrypt-1.8.2/cipher/dsa.c
===================================================================
--- libgcrypt-1.8.2.orig/cipher/dsa.c
+++ libgcrypt-1.8.2/cipher/dsa.c
@@ -181,24 +181,101 @@ test_keys (DSA_secret_key *sk, unsigned
/* Create a random plaintext. */
_gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
- /* Sign DATA using the secret key. */
- sign (sig_a, sig_b, data, sk, 0, 0);
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
+ * which requires full signature operation for PCT (hashing +
+ * asymmetric operation) */
+ gcry_sexp_t s_skey = NULL;
+ gcry_sexp_t s_pkey = NULL;
+ gcry_sexp_t r_sig = NULL;
+ gcry_sexp_t s_hash = NULL;
+ gcry_md_hd_t hd = NULL;
+ gcry_mpi_t r_sig_mpi = NULL;
+ gcry_mpi_t s_sig_mpi = NULL;
+ unsigned char *buf = NULL;
+ size_t buflen;
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave;
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* build DSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL, "(private-key (dsa(p %m)(q %m)(g %m)(y %m)(x %m)))",
+ sk->p, sk->q, sk->g, sk->y, sk->x);
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave;
+ }
+
+ /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "rs", &r_sig_mpi, &s_sig_mpi, NULL))
+ {
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave;
+ }
+
+ if ( !verify (r_sig_mpi, s_sig_mpi, data, &pk))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature matches but should not. */
+ }
+
+ _gcry_sexp_release (s_hash);
+ _gcry_md_close (hd);
+
+ /* build DSA public key sexp in s_pkey */
+ sexp_build (&s_pkey, NULL, "(public-key (dsa(p %m)(q %m)(g %m)(y %m)))",
+ pk.p, pk.q, pk.g, pk.y);
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */
+ }
- /* Verify the signature using the public key. */
- if ( verify (sig_a, sig_b, data, &pk) )
- goto leave; /* Signature does not match. */
-
- /* Modify the data and check that the signing fails. */
- mpi_add_ui (data, data, 1);
- if ( !verify (sig_a, sig_b, data, &pk) )
- goto leave; /* Signature matches but should not. */
-
- result = 0; /* The test succeeded. */
+ result = 0; /* The test succeeded. */
leave:
_gcry_mpi_release (sig_b);
_gcry_mpi_release (sig_a);
_gcry_mpi_release (data);
+
+ _gcry_sexp_release (s_skey);
+ _gcry_sexp_release (s_pkey);
+ _gcry_sexp_release (s_hash);
+ _gcry_sexp_release (r_sig);
+ _gcry_mpi_release (r_sig_mpi);
+ _gcry_mpi_release (s_sig_mpi);
+ _gcry_md_close (hd);
+
return result;
}

342
libgcrypt-PCT-ECC.patch
View File

@ -1,342 +0,0 @@
Index: libgcrypt-1.9.0/cipher/ecc.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/ecc.c
+++ libgcrypt-1.9.0/cipher/ecc.c
@@ -100,7 +100,7 @@ static void *progress_cb_data;
/* Local prototypes. */
-static void test_keys (mpi_ec_t ec, unsigned int nbits);
+static int test_keys (mpi_ec_t ec, unsigned int nbits);
static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
static unsigned int ecc_get_nbits (gcry_sexp_t parms);
@@ -256,8 +256,10 @@ nist_generate_key (mpi_ec_t ec, int flag
else if (ec->model == MPI_EC_MONTGOMERY)
test_ecdh_only_keys (ec, ec->nbits - 63, flags);
else
- test_keys (ec, ec->nbits - 64);
-
+ {
+ if (test_keys (ec, ec->nbits - 64))
+ return GPG_ERR_BAD_SIGNATURE;
+ }
return 0;
}
@@ -268,9 +270,10 @@ nist_generate_key (mpi_ec_t ec, int flag
* test if the information is recuperated.
* Second, test with the sign and verify functions.
*/
-static void
+static int
test_keys (mpi_ec_t ec, unsigned int nbits)
{
+ int result = -1; /* Default to failure. */
gcry_mpi_t test = mpi_new (nbits);
mpi_point_struct R_;
gcry_mpi_t c = mpi_new (nbits);
@@ -285,23 +288,205 @@ test_keys (mpi_ec_t ec, unsigned int nbi
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
- if (_gcry_ecc_ecdsa_sign (test, ec, r, s, 0, 0) )
- log_fatal ("ECDSA operation: sign failed\n");
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
+ * which requires full signature operation for PCT (hashing +
+ * asymmetric operation). */
+ gcry_sexp_t r_sig = NULL;
+ gcry_sexp_t s_skey = NULL;
+ gcry_sexp_t s_pkey = NULL;
+ gcry_sexp_t s_hash = NULL;
+ gcry_mpi_t s_sig_mpi = NULL;
+ gcry_md_hd_t hd = NULL;
+ unsigned char *buf = NULL;
+ size_t buflen;
+ mpi_ec_t ctx;
+ int flags = 0;
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
- if (_gcry_ecc_ecdsa_verify (test, ec, r, s))
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
+
+ /* Assemble the point Q from affine coordinates by simple
+ * concatenation. */
+ gcry_mpi_t Qx = NULL;
+ gcry_mpi_t Qy = NULL;
+ Qx = mpi_new (0);
+ Qy = mpi_new (0);
+ ctx = _gcry_mpi_ec_p_internal_new (ec->model, ec->dialect, flags,
+ ec->p, ec->a, ec->b);
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, ec->Q, ctx))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
+ }
+
+ unsigned char *rawqx, *rawqy;
+ unsigned int rawqxlen, rawqylen;
+ rawqx = _gcry_mpi_get_buffer (Qx, 0, &rawqxlen, NULL);
+ rawqy = _gcry_mpi_get_buffer (Qy, 0, &rawqylen, NULL);
+
+ if (rawqxlen != rawqylen)
+ {
+ if (rawqxlen < rawqylen)
+ {
+ size_t diff = rawqylen - rawqxlen;
+ unsigned char *zeros = xmalloc (rawqxlen + diff);
+ memset (zeros, 0, rawqxlen + diff);
+ memmove (zeros + diff, rawqx, rawqxlen);
+ xfree (rawqx);
+ rawqx = zeros;
+ rawqxlen += diff;
+ }
+ if (rawqylen < rawqxlen)
+ {
+ size_t diff = rawqxlen - rawqylen;
+ unsigned char *zeros = xmalloc (rawqylen + diff);
+ memset (zeros, 0, rawqylen + diff);
+ memmove (zeros + diff, rawqy, rawqylen);
+ xfree (rawqy);
+ rawqy = zeros;
+ rawqylen += diff;
+ }
+ }
+
+ unsigned char q[1 + rawqxlen + rawqxlen];
+ size_t qlen;
+ memset (&q, 0, sizeof(q));
+ *q = 4;
+ memcpy (q + 1, rawqx, rawqxlen);
+ memcpy (q + 1 + rawqxlen, rawqy, rawqylen);
+ qlen = 1 + rawqxlen + rawqylen;
+
+ _gcry_mpi_release (Qx);
+ _gcry_mpi_release (Qy);
+ xfree (rawqx);
+ xfree (rawqy);
+
+ /* build ECC private key sexp in s_skey */
+ if (ec->name)
+ {
+ if (sexp_build (&s_skey, NULL,
+ "(private-key (ecc (curve %s)(d %m)(q %b)))",
+ ec->name, ec->d, qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+ else
+ {
+ if (sexp_build (&s_skey, NULL,
+ "(private-key"
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", ec->d, ec->p, ec->a, ec->b, ec->n, ec->h,
+ qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
{
- log_fatal ("ECDSA operation: sign, verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_sign failed\n");
+ goto leave;
+ }
+
+ /* Check that the signature and the original test differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "s", &s_sig_mpi, NULL))
+ {
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave;
+ }
+
+ if (!mpi_cmp (s_sig_mpi, test))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature and test match but should not. */
+ }
+
+ /* verify */
+ /* build public key sexp in s_pkey */
+ if (ec->name)
+ {
+ if (sexp_build (&s_pkey, NULL,
+ "(public-key (ecc (curve %s)(q %b)))", ec->name, qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for public key.\n");
+ }
+ }
+ else
+ {
+ if (sexp_build (&s_pkey, NULL,
+ "(public-key"
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", ec->p, ec->a, ec->b, ec->n, ec->h, qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+
+ _gcry_md_close (hd);
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */
}
if (DBG_CIPHER)
- log_debug ("ECDSA operation: sign, verify ok.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ECDSA operation: sign, verify ok.\n");
+ }
+
+ result = 0; /* The test succeeded. */
+ leave:
point_free (&R_);
mpi_free (s);
mpi_free (r);
mpi_free (out);
mpi_free (c);
mpi_free (test);
+
+ _gcry_sexp_release (r_sig);
+ _gcry_sexp_release (s_skey);
+ _gcry_sexp_release (s_pkey);
+ _gcry_sexp_release (s_hash);
+ _gcry_mpi_release (s_sig_mpi);
+ _gcry_md_close (hd);
+ xfree (ctx);
+
+ return result;
}
Index: libgcrypt-1.9.0/cipher/pubkey.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey.c
+++ libgcrypt-1.9.0/cipher/pubkey.c
@@ -390,6 +390,7 @@ calculate_hash (gcry_md_hd_t hd, gcry_se
gcry_err_code_t rc;
const unsigned char *digest;
int algo;
+ const char *flags;
if (!hd)
return 0;
@@ -398,16 +399,21 @@ calculate_hash (gcry_md_hd_t hd, gcry_se
if (rc)
return rc;
+ rc = _gcry_pk_util_get_flags (*s_hash, &flags);
+ if (rc)
+ return rc;
+
digest = _gcry_md_read(hd, algo);
if (!digest)
return GPG_ERR_DIGEST_ALGO;
rc = _gcry_sexp_build (s_hash, NULL,
- "(data (flags pkcs1)(hash %s %b))",
+ "(data (flags %s)(hash %s %b))", flags,
_gcry_md_algo_name(algo),
(int) _gcry_md_get_algo_dlen(algo),
digest);
+ xfree ((void *)flags);
return rc;
}
Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
+++ libgcrypt-1.9.0/cipher/pubkey-internal.h
@@ -45,6 +45,8 @@ gcry_err_code_t _gcry_pk_util_data_to_mp
struct pk_encoding_ctx *ctx);
gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input,
int *algo);
+gcry_err_code_t _gcry_pk_util_get_flags (gcry_sexp_t input,
+ const char **flags);
Index: libgcrypt-1.9.0/cipher/pubkey-util.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
+++ libgcrypt-1.9.0/cipher/pubkey-util.c
@@ -1159,6 +1159,40 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
return rc;
}
+gcry_err_code_t
+_gcry_pk_util_get_flags (gcry_sexp_t input, const char **flags)
+{
+ gcry_err_code_t rc = 0;
+ gcry_sexp_t ldata, list = NULL;
+
+ ldata = sexp_find_token (input, "data", 0);
+ if (!ldata)
+ {
+ rc = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+
+ list = sexp_find_token (ldata, "flags", 0);
+ if (!list)
+ {
+ rc = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+
+ /* FIXME: gets only the first flag */
+ *flags = sexp_nth_string (list, 1);
+ if (!*flags)
+ {
+ rc = GPG_ERR_NO_OBJ;
+ goto leave;
+ }
+
+ leave:
+ sexp_release (ldata);
+ sexp_release (list);
+
+ return rc;
+}
gcry_err_code_t
_gcry_pk_util_get_algo (gcry_sexp_t input, int *algo)

123
libgcrypt-PCT-RSA.patch
View File

@ -1,123 +0,0 @@
Index: libgcrypt-1.8.2/cipher/rsa.c
===================================================================
--- libgcrypt-1.8.2.orig/cipher/rsa.c
+++ libgcrypt-1.8.2/cipher/rsa.c
@@ -159,22 +159,97 @@ test_keys (RSA_secret_key *sk, unsigned
/* Create another random plaintext as data for signature checking. */
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
- /* Use the RSA secret function to create a signature of the plaintext. */
- secret (signature, plaintext, sk);
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
+ * which requires full signature operation for PCT (hashing +
+ * asymmetric operation */
+ gcry_sexp_t s_skey = NULL;
+ gcry_sexp_t s_pkey = NULL;
+ gcry_sexp_t r_sig = NULL;
+ gcry_sexp_t s_hash = NULL;
+ gcry_md_hd_t hd = NULL;
+ gcry_mpi_t r_sig_mpi = NULL;
+ unsigned char *buf = NULL;
+ size_t buflen;
- /* Use the RSA public function to verify this signature. */
- public (decr_plaintext, signature, &pk);
- if (mpi_cmp (decr_plaintext, plaintext))
- goto leave; /* Signature does not match. */
-
- /* Modify the signature and check that the signing fails. */
- mpi_add_ui (signature, signature, 1);
- public (decr_plaintext, signature, &pk);
- if (!mpi_cmp (decr_plaintext, plaintext))
- goto leave; /* Signature matches but should not. */
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave_hash;
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* build RSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL,
+ "(private-key (rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
+ sk->n, sk->e, sk->d, sk->p, sk->q);
+ sexp_build (&s_hash, NULL,
+ "(data (flags pkcs1)(hash-algo sha256))");
+
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave_hash;
+ }
+
+ /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, "sig-val!rsa", "s", &r_sig_mpi, NULL))
+ {
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave_hash;
+ }
+
+ if (!mpi_cmp (r_sig_mpi, plaintext))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave_hash; /* Signature and plaintext match but should not. */
+ }
+
+ _gcry_sexp_release (s_hash);
+ _gcry_md_close (hd);
+
+ /* build RSA public key sexp in s_pkey */
+ sexp_build (&s_pkey, NULL, "(public-key (rsa(n %m)(e %m)))", pk.n, pk.e);
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave_hash; /* Signature does not match. */
+ }
result = 0; /* All tests succeeded. */
+ leave_hash:
+ _gcry_sexp_release (s_skey);
+ _gcry_sexp_release (s_pkey);
+ _gcry_sexp_release (s_hash);
+ _gcry_sexp_release (r_sig);
+ _gcry_md_close (hd);
+ _gcry_mpi_release (r_sig_mpi);
+
leave:
_gcry_mpi_release (signature);
_gcry_mpi_release (decr_plaintext);
@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
/* This sexp trickery is to prevent the use of blinding.
* The flag doesn't get inherited by encr, so we have to
* derive a new sexp from the ciphertext */
- char buf[1024];
+ unsigned char buf[1024];
memset(buf, 0, sizeof(buf));
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
if (err)

16
libgcrypt-Restore-self-tests-from-constructor.patch
View File

@ -1,16 +0,0 @@
Index: libgcrypt-1.8.2/src/global.c
===================================================================
--- libgcrypt-1.8.2.orig/src/global.c
+++ libgcrypt-1.8.2/src/global.c
@@ -140,8 +140,9 @@ global_init (void)
/* We always need the FSM lock to be functional. */
_gcry_initialize_fsm_lock ();
- /* Run the self-tests from the constructor. */
- global_init ();
+ /* We run the integrity check at this point. The remaining
+ selftests are run before use of the library by application. */
+ _gcry_fips_run_selftests (0);
}
/* This function is called by the macro fips_is_operational and makes

124
libgcrypt-dsa-rfc6979-test-fix.patch
View File

@ -1,124 +0,0 @@
Index: libgcrypt-1.8.2/tests/benchmark.c
===================================================================
--- libgcrypt-1.8.2.orig/tests/benchmark.c
+++ libgcrypt-1.8.2/tests/benchmark.c
@@ -1400,7 +1400,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
"gost256", "gost512" };
int testno;
Index: libgcrypt-1.8.2/tests/dsa-rfc6979.c
===================================================================
--- libgcrypt-1.8.2.orig/tests/dsa-rfc6979.c
+++ libgcrypt-1.8.2/tests/dsa-rfc6979.c
@@ -165,16 +165,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -398,89 +388,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
"ECDSA, 224 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

82
libgcrypt-ecc-ecdsa-no-blinding.patch
View File

@ -1,82 +0,0 @@
Index: libgcrypt-1.9.0/cipher/ecc.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/ecc.c
+++ libgcrypt-1.9.0/cipher/ecc.c
@@ -1581,11 +1581,11 @@ selftest_sign (gcry_sexp_t pkey, gcry_se
{
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
static const char sample_data[] =
- "(data (flags rfc6979)"
+ "(data (flags rfc6979 no-blinding)"
" (hash sha256 #af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
/**/ "62113d8a62add1bf#))";
static const char sample_data_bad[] =
- "(data (flags rfc6979)"
+ "(data (flags rfc6979 no-blinding)"
" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
/**/ "62113d8a62add1bf#))";
static const char signature_r[] =
Index: libgcrypt-1.9.0/cipher/ecc-ecdsa.c
===================================================================
--- libgcrypt-1.9.0.orig/cipher/ecc-ecdsa.c
+++ libgcrypt-1.9.0/cipher/ecc-ecdsa.c
@@ -51,6 +51,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
unsigned int abits, qbits;
gcry_mpi_t b; /* Random number needed for blinding. */
gcry_mpi_t bi; /* multiplicative inverse of B. */
+ int with_blinding = !(flags & PUBKEY_FLAG_NO_BLINDING);
if (DBG_CIPHER)
log_mpidump ("ecdsa sign hash ", input );
@@ -64,12 +65,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
b = mpi_snew (qbits);
bi = mpi_snew (qbits);
- do
+ if (with_blinding)
{
- _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
- mpi_mod (b, b, ec->n);
+ do
+ {
+ _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
+ mpi_mod (b, b, ec->n);
+ }
+ while (!mpi_invm (bi, b, ec->n));
}
- while (!mpi_invm (bi, b, ec->n));
k = NULL;
dr = mpi_alloc (0);
@@ -126,14 +130,23 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
}
while (!mpi_cmp_ui (r, 0));
- /* Computation of dr, sum, and s are blinded with b. */
- mpi_mulm (dr, b, ec->d, ec->n);
- mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
- mpi_mulm (sum, b, hash, ec->n);
- mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
- mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
- /* Undo blinding by b^-1 */
- mpi_mulm (s, bi, s, ec->n);
+ if (!with_blinding)
+ {
+ mpi_mulm (dr, ec->d, r, ec->n); /* dr = d*r mod n */
+ mpi_addm (sum, hash, dr, ec->n); /* sum = hash + (d*r) mod n */
+ }
+ else
+ {
+ mpi_mulm (dr, b, ec->d, ec->n);
+ mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
+ mpi_mulm (sum, b, hash, ec->n);
+ mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
+ }
+ mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
+ if (with_blinding)
+ {
+ mpi_mulm (s, bi, s, ec->n); /* Undo blinding by b^-1 */
+ }
}
while (!mpi_cmp_ui (s, 0));

40
libgcrypt-fips_selftest_trigger_file.patch
View File

@ -1,40 +0,0 @@
Index: libgcrypt-1.9.1/src/fips.c
===================================================================
--- libgcrypt-1.9.1.orig/src/fips.c
+++ libgcrypt-1.9.1/src/fips.c
@@ -660,7 +660,7 @@ get_library_path(const char *libname, co
#endif
static gpg_error_t
-get_hmac_path(char **fname)
+get_hmac_path(char **fname, char *suffix)
{
char libpath[4096];
gpg_error_t err;
@@ -685,7 +685,7 @@ get_hmac_path(char **fname)
p = *fname;
memmove (p+1, p, strlen (p)+1);
*p = '.';
- strcat (*fname, ".hmac");
+ strcat (*fname, suffix);
err = 0;
}
}
@@ -717,7 +717,7 @@ check_binary_integrity (void)
else
{
FILE *fp;
- err = get_hmac_path(&fname);
+ err = get_hmac_path(&fname, ".hmac");
if (!err)
{
/* Open the file. */
@@ -779,7 +779,7 @@ can_skip_selftests(void)
if (fips_mode())
return 0;
- if (get_hmac_path(&fname))
+ if (get_hmac_path(&fname, ".fips"))
return 0;
/* check the hmac presence */

65
libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
View File

@ -1,65 +0,0 @@
Index: libgcrypt-1.6.1/tests/fipsdrv.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/fipsdrv.c
+++ libgcrypt-1.6.1/tests/fipsdrv.c
@@ -2190,11 +2190,12 @@ dsa_hash_from_key(gcry_sexp_t s_key)
return GCRY_MD_NONE;
}
-
+
/* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */
static void
-run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
+run_dsa_sign (const void *data, size_t datalen,
+ int hashalgo, const char *keyfile)
{
gpg_error_t err;
@@ -2202,13 +2203,20 @@ run_dsa_sign (const void *data, size_t d
char hash[128];
gcry_mpi_t tmpmpi;
int algo;
+ int algo_len;
+ int hashalgo_len;
s_key = read_sexp_from_file (keyfile);
algo = dsa_hash_from_key(s_key);
+ algo_len = gcry_md_get_algo_dlen(algo);
+ hashalgo_len = gcry_md_get_algo_dlen(hashalgo);
- gcry_md_hash_buffer (algo, hash, data, datalen);
+ if (hashalgo_len < algo_len)
+ algo_len = hashalgo_len;
+
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
- gcry_md_get_algo_dlen(algo), NULL);
+ algo_len, NULL);
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -3000,14 +3008,21 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-sign"))
{
+ int algo;
+
if (!key_string)
die ("option --key is required in this mode\n");
if (access (key_string, R_OK))
die ("option --key needs to specify an existing keyfile\n");
+ if (!algo_string)
+ die ("option --algo is required in this mode\n");
+ algo = gcry_md_map_name (algo_string);
+ if (!algo)
+ die ("digest algorithm `%s' is not supported\n", algo_string);
if (!data)
die ("no data available (do not use --chunk)\n");
- run_dsa_sign (data, datalen, key_string);
+ run_dsa_sign (data, datalen, algo, key_string);
}
else if (!strcmp (mode_string, "dsa-verify"))
{

64
libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
View File

@ -1,64 +0,0 @@
--- libgcrypt-1.6.1-orig/tests/fipsdrv.c 2017-10-20 10:39:56.080098385 +0000
+++ libgcrypt-1.6.1-orig/tests/fipsdrv.c 2017-10-20 10:41:15.780098385 +0000
@@ -2288,7 +2288,7 @@ run_dsa_sign (const void *data, size_t d
S-expression in KEYFILE against the S-expression formatted
signature in SIGFILE. */
static void
-run_dsa_verify (const void *data, size_t datalen,
+run_dsa_verify (const void *data, size_t datalen, int hashalgo,
const char *keyfile, const char *sigfile)
{
@@ -2297,15 +2297,23 @@ run_dsa_verify (const void *data, size_t
char hash[128];
gcry_mpi_t tmpmpi;
int algo;
+ int algo_len;
+ int hashalgo_len;
s_key = read_sexp_from_file (keyfile);
algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (algo, hash, data, datalen);
+ algo_len = gcry_md_get_algo_dlen(algo);
+ hashalgo_len = gcry_md_get_algo_dlen(hashalgo);
+
+ if (hashalgo_len < algo_len)
+ algo_len = hashalgo_len;
+
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
/* Note that we can't simply use %b with HASH to build the
S-expression, because that might yield a negative value. */
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
- gcry_md_get_algo_dlen(algo), NULL);
+ algo_len, NULL);
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -3011,10 +3019,17 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-verify"))
{
+ int algo;
+
if (!key_string)
die ("option --key is required in this mode\n");
if (access (key_string, R_OK))
die ("option --key needs to specify an existing keyfile\n");
+ if (!algo_string)
+ die ("option --algo is required in this mode\n");
+ algo = gcry_md_map_name (algo_string);
+ if (!algo)
+ die ("digest algorithm `%s' is not supported\n", algo_string);
if (!data)
die ("no data available (do not use --chunk)\n");
if (!signature_string)
@@ -3022,7 +3037,7 @@ main (int argc, char **argv)
if (access (signature_string, R_OK))
die ("option --signature needs to specify an existing file\n");
- run_dsa_verify (data, datalen, key_string, signature_string);
+ run_dsa_verify (data, datalen, algo, key_string, signature_string);
}
else if (!strcmp (mode_string, "ecdsa-gen-key"))
{

24
libgcrypt-fix-rng.patch
View File

@ -1,24 +0,0 @@
Index: libgcrypt-1.7.2/random/random.c
===================================================================
--- libgcrypt-1.7.2.orig/random/random.c
+++ libgcrypt-1.7.2/random/random.c
@@ -419,6 +419,9 @@ _gcry_create_nonce (void *buffer, size_t
size_t n;
int err;
+ /* Make sure we are initialized. */
+ _gcry_random_initialize (1);
+
/* First check whether we shall use the FIPS nonce generator. This
is only done in FIPS mode, in all other modes, we use our own
nonce generator which is seeded by the RNG actual in use. */
@@ -433,9 +436,6 @@ _gcry_create_nonce (void *buffer, size_t
FIPS mode (not that this means it is also used if the FIPS RNG
has been selected but we are not in fips mode). */
- /* Make sure we are initialized. */
- _gcry_random_initialize (1);
-
/* Acquire the nonce buffer lock. */
err = gpgrt_lock_lock (&nonce_buffer_lock);
if (err)

177
libgcrypt-fix-tests-fipsmode.patch
View File

@ -1,177 +0,0 @@
Index: libgcrypt-1.9.1/tests/basic.c
===================================================================
--- libgcrypt-1.9.1.orig/tests/basic.c
+++ libgcrypt-1.9.1/tests/basic.c
@@ -9978,7 +9978,7 @@ check_ciphers (void)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_EAX, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
@@ -10025,12 +10025,18 @@ check_cipher_modes(void)
check_cfb_cipher ();
check_ofb_cipher ();
check_ccm_cipher ();
- check_gcm_cipher ();
- check_poly1305_cipher ();
- check_ocb_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gcm_cipher ();
+ check_poly1305_cipher ();
+ check_ocb_cipher ();
+ }
check_xts_cipher ();
check_eax_cipher ();
- check_gost28147_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gost28147_cipher ();
+ }
check_stream_cipher ();
check_stream_cipher_large_block ();
@@ -13383,7 +13389,7 @@ check_mac (void)
show_mac_not_available (algos[i].algo);
continue;
}
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
@@ -14508,8 +14514,6 @@ main (int argc, char **argv)
/* If we are in fips mode do some more tests. */
gcry_md_hd_t md;
- /* First trigger a self-test. */
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("not in operational state after self-test\n");
@@ -14534,15 +14538,6 @@ main (int argc, char **argv)
gcry_md_close (md);
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("expected error state but still in operational state\n");
- else
- {
- /* Now run a self-test and to get back into
- operational state. */
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
- fail ("did not reach operational after error "
- "and self-test\n");
- }
}
}
Index: libgcrypt-1.9.1/tests/benchmark.c
===================================================================
--- libgcrypt-1.9.1.orig/tests/benchmark.c
+++ libgcrypt-1.9.1/tests/benchmark.c
@@ -943,8 +943,10 @@ cipher_bench ( const char *algoname )
&& algo != GCRY_CIPHER_CHACHA20)
continue;
- if (modes[modeidx].req_blocksize > 0
- && blklen != modes[modeidx].req_blocksize)
+ if ((modes[modeidx].req_blocksize > 0
+ && blklen != modes[modeidx].req_blocksize)
+ || (in_fips_mode
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
{
printf (" %7s %7s", "-", "-" );
continue;
Index: libgcrypt-1.9.1/tests/bench-slope.c
===================================================================
--- libgcrypt-1.9.1.orig/tests/bench-slope.c
+++ libgcrypt-1.9.1/tests/bench-slope.c
@@ -1573,7 +1573,7 @@ cipher_bench_one (int algo, struct bench
return;
/* GCM has restrictions for block-size */
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
return;
/* XTS has restrictions for block-size */
Index: libgcrypt-1.9.1/tests/pubkey.c
===================================================================
--- libgcrypt-1.9.1.orig/tests/pubkey.c
+++ libgcrypt-1.9.1/tests/pubkey.c
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
rc = gcry_sexp_new
(&key_spec,
"(genkey (dsa (transient-key)(domain"
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+ " 2c8d7469db02e24d592394a7dba069e9#)"
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+ " 7441a0a5#)"
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -596,7 +611,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
- " (seed #f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
Index: libgcrypt-1.9.1/tests/t-secmem.c
===================================================================
--- libgcrypt-1.9.1.orig/tests/t-secmem.c
+++ libgcrypt-1.9.1/tests/t-secmem.c
@@ -174,7 +174,8 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0));
- gcry_set_outofcore_handler (outofcore_handler, NULL);
+ if (!gcry_fips_mode_active ())
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
/* Libgcrypt prints a warning when the first overflow is allocated;
@@ -184,7 +185,8 @@ main (int argc, char **argv)
test_secmem ();
- test_secmem_overflow ();
+ if (!gcry_fips_mode_active ())
+ test_secmem_overflow ();
/* FIXME: We need to improve the tests, for example by registering
* our own log handler and comparing the output of
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */

254
libgcrypt-global_init-constructor.patch
View File

@ -1,254 +0,0 @@
Index: libgcrypt-1.9.1/src/global.c
===================================================================
--- libgcrypt-1.9.1.orig/src/global.c
+++ libgcrypt-1.9.1/src/global.c
@@ -86,7 +86,7 @@ static gpg_err_code_t external_lock_test
likely to be called at startup. The suggested way for an
application to make sure that this has been called is by using
gcry_check_version. */
-static void
+static void __attribute__((constructor))
global_init (void)
{
gcry_error_t err = 0;
@@ -134,6 +134,16 @@ global_init (void)
if (err)
goto fail;
+ int no_secmem_save;
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ err = _gcry_fips_run_selftests (0);
+ no_secure_memory = no_secmem_save;
+
+ if (err)
+ goto fail;
+
return;
fail:
@@ -141,16 +151,6 @@ global_init (void)
}
-void __attribute__ ((constructor)) _gcry_global_constructor (void)
-{
- /* We always need the FSM lock to be functional. */
- _gcry_initialize_fsm_lock ();
-
- /* We run the integrity check at this point. The remaining
- selftests are run before use of the library by application. */
- _gcry_fips_run_selftests (0);
-}
-
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
Index: libgcrypt-1.9.1/src/fips.c
===================================================================
--- libgcrypt-1.9.1.orig/src/fips.c
+++ libgcrypt-1.9.1/src/fips.c
@@ -124,6 +124,7 @@ void
_gcry_initialize_fips_mode (int force)
{
static int done;
+ gpg_error_t err;
/* Make sure we are not accidentally called twice. */
if (done)
@@ -213,6 +214,23 @@ _gcry_initialize_fips_mode (int force)
/* Yes, we are in FIPS mode. */
FILE *fp;
+ /* Intitialize the lock to protect the FSM. */
+ err = gpgrt_lock_init (&fsm_lock);
+ if (err)
+ {
+ /* If that fails we can't do anything but abort the
+ * process. We need to use log_info so that the FSM won't
+ * get involved. */
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "creating FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
@@ -641,6 +659,39 @@ get_library_path(const char *libname, co
}
#endif
+static gpg_error_t
+get_hmac_path(char **fname)
+{
+ char libpath[4096];
+ gpg_error_t err;
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ *fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
+ if (!*fname)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ char *p;
+
+ /* Prefix the basename with a dot. */
+ strcpy (*fname, libpath);
+ p = strrchr (*fname, '/');
+ if (p)
+ p++;
+ else
+ p = *fname;
+ memmove (p+1, p, strlen (p)+1);
+ *p = '.';
+ strcat (*fname, ".hmac");
+ err = 0;
+ }
+ }
+ return err;
+}
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
@@ -665,25 +716,10 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
- if (!fname)
- err = gpg_error_from_syserror ();
- else
+ FILE *fp;
+ err = get_hmac_path(&fname);
+ if (!err)
{
- FILE *fp;
- char *p;
-
- /* Prefix the basename with a dot. */
- strcpy (fname, libpath);
- p = strrchr (fname, '/');
- if (p)
- p++;
- else
- p = fname;
- memmove (p+1, p, strlen (p)+1);
- *p = '.';
- strcat (fname, ".hmac");
-
/* Open the file. */
fp = fopen (fname, "r");
if (!fp)
@@ -734,6 +770,33 @@ check_binary_integrity (void)
#endif
}
+int
+can_skip_selftests(void)
+{
+ char *fname = NULL;
+ int ret = 0;
+
+ if (fips_mode())
+ return 0;
+
+ if (get_hmac_path(&fname))
+ return 0;
+
+ /* check the hmac presence */
+ if (access(fname, F_OK))
+ /* no hmac file is present, don't run the tests */
+ if (errno == ENOENT)
+ ret = 1;
+ /* otherwise one of these events happened:
+ * access() returned 0
+ * -> run the tests
+ * some error other than ENOENT occurred
+ * -> run the tests anyway and let them fail
+ */
+
+ xfree(fname);
+ return ret;
+}
/* Run the self-tests. If EXTENDED is true, extended versions of the
selftest are run, that is more tests than required by FIPS. */
@@ -742,26 +805,13 @@ _gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
- int in_poweron;
-
- lock_fsm ();
- in_poweron = (current_state == STATE_POWERON);
- unlock_fsm ();
-
- fips_new_state (STATE_SELFTEST);
- /* We first check the integrity of the binary.
- If run from the constructor we are in POWERON state,
- we return and finish the remaining selftests before
- real use of the library. It will be in the POWERON
- state meanwhile. */
- if (in_poweron)
- if (check_binary_integrity ())
- goto leave;
-
- if (in_poweron)
+ if (can_skip_selftests())
return 0;
+ if (fips_mode ())
+ fips_new_state (STATE_SELFTEST);
+
if (run_cipher_selftests (extended))
goto leave;
@@ -774,6 +824,9 @@ _gcry_fips_run_selftests (int extended)
if (run_kdf_selftests (extended))
goto leave;
+ if (check_binary_integrity ())
+ goto leave;
+
/* Run random tests before the pubkey tests because the latter
require random. */
if (run_random_selftests ())
@@ -787,7 +840,8 @@ _gcry_fips_run_selftests (int extended)
ec = 0;
leave:
- fips_new_state (result);
+ if (fips_mode ())
+ fips_new_state (result);
return ec;
}
@@ -843,7 +897,6 @@ fips_new_state (enum module_states new_s
{
case STATE_POWERON:
if (new_state == STATE_INIT
- || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
@@ -858,8 +911,6 @@ fips_new_state (enum module_states new_s
case STATE_SELFTEST:
if (new_state == STATE_OPERATIONAL
- || new_state == STATE_INIT
- || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;

13
libgcrypt-indicate-shake.patch
View File

@ -1,13 +0,0 @@
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -593,6 +593,8 @@ _gcry_fips_indicator_hash (va_list arg_p
case GCRY_MD_SHA3_256:
case GCRY_MD_SHA3_384:
case GCRY_MD_SHA3_512:
+ case GCRY_MD_SHAKE128:
+ case GCRY_MD_SHAKE256:
return GPG_ERR_NO_ERROR;
default:
return GPG_ERR_NOT_SUPPORTED;

14
libgcrypt-invoke-global_init-from-constructor.patch
View File

@ -1,14 +0,0 @@
Index: libgcrypt-1.8.2/src/global.c
===================================================================
--- libgcrypt-1.8.2.orig/src/global.c
+++ libgcrypt-1.8.2/src/global.c
@@ -145,6 +145,9 @@ void __attribute__ ((constructor)) _gcry
{
/* We always need the FSM lock to be functional. */
_gcry_initialize_fsm_lock ();
+
+ /* Run the self-tests from the constructor. */
+ global_init ();
}
/* This function is called by the macro fips_is_operational and makes

4168
libgcrypt-jitterentropy-3.3.0.patch
View File

File diff suppressed because it is too large Load Diff

70
libgcrypt-jitterentropy-3.4.0.patch
View File

@ -1,7 +1,7 @@
Index: libgcrypt-1.9.4/random/jitterentropy-base.c
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-base.c
+++ libgcrypt-1.9.4/random/jitterentropy-base.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
@@ -42,7 +42,7 @@
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
@ -145,10 +145,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-base.c
+{
+ return jent_set_fips_failure_callback_internal(cb);
+}
Index: libgcrypt-1.9.4/random/jitterentropy-gcd.c
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.9.4/random/jitterentropy-gcd.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
goto out;
}
@ -164,10 +164,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-gcd.c
ret = ECOARSETIME;
goto out;
}
Index: libgcrypt-1.9.4/random/jitterentropy-health.c
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-health.c
+++ libgcrypt-1.9.4/random/jitterentropy-health.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
@@ -19,9 +19,24 @@
* DAMAGE.
*/
@ -204,10 +204,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-health.c
+
return ec->health_failure;
}
Index: libgcrypt-1.9.4/random/jitterentropy-health.h
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-health.h
+++ libgcrypt-1.9.4/random/jitterentropy-health.h
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
@@ -20,11 +20,16 @@
#ifndef JITTERENTROPY_HEALTH_H
#define JITTERENTROPY_HEALTH_H
@ -225,10 +225,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-health.h
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
{
return (next - prev);
Index: libgcrypt-1.9.4/random/jitterentropy-noise.c
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.9.4/random/jitterentropy-noise.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
@@ -33,7 +33,7 @@
* Update of the loop count used for the next round of
* an entropy collection.
@ -459,10 +459,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-noise.c
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
+ jent_memset_secure(jent_block, sizeof(jent_block));
+}
Index: libgcrypt-1.9.4/random/jitterentropy-noise.h
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.9.4/random/jitterentropy-noise.h
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
uint64_t loop_cnt,
uint64_t *ret_current_delta);
@ -471,10 +471,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-noise.h
#ifdef __cplusplus
}
Index: libgcrypt-1.9.4/random/jitterentropy-sha3.c
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.9.4/random/jitterentropy-sha3.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
@@ -19,6 +19,7 @@
*/
@ -507,10 +507,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-sha3.c
+
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
+}
Index: libgcrypt-1.9.4/random/jitterentropy-sha3.h
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.9.4/random/jitterentropy-sha3.h
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
@@ -47,6 +47,8 @@ struct sha_ctx {
void sha3_256_init(struct sha_ctx *ctx);
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
@ -520,10 +520,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-sha3.h
int sha3_tester(void);
#ifdef __cplusplus
Index: libgcrypt-1.9.4/random/jitterentropy-timer.c
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.9.4/random/jitterentropy-timer.c
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
/* Self test not run yet */
@ -535,10 +535,10 @@ Index: libgcrypt-1.9.4/random/jitterentropy-timer.c
return EHEALTH;
ec->enable_notime = 1;
Index: libgcrypt-1.9.4/random/jitterentropy.h
Index: libgcrypt-1.10.0/random/jitterentropy.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy.h
+++ libgcrypt-1.9.4/random/jitterentropy.h
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
+++ libgcrypt-1.10.0/random/jitterentropy.h
@@ -49,7 +49,7 @@
***************************************************************************/
@ -557,7 +557,7 @@ Index: libgcrypt-1.9.4/random/jitterentropy.h
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
@@ -378,28 +379,34 @@ int jent_entropy_init(void);
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
@ -597,11 +597,11 @@ Index: libgcrypt-1.9.4/random/jitterentropy.h
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
Index: libgcrypt-1.9.4/random/jitterentropy-base-user.h
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.9.4/random/jitterentropy-base-user.h
@@ -216,12 +216,12 @@ static inline void jent_get_cachesize(lo
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
ext = strstr(buf, "K");
if (ext) {
shift = 10;

13
libgcrypt-pthread-in-t-lock-test.patch
View File

@ -1,13 +0,0 @@
Index: libgcrypt-1.9.3/tests/Makefile.am
===================================================================
--- libgcrypt-1.9.3.orig/tests/Makefile.am
+++ libgcrypt-1.9.3/tests/Makefile.am
@@ -74,7 +74,7 @@ prime_LDADD = $(standard_ldadd) @LDADD_F
t_mpi_bit_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
t_secmem_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
testapi_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
-t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@
+t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) -lpthread @LDADD_FOR_TESTS_KLUDGE@
t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS)
testdrv_LDADD = $(LDADD_FOR_TESTS_KLUDGE)

15
libgcrypt-random_selftests-testentropy.patch
View File

@ -1,15 +0,0 @@
Index: libgcrypt-1.8.2/random/random-drbg.c
===================================================================
--- libgcrypt-1.8.2.orig/random/random-drbg.c
+++ libgcrypt-1.8.2/random/random-drbg.c
@@ -2428,6 +2428,10 @@ drbg_healthcheck_sanity (struct gcry_drb
/* if the following tests fail, it is likely that there is a buffer
* overflow and we get a SIGSEV */
+ test_data.testentropy = &testentropy;
+ test_data.fail_seed_source = 0;
+ drbg_string_fill (&testentropy, test->entropy, test->entropylen);
+ drbg->test_data = &test_data;
ret = drbg_instantiate (drbg, NULL, coreref, 1);
if (ret)
goto outbuf;

92
libgcrypt-rsa-no-blinding.patch
View File

@ -1,92 +0,0 @@
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2020-03-26 07:23:17.392861551 +0100
+++ libgcrypt-1.8.2.orig/cipher/rsa.c 2020-03-26 15:43:29.556282072 +0100
@@ -91,10 +91,16 @@ static const char sample_secret_key[] =
" 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
" 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
" 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B919#)"
+"))";
+/* We need to get rid of the u value, in order to end in
+ * secret_core_std when called from secret. It's not used anyway. */
+
+/*
" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7#)))";
+*/
/* A sample 2048 bit RSA key used for the selftests (public only). */
static const char sample_public_key[] =
@@ -1252,8 +1258,8 @@ rsa_check_secret_key (gcry_sexp_t keypar
RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL};
/* To check the key we need the optional parameters. */
- rc = sexp_extract_param (keyparms, NULL, "nedpqu",
- &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u,
+ rc = sexp_extract_param (keyparms, NULL, "npq",
+ &sk.n, &sk.p, &sk.q,
NULL);
if (rc)
goto leave;
@@ -1263,11 +1269,8 @@ rsa_check_secret_key (gcry_sexp_t keypar
leave:
_gcry_mpi_release (sk.n);
- _gcry_mpi_release (sk.e);
- _gcry_mpi_release (sk.d);
_gcry_mpi_release (sk.p);
_gcry_mpi_release (sk.q);
- _gcry_mpi_release (sk.u);
if (DBG_CIPHER)
log_debug ("rsa_testkey => %s\n", gpg_strerror (rc));
return rc;
@@ -1710,11 +1713,11 @@ static const char *
selftest_sign_2048 (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
- "(data (flags pkcs1)"
+ "(data (flags pkcs1 no-blinding)"
" (hash sha256 #11223344556677889900aabbccddeeff"
/**/ "102030405060708090a0b0c0d0f01121#))";
static const char sample_data_bad[] =
- "(data (flags pkcs1)"
+ "(data (flags pkcs1 no-blinding)"
" (hash sha256 #11223344556677889900aabbccddeeff"
/**/ "802030405060708090a0b0c0d0f01121#))";
@@ -1857,7 +1860,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
gcry_mpi_t ref_mpi = NULL;
/* Put the plaintext into an S-expression. */
- err = sexp_build (&plain, NULL, "(data (flags raw) (value %s))", plaintext);
+ err = sexp_build (&plain, NULL, "(data (flags raw no-blinding) (value %s))", plaintext);
if (err)
{
errtxt = "converting data failed";
@@ -1897,6 +1900,26 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
goto leave;
}
+ /* This sexp trickery is to prevent the use of blinding.
+ * The flag doesn't get inherited by encr, so we have to
+ * derive a new sexp from the ciphertext */
+ char buf[1024];
+ memset(buf, 0, sizeof(buf));
+ err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
+ if (err)
+ {
+ errtxt = "Dumping ciphertext mpi to buffer failed";
+ goto leave;
+ }
+
+ sexp_release (encr);
+ err = sexp_build (&encr, NULL, "(enc-val (flags no-blinding) (rsa (a %s)))", buf);
+ if (err)
+ {
+ errtxt = "Adding no-blinding flag to ciphertext failed";
+ goto leave;
+ }
+
/* Decrypt. */
err = _gcry_pk_decrypt (&decr, encr, skey);
if (err)

135
libgcrypt.changes
View File

@ -1,3 +1,138 @@
-------------------------------------------------------------------
Wed Oct 19 14:01:24 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.1:
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc.
* Other:
- More portable integrity check in FIPS mode.
- Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to
the /etc/gcrypt/ directory. This file can be used to globally
disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package
-------------------------------------------------------------------
Wed Sep 14 13:34:13 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Update to 1.10.0:
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649.
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification.
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[bsc#1190239, CVE-2021-40528]
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code.
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
- GCRYCTL_SET_DECRYPTION_TAG NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
- GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
- GCRY_CIPHER_MODE_SIV NEW mode.
- GCRY_CIPHER_MODE_GCM_SIV NEW mode.
- GCRY_CIPHER_EXTENDED NEW flag.
- GCRY_SIV_BLOCK_LEN NEW macro.
- gcry_cipher_set_decryption_tag NEW macro.
- GCRY_KDF_ARGON2 NEW constant.
- GCRY_KDF_BALLOON NEW constant.
- GCRY_KDF_ARGON2D NEW constant.
- GCRY_KDF_ARGON2I NEW constant.
- GCRY_KDF_ARGON2ID NEW constant.
- gcry_kdf_hd_t NEW type.
- gcry_kdf_job_fn_t NEW type.
- gcry_kdf_dispatch_job_fn_t NEW type.
- gcry_kdf_wait_all_jobs_fn_t NEW type.
- struct gcry_kdf_thread_ops NEW struct.
- gcry_kdf_open NEW function.
- gcry_kdf_compute NEW function.
- gcry_kdf_final NEW function.
- gcry_kdf_close NEW function.
- gcry_pk_hash_sign NEW function.
- gcry_pk_hash_verify NEW function.
- gcry_pk_random_override_new NEW function.
* Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename
to libgcrypt-1.10.0-allow_FSM_same_state.patch
* Remove unused CAVS tests and related patches:
- cavs_driver.pl cavs-test.sh
- libgcrypt-1.6.1-fips-cavs.patch
- drbg_test.patch
* Remove DSA sign/verify patches for the FIPS CAVS test since DSA
has been disabled in FIPS mode:
- libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
- libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Rebase libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt_indicators_changes.patch and
libgcrypt-indicate-shake.patch and merge both into
libgcrypt-FIPS-SLI-hash-mac.patch
* Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to
libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Rebase libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-out-of-core-handler.patch and rename to
libgcrypt-1.10.0-out-of-core-handler.patch
* Since the FIPS .hmac file is now calculated with the internal
tool hmac256, only the "module is complete" trigger .fips file
is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch
to libgcrypt-1.10.0-use-fipscheck.patch
* Remove patches fixed upstream:
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- libgcrypt-fix-rng.patch
- libgcrypt-1.8.3-fips-ctor.patch
- libgcrypt-1.8.4-use_xfree.patch
- libgcrypt-1.8.4-getrandom.patch
- libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
- libgcrypt-dsa-rfc6979-test-fix.patch
- libgcrypt-fix-tests-fipsmode.patch
- libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
- libgcrypt-1.8.4-fips-keygen.patch
- libgcrypt-invoke-global_init-from-constructor.patch
- libgcrypt-Restore-self-tests-from-constructor.patch
- libgcrypt-FIPS-GMAC_AES-benckmark.patch
- libgcrypt-global_init-constructor.patch
- libgcrypt-random_selftests-testentropy.patch
- libgcrypt-rsa-no-blinding.patch
- libgcrypt-ecc-ecdsa-no-blinding.patch
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-ECC.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-fips_selftest_trigger_file.patch
- libgcrypt-pthread-in-t-lock-test.patch
- libgcrypt-FIPS-hw-optimizations.patch
- libgcrypt-FIPS-module-version.patch
- libgcrypt-FIPS-disable-3DES.patch
- libgcrypt-FIPS-fix-regression-tests.patch
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
- libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-disable-DSA.patch
- libgcrypt-jitterentropy-3.3.0.patch
- libgcrypt-FIPS-Zeroize-hmac.patch
* Update libgcrypt.keyring
-------------------------------------------------------------------
Thu Sep 8 10:34:53 UTC 2022 - Pedro Monreal <pmonreal@suse.com>

145
libgcrypt.keyring
View File

@ -1,65 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7
KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
aXN0IHNpZymJAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE
2GkhI8QGXepeDzq1JJs50k8l47YFAl4MxBkFCRShVzYACgkQJJs50k8l47YImQf9
HaqHWor+aSmaEwQnaAN0zRa4kPbAWya182aJtsFzLZJf6BbS0aoiMhwtREN/DMvB
jzxARKep/cELaM+mc7oDK4mEwqSX/u6BE8D7FaNA9sut8P+4xjpoLPU+UzILMg29
t1remjyT9rs6sbu8BqufIxueArkjoi4WCOSRiVTdw+YDd88volPkXlPfS8hg9Rct
wZ8kEEDywa+NrxiLx+kDgDNTNdk3PJdfcnesf8S1a+KLUTNRds5+xGTYz0JSQ9BZ
7Q9r4VQ/NL55muQZi5W7lVxdp3HxQFUNjHzzBfGtkpS4xqZpJvNjW50Wh5Vi5RYZ
LZ3M1EuIHXHmRiY4dmqqcpkBDQRUUDsjAQgA5hBwN9F3OqKf+9mXCXUDK4lb5wMj
dti96xG04gAn7wWo7On6c5ntriZQuRdR5GHcdw73XC6CFehHeo/eSVYiWqBNBAfE
9UzbkES+cY+4wDzqVacqhKxd70XmHQgyK7ppRG/MwkL1UyArCGGAKN6MV/2fzO6I
GQw3jntRue3/2PGGnGaisNAKlvttHWZ91uy4KY5fBM19uQCgZdx4v8/rP0+yQqsW
TwJUKvymx5GIfNaCJvgF+v+aPrwspxBMf9jpHXqDXnh4Lo8C/GsQMD6GClVfQjsv
vzUHKH2eoL4oNfku+Ua5BuAHYi+uAuzqV9TdpF9PCpQMyPfuuZclMPLdMwARAQAB
tDJOSUlCRSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KSA8Z25paWJlQGZzaWou
b3JnPokBPAQTAQgAJgIbAwULBwgJAwQVCAkKBRYCAwEAAh4BAheABQJYDxRZBQkL
S5A2AAoJECBxsIozvT8GvG8IAMBIlGz9voYcSSXAdQOuvz2gM2kOjvMHzN6VlS9V
P06IjnTz2DnejFZwLmxJw8e8mZjUo0jw22uo1HREQhDrne3S1IazPMeTUCUNzpWF
MxXNc6SAyrw9apWa8gouGUWJv3HOwVs8EFA2E9UdtDJ2uG7MY/+eC5K/aeOAyudZ
EbvS8rgZypTFrBtBcNKUWZhz7FRn63HxEmYLE3p6I19ZDXrc1WTazF2oz18zym6c
uURr6waRbdSemUTshpLnKCBZXzJ82bXBgXNnfdmc3gtS24ZmM3ZfK/rYztEDkiTk
s2R1gwDwf5RtDpaf5LD2ufESdbLuT+8blAlscbgYLBcwDquZAY0EWMu6rgEMAKcz
vM1IhpUwBpxPCNdrlMZh7XeLqKUd7hUvQ1KHOuDONxCDnfXdxGCKKI0Ds5I7Kkyp
Wzvcl7PplRy2fYZWwcGtL+Kj01y4L2lXB/xrrVaVwRr4S0FrcbseUGYRafBpR0C1
Yo24CL1ef4ivsfbER2SyaZ3lrT9Ccv6xfvTluhU8X+2li1ssak/Frvy02u3EORLD
LxaaLQgANgsjnIjv/JQZ4l3xFIJT98tEoL18btg5lGrS2w4yFU1aa1SNsbp7vcu7
wsqcJmCzX98LyG8/IBGJ5JXmZ03yzWhZ3uhhy1+Avi4GV4Mi0ADwaGMp6O63Mc3w
SL8A/DoCKJLISOc+D5xNfw6C8sYlaOSzQfqY9l4HW/+QbJmEFL2+bnjSHb8yaVU3
ae2IIrlNkZ5Jamp12Kq6x9Vei0xGk3gd4sqhmHhECdxoJtkX9L5gt436QxdjiTcW
q3V+NNfq94UJu2Ej2kN0fNT0t9RU2n0P/mS0L+1gw5Ex6BX7BIzGL0bZhYomQwAR
AQABiQHOBB8BCAA4FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLwN0XDIABlKXJ
oDwv5co7CV2OH99yPPRitrECBwAACgkQvO9+KUsJLig2Cgv/T4rXEjHwlbsuTkzp
tgK80Dh92URzBAhPhSJ0kUz2b6y7FgVYgZ95u8elGUS4lOB0GOQSK3y4sCgldTQF
GQpMuvNMX6oNQTv1Z/H9H7Sc6AntozKRA6LQC+7DMxjPh2DEhVLYNqi7gMXtuH8o
Xz5+quarw/xbVmuS4UNqcxakd4A/HW6PayRhuju4+oV2+UmGU0etzGVwKSN/UicC
3Re3mUy8SwJFQ9/3EAfiY0SGzSWH1z7bTRg9Ga2ctYDNzUpyQsgLxD6ZRHcONkOo
GUMEQ96BeSsjT4yW9ED70CcCbhg+pMxR+lnpk4BZ4WML/plBjEb8B1YaRvhYWKd3
OSVB/JsS6J6Q/y9TTsAJDBLAfw9h7RQKibViuVFSNftAuSdktah5mDwFnL0ZMzVS
3tDVDa5PDqbHEhK55/5EWBg4eNbAukVZmmoLzzERGXuj+LOIRElG3/n3chy1uM73
B6da3al4gDDNHifPsuozpkVN1EAROZx1K9hGGDZC3yFQTjsJtCRBbmRyZSBIZWlu
ZWNrZSAoUmVsZWFzZSBTaWduaW5nIEtleSmJAdQEEwEIAD4WIQRbgMV1Qpjwy1XY
7Wq8734pSwkuKAUCWMu6rgIbAwUJEswDAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIX
gAAKCRC8734pSwkuKEL9DACEIL5IS9wUty62Bnwd9wK2hmwihXNkTLsOOoi8aCdO
ywPwcIucgAcIO+c/t0lbe4y4sJ1KrKbdyOUQiJAyxobLCSV/MkhIDAmsZB1ZIpF3
nfmNekRdCVcMpqX8jAwoBS3Q9m2UJz1LeDCLFCvLF0nbyUnqHZP19UOvxmzAyZMA
Ub3W5y1+GMo4yA+3xSFI8ZbjzhawixCCRs69/4p+zCXR4e7LBf6koAHllD/0ZULp
SDjF+t2IkvRrMlM+e+Mxjklinr8v1FRGzmE/kCcdHaP88+iwC2wUKOZtFs4yIBLO
SWdQk9tLPmR8uWgNZmatRJyNvOaxd6EbK3jfckbJGFkmXjH+M9vMqFpoAewZ359F
qjq+Us7AXLAMNUynom7IrtR5Rvsjx6RNtKQYUD6XY5rc7r9js9iGruHDAAW5lyRg
j3wikc0IbV9L1bTsXIp29BsrU9sXUkVEp+xQJZgwqoOduoSjmOK88QdkibDqJiGF
dzIRiXx+Nxv1Pr9L7A4/tq+YMwRfQ+WJFgkrBgEEAdpHDwEBB0DPvkeV6RzXomGF
8jQwp0RXEt2TGFwwI7RkbpYwECY2l7QfV2VybmVyIEtvY2ggKGRpc3Qgc2lnbmlu
ZyAyMDIwKYiaBBMWCgBCFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoFAl9D7DUCGwMF
CRKFxxEFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFKIl7gmQDraea4A
/24v8c50HSC/Basf4WlREkuzhudplo8iT0BGtTQRdGAmAP9gIZ8dBekg9PRlpe7A
l7ErThn6owVH9szWrUt6jkKOBg==
=h7e4
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

211
libgcrypt.spec
View File

@ -17,12 +17,11 @@
%define build_hmac256 1
%define separate_hmac256_binary 0
%define libsover 20
%define libsoname %{name}%{libsover}
%define cavs_dir %{_libexecdir}/%{name}/cavs
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
Name: libgcrypt
Version: 1.9.4
Version: 1.10.1
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@ -32,89 +31,26 @@ Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
Source3: random.conf
# https://www.gnupg.org/signature_key.en.html
Source4: libgcrypt.keyring
# cavs test framework
Source5: cavs-test.sh
Source6: cavs_driver.pl
Source4: hwf.deny
# https://gnupg.org/signature_key.asc
Source5: libgcrypt.keyring
Source99: libgcrypt.changes
Patch1: libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
Patch3: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
Patch4: libgcrypt-1.6.1-use-fipscheck.patch
Patch5: libgcrypt-1.6.1-fips-cavs.patch
Patch6: libgcrypt-fix-rng.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
Patch7: drbg_test.patch
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-sign
Patch8: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
Patch9: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
Patch10: libgcrypt-1.8.3-fips-ctor.patch
Patch11: libgcrypt-1.8.4-use_xfree.patch
Patch12: libgcrypt-1.8.4-allow_FSM_same_state.patch
Patch13: libgcrypt-1.8.4-getrandom.patch
Patch14: libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
#PATCH-FIX-SUSE Fix test in FIPS mode
Patch15: libgcrypt-dsa-rfc6979-test-fix.patch
Patch16: libgcrypt-fix-tests-fipsmode.patch
#PATCH-FIX-SUSE bsc#1155337 FIPS: RSA/DSA/ECDSA are missing hashing operation
Patch17: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
#PATCH-FIX-SUSE bsc#1161220 FIPS: libgcrypt RSA siggen/keygen: 4k not supported
Patch18: libgcrypt-1.8.4-fips-keygen.patch
#PATCH-FIX-SUSE bsc#1164950 Run self-tests from the constructor
Patch19: libgcrypt-invoke-global_init-from-constructor.patch
#PATCH-FIX-SUSE bsc#1164950 Restore the self-tests from the constructor
Patch20: libgcrypt-Restore-self-tests-from-constructor.patch
Patch21: libgcrypt-FIPS-GMAC_AES-benckmark.patch
Patch22: libgcrypt-global_init-constructor.patch
Patch23: libgcrypt-random_selftests-testentropy.patch
Patch24: libgcrypt-rsa-no-blinding.patch
Patch25: libgcrypt-ecc-ecdsa-no-blinding.patch
#PATCH-FIX-SUSE bsc#1165539 FIPS: Use the new signature operation in PCT
Patch26: libgcrypt-PCT-RSA.patch
Patch27: libgcrypt-PCT-DSA.patch
Patch28: libgcrypt-PCT-ECC.patch
Patch29: libgcrypt-fips_selftest_trigger_file.patch
#PATCH-FIX-SUSE bsc#1189745 The t-lock test is not build with phtread in gcc7, works in gcc11
Patch30: libgcrypt-pthread-in-t-lock-test.patch
#PATCH-FIX-UPSTREAM bsc#1187110 FIPS: Enable hardware support also in FIPS mode
Patch31: libgcrypt-FIPS-hw-optimizations.patch
#PATCH-FIX-UPSTREAM bsc#1190706 FIPS: Provide module name/identifier and version
Patch32: libgcrypt-FIPS-module-version.patch
#PATCH-FIX-SUSE bsc#1185138 FIPS: Disable 3DES/Triple-DES in FIPS mode
Patch33: libgcrypt-FIPS-disable-3DES.patch
#PATCH-FIX-UPSTREAM bsc#1192131 FIPS: Fix regression tests in FIPS mode
Patch34: libgcrypt-FIPS-fix-regression-tests.patch
#PATCH-FIX-UPSTREAM bsc#1192240 FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes
Patch35: libgcrypt-FIPS-RSA-keylen.patch
Patch36: libgcrypt-FIPS-RSA-keylen-tests.patch
#PATCH-FIX-UPSTREAM bsc#1193480 FIPS: gcry_mpi_sub_ui: fix subtracting from negative value
Patch37: libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
#PATCH-FIX-UPSTREAM bsc#1190700 FIPS: Provide a service-level indicator
Patch38: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
Patch39: libgcrypt-FIPS-HMAC-short-keylen.patch
Patch40: libgcrypt-FIPS-service-indicators.patch
#PATCH-FIX-UPSTREAM bsc#1195385 FIPS: Disable DSA in FIPS mode
Patch41: libgcrypt-FIPS-disable-DSA.patch
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
#PATCH-FIX-UPSTREAM bsc#1190700 FIPS: Provide a service-level indicator for PK
Patch42: libgcrypt-FIPS-SLI-pk.patch
Patch2: libgcrypt-FIPS-SLI-pk.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS add indicators
Patch43: libgcrypt_indicators_changes.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS allow shake
Patch44: libgcrypt-indicate-shake.patch
#PATCH-FIX-UPSTREAM bsc#1202117 jsc#SLE-24941 FIPS: Port libgcrypt to use jitterentropy
Patch45: libgcrypt-jitterentropy-3.3.0.patch
Patch46: libgcrypt-jitterentropy-3.4.0.patch
#PATCH-FIX-SUSE bsc#1182983 gpg: out of core handler ignored in FIPS mode while typing Tab key to Auto-Completion
Patch47: libgcrypt-out-of-core-handler.patch
#PATCH-FIX-SUSE bsc#1191020 FIPS: Zeroize buffer and digest in check_binary_integrity()
Patch48: libgcrypt-FIPS-Zeroize-hmac.patch
Patch3: libgcrypt-FIPS-SLI-hash-mac.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS: Check keylength in gcry_fips_indicator_kdf()
Patch49: libgcrypt-FIPS-kdf-leylength.patch
Patch4: libgcrypt-FIPS-SLI-kdf-leylength.patch
#PATCH-FIX-SUSE bsc#1182983 gpg: out of core handler ignored in FIPS mode while typing Tab key to Auto-Completion
Patch5: libgcrypt-1.10.0-out-of-core-handler.patch
#PATCH-FIX-UPSTREAM bsc#1202117 jsc#SLE-24941 FIPS: Port libgcrypt to use jitterentropy
Patch6: libgcrypt-jitterentropy-3.4.0.patch
#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
Patch50: libgcrypt-FIPS-rndjent_poll.patch
Patch7: libgcrypt-FIPS-rndjent_poll.patch
#PATCH-FIX-SUSE Check the FIPS "module is complete" trigger file .fips
Patch8: libgcrypt-1.10.0-use-fipscheck.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.27
BuildRequires: libtool
BuildRequires: makeinfo
@ -164,133 +100,92 @@ understanding of applied cryptography is required to use Libgcrypt.
This package contains needed files to compile and link against the
library.
%package cavs
Summary: The GNU Crypto Library
License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: %{libsoname}-hmac
%description cavs
CAVS testing framework for libgcrypt
%if 0%{?separate_hmac256_binary}
%package hmac256
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: libgpg-error-devel >= 1.27
%description hmac256
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%endif
%prep
%setup -q
%autopatch -p1
%autosetup -p1
# Rename the internal .hmac file to include the so library version
sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile.am src/Makefile.in
%build
echo building with build_hmac256 set to %{build_hmac256}
export PUBKEYS="dsa elgamal rsa ecc"
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4"
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
export KDFS="s2k pkdf2 scrypt"
autoreconf -fi
date=$(date -u '+%%Y-%%m-%%dT%%H:%%M+0000' -r %{SOURCE99})
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure \
--with-fips-module-version="Libgcrypt version %{version}-$SOURCE_DATE_EPOCH" \
--with-fips-module-version="Libgcrypt version %{version}-%{release}" \
--enable-hmac-binary-check="%{hmac_key}" \
--enable-ciphers="$CIPHERS" \
--enable-pubkey-ciphers="$PUBKEYS" \
--enable-digests="$DIGESTS" \
--enable-kdfs="$KDFS" \
--enable-noexecstack \
--disable-static \
--enable-m-guard \
%ifarch %{sparc}
--disable-asm \
%endif
--enable-hmac-binary-check \
--enable-random=linux
--enable-random=getentropy \
%{nil}
%make_build
%if 0%{?build_hmac256}
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %%expand of
# the macro is too late.
%{expand:%%global __os_install_post {%__os_install_post
fipshmac %{buildroot}/%{_bindir}/hmac256
fipshmac %{buildroot}/%{_libdir}/*.so.??
}}
%endif
%check
fipshmac src/.libs/libgcrypt.so.??
%make_build check
# run the regression tests also in FIPS mode
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check VERBOSE=1 || true
# Install the FIPS hmac file
cp src/.libgcrypt.so.%{libsover}.hmac %{buildroot}%{_libdir}/
# create the FIPS "module is complete" trigger file
%if 0%{?build_hmac256}
touch %{buildroot}%{_libdir}/.%{name}.so.%{libsover}.fips
%endif
%install
%make_install
rm %{buildroot}%{_libdir}/%{name}.la
# cavs
install -m 0755 -d %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
# create the FIPS "module is complete" trigger file
%if 0%{?build_hmac256}
touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
%endif
# Create /etc/gcrypt directory and install random.conf
mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%files -n %{libsoname}
%license COPYING.LIB
%license COPYING COPYING.LIB LICENSES
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%{_libdir}/%{name}.so.*
%dir %{_sysconfdir}/gcrypt
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.hmac
%endif
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
%files -n %{libsoname}-hmac
%{_libdir}/.libgcrypt.so.*.hmac
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.fips
%endif
%files devel
%license COPYING COPYING.LIB
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%{_infodir}/gcrypt.info*%{ext_info}
%license COPYING COPYING.LIB LICENSES
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_bindir}/mpicalc
%{_bindir}/%{name}-config
%{_libdir}/%{name}.so
%{_includedir}/gcrypt*.h
%{_datadir}/aclocal/%{name}.m4
%{_libdir}/pkgconfig/libgcrypt.pc
%if 0%{?separate_hmac256_binary}
%files hmac256
%endif
%{_bindir}/hmac256
%{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1*
%files cavs
%{_libexecdir}/%{name}
%{_datadir}/aclocal/%{name}.m4
%{_includedir}/gcrypt*.h
%{_infodir}/gcrypt.info*%{ext_info}*
%{_mandir}/man1/*
%changelog